Merge pull request #11102 from tdonohue/port_11099_to_9x

[Port dspace-9_x] [Docker] Remove all usages/references to 'pgcrypto'. Use official Postgres image in Docker install.

.dockerignore

@@ -4,7 +4,6 @@
 */target/
 dspace/modules/*/target/
 Dockerfile.*
-dspace/src/main/docker/dspace-postgres-pgcrypto
-dspace/src/main/docker/dspace-postgres-pgcrypto-curl
+dspace/src/main/docker/dspace-postgres-loadsql
 dspace/src/main/docker/README.md
 dspace/src/main/docker-compose/

.github/workflows/docker.yml

@@ -113,39 +113,19 @@ jobs:
       REDEPLOY_SANDBOX_URL: ${{ secrets.REDEPLOY_SANDBOX_SOLR_URL }}
       REDEPLOY_DEMO_URL: ${{ secrets.REDEPLOY_DEMO_SOLR_URL }}
 
-  ###########################################################
-  # Build/Push the 'dspace/dspace-postgres-pgcrypto' image
-  ###########################################################
-  dspace-postgres-pgcrypto:
+  ########################################################
+  # Build/Push the 'dspace/dspace-postgres-loadsql' image
+  ########################################################
+  dspace-postgres-loadsql:
     # Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace'
     if: github.repository == 'dspace/dspace'
     uses: ./.github/workflows/reusable-docker-build.yml
     with:
-      build_id: dspace-postgres-pgcrypto-prod
-      image_name: dspace/dspace-postgres-pgcrypto
-      # Must build out of subdirectory to have access to install script for pgcrypto.
+      build_id: dspace-postgres-loadsql
+      image_name: dspace/dspace-postgres-loadsql
+      # Must build out of subdirectory to have access to install script.
       # NOTE: this context will build the image based on the Dockerfile in the specified directory
-      dockerfile_context: ./dspace/src/main/docker/dspace-postgres-pgcrypto/
-    secrets:
-      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
-      DOCKER_ACCESS_TOKEN: ${{ secrets.DOCKER_ACCESS_TOKEN }}
-
-  ########################################################################
-  # Build/Push the 'dspace/dspace-postgres-pgcrypto' image (-loadsql tag)
-  ########################################################################
-  dspace-postgres-pgcrypto-loadsql:
-    # Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace'
-    if: github.repository == 'dspace/dspace'
-    uses: ./.github/workflows/reusable-docker-build.yml
-    with:
-      build_id: dspace-postgres-pgcrypto-loadsql
-      image_name: dspace/dspace-postgres-pgcrypto
-      # Must build out of subdirectory to have access to install script for pgcrypto.
-      # NOTE: this context will build the image based on the Dockerfile in the specified directory
-      dockerfile_context: ./dspace/src/main/docker/dspace-postgres-pgcrypto-curl/
-      # Suffix all tags with "-loadsql". Otherwise, it uses the same
-      # tagging logic as the primary 'dspace/dspace-postgres-pgcrypto' image above.
-      tags_flavor: suffix=-loadsql
+      dockerfile_context: ./dspace/src/main/docker/dspace-postgres-loadsql/
     secrets:
       DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
       DOCKER_ACCESS_TOKEN: ${{ secrets.DOCKER_ACCESS_TOKEN }}
@@ -158,7 +138,7 @@ jobs:
     if: github.repository == 'dspace/dspace'
     runs-on: ubuntu-latest
     # Must run after all major images are built
-    needs: [dspace, dspace-test, dspace-cli, dspace-postgres-pgcrypto, dspace-solr]
+    needs: [dspace, dspace-test, dspace-cli, dspace-solr]
     env:
       # Override defaults dspace.server.url because backend starts at http://127.0.0.1:8080
       dspace__P__server__P__url: http://127.0.0.1:8080/server

docker-compose.yml

@@ -65,13 +65,12 @@ services:
   # DSpace PostgreSQL database container
   dspacedb:
     container_name: dspacedb
-    # Uses a custom Postgres image with pgcrypto installed
-    image: "${DOCKER_REGISTRY:-docker.io}/${DOCKER_OWNER:-dspace}/dspace-postgres-pgcrypto:${DSPACE_VER:-dspace-9_x}"
-    build:
-      # Must build out of subdirectory to have access to install script for pgcrypto
-      context: ./dspace/src/main/docker/dspace-postgres-pgcrypto/
+    # Uses the base PostgreSQL image
+    image: "docker.io/postgres:${POSTGRES_VERSION:-15}"
     environment:
       PGDATA: /pgdata
+      POSTGRES_DB: dspace
+      POSTGRES_USER: dspace
       POSTGRES_PASSWORD: dspace
     networks:
       dspacenet:

