update to version 9.9.2

.drone.yml

@@ -0,0 +1,64 @@
+kind: pipeline
+type: docker
+name: sonarqube_Build
+platform:
+  arch: arm64
+
+steps:
+- name: dryrun-sonarqube-build
+  image: plugins/docker
+  settings:
+    repo:
+      from_secret: docker_repo
+    registry:
+      from_secret: docker_regst
+    dockerfile: 9-comm/Dockerfile
+    context: ./9-comm
+    insecure: true
+    tags: test
+    dry_run: true
+  when:
+    branch:
+      exclude:
+      - master
+
+
+- name: docker-build-push
+  image: plugins/docker
+  settings:
+    repo:
+      from_secret: docker_repo
+    username:
+      from_secret: docker_user
+    password:
+      from_secret: docker_pass
+    registry:
+      from_secret: docker_regst
+    cache_from:
+      from_secret: docker_repo
+    dockerfile: 9-comm/Dockerfile
+    context: ./9-comm
+    auto_tag: true
+    insecure: true
+    when:
+      branch:
+      - master
+      event:
+      - push
+      - tag
+
+
+- name: send build notification
+  image: appleboy/drone-telegram
+  settings:
+    token:
+      from_secret: TELE_TOKEN
+    to:
+      from_secret : TELE_GID
+    message: "{{#success build.status}} ✅  Build #{{build.number}} of `{{repo.name}}` succeeded.\n\n📝 Commit by {{commit.author}} on `{{commit.branch}}`:\n``` {{commit.message}} ```\n\n🌐 {{ build.link }} {{else}} ❌  Build #{{build.number}} of `{{repo.name}}` failed.\n\n📝 Commit by {{commit.author}} on `{{commit.branch}}`:\n``` {{commit.message}} ```\n\n🌐 {{ build.link }} {{/success}}\n\n timecost: {{since build.started}}\n"
+    when:
+      branch:
+      - master
+      event:
+      - push
+      - tag

.github/CODEOWNERS

@@ -0,0 +1 @@
+.github/CODEOWNERS @sonarsource/sonarqube-team

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,6 @@
+Please ensure your issue adheres to the following guidelines: 
+
+This repository is used for technical issues only. For general Support like questions, please create a new Thread in our [Community Forum](https://community.sonarsource.com/)
+
+- [ ] Please check the problem is not already reported, or a known issue documented in [`develop.md`](develop.md)
+- [ ] Please include enough details to reproduce the problem: the command executed, the host platform, error messages or relevant logs

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,5 @@
+Please be aware that we are not actively looking for feature contributions. We typically accept minor improvements and bug-fixes. 
+Please ensure your pull request adheres to the following guidelines:
+- [ ] explain your motives to contribute this change: what problem you are trying to fix, what improvement you are trying to make
+- [ ] If the PR modifies or adds images, use the `run-tests.sh imagedir` command to verify the image works
+- [ ] If the PR modifies or adds images, try to make sure the images run correctly on Linux

.github/workflows/next-scan.yml

@@ -0,0 +1,33 @@
+on:
+  # Trigger analysis when pushing in master or pull requests, and when creating
+  # a pull request. 
+  push:
+    branches:
+      - master
+  pull_request:
+    types: [opened, synchronize, reopened]
+    
+name: Main Workflow
+jobs:
+  next:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      pull-requests: read
+      contents: read
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        # Disabling shallow clone is recommended for improving relevancy of reporting
+        fetch-depth: 0
+    - id: secrets
+      uses: SonarSource/vault-action-wrapper@2.4.3-1
+      with:
+        secrets: |
+          development/kv/data/next token | sq_next_token;
+    - name: SonarQube Next Scan
+      uses: sonarsource/sonarqube-scan-action@master
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        SONAR_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).sq_next_token }}
+        SONAR_HOST_URL: https://next.sonarqube.com/sonarqube/

