From bd20356bf633fdd7f52499a775eef4f41dfa1591 Mon Sep 17 00:00:00 2001
From: Persson-dev <sim16.prib@gmail.com>
Date: Tue, 8 Apr 2025 15:18:21 +0200
Subject: [PATCH] utilisateur avec permissions moindre

---
 docker-compose.yaml   | 12 +++++++-----
 images/SQL_Dockerfile | 19 +++++++++++++++++++
 images/db_init.sql    |  3 +++
 3 files changed, 29 insertions(+), 5 deletions(-)
 create mode 100644 images/SQL_Dockerfile
 create mode 100644 images/db_init.sql

diff --git a/docker-compose.yaml b/docker-compose.yaml
index adc6bae..fa63ae1 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -1,13 +1,13 @@
 services:
   mariadb:
-    image: mariadb
+    build:
+      context: images
+      dockerfile: SQL_Dockerfile
     environment:
-      MARIADB_USER: laravel_user
-      MARIADB_PASSWORD: super_strong_password
       MARIADB_ROOT_PASSWORD: super_strong_password_of_root
       MARIADB_DATABASE: laravel_db
     volumes:
-      - ./sqldata:/var/lib/mysql
+      - laravel_db_volume:/var/lib/mysql
 
   laravel:
     image: bitnami/laravel
@@ -19,4 +19,6 @@ services:
       LARAVEL_DATABASE_NAME: laravel_db
     volumes:
       - ./laravel:/app
-   
\ No newline at end of file
+
+volumes:
+  laravel_db_volume:
\ No newline at end of file
diff --git a/images/SQL_Dockerfile b/images/SQL_Dockerfile
new file mode 100644
index 0000000..1d6f20a
--- /dev/null
+++ b/images/SQL_Dockerfile
@@ -0,0 +1,19 @@
+FROM mariadb:latest as builder
+
+COPY db_init.sql /docker-entrypoint-initdb.d/
+
+# That file does the DB initialization but also runs mysql daemon, by removing the last line it will only init
+RUN ["sed", "-i", "s/exec \"$@\"/echo \"not running $@\"/", "/usr/local/bin/docker-entrypoint.sh"]
+
+ENV MARIADB_USER=root
+ENV MARIADB_ROOT_PASSWORD=super_strong_password
+
+# Need to change the datadir to something else that /var/lib/mysql because the parent docker file defines it as a volume.
+# https://docs.docker.com/engine/reference/builder/#volume :
+#       Changing the volume from within the Dockerfile: If any build steps change the data within the volume after
+#       it has been declared, those changes will be discarded.
+RUN ["/usr/local/bin/docker-entrypoint.sh", "mariadbd", "--datadir", "/initialized-db", "--aria-log-dir-path", "/initialized-db"]
+
+FROM mariadb:latest
+
+COPY --from=builder /initialized-db /var/lib/mysql
\ No newline at end of file
diff --git a/images/db_init.sql b/images/db_init.sql
new file mode 100644
index 0000000..7126bb4
--- /dev/null
+++ b/images/db_init.sql
@@ -0,0 +1,3 @@
+CREATE USER laravel_user IDENTIFIED BY 'super_strong_password';
+
+GRANT CREATE, ALTER, DROP, SELECT, INSERT, UPDATE, DELETE ON laravel_db.* TO laravel_user;
\ No newline at end of file