dspace/src/main/docker-compose/README.md

@@ -297,17 +297,8 @@ Here's how to fix those issues by migrating your old Postgres data to the new ve
 1. First, you must start up the older PostgreSQL image (to dump your existing data to a `*.sql` file)
     ```
     # This command assumes you are using the process described above to start all your containers
-    docker compose -p d9 up -d
+    POSTGRES_VERSION=11 docker compose -p d9 up -d
     ```
-    * If you've already accidentally updated to the new PostgreSQL image, you have a few options:
-        * Pull down an older version of the image from Dockerhub (using a tag)
-        * Or, temporarily rebuild your local image with the old version of Postgres. For example:
-          ```
-          # This command will rebuild using PostgreSQL v11 & tag it locally as "latest"
-          docker build --build-arg POSTGRES_VERSION=11 -t dspace/dspace-postgres-pgcrypto:latest ./dspace/src/main/docker/dspace-postgres-pgcrypto/
-          # Then restart container with that image
-          docker compose -p d9 up -d
-          ```
 2. Dump your entire "dspace" database out of the old "dspacedb" container to a local file named `pgdump.sql`
     ```
     # NOTE: WE HIGHLY RECOMMEND LOGGING INTO THE CONTAINER and doing the pg_dump within the container.
@@ -336,7 +327,7 @@ Here's how to fix those issues by migrating your old Postgres data to the new ve
     # Assumes you are using `-p d9` which prefixes all volumes with `d9_`
     docker volume rm d9_pgdata
     ```
-5. Now, pull down the latest PostgreSQL image with the NEW version of PostgreSQL.
+5. Just for safety, pull down the latest versions of all images
     ```
     docker compose -f docker-compose.yml -f docker-compose-cli.yml pull
     ```

dspace/src/main/docker-compose/db.entities.yml

@@ -8,7 +8,7 @@
 
 services:
   dspacedb:
-    image: dspace/dspace-postgres-pgcrypto:${DSPACE_VER:-dspace-9_x}-loadsql
+    image: dspace/dspace-postgres-loadsql:${DSPACE_VER:-dspace-9_x}
     environment:
       # This SQL is available from https://github.com/DSpace-Labs/AIP-Files/releases/tag/demo-entities-data
       - LOADSQL=https://github.com/DSpace-Labs/AIP-Files/releases/download/demo-entities-data/dspace7-entities-data.sql

dspace/src/main/docker-compose/db.restore.yml

@@ -12,7 +12,7 @@
 # This can be used to restore a "dspacedb" container from a pg_dump, or during upgrade to a new version of PostgreSQL.
 services:
   dspacedb:
-    image: dspace/dspace-postgres-pgcrypto:${DSPACE_VER:-dspace-9_x}-loadsql
+    image: dspace/dspace-postgres-loadsql:${DSPACE_VER:-dspace-9_x}
     environment:
       # Location where the dump SQL file will be available on the running container
       - LOCALSQL=/tmp/pgdump.sql