.github/workflows/release.yml

@@ -0,0 +1,45 @@
+name: Release SBOM Assets
+
+on:
+  release:
+    types:
+      - created
+
+jobs:
+  release:
+    name: Upload Release Asset
+    strategy:
+      fail-fast: false
+      matrix:
+        tag:
+          - 9-community
+          - 9-developer
+          - 9-enterprise
+          - 9-datacenter-app
+          - 9-datacenter-search
+          - 10-community
+          - 10-developer
+          - 10-enterprise
+          - 10-datacenter-app
+          - 10-datacenter-search
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write
+    steps:
+      - id: secrets
+        uses: SonarSource/vault-action-wrapper@2.4.3-1
+        with:
+          secrets: |
+            development/kv/data/sign key | gpg_key;
+            development/kv/data/sign passphrase | gpg_passphrase;
+      - name: Generate CycloneDX SBOM
+        uses: SonarSource/gh-action_sbom@v1
+        with:
+          image: "sonarqube:${{ matrix.tag }}"
+          filename: "sonarqube-${{ matrix.tag }}-bom.json"
+          upload-artifact: true
+          upload-release-assets: true
+        env:
+          GPG_PRIVATE_KEY_PASSPHRASE: ${{ fromJSON(steps.secrets.outputs.vault).gpg_passphrase }}
+          GPG_PRIVATE_KEY_BASE64: ${{ fromJSON(steps.secrets.outputs.vault).gpg_key }}

.gitignore

@@ -32,4 +32,4 @@ Desktop.ini
 # ---- Linux
 .directory
 
-*.zip
+*.zip

10-comm/Dockerfile

@@ -0,0 +1,61 @@
+FROM eclipse-temurin:17-jre
+
+LABEL org.opencontainers.image.url=https://github.com/SonarSource/docker-sonarqube
+
+ENV LANG='en_US.UTF-8' \
+    LANGUAGE='en_US:en' \
+    LC_ALL='en_US.UTF-8'
+
+#
+# SonarQube setup
+#
+ARG SONARQUBE_VERSION=10.2.1.78527
+ARG SONARQUBE_ZIP_URL=https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-${SONARQUBE_VERSION}.zip
+ENV DOCKER_RUNNING="true" \
+    JAVA_HOME='/opt/java/openjdk' \
+    SONARQUBE_HOME=/opt/sonarqube \
+    SONAR_VERSION="${SONARQUBE_VERSION}" \
+    SQ_DATA_DIR="/opt/sonarqube/data" \
+    SQ_EXTENSIONS_DIR="/opt/sonarqube/extensions" \
+    SQ_LOGS_DIR="/opt/sonarqube/logs" \
+    SQ_TEMP_DIR="/opt/sonarqube/temp"
+
+RUN set -eux; \
+    groupadd --system --gid 1000 sonarqube; \
+    useradd --system --uid 1000 --gid sonarqube sonarqube; \
+    apt-get update; \
+    apt-get install -y gnupg unzip curl bash fonts-dejavu; \
+    echo "networkaddress.cache.ttl=5" >> "${JAVA_HOME}/conf/security/java.security"; \
+    sed --in-place --expression="s?securerandom.source=file:/dev/random?securerandom.source=file:/dev/urandom?g" "${JAVA_HOME}/conf/security/java.security"; \
+    # pub   2048R/D26468DE 2015-05-25
+    #       Key fingerprint = F118 2E81 C792 9289 21DB  CAB4 CFCA 4A29 D264 68DE
+    # uid                  sonarsource_deployer (Sonarsource Deployer) <infra@sonarsource.com>
+    # sub   2048R/06855C1D 2015-05-25
+    for server in $(shuf -e hkps://keys.openpgp.org \
+                            hkps://keyserver.ubuntu.com) ; do \
+        gpg --batch --keyserver "${server}" --recv-keys 679F1EE92B19609DE816FDE81DB198F93525EC1A && break || : ; \
+    done; \
+    mkdir --parents /opt; \
+    cd /opt; \
+    curl --fail --location --output sonarqube.zip --silent --show-error "${SONARQUBE_ZIP_URL}"; \
+    curl --fail --location --output sonarqube.zip.asc --silent --show-error "${SONARQUBE_ZIP_URL}.asc"; \
+    gpg --batch --verify sonarqube.zip.asc sonarqube.zip; \
+    unzip -q sonarqube.zip; \
+    mv "sonarqube-${SONARQUBE_VERSION}" sonarqube; \
+    rm sonarqube.zip*; \
+    rm -rf ${SONARQUBE_HOME}/bin/*; \
+    ln -s "${SONARQUBE_HOME}/lib/sonar-application-${SONARQUBE_VERSION}.jar" "${SONARQUBE_HOME}/lib/sonarqube.jar"; \
+    chmod -R 555 ${SONARQUBE_HOME}; \
+    chmod -R ugo+wrX "${SQ_DATA_DIR}" "${SQ_EXTENSIONS_DIR}" "${SQ_LOGS_DIR}" "${SQ_TEMP_DIR}"; \
+    apt-get remove -y gnupg unzip; \
+    rm -rf /var/lib/apt/lists/*;
+
+COPY entrypoint.sh ${SONARQUBE_HOME}/docker/
+
+WORKDIR ${SONARQUBE_HOME}
+EXPOSE 9000
+
+USER sonarqube
+STOPSIGNAL SIGINT
+
+ENTRYPOINT ["/opt/sonarqube/docker/entrypoint.sh"]

