diff --git a/.gitignore b/.gitignore index cc3f864..dd4d527 100644 --- a/.gitignore +++ b/.gitignore @@ -32,4 +32,4 @@ Desktop.ini # ---- Linux .directory -*.zip \ No newline at end of file +*.zip diff --git a/9-comm/Dockerfile b/9-comm/Dockerfile index de0bd7e..c65fc98 100644 --- a/9-comm/Dockerfile +++ b/9-comm/Dockerfile @@ -1,4 +1,6 @@ -FROM alpine:3.15 +FROM eclipse-temurin:17-jre + +LABEL org.opencontainers.image.url=https://github.com/SonarSource/docker-sonarqube ENV LANG='en_US.UTF-8' \ LANGUAGE='en_US:en' \ @@ -7,11 +9,9 @@ ENV LANG='en_US.UTF-8' \ # # SonarQube setup # -ARG JAVA_VERSION=17 -ARG SONARQUBE_VERSION=9.8.0.63668 +ARG SONARQUBE_VERSION=9.9.1.69595 ARG SONARQUBE_ZIP_URL=https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-${SONARQUBE_VERSION}.zip -ENV JAVA_HOME="/usr/lib/jvm/java-${JAVA_VERSION}-openjdk" \ - PATH="/opt/java/openjdk/bin:$PATH" \ +ENV JAVA_HOME='/opt/java/openjdk' \ SONARQUBE_HOME=/opt/sonarqube \ SONAR_VERSION="${SONARQUBE_VERSION}" \ SQ_DATA_DIR="/opt/sonarqube/data" \ @@ -20,16 +20,16 @@ ENV JAVA_HOME="/usr/lib/jvm/java-${JAVA_VERSION}-openjdk" \ SQ_TEMP_DIR="/opt/sonarqube/temp" RUN set -eux; \ - addgroup -S -g 1000 sonarqube; \ - adduser -S -D -u 1000 -G sonarqube sonarqube; \ - apk add --no-cache --virtual build-dependencies gnupg unzip curl; \ - apk add --no-cache bash su-exec ttf-dejavu "openjdk${JAVA_VERSION}-jre"; \ + groupadd --system --gid 1000 sonarqube; \ + useradd --system --uid 1000 --gid sonarqube sonarqube; \ + apt-get update; \ + apt-get install -y gnupg unzip curl bash fonts-dejavu; \ + echo "networkaddress.cache.ttl=5" >> "${JAVA_HOME}/conf/security/java.security"; \ + sed --in-place --expression="s?securerandom.source=file:/dev/random?securerandom.source=file:/dev/urandom?g" "${JAVA_HOME}/conf/security/java.security"; \ # pub 2048R/D26468DE 2015-05-25 # Key fingerprint = F118 2E81 C792 9289 21DB CAB4 CFCA 4A29 D264 68DE # uid sonarsource_deployer (Sonarsource Deployer) # sub 2048R/06855C1D 2015-05-25 - echo "networkaddress.cache.ttl=5" >> "${JAVA_HOME}/conf/security/java.security"; \ - sed --in-place --expression="s?securerandom.source=file:/dev/random?securerandom.source=file:/dev/urandom?g" "${JAVA_HOME}/conf/security/java.security"; \ for server in $(shuf -e hkps://keys.openpgp.org \ hkps://keyserver.ubuntu.com) ; do \ gpg --batch --keyserver "${server}" --recv-keys 679F1EE92B19609DE816FDE81DB198F93525EC1A && break || : ; \ @@ -43,17 +43,18 @@ RUN set -eux; \ mv "sonarqube-${SONARQUBE_VERSION}" sonarqube; \ rm sonarqube.zip*; \ rm -rf ${SONARQUBE_HOME}/bin/*; \ - chown -R sonarqube:sonarqube ${SONARQUBE_HOME}; \ - # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) - chmod -R 777 "${SQ_DATA_DIR}" "${SQ_EXTENSIONS_DIR}" "${SQ_LOGS_DIR}" "${SQ_TEMP_DIR}"; \ - apk del --purge build-dependencies; + ln -s "${SONARQUBE_HOME}/lib/sonar-application-${SONARQUBE_VERSION}.jar" "${SONARQUBE_HOME}/lib/sonarqube.jar"; \ + chmod -R 555 ${SONARQUBE_HOME}; \ + chmod -R ugo+wrX "${SQ_DATA_DIR}" "${SQ_EXTENSIONS_DIR}" "${SQ_LOGS_DIR}" "${SQ_TEMP_DIR}"; \ + apt-get remove -y gnupg unzip curl; \ + rm -rf /var/lib/apt/lists/*; -COPY --chown=sonarqube:sonarqube run.sh sonar.sh ${SONARQUBE_HOME}/bin/ +COPY entrypoint.sh ${SONARQUBE_HOME}/docker/ WORKDIR ${SONARQUBE_HOME} EXPOSE 9000 +USER sonarqube STOPSIGNAL SIGINT -ENTRYPOINT ["/opt/sonarqube/bin/run.sh"] -CMD ["/opt/sonarqube/bin/sonar.sh"] \ No newline at end of file +ENTRYPOINT ["/opt/sonarqube/docker/entrypoint.sh"] diff --git a/9-comm/entrypoint.sh b/9-comm/entrypoint.sh new file mode 100755 index 0000000..75ecc8d --- /dev/null +++ b/9-comm/entrypoint.sh @@ -0,0 +1,13 @@ +#!