build(docker): Update build config

Reduce start period to 5s for faster dependency checks.

.dockerignore

@@ -0,0 +1,3 @@
+/**
+!Dockerfile
+!entrypoint.sh

.gitattributes

@@ -20,7 +20,7 @@
 *.PDF      diff=astextplain
 *.rtf      diff=astextplain
 *.RTF      diff=astextplain
-*.md       text
+*.md       text diff=markdown
 *.tex      text diff=tex
 *.adoc     text
 *.textile  text
@@ -30,6 +30,7 @@
 *.tsv      text
 *.txt      text
 *.sql      text
+*.ps1      text eol=crlf
 
 # Graphics
 *.png      binary
@@ -53,7 +54,23 @@
 # These are explicitly windows files and should use crlf
 *.bat      text eol=crlf
 *.cmd      text eol=crlf
-*.ps1      text eol=crlf
+
+# web frontend stack -- force LF so SRI hashes are always correct
+*.html     text eol=lf
+*.htm      text eol=lf
+*.css      text eol=lf
+*.min.css  text eol=lf
+*.js       text eol=lf
+*.min.js   text eol=lf
+*.php      text eol=lf
+
+# Visual Studio projects (Rider also)
+*.cs     diff=csharp
+*.sln    merge=union
+*.csproj merge=union
+*.vbproj merge=union
+*.fsproj merge=union
+*.dbproj merge=union
 
 # Serialisation
 *.json     text
@@ -76,7 +93,8 @@
 # Exclude files from exporting
 #
 
-.gitattributes export-ignore
-.gitignore     export-ignore
-.gitkeep       export-ignore
-.vscode        export-ignore
+.gitattributes  export-ignore
+.gitignore      export-ignore
+.gitkeep        export-ignore
+.idea           export-ignore
+.vscode         export-ignore

.gitignore

@@ -1,11 +1,73 @@
-# VSCode files
-.vscode/*
-!.vscode/settings.json
-!.vscode/tasks.json
-!.vscode/launch.json
-!.vscode/extensions.json
-!.vscode/numbered-bookmarks.json
-*.code-workspace
+### JetBrains template
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/**/usage.statistics.xml
+.idea/**/dictionaries
+.idea/**/shelf
+
+# Generated files
+.idea/**/contentModel.xml
+
+# Sensitive or high-churn files
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+.idea/**/dbnavigator.xml
+
+# Gradle
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/artifacts
+# .idea/compiler.xml
+# .idea/jarRepositories.xml
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+# *.iml
+# *.ipr
+
+# CMake
+cmake-build-*/
+
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests
+
+# Android studio 3.1+ serialized cache file
+.idea/caches/build_file_checksums.ser
 
-# Local History for Visual Studio Code
-.history/

.idea/.idea.ab-mariadb-alpine.dir/.idea/GitCommitMessageStorage.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="GitCommitMessageStorage">
+    <option name="messageStorage">
+      <MessageStorage />
+    </option>
+  </component>
+</project>

.idea/.idea.ab-mariadb-alpine.dir/.idea/git_toolbox_prj.xml

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="GitToolBoxProjectSettings">
+    <option name="commitMessageIssueKeyValidationOverride">
+      <BoolValueOverride>
+        <option name="enabled" value="true" />
+      </BoolValueOverride>
+    </option>
+    <option name="commitMessageValidationConfigOverride">
+      <CommitMessageValidationOverride>
+        <option name="enabled" value="true" />
+      </CommitMessageValidationOverride>
+    </option>
+    <option name="commitMessageValidationEnabledOverride">
+      <BoolValueOverride>
+        <option name="enabled" value="true" />
+      </BoolValueOverride>
+    </option>
+  </component>
+</project>

.idea/.idea.ab-mariadb-alpine.dir/.idea/indexLayout.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
-  <component name="ContentModelUserStore">
+  <component name="UserContentModel">
     <attachedFolders />
     <explicitIncludes />
     <explicitExcludes />

.idea/.idea.ab-mariadb-alpine.dir/.idea/markdown.xml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="MarkdownSettings">
+    <enabledExtensions>
+      <entry key="MermaidLanguageExtension" value="false" />
+      <entry key="PlantUMLLanguageExtension" value="false" />
+    </enabledExtensions>
+  </component>
+</project>

.idea/.idea.ab-mariadb-alpine.dir/.idea/riderModule.iml

@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module type="RIDER_MODULE" version="4">
-  <component name="NewModuleRootManager">
-    <content url="file://$MODULE_DIR$/../.." />
-    <orderEntry type="sourceFolder" forTests="false" />
-  </component>
-</module>