10-comm/entrypoint.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+set -e
+
+DEFAULT_CMD=('/opt/java/openjdk/bin/java' '-jar' 'lib/sonarqube.jar' '-Dsonar.log.console=true')
+
+# this if will check if the first argument is a flag
+# but only works if all arguments require a hyphenated flag
+# -v; -SL; -f arg; etc will work, but not arg1 arg2
+if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then
+    set -- "${DEFAULT_CMD[@]}" "$@"
+fi
+
+exec "$@"

9-comm/Dockerfile

@@ -1,4 +1,6 @@
-FROM alpine:3.14
+FROM eclipse-temurin:17-jre
+
+LABEL org.opencontainers.image.url=https://github.com/SonarSource/docker-sonarqube
 
 ENV LANG='en_US.UTF-8' \
     LANGUAGE='en_US:en' \
@@ -7,10 +9,9 @@ ENV LANG='en_US.UTF-8' \
 #
 # SonarQube setup
 #
-ARG SONARQUBE_VERSION=9.2.4.50792
+ARG SONARQUBE_VERSION=9.9.2.77730
 ARG SONARQUBE_ZIP_URL=https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-${SONARQUBE_VERSION}.zip
-ENV JAVA_HOME='/usr/lib/jvm/java-11-openjdk' \
-    PATH="/opt/java/openjdk/bin:$PATH" \
+ENV JAVA_HOME='/opt/java/openjdk' \
     SONARQUBE_HOME=/opt/sonarqube \
     SONAR_VERSION="${SONARQUBE_VERSION}" \
     SQ_DATA_DIR="/opt/sonarqube/data" \
@@ -19,21 +20,18 @@ ENV JAVA_HOME='/usr/lib/jvm/java-11-openjdk' \
     SQ_TEMP_DIR="/opt/sonarqube/temp"
 
