From 8c55d29bfa68ef6680e128ec35ce4638e8e6c271 Mon Sep 17 00:00:00 2001
From: ismisepaul <ismisepaul@gmail.com>
Date: Thu, 19 Nov 2020 14:27:30 +0000
Subject: [PATCH] Persistence with volumes & multi-stage builds

---
 Dockerfile              | 57 ++++++++++++++++++++++-------------------
 docker-compose.yml      |  7 +++++
 docker/mongo/Dockerfile | 10 +++++---
 docker/mysql/Dockerfile | 38 +++++++++++++++------------
 4 files changed, 67 insertions(+), 45 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 0eca12b9b..cad2b4737 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,47 +1,52 @@
 ARG TOMCAT_DOCKER_VERSION
-FROM tomcat:${TOMCAT_DOCKER_VERSION}
-
-ENV RUN_USER tomcat
 
-RUN apt-get -qq update && apt-get install -y patch
-
-RUN adduser --system --group ${RUN_USER} --home ${CATALINA_HOME}
-RUN chown -R ${RUN_USER}:${RUN_GROUP} $CATALINA_HOME
-USER ${RUN_USER}
 
+FROM docker AS builder
+ARG TLS_KEYSTORE_FILE
+ARG TLS_KEYSTORE_PASS
+ARG ALIAS
+ARG HTTPS_PORT
 ARG DB_DRIVER=org.gjt.mm.mysql.Driver
 ARG DB_SCHEMA=core
-ARG PROPS_MYSQL=/usr/local/tomcat/conf/database.properties
-ARG PROPS_MONGO=/usr/local/tomcat/conf/mongo.properties
-
 ARG MYSQL_USER
 ARG MYSQL_PASS
 ARG MYSQL_URI
-
 ARG MONGO_HOST
 ARG MONGO_PORT
 ARG MONGO_CONN_TIMEOUT
 ARG MONGO_SOCK_TIMEOUT
 ARG MONGO_SVR_TIMEOUT
 
-ARG TLS_KEYSTORE_FILE
-ARG TLS_KEYSTORE_PASS
-ARG ALIAS
-ARG HTTPS_PORT
+USER root
+WORKDIR /workdir
 
-RUN printf "databaseConnectionURL=$MYSQL_URI/\nDriverType=$DB_DRIVER\ndatabaseSchema=$DB_SCHEMA\ndatabaseUsername=$MYSQL_USER\ndatabasePassword=$MYSQL_PASS\ndatabaseOptions=useUnicode=true&character_set_server=utf8mb4\n" >> $PROPS_MYSQL
-RUN printf "connectionHost=$MONGO_HOST\nconnectionPort=$MONGO_PORT\ndatabaseName=shepherdGames\nconnectTimeout=$MONGO_CONN_TIMEOUT\nsocketTimeout=$MONGO_SOCK_TIMEOUT\nserverSelectionTimeout=$MONGO_SVR_TIMEOUT"  >> $PROPS_MONGO
+COPY target/owaspSecurityShepherd.war ROOT.war
+COPY target/docker/tomcat/$TLS_KEYSTORE_FILE $TLS_KEYSTORE_FILE
+COPY docker/tomcat/serverxml.patch serverxml.patch
+COPY docker/tomcat/webxml.patch webxml.patch
 
