From f0bc4632e6022d173d0db521f82042be04f933ec Mon Sep 17 00:00:00 2001 From: Mpho raf Date: Sat, 19 Mar 2022 18:24:15 +0200 Subject: [PATCH] DOCKER-61 removed sks keyserver on SonarQube Dockerfiles to follow official library recommendations --- 9-comm/Dockerfile | 11 +- 9-comm/run.sh | 2 +- 9-comm/sonar.sh | 2 +- build-and-run.sh | 2 +- .../sq-dce-postgres/docker-compose.yml | 122 ++++++++++++++++++ .../unrestricted_client_body_size.conf | 1 + .../sq-with-h2/docker-compose.yml | 14 ++ .../sq-with-postgres/docker-compose.yml | 31 +++++ release.md | 61 +++++++++ run-public-image-tests.sh | 2 +- run-tests.sh | 4 +- update.sh | 8 +- 12 files changed, 243 insertions(+), 17 deletions(-) create mode 100644 example-compose-files/sq-dce-postgres/docker-compose.yml create mode 100644 example-compose-files/sq-dce-postgres/unrestricted_client_body_size.conf create mode 100644 example-compose-files/sq-with-h2/docker-compose.yml create mode 100644 example-compose-files/sq-with-postgres/docker-compose.yml create mode 100644 release.md diff --git a/9-comm/Dockerfile b/9-comm/Dockerfile index 11127f5..2a81c34 100644 --- a/9-comm/Dockerfile +++ b/9-comm/Dockerfile @@ -7,7 +7,7 @@ ENV LANG='en_US.UTF-8' \ # # SonarQube setup # -ARG SONARQUBE_VERSION=9.2.4.50792 +ARG SONARQUBE_VERSION=9.3.0.51899 ARG SONARQUBE_ZIP_URL=https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-${SONARQUBE_VERSION}.zip ENV JAVA_HOME='/usr/lib/jvm/java-11-openjdk' \ PATH="/opt/java/openjdk/bin:$PATH" \ @@ -29,11 +29,8 @@ RUN set -eux; \ # sub 2048R/06855C1D 2015-05-25 echo "networkaddress.cache.ttl=5" >> "${JAVA_HOME}/conf/security/java.security"; \ sed --in-place --expression="s?securerandom.source=file:/dev/random?securerandom.source=file:/dev/urandom?g" "${JAVA_HOME}/conf/security/java.security"; \ - for server in $(shuf -e ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - keyserver.ubuntu.com \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu) ; do \ + for server in $(shuf -e hkps://keys.openpgp.org \ + hkps://keyserver.ubuntu.com) ; do \ gpg --batch --keyserver "${server}" --recv-keys 679F1EE92B19609DE816FDE81DB198F93525EC1A && break || : ; \ done; \ mkdir --parents /opt; \ @@ -58,4 +55,4 @@ EXPOSE 9000 STOPSIGNAL SIGINT ENTRYPOINT ["/opt/sonarqube/bin/run.sh"] -CMD ["/opt/sonarqube/bin/sonar.sh"] \ No newline at end of file +CMD ["/opt/sonarqube/bin/sonar.sh"] diff --git a/9-comm/run.sh b/9-comm/run.sh index e1f30a2..b4935e1 100755 --- a/9-comm/run.sh +++ b/9-comm/run.sh @@ -56,4 +56,4 @@ if [[ "$1" = '/opt/sonarqube/bin/sonar.sh' ]]; then fi fi -exec "$@" \ No newline at end of file +exec "$@" diff --git a/9-comm/sonar.sh b/9-comm/sonar.sh index 68c5b05..0be3fe9 100755 --- a/9-comm/sonar.sh +++ b/9-comm/sonar.sh @@ -1,2 +1,2 @@ #!/usr/bin/env bash -exec java -jar lib/sonar-application-"${SONAR_VERSION}".jar -Dsonar.log.console=true "$@" \ No newline at end of file +exec java -jar lib/sonar-application-"${SONAR_VERSION}".jar -Dsonar.log.console=true "$@" diff --git a/build-and-run.sh b/build-and-run.sh index 1911408..4ee76fb 100755 --- a/build-and-run.sh +++ b/build-and-run.sh @@ -59,4 +59,4 @@ if ! [[ -d "$image" ]]; then fi name=sqtest:$image docker build -t "$name" -f "$image/Dockerfile" "$PWD/$image" -docker run -p $port:9000 "$name" \ No newline at end of file +docker run -p $port:9000 "$name" diff --git a/example-compose-files/sq-dce-postgres/docker-compose.yml b/example-compose-files/sq-dce-postgres/docker-compose.yml new file mode 100644 index 0000000..cd8b498 --- /dev/null +++ b/example-compose-files/sq-dce-postgres/docker-compose.yml @@ -0,0 +1,122 @@ +version: "3" + +services: + sonarqube: + image: sonarqube:datacenter-app + depends_on: + - db + - search-1 + - search-2 + - search-3 + networks: + - sonar-network + deploy: + replicas: 2 + cpus: 0.5 + mem_limit: 4096M + mem_reservation: 1024M + environment: + SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar + SONAR_JDBC_USERNAME: sonar + SONAR_JDBC_PASSWORD: sonar + SONAR_WEB_PORT: 9000 + SONAR_CLUSTER_SEARCH_HOSTS: "search-1,search-2,search-3" + SONAR_CLUSTER_HOSTS: "sonarqube" + SONAR_AUTH_JWTBASE64HS256SECRET: "dZ0EB0KxnF++nr5+4vfTCaun/eWbv6gOoXodiAMqcFo=" + VIRTUAL_HOST: sonarqube.dev.local + VIRTUAL_PORT: 9000 + volumes: + - sonarqube_extensions:/opt/sonarqube/extensions + - sonarqube_logs:/opt/sonarqube/logs + search-1: + image: sonarqube:datacenter-search + hostname: "search-1" + cpus: 0.5 + mem_limit: 4096M + mem_reservation: 1024M + depends_on: + - db + networks: + - sonar-network + environment: + SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar + SONAR_JDBC_USERNAME: sonar + SONAR_JDBC_PASSWORD: sonar + SONAR_CLUSTER_ES_HOSTS: "search-1,search-2,search-3" + SONAR_CLUSTER_NODE_NAME: "search-1" + volumes: + - search-data-1:/opt/sonarqube/data + search-2: + image: sonarqube:datacenter-search + hostname: "search-2" + cpus: 0.5 + mem_limit: 4096M + mem_reservation: 1024M + depends_on: + - db + networks: + - sonar-network + environment: + SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar + SONAR_JDBC_USERNAME: sonar + SONAR_JDBC_PASSWORD: sonar + SONAR_CLUSTER_ES_HOSTS: "search-1,search-2,search-3" + SONAR_CLUSTER_NODE_NAME: "search-2" + volumes: + - search-data-2:/opt/sonarqube/data + search-3: + image: sonarqube:datacenter-search + hostname: "search-3" + cpus: 0.5 + mem_limit: 4096M + mem_reservation: 1024M + depends_on: + - db + networks: + - sonar-network + environment: + SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar + SONAR_JDBC_USERNAME: sonar + SONAR_JDBC_PASSWORD: sonar + SONAR_CLUSTER_ES_HOSTS: "search-1,search-2,search-3" + SONAR_CLUSTER_NODE_NAME: "search-3" + volumes: + - search-data-3:/opt/sonarqube/data + db: + image: postgres:12 + networks: + - sonar-network + environment: + POSTGRES_USER: sonar + POSTGRES_PASSWORD: sonar + volumes: + - postgresql:/var/lib/postgresql + - postgresql_data:/var/lib/postgresql/data + proxy: + image: jwilder/nginx-proxy + ports: + - "80:80" + volumes: + - /var/run/docker.sock:/tmp/docker.sock:ro + - ./unrestricted_client_body_size.conf:/etc/nginx/conf.d/unrestricted_client_body_size.conf:ro + networks: + - sonar-network + - sonar-public + +networks: + sonar-network: + ipam: + driver: default + config: + - subnet: 172.28.2.0/24 + sonar-public: + driver: bridge + +volumes: + sonarqube_extensions: + sonarqube_logs: + search-data-1: + search-data-2: + search-data-3: + postgresql: + postgresql_data: \ No newline at end of file diff --git a/example-compose-files/sq-dce-postgres/unrestricted_client_body_size.conf b/example-compose-files/sq-dce-postgres/unrestricted_client_body_size.conf new file mode 100644 index 0000000..8737ec1 --- /dev/null +++ b/example-compose-files/sq-dce-postgres/unrestricted_client_body_size.conf @@ -0,0 +1 @@ +client_max_body_size 0; diff --git a/example-compose-files/sq-with-h2/docker-compose.yml b/example-compose-files/sq-with-h2/docker-compose.yml new file mode 100644 index 0000000..f7e254a --- /dev/null +++ b/example-compose-files/sq-with-h2/docker-compose.yml @@ -0,0 +1,14 @@ +version: "3" +services: + sonarqube: + image: sonarqube:community + volumes: + - sonarqube_data:/opt/sonarqube/data + - sonarqube_extensions:/opt/sonarqube/extensions + - sonarqube_logs:/opt/sonarqube/logs + ports: + - "9000:9000" +volumes: + sonarqube_data: + sonarqube_extensions: + sonarqube_logs: \ No newline at end of file diff --git a/example-compose-files/sq-with-postgres/docker-compose.yml b/example-compose-files/sq-with-postgres/docker-compose.yml new file mode 100644 index 0000000..ae41491 --- /dev/null +++ b/example-compose-files/sq-with-postgres/docker-compose.yml @@ -0,0 +1,31 @@ +version: "3" +services: + sonarqube: + image: sonarqube:community + depends_on: + - db + environment: + SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar + SONAR_JDBC_USERNAME: sonar + SONAR_JDBC_PASSWORD: sonar + volumes: + - sonarqube_data:/opt/sonarqube/data + - sonarqube_extensions:/opt/sonarqube/extensions + - sonarqube_logs:/opt/sonarqube/logs + ports: + - "9000:9000" + db: + image: postgres:12 + environment: + POSTGRES_USER: sonar + POSTGRES_PASSWORD: sonar + volumes: + - postgresql:/var/lib/postgresql + - postgresql_data:/var/lib/postgresql/data + +volumes: + sonarqube_data: + sonarqube_extensions: + sonarqube_logs: + postgresql: + postgresql_data: \ No newline at end of file diff --git a/release.md b/release.md new file mode 100644 index 0000000..c1587ef --- /dev/null +++ b/release.md @@ -0,0 +1,61 @@ +# Releasing + +Overview +-------- + +Release of a new version of the official SonarQube Docker images is made of several operations: + +1. bump the version of SonarQube in Dockerfiles +2. Update the docker hub