 RUN set -eux; \
-    addgroup -S -g 1000 sonarqube; \
-    adduser -S -D -u 1000 -G sonarqube sonarqube; \
-    apk add --no-cache --virtual build-dependencies gnupg unzip curl; \
-    apk add --no-cache bash su-exec ttf-dejavu openjdk11-jre; \
+    groupadd --system --gid 1000 sonarqube; \
+    useradd --system --uid 1000 --gid sonarqube sonarqube; \
+    apt-get update; \
+    apt-get install -y gnupg unzip curl bash fonts-dejavu; \
+    echo "networkaddress.cache.ttl=5" >> "${JAVA_HOME}/conf/security/java.security"; \
+    sed --in-place --expression="s?securerandom.source=file:/dev/random?securerandom.source=file:/dev/urandom?g" "${JAVA_HOME}/conf/security/java.security"; \
     # pub   2048R/D26468DE 2015-05-25
     #       Key fingerprint = F118 2E81 C792 9289 21DB  CAB4 CFCA 4A29 D264 68DE
     # uid                  sonarsource_deployer (Sonarsource Deployer) <infra@sonarsource.com>
     # sub   2048R/06855C1D 2015-05-25
-    echo "networkaddress.cache.ttl=5" >> "${JAVA_HOME}/conf/security/java.security"; \
-    sed --in-place --expression="s?securerandom.source=file:/dev/random?securerandom.source=file:/dev/urandom?g" "${JAVA_HOME}/conf/security/java.security"; \
-    for server in $(shuf -e ha.pool.sks-keyservers.net \
-                            hkp://p80.pool.sks-keyservers.net:80 \
-                            keyserver.ubuntu.com \
-                            hkp://keyserver.ubuntu.com:80 \
-                            pgp.mit.edu) ; do \
+    for server in $(shuf -e hkps://keys.openpgp.org \
+                            hkps://keyserver.ubuntu.com) ; do \
         gpg --batch --keyserver "${server}" --recv-keys 679F1EE92B19609DE816FDE81DB198F93525EC1A && break || : ; \
     done; \
     mkdir --parents /opt; \
@@ -45,17 +43,18 @@ RUN set -eux; \
     mv "sonarqube-${SONARQUBE_VERSION}" sonarqube; \
     rm sonarqube.zip*; \
     rm -rf ${SONARQUBE_HOME}/bin/*; \
-    chown -R sonarqube:sonarqube ${SONARQUBE_HOME}; \
-    # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
-    chmod -R 777 "${SQ_DATA_DIR}" "${SQ_EXTENSIONS_DIR}" "${SQ_LOGS_DIR}" "${SQ_TEMP_DIR}"; \
-    apk del --purge build-dependencies;
+    ln -s "${SONARQUBE_HOME}/lib/sonar-application-${SONARQUBE_VERSION}.jar" "${SONARQUBE_HOME}/lib/sonarqube.jar"; \
+    chmod -R 555 ${SONARQUBE_HOME}; \
+    chmod -R ugo+wrX "${SQ_DATA_DIR}" "${SQ_EXTENSIONS_DIR}" "${SQ_LOGS_DIR}" "${SQ_TEMP_DIR}"; \
+    apt-get remove -y gnupg unzip curl; \
+    rm -rf /var/lib/apt/lists/*;
 
-COPY --chown=sonarqube:sonarqube run.sh sonar.sh ${SONARQUBE_HOME}/bin/
+COPY entrypoint.sh ${SONARQUBE_HOME}/docker/
 
 WORKDIR ${SONARQUBE_HOME}
 EXPOSE 9000
 
+USER sonarqube
 STOPSIGNAL SIGINT
 
-ENTRYPOINT ["/opt/sonarqube/bin/run.sh"]
-CMD ["/opt/sonarqube/bin/sonar.sh"]
+ENTRYPOINT ["/opt/sonarqube/docker/entrypoint.sh"]

9-comm/entrypoint.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+set -e
+
+DEFAULT_CMD=('/opt/java/openjdk/bin/java' '-jar' 'lib/sonarqube.jar' '-Dsonar.log.console=true')
+
+# this if will check if the first argument is a flag
+# but only works if all arguments require a hyphenated flag
+# -v; -SL; -f arg; etc will work, but not arg1 arg2
+if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then
+    set -- "${DEFAULT_CMD[@]}" "$@"
+fi
+
+exec "$@"

