Update bonita

[baptistemesta]

Update bonita version to 2021.2-u0

[yosifkit]

Unfortunately any multi-stage build that leaves behind intermediate layers is usually a no-go in official images; the early stage just takes space on the build server and since the build is not bit-for-bit reproducible, anytime we have to prune images on our build servers, we lose docker build cache and they can get unnecessarily rebuilt (and pushed). See also our Multi-stage Builds entry in our FAQ.

[passga]

Hello, thanks for your answer. I have a question, actually, in our Dockerfile, we use a layer named "builder " and copy the content of "/opt" to the next definitive layer. What i understood that's what is causing the problem. So i would like to know if is it ok for you, if we release this layer in our https://hub.docker.com/u/bonitasoft, and use it in the DockerFile to build the definitive ( official ) image?

[tianon]

Unfortunately not; https://github.com/docker-library/official-images#repeatability:

No official images can be derived from, or depend on, non-official images

[baptistemesta]

Hello,

We changed the image to use no multi-stage build.
Please tell us if it solves that issue.

Thanks in advance! :)

[tianon]

This is definitely closer, thanks! I think we've still got a cache-ability issue with so much of (otherwise highly-cache-able) RUN lines getting moved down below the (much more volatile) COPY instructions -- can we move the package installations and other static bits back up above the VERSION and COPY lines so we can get better caching back?

[baptistemesta]

Ok, I'll do that. Thank you for the explanation.

[educhastenier]

Hi @tianon @yosifkit Is this better like this?
Thanks for the improvement recommentations.

[yosifkit]

There is still some improvement missing that was is the previous versions of the images. For best cache-ability, volatile Dockerfile instructions like ENV or ARG should generally be as late in the Dockerfile as it can; i.e. defined just before the RUN line that uses it. This ensures that an earlier layer which is unrelated to a Bonita version bump, for example, would not be unnecessarily rebuilt.

[baptistemesta]

We reverted most of the changes back to what they were in 7.12 (2021.1)

We re-pushed most of the ENV and ARG as low as possible. We will be more careful regarding the order of those instructions in the futur.

I hope this time it's ok 🤞

Thank you!

[tianon]

Very close 😅 🙈

I'm concerned about the jattach addition:

+# Install Jattach
+ARG JATTACH_VERSION=v2.0
+RUN curl -fsSL https://github.com/apangin/jattach/releases/download/${JATTACH_VERSION}/jattach -o /usr/bin/jattach \
+  && chmod +x /usr/bin/jattach

Besides downloading this without any verification (:grimacing:), it also appears this is a precompiled C binary that probably only works on amd64? :sweat_smile:

[educhastenier]

Thx for the feedbacks.

Besides downloading this without any verification (:grimacing:), it also appears this is a precompiled C binary that probably only works on amd64?

Jattach only provides one version of the Linux binaries, so it may not work on all architectures, but that's ok to us, as the tool is only here in case there is an issue that need further inverstigations.
We will document this limitation.
Regarding the Hash verification, you are right, we will do that.

BUT ...
in order for this PR to be merged ASAP, we will remove Jattach from this version and will do another PR with it.

Thx for you reactivity.

[github-actions]

Diff for 19565de:

diff --git a/_bashbrew-cat b/_bashbrew-cat
index af59eb2..87ecb2d 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -1,17 +1,15 @@
 Maintainers: Baptiste Mesta <baptiste.mesta@bonitasoft.org> (@baptistemesta), Danila Mazour <danila.mazour@bonitasoft.org> (@danila-m), Emmanuel Duchastenier <emmanuel.duchastenier@bonitasoft.org> (@educhastenier), Pascal Garcia <pascal.garcia@bonitasoft.org> (@passga), Anthony Birembaut <anthony.birembaut@bonitasoft.org> (@abirembaut), Dumitru Corini <dumitru.corini@bonitasoft.org> (@DumitruCorini)
 Architectures: amd64, arm64v8, ppc64le
-
-Tags: 7.10.6, 7.10
-GitRepo: https://github.com/Bonitasoft-Community/docker_bonita.git
-GitCommit: e6f9f1a5e57c35bbd833c9441a639f326dffb7d5
-Directory: 7.10
+GitRepo: https://github.com/bonitasoft/bonita-distrib.git
 