.run/Dockerfile.run.xml

@@ -0,0 +1,37 @@
+<component name="ProjectRunConfigurationManager">
+  <configuration default="false" name="Dockerfile" type="docker-deploy" factoryName="dockerfile" server-name="Docker (WSL)">
+    <deployment type="dockerfile">
+      <settings>
+        <option name="imageTag" value="docker.asifbacchus.dev/mariadb/ab-mariadb-alpine:10.11.6-r0" />
+        <option name="buildArgs">
+          <list>
+            <DockerEnvVarImpl>
+              <option name="name" value="ALPINE_VERSION" />
+              <option name="value" value="3.19" />
+            </DockerEnvVarImpl>
+            <DockerEnvVarImpl>
+              <option name="name" value="MARIADB_VERSION" />
+              <option name="value" value="10.11.6-r0" />
+            </DockerEnvVarImpl>
+            <DockerEnvVarImpl>
+              <option name="name" value="INTERNAL_VERSION" />
+              <option name="value" value="2.2.1" />
+            </DockerEnvVarImpl>
+            <DockerEnvVarImpl>
+              <option name="name" value="GIT_COMMIT" />
+              <option name="value" value="1e1fccea11" />
+            </DockerEnvVarImpl>
+            <DockerEnvVarImpl>
+              <option name="name" value="BUILD_DATE" />
+              <option name="value" value="2024-01-27" />
+            </DockerEnvVarImpl>
+          </list>
+        </option>
+        <option name="buildOnly" value="true" />
+        <option name="sourceFilePath" value="Dockerfile" />
+      </settings>
+    </deployment>
+    <EXTENSION ID="com.jetbrains.rider.docker.debug" isFastModeEnabled="true" isSslEnabled="false" />
+    <method v="2" />
+  </configuration>
+</component>

Dockerfile

@@ -1,26 +1,33 @@
 #
-### mariadb running on Alpine Linux
+# mariadb running on Alpine Linux
 #
 
-FROM alpine:3.13
+# build arguments
+ARG ALPINE_VERSION="3.19"
+ARG MARIADB_VERSION="10.11.6-r0"
+
+FROM alpine:${ALPINE_VERSION}
+ARG ALPINE_VERSION
+ARG MARIADB_VERSION
 
 # standardized labels
-LABEL maintainer="Asif Bacchus <asif@bacchus.cloud>"
-LABEL org.label-schema.schema-version="1.0"
-LABEL org.label-schema.docker.cmd="docker run -d --name db -v volume:/var/lib/mysql [-v /pre/exec/scripts:/docker-entrypoint-preinit.d] [-v /sql/scripts:/docker-entrypoint-initdb.d] [-v /post/exec/scripts:/docker-entrypoint-postinit.d] [-e param1 -e param2...] docker.asifbacchus.app/mariadb/ab-mariadb-alpine:latest"
-LABEL org.label-schema.description="mariadb running on Alpine Linux."
-LABEL org.label-schema.name="ab-mariadb-alpine"
-LABEL org.label-schema.url="https://git.asifbacchus.app/ab-docker/ab-mariadb-alpine"
-LABEL org.label-schema.usage="https://git.asifbacchus.app/ab-docker/ab-mariadb-alpine/src/branch/master/README.md"
-LABEL org.label-schema.vcs-url="https://git.asifbacchus.app/ab-docker/ab-mariadb-alpine.git"
+MAINTAINER Asif Bacchus <asif@asifbacchus.dev>
+LABEL dev.asifbacchus.docker.internalName="ab-mariadb-alpine"
+LABEL org.opencontainer.image.authors="Asif Bacchus <asif@asifbacchus.dev>"
+LABEL org.opencontainer.image.description="Mariadb on Alpine Linux."
+LABEL org.opencontainer.image.documentation="https://git.asifbacchus.dev/ab-docker/ab-mariadb-alpine/raw/branch/main/README.md"
+LABEL org.opencontainer.image.source="https://git.asifbacchus.dev/ab-docker/ab-mariadb-alpine.git"
+LABEL org.opencontainer.image.title="ab-mariadb-alpine"
+LABEL org.opencontainer.image.url="https://git.asifbacchus.dev/ab-docker/ab-mariadb-alpine"
+LABEL org.opencontainer.image.vendor="Asif Bacchus <asif@asifbacchus.dev>"
 
 # install mariadb and turn on TCP connection in default config
-RUN apk --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/main add \
-    tzdata \
-    mariadb \
-    mariadb-client \
-    mariadb-server-utils \
-    && rm -f /var/cache/apk/* \
+RUN apk --update --no-cache add \
+        tzdata \
+        mariadb>${MARIADB_VERSION} \
+        mariadb-client>${MARIADB_VERSION} \
+        mariadb-server-utils>${MARIADB_VERSION} \
+    && apk --no-cache --update upgrade \
     && sed -i 's/skip-networking/skip-networking=0/' /etc/my.cnf.d/mariadb-server.cnf
 
