From 125d3cd977a8c07819c96d87293cd87f40c57695 Mon Sep 17 00:00:00 2001
From: Robin Alexander <colisee@hotmail>
Date: Fri, 13 Mar 2026 17:42:39 +0100
Subject: [PATCH 1/8] Do not install git

---
 setup.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/setup.sh b/setup.sh
index 2fab56e..e69ba69 100644
--- a/setup.sh
+++ b/setup.sh
@@ -13,7 +13,6 @@ apt-get update
 apt-get upgrade --yes
 apt-get install --yes --no-install-recommends \
   cron \
-  git \
   libjpeg-dev \
   libldap-dev \
   libpng-dev \

From 334a7881472184e5c473b9cb6ee4baac506bded0 Mon Sep 17 00:00:00 2001
From: Robin Alexander <colisee@hotmail>
Date: Fri, 13 Mar 2026 17:43:38 +0100
Subject: [PATCH 2/8] No need to copy script setup.sh inside the image

---
 Dockerfile | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 2737b0b..41602ec 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -25,15 +25,10 @@ COPY --from=comp /usr/bin/composer /usr/bin/composer
 ENV DEBIAN_FRONTEND=noninteractive
 ARG APP_GH_REF
 ARG APP_GH_ADD_SHA=false
-# hadolint ignore=DL3008 # 'Pin versions in apt get install'
-COPY setup.sh /usr/local/bin/setup.sh
-RUN <<EORUN
-set -xeu
+RUN --mount=type=bind,source=setup.sh,target=/tmp/setup.sh <<EORUN
 export APP_GH_REF="${APP_GH_REF}"
 export APP_GH_ADD_SHA="${APP_GH_ADD_SHA}"
-chmod +x /usr/local/bin/setup.sh
-/usr/local/bin/setup.sh
-rm /usr/local/bin/setup.sh
+bash /tmp/setup.sh
 EORUN
 
 # Environment

From d632a1ae63cd1d690bc443d2b394f5ea50e7be70 Mon Sep 17 00:00:00 2001
From: Robin Alexander <colisee@hotmail>
Date: Sat, 14 Mar 2026 17:21:04 +0100
Subject: [PATCH 3/8] Review image build process

Dockerfile: in charge of retrieving librebooking files and SHA
setup.sh: librebooking customization
---
 Dockerfile | 32 +++++++++++++++++++++++++-------
 setup.sh   | 40 ++++------------------------------------
 2 files changed, 29 insertions(+), 43 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 41602ec..f135db3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,8 +2,24 @@ ARG VERSION_PHP=8.3
 ARG VERSION_COMPOSER=lts
 
 FROM composer:${VERSION_COMPOSER} AS comp
-FROM php:${VERSION_PHP}-apache
 
+# Get upstream
+FROM alpine/git AS upstream
+ARG APP_GH_ADD_SHA=false
+ARG APP_GH_REF=refs/heads/develop
+ARG GIT_TREE=${APP_GH_REF##*/}
+ARG UPSTREAM_URL="https://github.com/librebooking/librebooking.git#${GIT_TREE}"
+ADD --keep-git-dir=true \
+    ${UPSTREAM_URL} /upstream/
+RUN <<EORUN
+if [ "${APP_GH_ADD_SHA}" = "true" ]; then
+    cd /upstream
+    git describe --tags --long \
+    | sed -E 's/.*-(.*$)/\1/' >/upstream/config/version-suffix.txt
+fi
+EORUN
+
+FROM php:${VERSION_PHP}-apache
 # Labels
 LABEL org.opencontainers.image.title="LibreBooking"
 LABEL org.opencontainers.image.description="LibreBooking as a container"
@@ -13,21 +29,23 @@ LABEL org.opencontainers.image.licenses="GPL-3.0"
 LABEL org.opencontainers.image.authors="colisee@hotmail.com"
 
 # Copy entrypoint scripts
-COPY --chmod=755 bin /usr/local/bin/
+COPY --chmod=0755 bin /usr/local/bin/
 
 # Create cron jobs
-COPY --chown=www-data:www-data --chmod=0755 lb-jobs-cron /config/
+COPY --chown=www-data:www-data --chmod=0755 \
+     lb-jobs-cron /config/
 