 Tags: 7.11.4, 7.11
-GitRepo: https://github.com/bonitasoft/bonita-distrib.git
 GitCommit: 231024c8290a9aa31a45b758a0765a684c21ed21
 Directory: docker
 
-Tags: 2021.1, 7.12.1, 7.12, latest
-GitRepo: https://github.com/bonitasoft/bonita-distrib.git
+Tags: 2021.1, 7.12.1, 7.12
 GitCommit: c9b816249504017bb3418252bf58ec9d4fc3e86e
 Directory: docker
+
+Tags: 2021.2-u0, 2021.2, 7.13.0, 7.13, latest
+GitCommit: a1d9ee5e31d38958aa553cc7f9d465f1151d902f
+Directory: docker
diff --git a/_bashbrew-list b/_bashbrew-list
index 7bc5651..8dd1507 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -1,8 +1,10 @@
-bonita:7.10
-bonita:7.10.6
 bonita:7.11
 bonita:7.11.4
 bonita:7.12
 bonita:7.12.1
+bonita:7.13
+bonita:7.13.0
 bonita:2021.1
+bonita:2021.2
+bonita:2021.2-u0
 bonita:latest
diff --git a/bonita_7.10/Dockerfile b/bonita_7.10/Dockerfile
deleted file mode 100644
index 678f01b..0000000
diff --git a/bonita_7.10/files/WEB-INF/web.xml b/bonita_7.10/files/WEB-INF/web.xml
deleted file mode 100644
index 7d7d66d..0000000
diff --git a/bonita_7.10/files/config.sh b/bonita_7.10/files/config.sh
deleted file mode 100755
index 828051a..0000000
diff --git a/bonita_7.10/files/logging.properties b/bonita_7.10/files/logging.properties
deleted file mode 100644
index ea55bd3..0000000
diff --git a/bonita_7.10/files/startup.sh b/bonita_7.10/files/startup.sh
deleted file mode 100755
index 06b762b..0000000
diff --git a/bonita_7.10/templates/setenv.sh b/bonita_7.10/templates/setenv.sh
deleted file mode 100755
index b7e8066..0000000
diff --git a/bonita_latest/Dockerfile b/bonita_7.12/Dockerfile
similarity index 100%
copy from bonita_latest/Dockerfile
copy to bonita_7.12/Dockerfile
diff --git a/bonita_latest/files/WEB-INF/web.xml b/bonita_7.12/files/WEB-INF/web.xml
similarity index 100%
rename from bonita_latest/files/WEB-INF/web.xml
rename to bonita_7.12/files/WEB-INF/web.xml
diff --git a/bonita_latest/files/config.sh b/bonita_7.12/files/config.sh
similarity index 100%
copy from bonita_latest/files/config.sh
copy to bonita_7.12/files/config.sh
diff --git a/bonita_7.10/files/functions.sh b/bonita_7.12/files/functions.sh
similarity index 100%
rename from bonita_7.10/files/functions.sh
rename to bonita_7.12/files/functions.sh
diff --git a/bonita_7.11/files/logging.awk b/bonita_7.12/files/logging.awk
similarity index 100%
copy from bonita_7.11/files/logging.awk
copy to bonita_7.12/files/logging.awk
diff --git a/bonita_latest/files/startup.sh b/bonita_7.12/files/startup.sh
similarity index 100%
copy from bonita_latest/files/startup.sh
copy to bonita_7.12/files/startup.sh
diff --git a/bonita_7.10/templates/database.properties b/bonita_7.12/templates/database.properties
similarity index 100%
rename from bonita_7.10/templates/database.properties
rename to bonita_7.12/templates/database.properties
diff --git a/bonita_7.11/templates/setenv.sh b/bonita_7.12/templates/setenv.sh
similarity index 100%
copy from bonita_7.11/templates/setenv.sh
copy to bonita_7.12/templates/setenv.sh
diff --git a/bonita_latest/Dockerfile b/bonita_latest/Dockerfile
index 3c720c3..80d7503 100644
--- a/bonita_latest/Dockerfile
+++ b/bonita_latest/Dockerfile
@@ -2,7 +2,9 @@ FROM ubuntu:18.04
 