9-comm/run.sh

@@ -1,59 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-declare -a sq_opts=()
-set_prop_from_deprecated_env_var() {
-  if [ "$2" ]; then
-    sq_opts+=("-D$1=$2")
-  fi
-}
-
-# if nothing is passed, assume we want to run sonarqube server
-if [ "$#" == 0 ]; then
-  set -- /opt/sonarqube/bin/sonar.sh
-fi
-
-# if first arg looks like a flag, assume we want to run sonarqube server with flags
-if [ "${1:0:1}" = '-' ]; then
-    set -- /opt/sonarqube/bin/sonar.sh "$@"
-fi
-
-if [[ "$1" = '/opt/sonarqube/bin/sonar.sh' ]]; then
-    chown -R "$(id -u):$(id -g)" "${SQ_DATA_DIR}" "${SQ_EXTENSIONS_DIR}" "${SQ_LOGS_DIR}" "${SQ_TEMP_DIR}" 2>/dev/null || :
-    chmod -R 700 "${SQ_DATA_DIR}" "${SQ_EXTENSIONS_DIR}" "${SQ_LOGS_DIR}" "${SQ_TEMP_DIR}" 2>/dev/null || :
-
-    # Allow the container to be started with `--user`
-    if [[ "$(id -u)" = '0' ]]; then
-        chown -R sonarqube:sonarqube "${SQ_DATA_DIR}" "${SQ_EXTENSIONS_DIR}" "${SQ_LOGS_DIR}" "${SQ_TEMP_DIR}"
-        echo "Dropping Privileges"
-        exec su-exec sonarqube "$0" "$@"
-    fi
-
-    #
-    # Deprecated way to pass settings to SonarQube that will be removed in future versions.
-    # Please use environment variables (https://docs.sonarqube.org/latest/setup/environment-variables/)
-    # instead to customize SonarQube.
-    #
-    while IFS='=' read -r envvar_key envvar_value
-    do
-        if [[ "$envvar_key" =~ sonar.* ]] || [[ "$envvar_key" =~ ldap.* ]]; then
-            sq_opts+=("-D${envvar_key}=${envvar_value}")
-        fi
-    done < <(env)
-
-    #
-    # Deprecated environment variable mapping that will be removed in future versions.
-    # Please use environment variables from https://docs.sonarqube.org/latest/setup/environment-variables/
-    # instead of using these 4 environment variables below.
-    #
-    set_prop_from_deprecated_env_var "sonar.jdbc.username" "${SONARQUBE_JDBC_USERNAME:-}"
-    set_prop_from_deprecated_env_var "sonar.jdbc.password" "${SONARQUBE_JDBC_PASSWORD:-}"
-    set_prop_from_deprecated_env_var "sonar.jdbc.url" "${SONARQUBE_JDBC_URL:-}"
-    set_prop_from_deprecated_env_var "sonar.web.javaAdditionalOpts" "${SONARQUBE_WEB_JVM_OPTS:-}"
-    if [ ${#sq_opts[@]} -ne 0 ]; then
-        set -- "$@" "${sq_opts[@]}"
-    fi
-fi
-
-exec "$@"

9-comm/sonar.sh

@@ -1,2 +0,0 @@
-#!/usr/bin/env bash
-exec java -jar lib/sonar-application-"${SONAR_VERSION}".jar -Dsonar.log.console=true "$@"

CONTRIBUTING.md

@@ -0,0 +1,15 @@
+Issues / Questions
+------------------
+
+If you want to raise an issue or ask a question ("How do I?", "I got this error, why?", ...), please first read the [documentation](https://docs.sonarqube.org) and then head to the [SonarSource forum](https://community.sonarsource.com/). There are chances that a question similar to yours has already been answered. 
+
+Be aware that this forum is a community, so the standard pleasantries ("Hi", "Thanks", ...) are expected. And if you don't get an answer to your thread, you should sit on your hands for at least three days before bumping it. Operators are not standing by. :-)
+
+Contributing
+------------
+
+If you would like to see a new feature, please create a new thread in the forum ["Suggest new features"](https://community.sonarsource.com/c/suggestions/features).
+
+Please be aware that we are not actively looking for feature contributions. We typically accept minor improvements and bug-fixes.
+
+With that in mind, if you would like to submit a code contribution, please create a pull request for this repository. Please explain your motives to contribute this change: what problem you are trying to fix, what improvement you are trying to make.

LICENSE

@@ -10,7 +10,7 @@
 the terms and conditions of version 3 of the GNU General Public
 License, supplemented by the additional permissions listed below.
 
-  0. Additional Definitions.
+  0. Additional Definitions. 
 
   As used herein, "this License" refers to version 3 of the GNU Lesser
 General Public License, and the "GNU GPL" refers to version 3 of the GNU
@@ -111,7 +111,7 @@ the following:
        a copy of the Library already present on the user's computer
        system, and (b) will operate properly with a modified version
        of the Library that is interface-compatible with the Linked
-       Version.
+       Version. 
 
    e) Provide Installation Information, but only if you would otherwise
    be required to provide such information under section 6 of the
@@ -162,4 +162,4 @@ General Public License ever published by the Free Software Foundation.
 whether future versions of the GNU Lesser General Public License shall
 apply, that proxy's public statement of acceptance of any version is
 permanent authorization for you to choose that version for the
-Library.
+Library.