-RUN rm -rf /usr/local/tomcat/webapps/ROOT
-COPY target/owaspSecurityShepherd.war /usr/local/tomcat/webapps/ROOT.war
-COPY target/docker/tomcat/$TLS_KEYSTORE_FILE /usr/local/tomcat/conf/$TLS_KEYSTORE_FILE
+RUN printf "databaseConnectionURL=$MYSQL_URI/\nDriverType=$DB_DRIVER\ndatabaseSchema=$DB_SCHEMA\ndatabaseUsername=$MYSQL_USER\ndatabasePassword=$MYSQL_PASS\ndatabaseOptions=useUnicode=true&character_set_server=utf8mb4\n" >> database.properties
+RUN printf "connectionHost=$MONGO_HOST\nconnectionPort=$MONGO_PORT\ndatabaseName=shepherdGames\nconnectTimeout=$MONGO_CONN_TIMEOUT\nsocketTimeout=$MONGO_SOCK_TIMEOUT\nserverSelectionTimeout=$MONGO_SVR_TIMEOUT"  >> mongo.properties
+RUN sed -i 's/keystoreFile="conf\/TLS_KEYSTORE_FILE" keystorePass="TLS_KEYSTORE_PASS" keyAlias="ALIAS">/keystoreFile="conf\/'"$TLS_KEYSTORE_FILE"'" keystorePass="'"$TLS_KEYSTORE_PASS"'" keyAlias="'"$ALIAS"'">/g' serverxml.patch &&\
+    sed -i 's/redirectPort="HTTPS_PORT" \/>/redirectPort="'"$HTTPS_PORT"'" \/>/g' serverxml.patch
+
+
+FROM tomcat:${TOMCAT_DOCKER_VERSION}
+COPY --from=builder /workdir/ROOT.war /usr/local/tomcat/webapps/
+COPY --from=builder /workdir/$TLS_KEYSTORE_FILE /usr/local/tomcat/conf/
+COPY --from=builder /workdir/serverxml.patch /usr/local/tomcat/conf/
+COPY --from=builder /workdir/webxml.patch /usr/local/tomcat/conf/
+COPY --from=builder /workdir/database.properties /usr/local/tomcat/conf/
+COPY --from=builder /workdir/mongo.properties /usr/local/tomcat/conf/
 
-COPY docker/tomcat/serverxml.patch /usr/local/tomcat/conf/serverxml.patch
-RUN sed -i 's/keystoreFile="conf\/TLS_KEYSTORE_FILE" keystorePass="TLS_KEYSTORE_PASS" keyAlias="ALIAS">/keystoreFile="conf\/'"$TLS_KEYSTORE_FILE"'" keystorePass="'"$TLS_KEYSTORE_PASS"'" keyAlias="'"$ALIAS"'">/g' /usr/local/tomcat/conf/serverxml.patch &&\
-    sed -i 's/redirectPort="HTTPS_PORT" \/>/redirectPort="'"$HTTPS_PORT"'" \/>/g' /usr/local/tomcat/conf/serverxml.patch &&\
-    patch /usr/local/tomcat/conf/server.xml /usr/local/tomcat/conf/serverxml.patch
+ENV RUN_USER tomcat
+RUN apt-get -qq update && apt-get install -y patch
+RUN adduser --system --group ${RUN_USER} --home ${CATALINA_HOME}
+RUN chown -R ${RUN_USER}:${RUN_GROUP} $CATALINA_HOME
+USER ${RUN_USER}
 
-COPY docker/tomcat/webxml.patch /usr/local/tomcat/conf/webxml.patch
+RUN rm -rf /usr/local/tomcat/webapps/ROOT
+RUN patch /usr/local/tomcat/conf/server.xml /usr/local/tomcat/conf/serverxml.patch
 RUN patch /usr/local/tomcat/conf/web.xml /usr/local/tomcat/conf/webxml.patch
 
 EXPOSE 8080 8443
diff --git a/docker-compose.yml b/docker-compose.yml
index 06599a134..163370c3d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,6 +3,8 @@ services:
   db:
     image: ${IMAGE_MYSQL}
     container_name: ${CONTAINER_MYSQL}
+    volumes:
+    - data:/var/lib/mysql
     env_file:
       - .env
     build:
@@ -25,6 +27,8 @@ services:
   web:
     image: ${IMAGE_TOMCAT}
     container_name: ${CONTAINER_TOMCAT}
+    volumes:
+    - conf:/usr/local/tomcat/conf
     env_file:
       - .env
     build:
@@ -48,3 +52,6 @@ services:
       - $HTTPS_PORT:8443
     depends_on:
       - db
+volumes:
+  data:
+  conf:
diff --git a/docker/mongo/Dockerfile b/docker/mongo/Dockerfile
index cb28c4ea9..d9f70feff 100644
--- a/docker/mongo/Dockerfile
+++ b/docker/mongo/Dockerfile
@@ -1,5 +1,12 @@
 ARG MONGODB_VERSION
+
+FROM docker AS builder
+USER root
+WORKDIR /workdir
+COPY target/moduleSchemas.js moduleSchemas.js
+
 FROM mongo:${MONGODB_VERSION}
+COPY --from=builder /workdir/moduleSchemas.js /docker-entrypoint-initdb.d/
 