/bin/bash +set -e + +DEFAULT_CMD=('/opt/java/openjdk/bin/java' '-jar' 'lib/sonarqube.jar' '-Dsonar.log.console=true') + +# this if will check if the first argument is a flag +# but only works if all arguments require a hyphenated flag +# -v; -SL; -f arg; etc will work, but not arg1 arg2 +if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then + set -- "${DEFAULT_CMD[@]}" "$@" +fi + +exec "$@" diff --git a/9-comm/run.sh b/9-comm/run.sh deleted file mode 100755 index b4935e1..0000000 --- a/9-comm/run.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -declare -a sq_opts=() -set_prop_from_deprecated_env_var() { - if [ "$2" ]; then - sq_opts+=("-D$1=$2") - fi -} - -# if nothing is passed, assume we want to run sonarqube server -if [ "$#" == 0 ]; then - set -- /opt/sonarqube/bin/sonar.sh -fi - -# if first arg looks like a flag, assume we want to run sonarqube server with flags -if [ "${1:0:1}" = '-' ]; then - set -- /opt/sonarqube/bin/sonar.sh "$@" -fi - -if [[ "$1" = '/opt/sonarqube/bin/sonar.sh' ]]; then - chown -R "$(id -u):$(id -g)" "${SQ_DATA_DIR}" "${SQ_EXTENSIONS_DIR}" "${SQ_LOGS_DIR}" "${SQ_TEMP_DIR}" 2>/dev/null || : - chmod -R 700 "${SQ_DATA_DIR}" "${SQ_EXTENSIONS_DIR}" "${SQ_LOGS_DIR}" "${SQ_TEMP_DIR}" 2>/dev/null || : - - # Allow the container to be started with `--user` - if [[ "$(id -u)" = '0' ]]; then - chown -R sonarqube:sonarqube "${SQ_DATA_DIR}" "${SQ_EXTENSIONS_DIR}" "${SQ_LOGS_DIR}" "${SQ_TEMP_DIR}" - echo "Dropping Privileges" - exec su-exec sonarqube "$0" "$@" - fi - - # - # Deprecated way to pass settings to SonarQube that will be removed in future versions. - # Please use environment variables (https://docs.sonarqube.org/latest/setup/environment-variables/) - # instead to customize SonarQube. - # - while IFS='=' read -r envvar_key envvar_value - do - if [[ "$envvar_key" =~ sonar.* ]] || [[ "$envvar_key" =~ ldap.* ]]; then - sq_opts+=("-D${envvar_key}=${envvar_value}") - fi - done < <(env) - - # - # Deprecated environment variable mapping that will be removed in future versions. - # Please use environment variables from https://docs.sonarqube.org/latest/setup/environment-variables/ - # instead of using these 4 environment variables below. - # - set_prop_from_deprecated_env_var "sonar.jdbc.username" "${SONARQUBE_JDBC_USERNAME:-}" - set_prop_from_deprecated_env_var "sonar.jdbc.password" "${SONARQUBE_JDBC_PASSWORD:-}" - set_prop_from_deprecated_env_var "sonar.jdbc.url" "${SONARQUBE_JDBC_URL:-}" - set_prop_from_deprecated_env_var "sonar.web.javaAdditionalOpts" "${SONARQUBE_WEB_JVM_OPTS:-}" - if [ ${#sq_opts[@]} -ne 0 ]; then - set -- "$@" "${sq_opts[@]}" - fi -fi - -exec "$@" diff --git a/9-comm/sonar.sh b/9-comm/sonar.sh deleted file mode 100755 index 0be3fe9..0000000 --- a/9-comm/sonar.