 # expose ports
@@ -29,6 +36,14 @@ EXPOSE 3306
 # create volume if user forgets
 VOLUME ["/var/lib/mysql"]
 
+# basic healthcheck (service only)
+HEALTHCHECK \
+    --interval=30s \
+    --timeout=10s \
+    --start-period=5s \
+    --retries=3 \
+    CMD mysqladmin ping --silent
+
 # set environment variables
 ENV TZ=Etc/UTC
 ENV MYSQL_UID=8100
@@ -45,15 +60,21 @@ ENV MYSQL_PASSWORD=''
 COPY entrypoint.sh /usr/local/bin/entrypoint.sh
 RUN mkdir -p /docker-entrypoint-preinit.d \
     && mkdir -p /docker-entrypoint-initdb.d \
-    && mkdir -p /docker-entrypoint-postinit.d
+    && mkdir -p /docker-entrypoint-postinit.d \
+    && chmod +x /usr/local/bin/entrypoint.sh
 
 # set entrypoint and default command
 ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ]
 CMD [ "/usr/bin/mysqld", "--user=mysql", "--console" ]
 
 # add parameters, version and build date labels
-LABEL org.label-schema.docker.params="TZ=Etc/UTC, MYSQL_UID=8100, MYSQL_GID=8100, MYSQL_ROOT_PASSWORD=..., MYSQL_DATABASE='myData', MYSQL_CHARSET='utf8mb4', MYSQL_COLLATION='utf8mb4_general_ci', MYSQL_USER=..., MYSQL_PASSWORD=..."
-LABEL org.label-schema.vendor="mariaDB (10.5.9-r0)"
-LABEL org.label-schema.version="1.1"
+# set build timestamp and version labels
+ARG INTERNAL_VERSION
+ARG GIT_COMMIT
 ARG BUILD_DATE
-LABEL org.label-schema.build-date=${BUILD_DATE}
+LABEL dev.asifbacchus.docker.internalVersion=${INTERNAL_VERSION}
+LABEL org.opencontainers.image.version="${INTERNAL_VERSION}-${MARIADB_VERSION}"
+LABEL org.opencontainers.image.revision=${GIT_COMMIT}
+LABEL org.opencontainers.image.created=${BUILD_DATE}
+
+#EOF

README.md

@@ -5,60 +5,91 @@ half the size of the official MariaDB container which runs on Ubuntu but still a
 adding a few extra ;-) Note that this container is built against the Alpine EDGE repository for newer versions of
 mariaDB.
 
+<!-- toc -->
+
 - [Quick Start](#quick-start)
-  - [Pull the image](#pull-the-image)
-  - [Run the image](#run-the-image)
-  - [Create a database](#create-a-database)
-    - [Root password](#root-password)
-    - [User password](#user-password)
+  * [Pull the image](#pull-the-image)
+    + [Signed images](#signed-images)
+  * [Run the image](#run-the-image)
+  * [Create a database](#create-a-database)
+    + [Root password](#root-password)
+    + [User password](#user-password)
 - [Connecting as a client](#connecting-as-a-client)
-  - [Direct-to-Container](#direct-to-container)
-  - [Separate Container](#separate-container)
+  * [Direct-to-Container](#direct-to-container)
+  * [Separate Container](#separate-container)
 - [Shell Access](#shell-access)
 - [Checking Logs](#checking-logs)
 - [Environment Variables](#environment-variables)
-  - [System-related](#system-related)
-  - [MariaDB configuration](#mariadb-configuration)
-  - [Database configuration](#database-configuration)
+  * [System-related](#system-related)
+  * [MariaDB configuration](#mariadb-configuration)
+  * [Database configuration](#database-configuration)
 - [Root Account](#root-account)
-  - [Integrated-account](#integrated-account)
-  - [Root-at-any-host](#root-at-any-host)
+  * [Integrated-account](#integrated-account)
+  * [Root-at-any-host](#root-at-any-host)
 - [Data Persistence](#data-persistence)
 - [Data instantiation/import](#data-instantiationimport)
-  - [Existing DB (mysql directory)](#existing-db-mysql-directory)
-  - [Instantiation](#instantiation)
+  * [Existing DB (mysql directory)](#existing-db-mysql-directory)
+  * [Instantiation](#instantiation)
 - [Custom Scripts](#custom-scripts)
-  - [Entrypoint Task Order](#entrypoint-task-order)
+  * [Entrypoint Task Order](#entrypoint-task-order)
 - [Custom Configuration](#custom-configuration)
-  - [Command-line parameters](#command-line-parameters)
-  - [Configuration file(s)](#configuration-files)
+  * [Command-line parameters](#command-line-parameters)
+  * [Configuration file(s)](#configuration-files)
 - [Database dumps](#database-dumps)
+- [Healthcheck](#healthcheck)
 - [Source](#source)
 - [Final Thoughts](#final-thoughts)
 