 LABEL maintainer="Bonitasoft Runtime team <rd.engine@bonitasoft.com>"
 
-# install packages
+# Execute instructions less likely to change first
+
+# Install packages
 RUN apt-get update && apt-get install -y --no-install-recommends \
       curl \
       gnupg2 \
@@ -19,41 +21,46 @@ RUN mkdir /opt/custom-init.d/
 RUN groupadd -r bonita -g 1000 \
   && useradd -u 1000 -r -g bonita -d /opt/bonita/ -s /sbin/nologin -c "Bonita User" bonita
 
-# grab gosu
-RUN (gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
-  || gpg --keyserver ipv4.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4) \
-  && curl -fsSL "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture)" -o /usr/local/bin/gosu \
-  && curl -fsSL "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture).asc" -o /usr/local/bin/gosu.asc \
+RUN gpg --keyserver keyserver.ubuntu.com --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
+  && curl -fsSL "https://github.com/tianon/gosu/releases/download/1.13/gosu-$(dpkg --print-architecture)" -o /usr/local/bin/gosu \
+  && curl -fsSL "https://github.com/tianon/gosu/releases/download/1.13/gosu-$(dpkg --print-architecture).asc" -o /usr/local/bin/gosu.asc \
   && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
   && rm /usr/local/bin/gosu.asc \
   && chmod +x /usr/local/bin/gosu
 
-# use --build-arg key=value in docker build command to override arguments
+
+# Install Bundle
+
+## ARGS and ENV required to download and unzip the toncat bundle
+## use --build-arg key=value in docker build command to override arguments
 ARG BONITA_VERSION
 ARG BRANDING_VERSION
 ARG BONITA_SHA256
 ARG BASE_URL
 ARG BONITA_URL
 
-ENV BONITA_VERSION ${BONITA_VERSION:-7.12.1}
-ENV BRANDING_VERSION ${BRANDING_VERSION:-2021.1}
-ENV BONITA_SHA256  ${BONITA_SHA256:-5342b18dd7f93bd3b2b64f8587504d0bf324f4f84d4259191b7291ee8f9ec693}
+ENV BONITA_VERSION ${BONITA_VERSION:-7.13.0}
+ENV BRANDING_VERSION ${BRANDING_VERSION:-2021.2-u0}
+ENV BONITA_SHA256  ${BONITA_SHA256:-e4f279765cd729885a4e353d96d1d85c5f69fef63f79183e0ccf3ffaa0cb2417}
 ENV ZIP_FILE BonitaCommunity-${BRANDING_VERSION}.zip
 ENV BASE_URL ${BASE_URL:-https://github.com/bonitasoft/bonita-platform-releases/releases/download}
 ENV BONITA_URL ${BONITA_URL:-${BASE_URL}/${BRANDING_VERSION}/BonitaCommunity-${BRANDING_VERSION}.zip}
-RUN echo "Downloading Bonita from url: ${BONITA_URL}"
 
+## Must copy files first because the bundle is either taken from url or from local /opt/files if present
 RUN mkdir /opt/files
 COPY files /opt/files
 