NOTICE.txt

@@ -3,4 +3,4 @@ Copyright (C) 2015-2019 SonarSource SA
 mailto:info AT sonarsource DOT com
 
 This product includes software developed at
-SonarSource (http://www.sonarsource.com/).
+SonarSource (http://www.sonarsource.com/).

README.md

@@ -0,0 +1,31 @@
+# About this Repo [![Build Status](https://api.cirrus-ci.com/github/SonarSource/docker-sonarqube.svg)](https://cirrus-ci.com/github/SonarSource/docker-sonarqube)
+
+This is the Git repo of the official Docker image for [SonarQube](https://registry.hub.docker.com/_/sonarqube/). See the Hub page for the full readme on how to use the Docker image and for information regarding contributing and issues.
+
+The full readme is generated over in [docker-library/docs](https://github.com/docker-library/docs), specifically in [docker-library/docs/sonarqube](https://github.com/docker-library/docs/tree/master/sonarqube).
+
+Sonar's [Clean Code solution](https://www.sonarsource.com/solutions/clean-code/) helps developers deliver high-quality, efficient code standards that benefit the entire team or organization.
+
+
+Have Questions or Feedback?
+---------------------------
+
+For support questions ("How do I?", "I got this error, why?", ...), please first read the [documentation](https://docs.sonarqube.org) and then head to the [SonarSource forum](https://community.sonarsource.com/). There are chances that a question similar to yours has already been answered. 
+
+Be aware that this forum is a community, so the standard pleasantries ("Hi", "Thanks", ...) are expected. And if you don't get an answer to your thread, you should sit on your hands for at least three days before bumping it. Operators are not standing by. :-)
+
+
+Contributing
+------------
+
+If you would like to see a new feature, please create a new thread in the forum ["Suggest new features"](https://community.sonarsource.com/c/suggestions/features).
+
+Please be aware that we are not actively looking for feature contributions. We typically accept minor improvements and bug fixes.
+
+With that in mind, if you would like to submit a code contribution, please create a pull request for this repository. Please explain your motives to contribute this change: what problem you are trying to fix, what improvement you are trying to make.
+
+### License
+
+Copyright 2015-2020 SonarSource.
+
+Licensed under the [GNU Lesser General Public License, Version 3.0](http://www.gnu.org/licenses/lgpl.txt)

build-and-run.sh

@@ -59,4 +59,4 @@ if ! [[ -d "$image" ]]; then
 fi
 name=sqtest:$image
 docker build -t "$name" -f "$image/Dockerfile" "$PWD/$image"
-docker run -p $port:9000 "$name"
+docker run -p $port:9000 "$name"

