sw360 docker-compose update

Dockerfile

@@ -117,23 +117,35 @@ RUN --mount=type=tmpfs,target=/build \
     && rm -rf /deps
 
 #--------------------------------------------------------------------------------------------------
-# Base container
+# Runtime image
 # We need use JDK, JRE is not enough as Liferay do runtime changes and require javac
-FROM eclipse-temurin:11-jdk-focal as imagebase
+FROM eclipse-temurin:11-jdk-focal
 
 WORKDIR /app/
 
 ARG LIFERAY_SOURCE="liferay-ce-portal-tomcat-7.3.4-ga5-20200811154319029.tar.gz"
 
+ENV LANG=en_US.UTF-8
+ENV LANGUAGE=en_US:en
+ENV LC_ALL=en_US.UTF-8
+
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     --mount=type=cache,target=/var/lib/apt,sharing=locked \
     apt-get update \
     && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
     ca-certificates \
+    curl \
     gnupg2 \
+    iproute2 \
+    iputils-ping \
+    libarchive-tools \
+    locales \
     lsof \
+    netbase \
     openssh-client \
+    openssl \
     tzdata \
+    sudo \
     vim \
     unzip \
     zip \
@@ -146,40 +158,50 @@ COPY --from=thriftbuild /thrift-bin.tar.gz .
 RUN tar xzf thrift-bin.tar.gz -C / \
     && rm thrift-bin.tar.gz
 
+ENV LIFERAY_HOME=/app/sw360
+ENV LIFERAY_INSTALL=/app/sw360
+
+ARG USERNAME=sw360
+ARG USER_ID=1000
+ARG USER_GID=$USER_ID
+ARG HOMEDIR=/workspace
+ENV HOME=$HOMEDIR
+
 # Prepare system for non-priv user
-RUN groupadd --gid 1000 sw360 \
-    && useradd --uid 1000 --gid sw360 --shell /bin/bash --home-dir /workspace --create-home sw360
+RUN groupadd --gid $USER_GID $USERNAME \
+    && useradd \
+    --uid $USER_ID \
+    --gid $USER_GID \
+    --shell /bin/bash \
+    --home-dir $HOMEDIR \
+    --create-home $USERNAME
+
+# sudo support
+RUN echo "$USERNAME ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/$USERNAME \
+    && chmod 0440 /etc/sudoers.d/$USERNAME
 
 # Unpack liferay as sw360 and link current tomcat version
 # to tomcat to make future proof updates
 RUN mkdir sw360 \
-    && tar xzf /deps/$LIFERAY_SOURCE -C sw360 --strip-components=1 \
+    && tar xzf /deps/$LIFERAY_SOURCE -C $USERNAME --strip-components=1 \
     && cp /deps/jars/* sw360/deploy \ 
-    && chown -R sw360:sw360 sw360 \
+    && chown -R $USERNAME:$USERNAME sw360 \
     && ln -s /app/sw360/tomcat-* /app/sw360/tomcat \
     && rm -rf /deps
 
-#--------------------------------------------------------------------------------------------------
-# SW360 Final image
-
-FROM imagebase
-
-ENV LIFERAY_HOME=/app/sw360
-ENV LIFERAY_INSTALL=/app/sw360
-
-COPY --chown=sw360:sw360 --from=sw360build /sw360_deploy/* /app/sw360/deploy
-COPY --chown=sw360:sw360 --from=sw360build /sw360_tomcat_webapps/* /app/sw360/tomcat/webapps/
-COPY --chown=sw360:sw360 --from=clucenebuild /couchdb-lucene.war /app/sw360/tomcat/webapps/
+COPY --chown=$USERNAME:$USERNAME --from=sw360build /sw360_deploy/* /app/sw360/deploy
+COPY --chown=$USERNAME:$USERNAME --from=sw360build /sw360_tomcat_webapps/* /app/sw360/tomcat/webapps/
+COPY --chown=$USERNAME:$USERNAME --from=clucenebuild /couchdb-lucene.war /app/sw360/tomcat/webapps/
 
 # Copy tomcat base files
-COPY --chown=sw360:sw360 ./scripts/docker-config/setenv.sh /app/sw360/tomcat/bin
+COPY --chown=$USERNAME:$USERNAME ./scripts/docker-config/setenv.sh /app/sw360/tomcat/bin
 
 # Copy liferay/sw360 config files
-COPY --chown=sw360:sw360 ./scripts/docker-config/portal-ext.properties /app/sw360/portal-ext.properties
-COPY --chown=sw360:sw360 ./scripts/docker-config/etc_sw360 /etc/sw360
-COPY --chown=sw360:sw360 ./scripts/docker-config/entry_point.sh /app/entry_point.sh
+COPY --chown=$USERNAME:$USERNAME ./scripts/docker-config/portal-ext.properties /app/sw360/portal-ext.properties
+COPY --chown=$USERNAME:$USERNAME ./scripts/docker-config/etc_sw360 /etc/sw360
+COPY --chown=$USERNAME:$USERNAME ./scripts/docker-config/entry_point.sh /app/entry_point.sh
 
-USER sw360
+USER $USERNAME
 
 STOPSIGNAL SIGINT
 

README_DOCKER.md

@@ -25,45 +25,54 @@
     The script will download all dependencies in the deps folder.
 