-# add Bonita archive to the container:
-RUN if [ -f "/opt/files/BonitaCommunity-${BRANDING_VERSION}.zip" ]; then echo "File already present in /opt/files"; else curl -fsSL ${BONITA_URL} -o /opt/files/BonitaCommunity-${BRANDING_VERSION}.zip; fi
+RUN if [ -f "/opt/files/BonitaCommunity-${BRANDING_VERSION}.zip" ]; then echo "File already present in /opt/files"; else curl -fsSL ${BONITA_URL} -o /opt/files/BonitaCommunity-${BRANDING_VERSION}.zip; fi \
+  && sha256sum /opt/files/${ZIP_FILE} \
+  && echo "$BONITA_SHA256" /opt/files/${ZIP_FILE} | sha256sum -c - \
+  && unzip -q /opt/files/BonitaCommunity-${BRANDING_VERSION}.zip -d /opt/bonita/ \
+  && unzip /opt/bonita/BonitaCommunity-${BRANDING_VERSION}/server/webapps/bonita.war -d /opt/bonita/BonitaCommunity-${BRANDING_VERSION}/server/webapps/bonita/ \
+  && rm /opt/bonita/BonitaCommunity-${BRANDING_VERSION}/server/webapps/bonita.war \
+  && rm -f /opt/files/BonitaCommunity-${BRANDING_VERSION}.zip
 
-# display downloaded checksum
-RUN sha256sum /opt/files/${ZIP_FILE}
+# ENV only required at runtime
+ENV HTTP_API false
 
-# check with expected checksum
-RUN echo "$BONITA_SHA256" /opt/files/${ZIP_FILE} | sha256sum -c -
 
 # create Volume to store Bonita files
 VOLUME /opt/bonita
diff --git a/bonita_latest/files/config.sh b/bonita_latest/files/config.sh
index 23a8064..872d68d 100755
--- a/bonita_latest/files/config.sh
+++ b/bonita_latest/files/config.sh
@@ -1,19 +1,18 @@
 #!/bin/bash
-set -x
+
+
 # Path to deploy the Tomcat Bundle
-BONITA_PATH=${BONITA_PATH:-/opt/bonita}
+BONITA_PATH=/opt/bonita
 # Templates directory
-BONITA_TPL=${BONITA_TPL:-/opt/templates}
+BONITA_TPL=/opt/templates
 # Files directory
-BONITA_FILES=${BONITA_FILES:-/opt/files}
+BONITA_FILES=/opt/files
 # Flag to allow or not the SQL queries to automatically check and create the databases
 ENSURE_DB_CHECK_AND_CREATION=${ENSURE_DB_CHECK_AND_CREATION:-true}
 # Java OPTS
 JAVA_OPTS=${JAVA_OPTS:--Xms1024m -Xmx1024m}
 # Flag to enable or not dynamic authorization checking on Bonita REST API
 REST_API_DYN_AUTH_CHECKS=${REST_API_DYN_AUTH_CHECKS:-true}
-# Flag to enable or not Bonita HTTP API
-HTTP_API=${HTTP_API:-false}
 
 # retrieve the db parameters from the container linked
 if [ -n "$POSTGRES_PORT_5432_TCP_PORT" ]
@@ -63,13 +62,10 @@ PLATFORM_PASSWORD=${PLATFORM_PASSWORD:-platform}
 TENANT_LOGIN=${TENANT_LOGIN:-install}
 TENANT_PASSWORD=${TENANT_PASSWORD:-install}
 
-if [ ! -d ${BONITA_PATH}/BonitaCommunity-${BRANDING_VERSION} ]
-then
-  unzip -q ${BONITA_FILES}/BonitaCommunity-${BRANDING_VERSION}.zip -d ${BONITA_PATH}
-fi
 