deprecated.md

@@ -0,0 +1,84 @@
+# _DEPRECATED_
+
+Dogfooding and images for local artifacts
+=========================================
+
+Dogfooding
+----------
+
+SonarQube Docker images are dogfooded.
+
+This implies that Docker images are produced for every artifact produced from the dogfood branch of SonarQube (see the [dogfood_docker_build_task](https://github.com/SonarSource/sonar-enterprise/blob/master/.cirrus.yml#L263)).
+
+Docker images of SonarQube are built from publicly available artifacts, which means the Dockerfile can simply download them from the public place they are hosted (`binaries.sonarsource.com`).
+
+However, this is not the case for artifacts built from the dogfood branch, which are private.
+
+At some point of time, Dockerfile add the ability to download from the private hosting. Credentials where provided as `docker build` arguments. This option was **dropped because it was leaking credentials into the Docker image layers**.
+
+Instead, the download is now performed by the [`build-docker-from-private-repo.sh`](8/build-docker-from-private-repo.sh) script which then relies on the Dockerfile ability to bundle any locally provided SQ artifact (see below).
+
+Local artifacts
+---------------
+
+Dockerfile supports creating image from any locally provided SQ artifact.
+
+This artifact should be named `sonarqube-${SONARQUBE_VERSION}.zip` and located in the `zip` directory of the `docker build` context. If such file exists, this artifact will be used to build the image instead of downloading it from `binaries.sonarsource.com`.
+
+Note that:
+
+1. there is no check to enforce version of SQ in the zip file matches the `docker build` argument
+	* this is, by the way, used and exploited in dogfooding where Docker images for 8.0 are used to build images of 8.1 currently under development
+2. this feature must be removed from the official Dockerfile published to Docker Hub (see "Release process" below).
+
+
+ITs
+===
+
+ITs run on Travis, see [.travis.yml](.travis.yml).
+
+Currently, ITs are "simply" building a given image of SonarQube and make sure they can run it and have SonarQube responding on HTTP calls in a reasonable time.
+
+Since 8.0, images offer more features which are unfortunately not tested automatically (eg. `--init` parameter and automatice initialization of mounted directories).
+
+
+Discussion around the "version branch"
+======================================
+
+The "version branch" has been introduced as a mean to comply with two opposing constraints:
+
+1. to not have code in Dockerfile which is useless and only developement/dogfood specific
+2. use the real images for dogfooding
+
+This solution is not great:
+
+* it implies multiple manual operations for each release with a high risk of mistake
+* we are not sure how convenient it will be for next releases
+
+However, given the time constraints at the time, it was a good choice: it worked and was very quick and quite low risk to implement.
+
+Alternative
+-----------
+
+One promising alternative has been discussed.
+
+Based on the observation that:
+
+1. edition Dockerfiles vary by hardly more than a URL from each other
+2. the official image is basically the dev image stripped from some identifed code
+
+The idea would be to have:
+
+1. 6 Dockerfiles commit into the repository: two per editions, one for official image (no dev-specific code) and one for dev/dogfooding
+2. a Dockerfile "template"
+3. a script responsible for generating the 6 Dockerfiles from the "template"
+4. an IT ensuring that the 6 Dockerfiles are up to date with the "template" and the script (to prevent dev from forgetting to commit up-to-date Dockerfiles)
+
+With this idea:
+
+1. trust in dogfooding Docker images representatives of the one which will end up as the official images moves from the developer doing the right changes when cleaning the "version" branch to the script and the template
+  * no more human based last minute changes is an obvious improvement
+  * it's all commited so an error is easy to track
+2. there is no longer a need for a "version" branch
+
+However, it requires some time to develop and even confirm it's just feasible. For these reasons, this option wasn't retained at the time.

develop.md

@@ -0,0 +1,41 @@
+Guidelines and documentation for developers of the SonarQube Docker images.
+
+could not find java in ES_JAVA_HOME
+===================================
+
+`could not find java in ES_JAVA_HOME at /usr/lib/jvm/java-11-openjdk/bin/java` is a known error message when the container runtime is too old to be aware of the `faccessat2` syscall.
+This issue is tracked with [SONAR-15167](https://jira.sonarsource.com/browse/SONAR-15167) including some worarounds if a update of the container runtime is not possible. 
+
+Adding images for a new version of SQ
+=====================================
+
+New major version
+-----------------
+
+Create a new subdirectory with the major version number in the root directory of the repository with a sub directory for each supported edition, eg.: 
+
+```
+mkdir -p 9/community 9/developer 9/enterprise
+```
+
+Each edition directory will contain a single Dockerfile.
+
+New non-major version
+---------------------
+
+As of today, we publish only a single version of SQ for a given major version in the "master" branch.
+
+No new image is therefor created for non-major versions of SQ. Instead, existing images are updated.
+
+Docker images of older intermediate versions are accessible via tags.
+
+
+Release process
+===============
+
+Go [here](release.md)
+
+Deprecated
+==========
+
+More information in [deprecated](deprecated.md) processes/pipelines.