     Docker compose for sw360 are configured with default entries on docker-compose.yml.
-    The default sample environment file is under `scripts/docker-config/default.docker.env`
-
-    The config file looks like this:
+
+    The config entries that can be modifiled:
 
     ```ini
-    # scripts/docker-config/default.docker.env
+    # Postgres
     POSTGRES_USER=liferay
     POSTGRES_PASSWORD=liferay
     POSTGRES_DB=lportal
+    # Couchdb
     COUCHDB_USER=admin
     COUCHDB_PASSWORD=password
     COUCHDB_CREATE_DATABASE=yes
-    SW360_DATA=./data/sw360
     ```
 
-    By default, data for postgres, couchdb and sw360 document will be persisted under `data` on current directory. 
+    By default couchdb, postgres and sw360 have their own storage volumes:
 
-    If you want to override all configs, copy `scripts/docker-config/default.docker.env` to project root as `.env` file and alter for your needs.
+    **Postgres**
+    ```yml
+    - postgres:/var/lib/postgresql/data/
+    ```
 
-    Then just rebuild the project with -env_file option
+    **CouchDB**
+    ```yml
+    - couchdb:/opt/couchdb/data
+    ```
 
-* Proxy setup
+    **sw360**
+    ```yml
+    - etc:/etc/sw360
+    - webapps:/app/sw360/tomcat/webapps
+    - document_library:/app/sw360/data/document_library
+    ```
+    There's a local mounted as binded dir volume to add customizations
+    ```yml
+    - ./config:/app/sw360/config
+    ```
 
-    To build under proxy system, add this options on your custom env file:
+    If you want to override all configs, create a docker env file  and alter for your needs.
 
-    ```ini
-    PROXY_ENABLED=true
-    PROXY_HTTP_HOST=<your_http_proxy_ip>
-    PROXY_HTTPS_HOST=<your_https_proxy_ip>
-    PROXY_PORT=<your_port>
-    ```
+    Then just rebuild the project with **-env_file** option
 
-### Fossology
 
-If you want to add Fossology in the mix, add FOSSOLOGY=1 on the build:
+## Networking
+
+This composed image runs unde a single ndefault network, called **sw360net**
+
+So any external docker image can connect to internal couchdb or postgresql through this network
 
-```sh
-FOSSOLOGY=1 ./docker_build.sh
-```
 
 ## Running the image
 
@@ -73,16 +82,10 @@ FOSSOLOGY=1 ./docker_build.sh
     docker-compose up
     ```
 
-    or with fossology ( see above build instructions )
-
-    ```sh
-    docker-compose -f docker-compose.yml -f fossology-docker-compose.yml up
-    ```
-
 * With custom env file
 
     ```sh
-    docker-compose --env-file <myenvfile> up
+    docker-compose --env-file <envfile> up
     ```
 
     You can add **-d** parameter at end of line to start in daemon mode and see the logs with the following command:
@@ -91,13 +94,47 @@ FOSSOLOGY=1 ./docker_build.sh
     docker logs -f sw360
     ```
 
+## Fossology
+For docker based approach, is recommended use official [Fossology docker image](https://hub.docker.com/r/fossology/fossology/)
+
+This is the steps to quick perform this:
+
+```sh
+# Create Fossology database on internal postgres
+docker exec -it sw360_postgresdb_1 createdb -U liferay -W fossology
+
+# Start Fossology container connected to sw360 env
+docker run \
+    --network sw360net \
+    -p 8081:80 \
+    -name fossology \
+    -e FOSSOLOGY_DB_HOST=postgresdb \
+    -e FOSSOLOGY_DB_USER=liferay \
+    -e FOSSOLOGY_DB_PASSWORD=liferay \
+    -d fossology/fossology
+```
+
+This will pull/start the fossology container and made it available on the host machine at port 8081
+
+### Configure Fossology
+
+* **On Fossology**
+  * Login on Fossology
+  * Create an API token for the user intended to be used
+* **On sw360**
+  * Go to fossology admin config
+  * Add the host, will be something like: `http(s)://<hostname>:8081/repo/api/v1/`
+  * Add the id of folder. The default id is **1** (Software Repository). You can get the ID of the folder you want from the folder URL in FOssology
+  * Add your obtained Token from Fossology
+
+
 ## Configurations
 
-By default, docker image of SW360 runs without internal web server and is assigned to be SSL as default. This is configured on *portal-ext.properties*
+By default, docker image of sw360 runs without internal web server and is assigned to be on port 8080. This is configured on *portal-ext.properties*
 
 Here's some extra configurations that can be useful to fix some details.
 