 if [ "${ENSURE_DB_CHECK_AND_CREATION}" = 'true' ]
 then
+    echo "Creating (if missing) database and users"
 	# load SQL functions
 	. ${BONITA_FILES}/functions.sh
 	case "${DB_VENDOR}" in
@@ -109,12 +105,6 @@ if [ "$REST_API_DYN_AUTH_CHECKS" = 'true' ]
 then
     sed -i -e 's/^#GET|/GET|/' -e 's/^#POST|/POST|/' -e 's/^#PUT|/PUT|/' -e 's/^#DELETE|/DELETE|/' ${BONITA_PATH}/BonitaCommunity-${BRANDING_VERSION}/setup/platform_conf/initial/tenant_template_portal/dynamic-permissions-checks-custom.properties
 fi
-# if required, deactivate HTTP API by updating bonita.war with proper web.xml
-if [ "$HTTP_API" = 'false' ]
-then
-    cd ${BONITA_FILES}/
-    zip ${BONITA_PATH}/BonitaCommunity-${BRANDING_VERSION}/server/webapps/bonita.war WEB-INF/web.xml
-fi
 
 # replace variables
 find ${BONITA_PATH}/BonitaCommunity-${BRANDING_VERSION}/setup/platform_conf/initial -name "*.properties" | xargs -n10 sed -i \
@@ -125,6 +115,7 @@ find ${BONITA_PATH}/BonitaCommunity-${BRANDING_VERSION}/setup/platform_conf/init
     -e 's/^#platformAdminUsername\s*=.*/'"platformAdminUsername=${PLATFORM_LOGIN}"'/' \
     -e 's/^#platformAdminPassword\s*=.*/'"platformAdminPassword=${PLATFORM_PASSWORD}"'/'
 
+echo "Using JAVA_OPTS: ${JAVA_OPTS}"
 sed -i -e 's/{{JAVA_OPTS}}/'"${JAVA_OPTS}"'/' ${BONITA_PATH}/BonitaCommunity-${BRANDING_VERSION}/setup/tomcat-templates/setenv.sh
 
 if [ -n "$JDBC_DRIVER" ]
@@ -137,6 +128,12 @@ then
     fi
 fi
 
+echo "Using DB_VENDOR: ${DB_VENDOR}"
+echo "Using DB_NAME: ${DB_NAME}"
+echo "Using DB_HOST: ${DB_HOST}"
+echo "Using DB_PORT: ${DB_PORT}"
+echo "Using BIZ_DB_NAME: ${BIZ_DB_NAME}"
+
 sed -e 's/{{DB_VENDOR}}/'"${DB_VENDOR}"'/' \
     -e 's/{{DB_USER}}/'"${DB_USER}"'/' \
     -e 's/{{DB_PASS}}/'"${DB_PASS}"'/' \
@@ -154,8 +151,8 @@ mv ${LOGGING_FILE} ${LOGGING_FILE}.original
 awk -f ${BONITA_FILES}/logging.awk ${LOGGING_FILE}.original > ${LOGGING_FILE}
 
 # use the setup tool to initialize and configure Bonita Tomcat bundle
-cd /opt/bonita/BonitaCommunity-${BRANDING_VERSION}
+
 # platform setup tool logging configuration file
 BONITA_SETUP_LOGGING_FILE=${BONITA_SETUP_LOGGING_FILE:-/opt/bonita/BonitaCommunity-${BRANDING_VERSION}/setup/logback.xml}
-echo y | ./setup/setup.sh init -Dlogging.config=${BONITA_SETUP_LOGGING_FILE}
-./setup/setup.sh configure -Dlogging.config=${BONITA_SETUP_LOGGING_FILE}
+./opt/bonita/BonitaCommunity-${BRANDING_VERSION}/setup/setup.sh init -Dh2.noconfirm -Dlogging.config=${BONITA_SETUP_LOGGING_FILE}
+./opt/bonita/BonitaCommunity-${BRANDING_VERSION}/setup/setup.sh configure -Dlogging.config=${BONITA_SETUP_LOGGING_FILE}

[tianon]

You might want to check the package repos -- it's possible jattach is already available there and could just be installed.

[baptistemesta]

You might want to check the package repos -- it's possible jattach is already available there and could just be installed.

We will check that. Thank you for the merge :)
Have a nice day!