From dbd70f687d494d317699fcc059931b07908e3a73 Mon Sep 17 00:00:00 2001
From: Vince Grassia <593223+vgrassia@users.noreply.github.com>
Date: Sat, 26 Feb 2022 18:14:31 -0500
Subject: [PATCH] Update docker

---
 .dockerignore                 |  5 ++--
 Dockerfile                    | 20 ---------------
 docker/Dockerfile             | 46 +++++++++++++++++++++++++++++++++++
 docker/confd/app-id.conf.tmpl | 15 ++++++++++++
 docker/confd/app-id.toml      |  6 +++++
 docker/entrypoint.sh          |  7 ++++++
 entrypoint.sh                 | 38 -----------------------------
 7 files changed, 76 insertions(+), 61 deletions(-)
 delete mode 100644 Dockerfile
 create mode 100644 docker/Dockerfile
 create mode 100644 docker/confd/app-id.conf.tmpl
 create mode 100644 docker/confd/app-id.toml
 create mode 100644 docker/entrypoint.sh
 delete mode 100644 entrypoint.sh

diff --git a/.dockerignore b/.dockerignore
index 702e015e..f181d71c 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,3 +1,2 @@
-*
-!build/*
-!entrypoint.sh
+**/bin
+**/obj
diff --git a/Dockerfile b/Dockerfile
deleted file mode 100644
index 41be86e5..00000000
--- a/Dockerfile
+++ /dev/null
@@ -1,20 +0,0 @@
-FROM bitwarden/server
-
-LABEL com.bitwarden.product="bitwarden"
-
-RUN apt-get update \
-    && apt-get install -y --no-install-recommends \
-        gosu \
-        curl \
-&& rm -rf /var/lib/apt/lists/*
-
-ENV ASPNETCORE_URLS http://+:5000
-WORKDIR /app
-EXPOSE 5000
-COPY ./build .
-COPY entrypoint.sh /
-RUN chmod +x /entrypoint.sh
-
-HEALTHCHECK CMD curl -f http://localhost:5000 || exit 1
-
-ENTRYPOINT ["/entrypoint.sh"]
diff --git a/docker/Dockerfile b/docker/Dockerfile
new file mode 100644
index 00000000..c67eddc8
--- /dev/null
+++ b/docker/Dockerfile
@@ -0,0 +1,46 @@
+###############################################
+#                 Build stage                 #
+###############################################
+FROM node:16-slim AS build
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        git \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /source
+COPY . .
+
+RUN npm ci
+RUN npm run dist:oss:selfhost
+
+###############################################
+#                  App stage                  #
+###############################################
+FROM bitwarden/server:latest
+
+LABEL com.bitwarden.product="bitwarden"
+ENV ASPNETCORE_URLS http://+:5000
+EXPOSE 5000
+
+RUN mkdir -p /etc/bitwarden/web
+RUN chown -R bitwarden:bitwarden /etc/bitwarden
+
+COPY docker/confd/app-id.toml /etc/confd/conf.d/
+COPY docker/confd/app-id.conf.tmpl /etc/confd/templates/
+
+RUN wget -O /usr/local/bin/confd https://github.com/kelseyhightower/confd/releases/download/v0.16.0/confd-0.16.0-linux-amd64
+RUN chmod +x /usr/local/bin/confd
+
+# Copy app from build stage
+WORKDIR /app
+COPY --from=build /source/build ./
+RUN chown -R bitwarden:bitwarden /app
+
+# Copy entrypoint script and make it executable
+COPY docker/entrypoint.sh /
+RUN chmod +x /entrypoint.sh
+
+USER bitwarden:bitwarden
+HEALTHCHECK CMD curl -f http://localhost:5000 || exit 1
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/docker/confd/app-id.conf.tmpl b/docker/confd/app-id.conf.tmpl
new file mode 100644
index 00000000..ef50fcaf
--- /dev/null
+++ b/docker/confd/app-id.conf.tmpl
@@ -0,0 +1,15 @@
+{
+  "trustedFacets": [
+    {
+      "version": {
+        "major": 1,
+        "minor": 0
+      },
+      "ids": [
+        "{{ getenv "globalSettings__baseServiceUri__vault" "https://localhost" }}",
+        "ios:bundle-id:com.8bit.bitwarden",
+        "android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI"
+      ]
+    }
+  ]
+}
diff --git a/docker/confd/app-id.toml b/docker/confd/app-id.toml
new file mode 100644
index 00000000..c1682520
--- /dev/null
+++ b/docker/confd/app-id.toml
@@ -0,0 +1,6 @@
+[template]
+src = "app-id.conf.tmpl"
+dest = "/etc/bitwarden/web/app-id.json"
+keys = [
+  "globalSettings__baseServiceUri__vault"
+]
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
new file mode 100644
index 00000000..2a04bb2e
--- /dev/null
+++ b/docker/entrypoint.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+/usr/local/bin/confd -onetime -backend env
+
+cp /etc/bitwarden/web/app-id.json /app/app-id.json
+
+exec dotnet /bitwarden_server/Server.dll /contentRoot=/app /webRoot=. /serveUnknown=false /webVault=true
diff --git a/entrypoint.sh b/entrypoint.sh
deleted file mode 100644
index 16d1c78f..00000000
--- a/entrypoint.sh
+++ /dev/null
@@ -1,38 +0,0 @@
-#!/bin/bash
-
-# Setup
-
-GROUPNAME="bitwarden"
-USERNAME="bitwarden"
-
-LUID=${LOCAL_UID:-0}
-LGID=${LOCAL_GID:-0}
-
-# Step down from host root to well-known nobody/nogroup user
-
-if [ $LUID -eq 0 ]
-then
-    LUID=65534
-fi
-if [ $LGID -eq 0 ]
-then
-    LGID=65534
-fi
-
-# Create user and group
-
-groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
-groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
-useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
-usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
-mkhomedir_helper $USERNAME
-
-# The rest...
-
-chown -R $USERNAME:$GROUPNAME /etc/bitwarden
-cp /etc/bitwarden/web/app-id.json /app/app-id.json
-chown -R $USERNAME:$GROUPNAME /app
-chown -R $USERNAME:$GROUPNAME /bitwarden_server
-
-exec gosu $USERNAME:$GROUPNAME dotnet /bitwarden_server/Server.dll \
-    /contentRoot=/app /webRoot=. /serveUnknown=false /webVault=true