-
Notifications
You must be signed in to change notification settings - Fork 5
[CLAUDE] wkhtmltopdfをaptではなくバイナリから直接インストールするように変更 #378
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
@@ -16,9 +16,15 @@ WORKDIR /rails | |||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| # Install base packages | ||||||||||||||||||||||||
| RUN apt-get update -qq && \ | ||||||||||||||||||||||||
| apt-get install --no-install-recommends -y curl libjemalloc2 libvips sqlite3 wkhtmltopdf fonts-noto-cjk fonts-noto-color-emoji && \ | ||||||||||||||||||||||||
| apt-get install --no-install-recommends -y curl libjemalloc2 libvips sqlite3 fonts-noto-cjk fonts-noto-color-emoji && \ | ||||||||||||||||||||||||
| rm -rf /var/lib/apt/lists /var/cache/apt/archives | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| # Install wkhtmltopdf from binary (not available via apt on Debian Trixie) | ||||||||||||||||||||||||
| RUN curl -fsSL https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6.1-3/wkhtmltox_0.12.6.1-3.bookworm_amd64.deb -o /tmp/wkhtmltox.deb && \ | ||||||||||||||||||||||||
|
Comment on lines
+22
to
+23
|
||||||||||||||||||||||||
| # Install wkhtmltopdf from binary (not available via apt on Debian Trixie) | |
| RUN curl -fsSL https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6.1-3/wkhtmltox_0.12.6.1-3.bookworm_amd64.deb -o /tmp/wkhtmltox.deb && \ | |
| ARG TARGETARCH | |
| # Install wkhtmltopdf from binary (not available via apt on Debian Trixie) | |
| RUN case "${TARGETARCH}" in \ | |
| amd64) wkhtmltox_arch=amd64 ;; \ | |
| arm64) wkhtmltox_arch=arm64 ;; \ | |
| *) echo "Unsupported TARGETARCH for wkhtmltopdf: ${TARGETARCH}" >&2; exit 1 ;; \ | |
| esac && \ | |
| curl -fsSL "https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6.1-3/wkhtmltox_0.12.6.1-3.bookworm_${wkhtmltox_arch}.deb" -o /tmp/wkhtmltox.deb && \ |
Copilot
AI
Apr 13, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The base stage now runs apt-get update twice in separate layers (once for base packages, again for wkhtmltopdf). To reduce build time and layer count, consider combining the wkhtmltopdf install into the existing base-packages RUN step (keeping a single apt-get update and a single cleanup).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The downloaded .deb is installed without any integrity verification. Please pin and validate the artifact (e.g., verify a published SHA256 checksum or signature) to reduce supply-chain risk and avoid silently installing a tampered binary if the URL is ever compromised.