+<!-- tocstop -->
+
 ## Quick Start
 
 ### Pull the image
 
-The latest images are on my private docker registry but, I also try to keep the ones on Dockerhub updated within a few
-days. If you need signed containers, you will have to use my private registry. As such, you have two choices:
+The latest images are on my private docker registry. I also try to keep the ones on Dockerhub updated within a few
+days.
 
 ```bash
-# my private repo
-docker pull asifbacchus/ab-mariadb-alpine:latest
-```
+# pull from my private repo
+docker pull docker.asifbacchus.dev/mariadb/ab-mariadb-alpine:latest
 
-or
-
-```bash
-# dockerhub
+# pull from dockerhub
 docker pull asifbacchus/ab-mariadb-alpine:latest
 ```
 
 The examples in this document will refer to dockerhub, but know that anywhere you
-see `asifbacchus/ab-mariadb-alpine:tag` you can use `docker.asifbacchus.app/mariadb/ab-mariadb-alpine` to use my
+see `asifbacchus/ab-mariadb-alpine:tag` you can use `docker.asifbacchus.app/mariadb/ab-mariadb-alpine:tag` to use my
 registry instead.
 
+#### Signed images
+
+I have abandoned using Docker's signing mechanisms in favour of [CodeNotary](https://codenotary.io). Not only are they free, they offer several big advantages including avoiding Docker's weird and over-complicated key management system. The only drawback is that verifying images requires you downloading their [client software](https://github.com/codenotary/vcn/releases) which is free to use and does not require an account for verifying images or anything else. On Linux, you can simply rename the downloaded file `vcn` and place it somewhere in your path like `/usr/local/bin`, make it executable and then you can verify this image. Here's an example, obviously you need to modify it for your environment:
+
+```sh
+# run commands as root
+sudo -s
+
+# download vcn to proper location
+wget https://github.com/vchain-us/vcn/releases/download/v0.9.9/vcn-v0.9.9-linux-amd64 -O /usr/local/bin/vcn
+chmod +x /usr/local/bin/vcn
+
+# make sure it works
+vcn --version
+
+# verify container image
+vcn authenticate docker://asifbacchus/ab-mariadb-alpine:latest
+```
+
+If you want to confirm the image is authentic before each run, you can do:
+
+```sh
+vcn verify docker://asifbacchus/ab-mariadb-alpine:latest && docker run ... docker://asifbacchus/ab-mariadb-alpine:latest
+```
+
+Since you are making verification a prerequisite to running the docker command (i.e. using `&&`), you can be sure that you are working with a verified and signed image.
+
+You can get more information on installing the client software for different platforms [here](https://docs.codenotary.io/guide/quickhelp.html#installing-the-codenotary-tools).
+
 ### Run the image
 
 The image has sensible defaults and can be run without setting many environment variables. In the example below, we will start MariaDB server and create an empty database called 'CompanyX', set a root password and create a user account for Jane Doe which has *full privileges* for the *CompanyX* database. Data will be stored in the named volume 'companyDB'.
@@ -340,6 +371,12 @@ docker exec -it container_name /bin/sh -c 'exec mysql' < /local/path/mySQLdumps/
 docker exec -it container_name /bin/sh -c 'exec mysql -uroot -p"SuPeR$ecurEP@$$w0rd"' < /local/path/mySQLdumps/filename.sql
 ```
 
+## Healthcheck
+
+Starting with internal version 2.0-10.6.4-r0, I've added a very basic healthcheck to the container. It simply checks that the mysqld daemon is running in the container and accepting connections. It **does NOT** check anything to do with the actual database. As such, you may want to override this with a more specific healthcheck for your particular use-case. If you just need to know MariaDB is actually running though, this healthcheck will work just fine.
+
+If anyone has suggestions for a better healthcheck, PLEASE let me know!
+
 ## Source
 
 The source for this container build (Dockerfile, entrypoint.sh) are available on my [private git repo](https://git.asifbacchus.app/ab-docker/mariadb-alpine) or on [GitHub](https://github.com/asifbacchus/ab-mariadb-alpine.git). Note that the newest versions will be on my repo and GitHub will be updated at most a few days later. Also, I'd prefer issues be filed on my repo, but I understand if GitHub is easier/more familiar for you.