 # Copy composer
 COPY --from=comp /usr/bin/composer /usr/bin/composer
 
+# Copy Librebooking
+COPY --from=upstream \
+     --chown=www-data:root --chmod=0775 \
+     /upstream/ /var/www/html/
+
 # Update and install required debian packages
 ENV DEBIAN_FRONTEND=noninteractive
-ARG APP_GH_REF
-ARG APP_GH_ADD_SHA=false
 RUN --mount=type=bind,source=setup.sh,target=/tmp/setup.sh <<EORUN
-export APP_GH_REF="${APP_GH_REF}"
-export APP_GH_ADD_SHA="${APP_GH_ADD_SHA}"
 bash /tmp/setup.sh
 EORUN
 
diff --git a/setup.sh b/setup.sh
index e69ba69..8462b8b 100644
--- a/setup.sh
+++ b/setup.sh
@@ -49,36 +49,6 @@ sed \
   -i /etc/apache2/sites-available/000-default.conf \
   -e 's/<VirtualHost *:80>/<VirtualHost *:8080>/'
 
-set -xeuo pipefail
-LB_TARBALL_URL="https://api.github.com/repos/LibreBooking/librebooking/tarball/${APP_GH_REF}"
-curl \
-  --fail \
-  --silent \
-  --location "${LB_TARBALL_URL}" |
-  tar --extract --gzip --directory=/var/www/html --strip-components=1
-if [ "${APP_GH_ADD_SHA}" = "true" ]; then
-  LB_SHORT_SHA=""
-  # TARBALL_FILENAME will be like the result of a `git describe` For
-  # example: 'LibreBooking-librebooking-v4.1.0-126-g6cc8a4c.tar.gz' where
-  # 'g6cc8a4c' is the short SHA prefixed with 'g'. So the short SHA is
-  # '6cc8a4c'
-  TARBALL_FILENAME=$(
-    curl \
-      --head \
-      --fail \
-      --silent \
-      --show-error \
-      --location "${LB_TARBALL_URL}" |
-      sed -nE 's/.*filename="?([^";]+)"?.*/\1/p'
-  )
-  LB_SHORT_SHA=$(echo "${TARBALL_FILENAME}" | sed -E 's/.*-g([0-9a-f]+)\.tar\.gz/\1/')
-  if [ -n "${LB_SHORT_SHA}" ]; then
-    printf '%s\n' "${LB_SHORT_SHA}" >/var/www/html/config/version-suffix.txt
-  else
-    echo "ERROR determining the LB_SHORT_SHA value from TARBALL_FILENAME ${TARBALL_FILENAME}" >&2
-    exit 1
-  fi
-fi
 if [ -f /var/www/html/composer.json ]; then
   sed \
     -i /var/www/html/composer.json \
@@ -95,19 +65,17 @@ if ! [ -d /var/www/html/tpl_c ]; then
 fi
 mkdir /var/www/html/Web/uploads/reservation
 
-chown www-data:root \
+chown --recursive www-data:root \
   /var/www/html/config \
+  /var/www/html/plugins \
   /var/www/html/tpl_c \
   /var/www/html/Web/uploads/images \
   /var/www/html/Web/uploads/reservation \
   /usr/local/etc/php/conf.d/librebooking.ini
-chmod g+rwx \
+chmod --recursive g+rwx \
   /var/www/html/config \
+  /var/www/html/plugins \
   /var/www/html/tpl_c \
   /var/www/html/Web/uploads/images \
   /var/www/html/Web/uploads/reservation \
   /usr/local/etc/php/conf.d/librebooking.ini
-chown --recursive www-data:root \
-  /var/www/html/plugins
-chmod --recursive g+rwx \
-  /var/www/html/plugins

From ac90b1f4a6f8b9b690a3008be0bd9d5dcff0a4fe Mon Sep 17 00:00:00 2001
From: Robin Alexander <colisee@hotmail>
Date: Sun, 15 Mar 2026 09:20:19 +0100
Subject: [PATCH 4/8] Fix the content of file `config/version-suffix.txt`

The last commit id matches the last 7 characters of
`git describe --tags --long`
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index f135db3..61a87b6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -15,7 +15,7 @@ RUN <<EORUN
 if [ "${APP_GH_ADD_SHA}" = "true" ]; then
     cd /upstream
     git describe --tags --long \
-    | sed -E 's/.*-(.*$)/\1/' >/upstream/config/version-suffix.txt
+    | sed -E 's/.*(.{7})$/\1/' >/upstream/config/version-suffix.txt
 fi
 EORUN
 