 ENV RUN_USER mongodb
 ENV RUN_GROUP mongodb
@@ -8,9 +15,6 @@ RUN chown -R ${RUN_USER}:${RUN_GROUP} "/etc/mongod.conf.orig"
 RUN chown -R ${RUN_USER}:${RUN_GROUP} "/docker-entrypoint-initdb.d"
 
 USER ${RUN_USER}
-
-COPY target/moduleSchemas.js /docker-entrypoint-initdb.d/moduleSchemas.js
-
 RUN sed -i 's/\/\/REMOVE/ /g' /docker-entrypoint-initdb.d/moduleSchemas.js
 
 ENTRYPOINT ["docker-entrypoint.sh"]
diff --git a/docker/mysql/Dockerfile b/docker/mysql/Dockerfile
index 9cf305566..47839eb58 100644
--- a/docker/mysql/Dockerfile
+++ b/docker/mysql/Dockerfile
@@ -1,5 +1,25 @@
 ARG MYSQL_VERSION
+
+FROM docker AS builder
+USER root
+WORKDIR /workdir
+COPY target/coreSchema.sql coreSchema.sql
+COPY target/moduleSchemas.sql moduleSchemas.sql
+RUN { \
+    		echo '[mysqld]'; \
+    		echo 'skip-host-cache'; \
+    		echo 'datadir = /var/lib/mysql'; \
+    		echo '!includedir /etc/mysql/conf.d/'; \
+    	} > my.cnf
+
+
 FROM mysql:${MYSQL_VERSION}
+ARG MYSQL_ROOT_PASSWORD=$MYSQL_PASS
+ARG CONTAINER_TOMCAT
+ARG DOCKER_NETWORK_NAME
+
+COPY --from=builder /workdir/coreSchema.sql /docker-entrypoint-initdb.d/
+COPY --from=builder /workdir/moduleSchemas.sql /docker-entrypoint-initdb.d/
 
 ENV RUN_USER mysql
 ENV RUN_GROUP mysql
@@ -9,23 +29,9 @@ RUN chown -R ${RUN_USER}:${RUN_GROUP} ${MYSQL_HOME}
 RUN chown -R ${RUN_USER}:${RUN_GROUP} "/docker-entrypoint-initdb.d"
 
 USER ${RUN_USER}
-
-ARG MYSQL_ROOT_PASSWORD=$MYSQL_PASS
-ARG CONTAINER_TOMCAT
-ARG DOCKER_NETWORK_NAME
-
-COPY target/coreSchema.sql /docker-entrypoint-initdb.d/coreSchema.sql
-COPY target/moduleSchemas.sql /docker-entrypoint-initdb.d/moduleSchemas.sql
-
 RUN sed -i 's/@'\''localhost'\''/@'\'''%''\''/g' /docker-entrypoint-initdb.d/moduleSchemas.sql
-
-RUN mkdir -p /etc/mysql/conf.d \
-	&& { \
-		echo '[mysqld]'; \
-		echo 'skip-host-cache'; \
-		echo 'datadir = /var/lib/mysql'; \
-		echo '!includedir /etc/mysql/conf.d/'; \
-	} > /etc/mysql/my.cnf
+RUN mkdir -p /etc/mysql/conf.d
+COPY --from=builder /workdir/my.cnf /etc/mysql/
 
 ENTRYPOINT ["docker-entrypoint.sh"]