-## Customize portal-ext
+### Customize portal-ext
 
 The config file __portal-ext.properties__ overrides a second file that can be created to add a custom configuration with all data related to your necessities.
 
@@ -113,20 +150,35 @@ cat "company.default.name=MYCOMPANY" > config/sw360-portal-ext.properties
 
 Docker compose with treat config as a bind volume dir and will expose to application.
 
-### CSS layout looks wrong
 
-If you do not use an external web server with redirection ( see below ), you may find the main CSS theme scrambled ( not properly loaded )
+### Make **HTTPS** default
+
+Modify the following line on your custom __portal-sw360.properties__ to https:
+
+```ini
+web.server.protocol=https
+```
+
+### CSS layout looks wrong or using non standard ports
+
+If you do not use an external web server with redirection ( see below ), you may find the main CSS theme scrambled ( not properly loaded ) or you are using a different port
 
 This happens because current Liferay used version try to access the theme using only canonical hostname, without the port assigned, so leading to an invalid CSS url.
 
-To fix, you will need to change *portal-ext.properties* in data directory ( or your assigned data directory ) with the following extra value:
+To fix, you will need to change __portal-sw360.properties__ ( as described above ) with the following extra values:
 
 ```ini
-web.server.host=<your ip/host of docker>:<port>
+# For different hostname redirection
+web.server.host=<your ip/host of docker>
+# For HTTP non standard 80 port
+web.server.http.port=<your_http_port>
+# For HTTPS non standard 443 port
+web.server.https.port=<your_https_port>
 ```
 
 This will tell liferay where is your real host instead of trying to guess the wrong host.
 
+
 ### Nginx config for reverse proxy and X-Frame issues on on host machine ( not docker )
 
 For nginx, assuming you are using default config for your sw360, this is a simple configuration for root web server under Ubuntu.
@@ -147,13 +199,6 @@ For nginx, assuming you are using default config for your sw360, this is a simpl
 
 ***WARNING*** - X-frame is enabled wide open for development purposes. If you intend to use the above config in production, remember to properly secure the web server.
 
-### Make https only **port 443** default
-
-Modify the following line on your custom __portal-sw360.properties__ to https:
-
-```ini
-web.server.protocol=https
-```
 
 ### Liferay Redirects
 

docker-compose.yml

@@ -30,8 +30,9 @@ services:
       - webapps:/app/sw360/tomcat/webapps
       - document_library:/app/sw360/data/document_library
       - ./config:/app/sw360/config
+
   postgresdb:
-    image: 'postgres:13'
+    image: 'postgres:14'
     restart: unless-stopped
     environment:
       - POSTGRES_USER=liferay
@@ -58,8 +59,12 @@ services:
       - couchdb:/opt/couchdb/data
 
 volumes:
-  postgres:
-  couchdb:
-  etc:
-  webapps:
-  document_library:
+  postgres: null
+  couchdb: null
+  etc: null
+  webapps: null
+  document_library: null
+
+networks:
+  default:
+    name: sw360net

docker_build.sh

@@ -1,4 +1,4 @@
-#!/bin/bash -x
+#!/bin/bash
 
 # -----------------------------------------------------------------------------
 # Copyright BMW CarIT GmbH 2021
@@ -27,13 +27,28 @@ COMPOSE_DOCKER_CLI_BUILD=1
 DOCKER_BUILDKIT=1
 export DOCKER_BUILDKIT COMPOSE_DOCKER_CLI_BUILD
 
-[ -n "$FOSSOLOGY" ] && extra_args="-f $GIT_ROOT/fossology-docker-compose.yml"
-[ -n "$VERBOSE" ] && docker_verbose="--progress=plain"
+usage() {
+    echo "Usage:"
+    echo "-v Verbose build"
+    exit 0;
+}
+
+while getopts "hv" arg; do
+    case $arg in
+        h)
+            usage
+            ;;
+        v)
+            docker_verbose="--progress=plain"
+            ;;
+        *)
+            ;;
+    esac
+done
 
 #shellcheck disable=SC2086
 docker-compose \
     --file "$GIT_ROOT"/docker-compose.yml \
-    $extra_args \
     build \
     --build-arg BUILDKIT_INLINE_CACHE=1 \
     $docker_verbose \