From 180bb25a271f035dc8a9938798a9924a01516432 Mon Sep 17 00:00:00 2001
From: Robin Alexander <colisee@hotmail>
Date: Sun, 15 Mar 2026 17:45:25 +0100
Subject: [PATCH 5/8] Get the correct short commit id

The length of the short commit id is not always 7 characters.
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 61a87b6..bc94998 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -15,7 +15,7 @@ RUN <<EORUN
 if [ "${APP_GH_ADD_SHA}" = "true" ]; then
     cd /upstream
     git describe --tags --long \
-    | sed -E 's/.*(.{7})$/\1/' >/upstream/config/version-suffix.txt
+    | sed -E 's/.*-.(.*)$/\1/' >/upstream/config/version-suffix.txt
 fi
 EORUN
 

From 1f6c482cfa8a21bb66248d99c42b4bc2c7d7900a Mon Sep 17 00:00:00 2001
From: Robin Alexander <colisee@hotmail>
Date: Sun, 15 Mar 2026 19:05:47 +0100
Subject: [PATCH 6/8] Fix Dockerfile compatibility with docker and podman

- Argument "--keep-git-dir" not recognized by podman build
- Implement git clone inside the alpine/git image section
- Implement "config/custom-version.txt"
- Remove ".git" directory upstream version is saved
---
 Dockerfile | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index bc94998..7fa6934 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,15 +8,16 @@ FROM alpine/git AS upstream
 ARG APP_GH_ADD_SHA=false
 ARG APP_GH_REF=refs/heads/develop
 ARG GIT_TREE=${APP_GH_REF##*/}
-ARG UPSTREAM_URL="https://github.com/librebooking/librebooking.git#${GIT_TREE}"
-ADD --keep-git-dir=true \
-    ${UPSTREAM_URL} /upstream/
+ARG UPSTREAM_URL="https://github.com/librebooking/librebooking"
 RUN <<EORUN
+mkdir /upstream
+git clone ${UPSTREAM_URL} /upstream
+cd /upstream
+git checkout ${GIT_TREE}
 if [ "${APP_GH_ADD_SHA}" = "true" ]; then
-    cd /upstream
-    git describe --tags --long \
-    | sed -E 's/.*-.(.*)$/\1/' >/upstream/config/version-suffix.txt
+  git describe --tags --long > config/custom-version.txt
 fi
+rm -rf .git
 EORUN
 
 FROM php:${VERSION_PHP}-apache

From 6a86ee7c438d3a81092afbb3028d5642d7cb37d5 Mon Sep 17 00:00:00 2001
From: Robin Alexander <colisee@hotmail>
Date: Sun, 15 Mar 2026 19:25:04 +0100
Subject: [PATCH 7/8] Implement hadolint reccomendations

---
 Dockerfile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 7fa6934..f760dd4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,18 +1,18 @@
 ARG VERSION_PHP=8.3
 ARG VERSION_COMPOSER=lts
+ARG VERSION_GIT=2.52.0
 
 FROM composer:${VERSION_COMPOSER} AS comp
 
 # Get upstream
-FROM alpine/git AS upstream
+FROM alpine/git:${VERSION_GIT} AS upstream
 ARG APP_GH_ADD_SHA=false
 ARG APP_GH_REF=refs/heads/develop
 ARG GIT_TREE=${APP_GH_REF##*/}
 ARG UPSTREAM_URL="https://github.com/librebooking/librebooking"
+WORKDIR /upstream
 RUN <<EORUN
-mkdir /upstream
 git clone ${UPSTREAM_URL} /upstream
-cd /upstream
 git checkout ${GIT_TREE}
 if [ "${APP_GH_ADD_SHA}" = "true" ]; then
   git describe --tags --long > config/custom-version.txt

From ab895e470a6eda71f03d2e4454e29e4206245326 Mon Sep 17 00:00:00 2001
From: Robin Alexander <colisee@hotmail>
Date: Sun, 15 Mar 2026 19:37:35 +0100
Subject: [PATCH 8/8] Make Dockerfile more robust

---
 Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Dockerfile b/Dockerfile
index f760dd4..3fbad93 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,6 +12,7 @@ ARG GIT_TREE=${APP_GH_REF##*/}
 ARG UPSTREAM_URL="https://github.com/librebooking/librebooking"
 WORKDIR /upstream
 RUN <<EORUN
+set -eux
 git clone ${UPSTREAM_URL} /upstream
 git checkout ${GIT_TREE}
 if [ "${APP_GH_ADD_SHA}" = "true" ]; then