add documentation for the ready to use docker image

Studio/README.md

@@ -19,7 +19,21 @@ The purpose of running Hackolade Studio in a Docker container is to operate the
 
 The guide is designed to be understandable even if you've never used Docker before.
 
+## 🎯 Using the Pre-built CLI Image (Recommended)
 
+**Want to skip the build step?** We now provide a ready-to-use Docker image (`hackolade/hck-cli`) that includes Hackolade Studio and all plugins pre-installed. This is the fastest way to get started!
+
+**Benefits:**
+- ✅ No build step required - just pull and use
+- ✅ Simplified data paths (`/data` instead of `/home/hackolade/Documents/...`)
+- ✅ Secure secret management for license keys
+- ✅ Always up-to-date with latest releases
+
+**Get started:** See our [Getting Started Guide for the Pre-built CLI Image](./doc/getting-started-hck-cli.md) for complete instructions.
+
+**When to use the pre-built image vs. building your own:**
+- **Use pre-built image** (`hackolade/hck-cli`) if you want simplicity and all plugins included
+- **Build your own** (instructions below) if you need specific plugin versions or customizations
 
 ## Repository structure
 This repository contains files and instructions for running the [Hackolade Studio](https://hackolade.com) data modeling application, using the base image published on [Docker Hub](https://hub.docker.com/r/hackolade/studio):

Studio/compose.yml

@@ -0,0 +1,111 @@
+#
+# Copyright © 2016-2026 by IntegrIT S.A. dba Hackolade.  All rights reserved.
+#
+# The copyright to the computer software herein is the property of IntegrIT S.A.
+# The software may be used and/or copied only with the written permission of
+# IntegrIT S.A. or in accordance with the terms and conditions stipulated in
+# the agreement/contract under which the software has been supplied.
+#
+
+# This file is an example of how to orchestrate the Hackolade CLI from a docker compose file
+# leveraging our hck-cli docker image from Docker Hub
+# This image contains the Hackolade Studio Release and all of the plugins already installed
+# It's ready to be used.
+#
+# This compose.yml file is specifically designed for the pre-built hackolade/hck-cli image.
+# For complete documentation and usage instructions, see: doc/getting-started-hck-cli.md
+#
+# If you are building your own image using hackolade/studio, use docker-compose.yml instead,
+# which is designed for custom-built images. See doc/getting-started.md for building instructions.
+
+services:
+  # Run a cli command (default to version)
+  # Pay attention to file paths as they must be paths inside the containers
+  # If a file needs to be made available from the host or another container, use the volumes section to mount the file or folders
+  # This compose exposes different manners to provide the License key or LicenseFile.xml for offline validation
+
+  # Example using online License key validation and the key stored in a secret file (file path from host) defined in the secrets section:
+  #
+  # docker compose run -t --rm validateKeyOnline
+  # docker compose run -t --rm hck-cli gendoc --format=HTML --model '/data/models/MongoDB/Yelp Challenge dataset.hck.json' --doc /data/output/doc-test --jsonSchema
+  hck-cli: &hck-cli
+    image: hackolade/hck-cli:8.9.2
+    command: ["version"]
+    restart: 'no'
+    # network_mode: 'none'
+    volumes:
+      - hackolade-studio-app-data:/home/hackolade/.config
+      - hackolade-studio-logs:/data/logs
+      - ${PWD}/models:/data/models
+      # - hackolade-studio-options:/data/options
+      - hackolade-studio-output:/data/output
+
+  showComputerIdForOfflineValidation:
+    extends: hck-cli
+    command: ["getComputerId"]
+
+  # validateKeyOfflineFromFile:
+  #   extends: hck-cli
+  #   network_mode: 'none'
+  #   command:
+  #     - validateKey
+  #     - --file
+  #     - /data/LicenseFile.xml
+  #   volumes:
+  #     - $HOME/Downloads/LicenseFile.xml:/data/LicenseFile.xml
+
+  # validateKeyOnlineFromFile:
+  #   extends: hck-cli
+  #   command:
+  #     - validateKey
+  #     - --key
+  #     - /data/license-key.txt
+  #   volumes:
+  #     - $HOME/Downloads/license-key.txt:/data/license-key.txt
+
+
+  validateKeyOffline:
+    extends: hck-cli
+    network_mode: 'none'
+    command: ["validateKey"]
+    secrets:
+      - license_file
+
+  validateKeyOnline:
+    extends: hck-cli
+    command: ["validateKey"]
+    network_mode: host
+    secrets:
+      - license_key
+
+  installCustomCertificates:
+    image:  hackolade/hck-cli:8.9.2
+    entrypoint: [ "bash", "-c" ]
+    command: ['update-ca-certificates']
+    restart: 'no'
+    # calling update-ca-certificates can only be done by root and will generate
+    # a new ca-certificates.crt file that will bundle all installed certificates
+    # in /etc/ssl/certs
+    user: root
+    volumes:
+      - installed-tls-certificates:/etc/ssl/certs
+      # - ./custom-certificate.crt:/etc/ssl/certs/custom-certificate.crt
+      # Bind or inject any other custom certificate into /etc/ssl/certs but without overriding everything!
+
+volumes:
+  # This docker volume is mandatory if you want the licensing to work and be able to use the cli
+  hackolade-studio-app-data:
+  hackolade-studio-logs:
+  # This compose mounts the models folder from the host
+  # hackolade-studio-models:
+  # hackolade-studio-options:
+  hackolade-studio-output:
+  installed-tls-certificates:
+
+secrets: # Don't change the name of the secrets as the cli is looking for them by name with these values by default
+  license_key:
+    # Expects the license key to be put as content of the file path defined in the file variable
+    file: ${HOME}/Downloads/license-key.txt
+  license_file:
+  # Expects the license file to be put as content of the file path defined in the file variable
+    file: ${HOME}/Downloads/LicenseFile.xml

