DEVOPS-1776 Dockerize tomcat

Dockerfile

@@ -1,18 +1,22 @@
-FROM tomee:8.0.15-jre17-webprofile
+FROM maven:3-openjdk-17-slim AS build
+RUN apt update \
+  && apt upgrade -y \
+  && curl -fsSL https://deb.nodesource.com/setup_14.x | bash - \
+  && apt install -y git nodejs \
+  && rm -rf /var/lib/apt/lists/*
 
-RUN \
-  rm -rf /usr/local/tomee/webapps/ROOT && \
-  echo "fias.enable=false" >> /usr/local/tomee/conf/catalina.properties && \
-  echo "webbpm.jbpm.hibernate_statistics.enabled=false" >> /usr/local/tomee/conf/catalina.properties && \
-  echo "webbpm.mode=production" >> /usr/local/tomee/conf/catalina.properties && \
-  echo "authentication.method=form" >> /usr/local/tomee/conf/catalina.properties && \
-  echo "webbpm.cache.hazelcast.hosts=127.0.0.1" >> /usr/local/tomee/conf/catalina.properties && \
-  echo "webbpm.cache.hazelcast.outbound_port_definitions=5801-5820" >> /usr/local/tomee/conf/catalina.properties && \
-  echo "gar.enable=false" >> /usr/local/tomee/conf/catalina.properties && \
-  echo "reset_password.mail.template.path=mail/reset_password.html" >> /usr/local/tomee/conf/catalina.properties && \
-  echo "security.password.regex=^(?=.*[a-zA-Z])(?=.*[0-9])[a-zA-Z0-9]+$" >> /usr/local/tomee/conf/catalina.properties && \
-  echo "bpmn.enable=false" >> /usr/local/tomee/conf/catalina.properties
-COPY config/context.xml /usr/local/tomee/conf/
-#COPY config/tomcat-users.xml /usr/local/tomee/conf/
-COPY frontend/dist/ /usr/local/tomee/webapps/ROOT
-COPY backend/target/*.war /usr/local/tomee/webapps/dashboard.war
+WORKDIR /app
+COPY ../ .
+RUN mvn clean && mvn package -T4C
+
+FROM tomee:8.0.15-jre17-webprofile
+ARG ADMIN_PASSWORD=Secr3t
+
+COPY config/tomcat/tomee /usr/local/tomee
+
+RUN rm -rf /usr/local/tomee/webapps/ROOT \
+ && cat /usr/local/tomee/conf/webbpm.properties >> /usr/local/tomee/conf/catalina.properties \
+ && sed -i -r "s/<must-be-changed>/$ADMIN_PASSWORD/g" /usr/local/tomee/conf/tomcat-users.xml
+
+COPY --from=build /app/frontend/target/frontend*.war /usr/local/tomee/webapps/ROOT.war
+COPY --from=build /app/backend/target/dashboard*.war /usr/local/tomee/webapps/dashboard.war

config/docker-compose.tomcat.yaml

@@ -0,0 +1,31 @@
+version: "3"
+services:
+  db:
+    image: postgres:15-bullseye
+    volumes:
+      - ./config/create-databases.sh:/docker-entrypoint-initdb.d/create-databases.sh
+    command:
+      - "--max_prepared_transactions=100"
+    ports:
+      - 5432
+    environment:
+      - WILDFLY_DATABASES=security:security_user:secpassword,jbpm:jbpm:jbpmpassword
+      - POSTGRES_PASSWORD=supersecretpassword
+    labels:
+      - "tmp=true"
+
+  webbpm-app:
+    build:
+      context: ./..
+      dockerfile: Dockerfile
+    depends_on:
+      - db
+    ports:
+      - 9990
+      - 8080
+      - 8787
+      - 12345
+    env_file:
+      - testing.env
+    labels:
+      - "tmp=true"

config/tomcat/tomee/bin/setenv.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+#export JAVA_OPTS="$JAVA_OPTS \
+# -Ddb.app.host=${DB_APP_HOST:-10.10.31.119} \
+# -Ddb.app.port=${DB_APP_PORT:-5432} \
+# -Ddb.app.name=${DB_APP_NAME:-ervu-dashboard} \
+# -Ddb.app.username=${DB_APP_USERNAME:-ervu-dashboard} \
+# -Ddb.app.password=${DB_APP_PASSWORD:-ervu-dashboard} \
+#"
+
+export JAVA_OPTS="$JAVA_OPTS \
+ -Ddb.app.host=${DB_APP_HOST:-db} \
+ -Ddb.app.port=${DB_APP_PORT:-5432} \
+ -Ddb.app.name=${DB_APP_NAME:-app} \
+ -Ddb.app.username=${DB_APP_USERNAME:-app_user} \
+ -Ddb.app.password=${DB_APP_PASSWORD:-apppassword} \
+"

config/tomcat/tomee/conf/context.xml

@@ -31,6 +31,6 @@
 
     <Resource name="java:/webbpm/AppDS" auth="Container"
           type="javax.sql.DataSource" driverClassName="org.postgresql.Driver"
-          url="jdbc:postgresql://10.10.31.119:5432/ervu-dashboard"
-          username="ervu-dashboard" password="ervu-dashboard" maxTotal="20" maxIdle="10" maxWaitMillis="-1"/>
+          url="jdbc:postgresql://${db.app.host}:${db.app.port}/${db.app.name}"
+          username="${db.app.username}" password="${db.app.password}" maxTotal="20" maxIdle="10" maxWaitMillis="-1"/>
 </Context>

config/tomcat/tomee/conf/tomcat-users.xml

@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<tomcat-users xmlns="http://tomcat.apache.org/xml"
+              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
+              version="1.0">
+<!--
+  By default, no user is included in the "manager-gui" role required
+  to operate the "/manager/html" web application.  If you wish to use this app,
+  you must define such a user - the username and password are arbitrary.
+
+  Built-in Tomcat manager roles:
+    - manager-gui    - allows access to the HTML GUI and the status pages
+    - manager-script - allows access to the HTTP API and the status pages
+    - manager-jmx    - allows access to the JMX proxy and the status pages
+    - manager-status - allows access to the status pages only
+
+  The users below are wrapped in a comment and are therefore ignored. If you
+  wish to configure one or more of these users for use with the manager web
+  application, do not forget to remove the <!.. ..> that surrounds them. You
+  will also need to set the passwords to something appropriate.
+-->
+  <user username="admin" password="<must-be-changed>" roles="manager-gui"/>
+</tomcat-users>

config/tomcat/tomee/conf/webbpm.properties

@@ -0,0 +1,15 @@
+# WebBPM properties
+
+authentication.method=form
+
+bpmn.enable=false
+fias.enable=false
+gar.enable=false
+
+reset_password.mail.template.path=mail/reset_password.html
+security.password.regex=^(?=.*[a-zA-Z])(?=.*[0-9])[a-zA-Z0-9]+$
+
+webbpm.mode=production
+webbpm.jbpm.hibernate_statistics.enabled=false
+webbpm.cache.hazelcast.hosts=127.0.0.1
+webbpm.cache.hazelcast.outbound_port_definitions=5801-5820

config/tomcat/tomee/webapps/manager/META-INF/context.xml

@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<Context antiResourceLocking="false" privileged="true" >
+  <CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor"
+                   sameSiteCookies="strict" />
+<!--
+  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+         allow="d+\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
+-->
+  <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
+</Context>