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/usr/bin/env bash -exec java -jar lib/sonar-application-"${SONAR_VERSION}".jar -Dsonar.log.console=true "$@" diff --git a/LICENSE b/LICENSE index 4bc4625..0e4fa8a 100644 --- a/LICENSE +++ b/LICENSE @@ -10,7 +10,7 @@ the terms and conditions of version 3 of the GNU General Public License, supplemented by the additional permissions listed below. - 0. Additional Definitions. + 0. Additional Definitions. As used herein, "this License" refers to version 3 of the GNU Lesser General Public License, and the "GNU GPL" refers to version 3 of the GNU @@ -111,7 +111,7 @@ the following: a copy of the Library already present on the user's computer system, and (b) will operate properly with a modified version of the Library that is interface-compatible with the Linked - Version. + Version. e) Provide Installation Information, but only if you would otherwise be required to provide such information under section 6 of the @@ -162,4 +162,4 @@ General Public License ever published by the Free Software Foundation. whether future versions of the GNU Lesser General Public License shall apply, that proxy's public statement of acceptance of any version is permanent authorization for you to choose that version for the -Library. \ No newline at end of file +Library. diff --git a/README.md b/README.md index 8bb36e2..52efbd7 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,13 @@ -# About this Repo +# About this Repo [![Build Status](https://api.cirrus-ci.com/github/SonarSource/docker-sonarqube.svg)](https://cirrus-ci.com/github/SonarSource/docker-sonarqube) This is the Git repo of the official Docker image for [SonarQube](https://registry.hub.docker.com/_/sonarqube/). See the Hub page for the full readme on how to use the Docker image and for information regarding contributing and issues. The full readme is generated over in [docker-library/docs](https://github.com/docker-library/docs), specifically in [docker-library/docs/sonarqube](https://github.com/docker-library/docs/tree/master/sonarqube). -[![Build Status](https://travis-ci.org/SonarSource/docker-sonarqube.svg)](https://travis-ci.org/SonarSource/docker-sonarqube) - Have Question or Feedback? -------------------------- -For support questions ("How do I?", "I got this error, why?", ...), please first read the [documentation](https://docs.sonarqube.org) and then head to the [SonarSource forum](https://community.sonarsource.com/). There are chances that a question similar to yours has already been answered. +For support questions ("How do I?", "I got this error, why?", ...), please first read the [documentation](https://docs.sonarqube.org) and then head to the [SonarSource forum](https://community.sonarsource.com/). There are chances that a question similar to yours has already been answered. Be aware that this forum is a community, so the standard pleasantries ("Hi", "Thanks", ...) are expected. And if you don't get an answer to your thread, you should sit on your hands for at least three days before bumping it. Operators are not standing by. :-) @@ -27,4 +25,4 @@ With that in mind, if you would like to submit a code contribution, please creat Copyright 2015-2020 SonarSource. -Licensed under the [GNU Lesser General Public License, Version 3.0](http://www.gnu.org/licenses/lgpl.txt) \ No newline at end of file +Licensed