SonarQube's documentation (if applicable) +3. Update Docker Hub's SonarQube images +4. add a GIT tag for the new version + + +Bump the version of SonarQube in Dockerfiles +----------------------------- + +The version of SQ is hardcoded in each Dockerfile and must be updated in master branch. + + +Update the docker hub SonarQube's documentation (if applicable) +------------------------------- + +If needed, prepare PR of Docker Hub documentation from SonarSource's fork of [https://github.com/docker-library/docs](https://github.com/docker-library/docs) named [sonarqube-docker-docs](https://github.com/SonarSource/sonarqube-docker-docs) + +> Note: updating the fork should not be necessary as we only care about the `sonarqube` directory and are the only people updating it + +To create a good PR: + +1. The markdown format must follow a certain standard, otherwise automated tests will fail. You can test with the `markdownfmt.sh` tool included in the repository, for example `./markdownfmt.sh -d sonarqube/content.md` will output the diff that would have to be done to make the tests pass. You can use the `patch` command to apply the changes, for example: `./markdownfmt.sh -d sonarqube/content.md | patch sonarqube/content.md` +2. Verify the Pull Request passes the automated tests (visible in the status of the PR) + +To control the generated content of the Docker Hub page, look around in the files in `.template-helpers` of the [`docs` repository][docs]. For example, the "Where to get help" section is customized by a copy of `.template-helpers/get-help.md` in `sonarqube/get-help.md`. + +Until SonarQube is released and the public artifacts are available, keep your PR a draft PR to make it clear it is not ready to be merged yet. + +For more and up to date documentation, see https://github.com/docker-library/docs. + + +Update Docker Hub's SonarQube images +----------------------- + +Update the SonarSource [fork](https://github.com/SonarSource/official-images) of the [official-images](https://github.com/docker-library/official-images) to ensure that the `sonarqube` library is the latest version. + +Create a feature branch on the company fork: +* `GitCommit` must be updated to this repository master branch's HEAD. +* `Tags` and `Directory` must be added/updated appropriatly for each edition +* see https://github.com/docker-library/official-images/pull/8837/files as an example + +Until SonarQube is released and the public artifacts are available, keep your PR a draft PR to make it clear it is not ready to be merged yet. +* Create the PR [here](https://github.com/docker-library/official-images/compare) + * If the documentation was updated in the step before, reference that PR in this PR. +* Click on *compare across fork* to be able to use the SonarSource fork as head repository. + + +For more and up to date documentation, see https://github.com/docker-library/official-images. + + +Add a GIT tag for the new version +---------------- + +The commit referenced in the DockerHub Pull Request must be tagged with the (marketing) version of SQ: eg. `8.0`, `8.0.1`, `8.1`. diff --git a/run-public-image-tests.sh b/run-public-image-tests.sh index 2b6dc08..197799a 100755 --- a/run-public-image-tests.sh +++ b/run-public-image-tests.sh @@ -100,4 +100,4 @@ if [[ ${results[0]} != success ]]; then fi -[[ ${failures} = 0 ]] \ No newline at end of file +[[ ${failures} = 0 ]] diff --git a/run-tests.sh b/run-tests.sh index cb625d5..6982273 100755 --- a/run-tests.sh +++ b/run-tests.sh @@ -135,7 +135,7 @@ sanity_check_image() { [[ $result == ok ]] fi - + } require curl docker @@ -168,4 +168,4 @@ if [[ ${results} != success ]]; then ((failures++)) fi -[[ $failures = 0 ]] \ No newline at end of file +[[ $failures = 0 ]] diff --git a/update.sh b/update.sh index 2a87507..ad7a957 100755 --- a/update.sh +++ b/update.sh @@ -1,9 +1,9 @@ #!/bin/bash -# Enable globstar for Searching recursively +# Enable globstar for Searching recursively shopt -s globstar # Reset the Option Index in case getopts has been used previously in the same shell. -OPTIND=1 +OPTIND=1 function show_help() { echo "update.sh help" @@ -44,6 +44,6 @@ while getopts ":h:o:n:" o; do done shift $((OPTIND-1)) -for i in ./**/Dockerfile; do +for i in ./**/Dockerfile; do sed -i "s/${OLD_VERSION}/${NEW_VERSION}/g" $i -done \ No newline at end of file +done