# Docker runtime (pinned, reproducible)

Goal: provide a **deterministic-ish** runtime that includes Playwright (browser-based PDF), Poppler, and fonts so
Markdown → HTML → PDF pipelines behave the same in CI and on developer machines.

## What’s included

- Base image: `python:3.12.12-slim-bookworm`
- Renderers: `playwright` (drives a headless browser for PDF)
- QA tools: `poppler-utils` (`pdfinfo`, `pdftotext`, `pdftohtml`)
- Fonts: `fonts-dejavu-core`, `fonts-liberation`, `fonts-noto-core`

The Dockerfile lives at `Dockerfile` and installs pinned Python deps from `requirements.txt`.

## Build

```bash
docker build -t iftypeset:dev .
```

## Run (single document)

```bash
docker run --rm \
  -v "$PWD":/workspace \
  -w /workspace \
  iftypeset:dev \
  iftypeset run --input fixtures/sample.md --out out --profile web_pdf --degraded-ok
```

## Corporate fonts (optional)

To avoid font fallback drift (e.g., when shipping reader-facing PDFs), mount a directory containing `.ttf`/`.otf` files and pass it via `--font-dir`:

```bash
docker run --rm \
  -v "$PWD":/workspace \
  -v "$PWD/fonts":/fonts:ro \
  -w /workspace \
  iftypeset:dev \
  iftypeset run --input fixtures/sample.md --out out --profile audit_report --font-dir /fonts --strict-fonts
```

## Run (directory / multi-doc)

```bash
docker run --rm \
  -v "$PWD":/workspace \
  -w /workspace \
  iftypeset:dev \
  iftypeset run --input fixtures --out out --profile web_pdf --degraded-ok --skip-pdf
```

## Version pinning notes

- The base image tag is pinned to a specific Python + Debian release.
- System package versions are pinned by the Debian snapshot at build time.
- For auditability, run `iftypeset doctor --spec spec --out out` inside the container and
  record `out/doctor.md` with the exact tool versions.

## CI usage (Forgejo)

A manual Forgejo workflow (`.forgejo/workflows/docker-ci.yml`) builds this image and runs
`scripts/ci.sh` inside the container. Trigger it when you want an environment-pinned check.