Studio/doc/custom-certificates.md

@@ -0,0 +1,147 @@
+# Installing Custom TLS Certificates in Containers
+
+When working with Hackolade CLI in Docker containers, you may need to install custom TLS certificates to establish secure connections to internal services or systems that use self-signed certificates or certificates from private Certificate Authorities (CAs).
+
+## Overview
+
+The `compose.yml` file includes an `installCustomCertificates` service that bundles custom certificates into a Docker volume. Mount this volume (or extract the bundled `ca-certificates.crt` file) into any service where you want to run `hck-cli` commands that need to trust these certificates.
+
+## Quick Start
+
+### Step 1: Configure and Run Certificate Installation
+
+1. **Prepare your certificate files** in a directory (e.g., `./certificates/`)
+
+2. **Update `compose.yml`** to bind mount your certificates into the `installCustomCertificates` service:
+
+```yaml
+installCustomCertificates:
+  image: hackolade/hck-cli:8.9.2
+  entrypoint: [ "bash", "-c" ]
+  command: ['update-ca-certificates']
+  restart: 'no'
+  user: root
+  volumes:
+    - installed-tls-certificates:/etc/ssl/certs
+    # Bind mount your custom certificate(s) into /etc/ssl/certs
+    - ./certificates/custom-certificate.crt:/etc/ssl/certs/custom-certificate.crt:ro
+    # Add more certificates as needed
+```
+
+**Important:** Mount individual certificate files (not the entire directory) with unique filenames.
+
+3. **Run the installation**:
+
+```bash
+docker compose run --rm installCustomCertificates
+```
+
+### Step 2: Use Certificates in hck-cli Services
+
+You have two options:
+
+#### Option A: Mount the Volume (Recommended)
+
+Mount the `installed-tls-certificates` volume in your service:
+
+```yaml
+services:
+  hck-cli:
+    image: hackolade/hck-cli:8.9.2
+    volumes:
+      - hackolade-studio-app-data:/home/hackolade/.config
+      - hackolade-studio-logs:/data/logs
+      - ${PWD}/models:/data/models
+      - hackolade-studio-output:/data/output
+      - installed-tls-certificates:/etc/ssl/certs:ro  # Add this line
+```
+
+#### Option B: Bind Mount Only ca-certificates.crt
+
+Extract the bundled certificate file and bind mount it:
+
+1. **Extract the file**:
+```bash
+docker run --rm \
+  -v installed-tls-certificates:/source:ro \
+  -v ${PWD}/certificates:/output \
+  --entrypoint cp \
+  hackolade/hck-cli:8.9.2 \
+  /source/ca-certificates.crt /output/ca-certificates.crt
+```
+
+2. **Bind mount it** in your service:
+```yaml
+services:
+  hck-cli:
+    image: hackolade/hck-cli:8.9.2
+    volumes:
+      - hackolade-studio-app-data:/home/hackolade/.config
+      - hackolade-studio-logs:/data/logs
+      - ${PWD}/models:/data/models
+      - hackolade-studio-output:/data/output
+      - ./certificates/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro  # Add this line
+```
+
+## Complete Example
+
+```yaml
+services:
+  installCustomCertificates:
+    image: hackolade/hck-cli:8.9.2
+    entrypoint: [ "bash", "-c" ]
+    command: ['update-ca-certificates']
+    restart: 'no'
+    user: root
+    volumes:
+      - installed-tls-certificates:/etc/ssl/certs
+      - ./certificates/internal-ca.crt:/etc/ssl/certs/internal-ca.crt:ro
+
+  hck-cli:
+    image: hackolade/hck-cli:8.9.2
+    command: ["version"]
+    restart: 'no'
+    volumes:
+      - hackolade-studio-app-data:/home/hackolade/.config
+      - hackolade-studio-logs:/data/logs
+      - ${PWD}/models:/data/models
+      - hackolade-studio-output:/data/output
+      - installed-tls-certificates:/etc/ssl/certs:ro
+
+volumes:
+  hackolade-studio-app-data:
+  hackolade-studio-logs:
+  hackolade-studio-output:
+  installed-tls-certificates:
+```
+
+**Usage:**
+```bash
+# Install certificates (run once)
+docker compose run --rm installCustomCertificates
+
+# Run hck-cli commands
+docker compose run --rm hck-cli genDoc --format=HTML --model '/data/models/model.hck.json' --doc /data/output/doc
+```
+
+## Updating Certificates
+
+1. Add or replace certificate files in your certificates directory
+2. Update the `installCustomCertificates` service in `compose.yml` to include new certificate bind mounts
+3. Re-run: `docker compose run --rm installCustomCertificates`
+
+**If using Option B (bind mount):** After re-running, extract the updated `ca-certificates.crt` file again using the extraction command from Step 2.
+
+## Troubleshooting
+
+**Certificates not trusted:**
+- Verify the volume/file is mounted: `docker compose run --rm hck-cli ls -la /etc/ssl/certs/ca-certificates.crt`
+- Re-run the installation: `docker compose run --rm installCustomCertificates`
+
+**Certificate format:**
+- Use PEM format (files should start with `-----BEGIN CERTIFICATE-----`)
+- Each file should contain a single certificate (not a chain)
+
+## Related Documentation
+
+- [Getting Started with hck-cli](./getting-started-hck-cli.md) - Main guide for using the Hackolade CLI Docker image