dspace/src/main/docker/README.md

@@ -75,47 +75,30 @@ Admins to our DockerHub repo can publish with the following command.
 docker push dspace/dspace-cli:latest
 ```
 
-## ./dspace-postgres-pgcrypto/Dockerfile
+## ./dspace-postgres-loadsql/Dockerfile
+
+This is a PostgreSQL Docker image (based off the Official Postgres image) which also contains `curl`.
+The image is pre-configured to load a Postgres database dump on initialization. Therefore, its primarily usage is for
+database restoration from a SQL file dump / backup. It is not necessary to use this image for a DSpace Docker
+installation.
 
-This is a PostgreSQL Docker image containing the `pgcrypto` extension required by DSpace 6+.
 This image is built *automatically* after each commit is made to the `main` branch.
 
 How to build manually:
 ```
-cd dspace/src/main/docker/dspace-postgres-pgcrypto
-docker build -t dspace/dspace-postgres-pgcrypto:latest .
+cd dspace/src/main/docker/dspace-postgres-loadsql
+docker build -t dspace/dspace-postgres-loadsql:latest .
 ```
 
 It is also possible to change the version of PostgreSQL or the PostgreSQL user's password during the build:
 ```
-cd dspace/src/main/docker/dspace-postgres-pgcrypto
-docker build -t dspace/dspace-postgres-pgcrypto:latest --build-arg POSTGRES_VERSION=11 --build-arg POSTGRES_PASSWORD=mypass .
+cd dspace/src/main/docker/dspace-postgres-loadsql
+docker build -t dspace/dspace-postgres-loadsql:latest --build-arg POSTGRES_VERSION=17 --build-arg POSTGRES_PASSWORD=mypass .
 ```
 
 Admins to our DockerHub repo can (manually) publish with the following command.
 ```
-docker push dspace/dspace-postgres-pgcrypto:latest
-```
-
-## ./dspace-postgres-pgcrypto-curl/Dockerfile
-
-This is a PostgreSQL Docker image containing the `pgcrypto` extension required by DSpace 6+.
-This image also contains `curl`.  The image is pre-configured to load a Postgres database dump on initialization.
-
-This image is built *automatically* after each commit is made to the `main` branch.
-
-How to build manually:
-```
-cd dspace/src/main/docker/dspace-postgres-pgcrypto-curl
-docker build -t dspace/dspace-postgres-pgcrypto:latest-loadsql .
-```
-
-Similar to `dspace-postgres-pgcrypto` above, you can also modify the version of PostgreSQL or the PostgreSQL user's password.
-See examples above.
-
-Admins to our DockerHub repo can (manually) publish with the following command.
-```
-docker push dspace/dspace-postgres-pgcrypto:latest-loadsql
+docker push dspace/dspace-postgres-loadsql:latest
 ```
 
 ## ./dspace-shibboleth/Dockerfile

dspace/src/main/docker/dspace-postgres-loadsql/Dockerfile

@@ -6,21 +6,23 @@
 # http://www.dspace.org/license/
 #
 
-# To build for example use:
-# docker build --build-arg POSTGRES_VERSION=13 --build-arg POSTGRES_PASSWORD=mypass ./dspace/src/main/docker/dspace-postgres-pgcrypto-curl/
-# This will be published as dspace/dspace-postgres-pgcrypto:$DSPACE_VERSION-loadsql
+# Example build:
+# docker build --build-arg POSTGRES_VERSION=17 --build-arg POSTGRES_PASSWORD=mypass ./dspace/src/main/docker/dspace-postgres-loadsql/
+# This will be published as dspace/dspace-postgres-loadsql:$DSPACE_VERSION
 
 ARG POSTGRES_VERSION=15
+ARG POSTGRES_DB=dspace
+ARG POSTGRES_USER=dspace
 ARG POSTGRES_PASSWORD=dspace
 
 FROM docker.io/postgres:${POSTGRES_VERSION}
 
-ENV POSTGRES_DB=dspace
-ENV POSTGRES_USER=dspace
+ENV POSTGRES_DB=${POSTGRES_DB}
+ENV POSTGRES_USER=${POSTGRES_USER}
 ENV POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
 
 # Install curl which is necessary to load SQL file
 RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/*
 
 # Load a SQL dump.  Set LOADSQL to a URL for the sql dump file.
-COPY install-pgcrypto.sh /docker-entrypoint-initdb.d/
+COPY loadsql.sh /docker-entrypoint-initdb.d/

dspace/src/main/docker/dspace-postgres-loadsql/loadsql.sh

@@ -34,16 +34,3 @@ then
 
   touch $CHECKFILE
 fi
-
-# Then, setup pgcrypto on this database
-psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
-  -- Create a new schema in this database named "extensions" (or whatever you want to name it)
-  CREATE SCHEMA IF NOT EXISTS extensions;
-  -- Enable this extension in this new schema
-  CREATE EXTENSION IF NOT EXISTS pgcrypto WITH SCHEMA extensions;
-  -- Update your database's "search_path" to also search the new "extensions" schema.
-  -- You are just appending it on the end of the existing comma-separated list.
-  ALTER DATABASE dspace SET search_path TO "\$user",public,extensions;
-  -- Grant rights to call functions in the extensions schema to your dspace user
-  GRANT USAGE ON SCHEMA extensions TO $POSTGRES_USER;
-EOSQL

dspace/src/main/docker/dspace-postgres-pgcrypto/Dockerfile

@@ -1,23 +0,0 @@
-#
-# The contents of this file are subject to the license and copyright
-# detailed in the LICENSE and NOTICE files at the root of the source
-# tree and available online at
-#
-# http://www.dspace.org/license/
-#
-
-# To build for example use:
-# docker build --build-arg POSTGRES_VERSION=13 --build-arg POSTGRES_PASSWORD=mypass ./dspace/src/main/docker/dspace-postgres-pgcrypto/
-# This will be published as dspace/dspace-postgres-pgcrypto:$DSPACE_VERSION
-
-ARG POSTGRES_VERSION=15
-ARG POSTGRES_PASSWORD=dspace
-
-FROM docker.io/postgres:${POSTGRES_VERSION}
-
-ENV POSTGRES_DB=dspace
-ENV POSTGRES_USER=dspace
-ENV POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
-
-# Copy over script which will initialize database and install pgcrypto extension
-COPY install-pgcrypto.sh /docker-entrypoint-initdb.d/

dspace/src/main/docker/dspace-postgres-pgcrypto/install-pgcrypto.sh

@@ -1,22 +0,0 @@
-#!/bin/bash
-#
-# The contents of this file are subject to the license and copyright
-# detailed in the LICENSE and NOTICE files at the root of the source
-# tree and available online at
-#
-# http://www.dspace.org/license/
-#
-
-set -e
-
-psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
-  -- Create a new schema in this database named "extensions" (or whatever you want to name it)
-  CREATE SCHEMA IF NOT EXISTS extensions;
-  -- Enable this extension in this new schema
-  CREATE EXTENSION IF NOT EXISTS pgcrypto WITH SCHEMA extensions;
-  -- Update your database's "search_path" to also search the new "extensions" schema.
-  -- You are just appending it on the end of the existing comma-separated list.
-  ALTER DATABASE dspace SET search_path TO "\$user",public,extensions;
-  -- Grant rights to call functions in the extensions schema to your dspace user
-  GRANT USAGE ON SCHEMA extensions TO $POSTGRES_USER;
-EOSQL