under the [GNU Lesser General Public License, Version 3.0](http://www.gnu.org/licenses/lgpl.txt) diff --git a/example-compose-files/sq-dce-postgres/docker-compose.yml b/example-compose-files/sq-dce-postgres/docker-compose.yml index 9f3be64..ad2371e 100644 --- a/example-compose-files/sq-dce-postgres/docker-compose.yml +++ b/example-compose-files/sq-dce-postgres/docker-compose.yml @@ -4,14 +4,14 @@ services: sonarqube: image: sonarqube:datacenter-app depends_on: - - db - - search-1 - - search-2 - - search-3 + search-1: + condition: service_healthy + search-2: + condition: service_healthy + search-3: + condition: service_healthy networks: - sonar-network - deploy: - replicas: 2 cpus: 0.5 mem_limit: 4096M mem_reservation: 1024M @@ -46,6 +46,12 @@ services: SONAR_CLUSTER_NODE_NAME: "search-1" volumes: - search-data-1:/opt/sonarqube/data + healthcheck: + test: wget --no-proxy -qO- "http://$$SONAR_CLUSTER_NODE_NAME:9001/_cluster/health?wait_for_status=yellow&timeout=50s" | grep -q -e '"status":"green"' -e '"status":"yellow"'; if [ $? -eq 0 ]; then exit 0; else exit 1; fi + interval: 25s + timeout: 1s + retries: 3 + start_period: 55s search-2: image: sonarqube:datacenter-search hostname: "search-2" @@ -64,6 +70,12 @@ services: SONAR_CLUSTER_NODE_NAME: "search-2" volumes: - search-data-2:/opt/sonarqube/data + healthcheck: + test: wget --no-proxy -qO- "http://$$SONAR_CLUSTER_NODE_NAME:9001/_cluster/health?wait_for_status=yellow&timeout=50s" | grep -q -e '"status":"green"' -e '"status":"yellow"'; if [ $? -eq 0 ]; then exit 0; else exit 1; fi + interval: 25s + timeout: 1s + retries: 3 + start_period: 55s search-3: image: sonarqube:datacenter-search hostname: "search-3" @@ -82,6 +94,12 @@ services: SONAR_CLUSTER_NODE_NAME: "search-3" volumes: - search-data-3:/opt/sonarqube/data + healthcheck: + test: wget --no-proxy -qO- "http://$$SONAR_CLUSTER_NODE_NAME:9001/_cluster/health?wait_for_status=yellow&timeout=50s" | grep -q -e '"status":"green"' -e '"status":"yellow"'; if [ $? -eq 0 ]; then exit 0; else exit 1; fi + interval: 25s + timeout: 1s + retries: 3 + start_period: 55s db: image: postgres:13 networks: diff --git a/examples.md b/examples.md index bd3b908..70b6388 100644 --- a/examples.md +++ b/examples.md @@ -7,13 +7,13 @@ This section provides examples on how to run SonarQube server in a container: To analyze a project check our [scanner docs](https://docs.sonarqube.org/latest/analysis/overview/). ## Run SonarQube using docker commands -Before you start SonarQube, we recommend creating volumes to store SonarQube data, logs, temporary data and extensions. If you don't do that, you can loose them when you decide to update to newer version of SonarQube or upgrade to a higher SonarQube edition. Commands to create the volumes: +Before you start SonarQube, we recommend creating volumes to store SonarQube data, logs, temporary data and extensions. If you don't do that, you can loose them when you decide to update to newer version of SonarQube or upgrade to a higher SonarQube edition. Commands to create the volumes: ```bash $> docker volume create --name sonarqube_data $> docker volume create --name sonarqube_extensions $> docker volume create --name sonarqube_logs $> docker volume create --name sonarqube_temp -``` +``` After that you can start the SonarQube server (this example uses the Community Edition): ```bash @@ -21,8 +21,7 @@ $> docker run \ -v sonarqube_data:/opt/sonarqube/data \ -v sonarqube_extensions:/opt/sonarqube/extensions \ -v sonarqube_logs:/opt/sonarqube/logs \ - -v sonarqube_temp:/opt/sonarqube/temp \ - --name="sonarqube" -p 9000:9000 sonarqube:8.2 + --name="sonarqube" -p 9000:9000 sonarqube:community ``` The above command starts SonarQube with an embedded database. We recommend starting the instance with a separate database by providing `SONAR_JDBC_URL`, `SONAR_JDBC_USERNAME` and `SONAR_JDBC_PASSWORD` like this: @@ -31,18 +30,17 @@ $> docker run \ -v sonarqube_data:/opt/sonarqube/data \ -v sonarqube_extensions:/opt/sonarqube/extensions \ -v sonarqube_logs:/opt/sonarqube/logs \ - -v sonarqube_temp:/opt/sonarqube/temp \ -e SONAR_JDBC_URL="..." \ -e SONAR_JDBC_USERNAME="..." \ -e SONAR_JDBC_PASSWORD="..." \ - --name="sonarqube" -p 9000:9000 sonarqube:8.2 + --name="sonarqube" -p 9000:9000 sonarqube:community ``` ## Run SonarQube using Docker Compose ### Requirements - * Docker Engine 1.10.1+ - * Docker Compose 1.6.0+ + * Docker Engine 20.10+ + * Docker Compose 2.0.0+ ### SonarQube with Postgres: diff --git a/release.md b/release.md index c1587ef..62f0dff 100644 --- a/release.md +++ b/release.md @@ -1,5 +1,9 @@ # Releasing +Docker image release cycle and SonarQube product +--- +We consider the **docker image** as part of the SonarQube **product**. Therefore, it follows the same release process. + Overview -------- @@ -14,8 +18,7 @@ Release of a new version of the official SonarQube Docker images is made of seve Bump the version of SonarQube in Dockerfiles ----------------------------- -The version of SQ is hardcoded in each Dockerfile and must be updated in master branch. - +The version of SonarQube is hardcoded in each Dockerfile of this repository and must be updated in master branch. Update the docker hub SonarQube's documentation (if applicable) ------------------------------- diff --git a/run-tests.sh b/run-tests.sh index 6982273..cb13df1 100755 --- a/run-tests.sh +++ b/run-tests.sh @@ -66,7 +66,7 @@ wait_for_sonarqube() { } wait_for_sonarqube_dce() { - local image=$1 i web_up=no sonarqube_up=no + local image=$1-app i web_up=no sonarqube_up=no for ((i = 0; i < 80; i++)); do info "$image: waiting for web server to start ..." @@ -112,25 +112,20 @@ sanity_check_image() { [[ $result == ok ]] elif [ $2 == docker-compose ]; then - if [[ $1 =~ "8" ]]; then - _test_compose_path="tests/8/dce-compose-test" - elif [[ $1 =~ "9" ]]; then - _test_compose_path="tests/9/dce-compose-test" - fi - cd $_test_compose_path + local test_compose_path="tests/dce-compose-test" + cd $test_compose_path export PORT=$port - docker-compose up -d --scale sonarqube=0 - sleep 60 - docker-compose up -d --scale sonarqube=1 + export IMAGE=$1 + docker-compose up -d sonarqube if wait_for_sonarqube_dce "$image"; then - info "$image: OK !" + info "$image-app: OK !" result=ok else - warn "$image: could not confirm service started" + warn "$image-app: could not confirm service started" result=failure fi - info "$image: stopping container stack" + info "$image-app: stopping container stack" docker-compose stop [[ $result == ok ]]