example-compose-files/sq-dce-postgres/docker-compose.yml

@@ -0,0 +1,140 @@
+version: "3"
+
+services:
+  sonarqube:
+    image: sonarqube:datacenter-app
+    depends_on:
+      search-1:
+        condition: service_healthy
+      search-2:
+        condition: service_healthy
+      search-3:
+        condition: service_healthy
+    networks:
+      - sonar-network
+    cpus: 0.5
+    mem_limit: 4096M
+    mem_reservation: 1024M
+    environment:
+      SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
+      SONAR_JDBC_USERNAME: sonar
+      SONAR_JDBC_PASSWORD: sonar
+      SONAR_WEB_PORT: 9000
+      SONAR_CLUSTER_SEARCH_HOSTS: "search-1,search-2,search-3"
+      SONAR_CLUSTER_HOSTS: "sonarqube"
+      SONAR_AUTH_JWTBASE64HS256SECRET: "dZ0EB0KxnF++nr5+4vfTCaun/eWbv6gOoXodiAMqcFo="
+      VIRTUAL_HOST: sonarqube.dev.local
+      VIRTUAL_PORT: 9000
+    volumes:
+      - sonarqube_extensions:/opt/sonarqube/extensions
+      - sonarqube_logs:/opt/sonarqube/logs
+  search-1:
+    image: sonarqube:datacenter-search
+    hostname: "search-1"
+    cpus: 0.5
+    mem_limit: 4096M
+    mem_reservation: 1024M
+    depends_on:
+      - db
+    networks:
+      - sonar-network
+    environment:
+      SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
+      SONAR_JDBC_USERNAME: sonar
+      SONAR_JDBC_PASSWORD: sonar
+      SONAR_CLUSTER_ES_HOSTS: "search-1,search-2,search-3"
+      SONAR_CLUSTER_NODE_NAME: "search-1"
+    volumes:
+      - search-data-1:/opt/sonarqube/data
+    healthcheck:
+        test: wget --no-proxy -qO- "http://$$SONAR_CLUSTER_NODE_NAME:9001/_cluster/health?wait_for_status=yellow&timeout=50s" | grep -q -e '"status":"green"' -e '"status":"yellow"';  if [ $? -eq 0 ]; then exit 0; else exit 1; fi
+        interval: 25s
+        timeout: 1s
+        retries: 3
+        start_period: 55s
+  search-2:
+    image: sonarqube:datacenter-search
+    hostname: "search-2"
+    cpus: 0.5
+    mem_limit: 4096M
+    mem_reservation: 1024M
+    depends_on:
+      - db
+    networks:
+      - sonar-network
+    environment:
+      SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
+      SONAR_JDBC_USERNAME: sonar
+      SONAR_JDBC_PASSWORD: sonar
+      SONAR_CLUSTER_ES_HOSTS: "search-1,search-2,search-3"
+      SONAR_CLUSTER_NODE_NAME: "search-2"
+    volumes:
+      - search-data-2:/opt/sonarqube/data
+    healthcheck:
+        test: wget --no-proxy -qO- "http://$$SONAR_CLUSTER_NODE_NAME:9001/_cluster/health?wait_for_status=yellow&timeout=50s" | grep -q -e '"status":"green"' -e '"status":"yellow"';  if [ $? -eq 0 ]; then exit 0; else exit 1; fi
+        interval: 25s
+        timeout: 1s
+        retries: 3
+        start_period: 55s
+  search-3:
+    image: sonarqube:datacenter-search
+    hostname: "search-3"
+    cpus: 0.5
+    mem_limit: 4096M
+    mem_reservation: 1024M
+    depends_on:
+      - db
+    networks:
+      - sonar-network
+    environment:
+      SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
+      SONAR_JDBC_USERNAME: sonar
+      SONAR_JDBC_PASSWORD: sonar
+      SONAR_CLUSTER_ES_HOSTS: "search-1,search-2,search-3"
+      SONAR_CLUSTER_NODE_NAME: "search-3"
+    volumes:
+      - search-data-3:/opt/sonarqube/data
+    healthcheck:
+        test: wget --no-proxy -qO- "http://$$SONAR_CLUSTER_NODE_NAME:9001/_cluster/health?wait_for_status=yellow&timeout=50s" | grep -q -e '"status":"green"' -e '"status":"yellow"';  if [ $? -eq 0 ]; then exit 0; else exit 1; fi
+        interval: 25s
+        timeout: 1s
+        retries: 3
+        start_period: 55s
+  db:
+    image: postgres:13
+    networks:
+      - sonar-network
+    environment:
+      POSTGRES_USER: sonar
+      POSTGRES_PASSWORD: sonar
+    volumes:
+      - postgresql:/var/lib/postgresql
+      - postgresql_data:/var/lib/postgresql/data
+  proxy:
+    image: jwilder/nginx-proxy
+    ports:
+      - "80:80"
+    volumes:
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+      - ./unrestricted_client_body_size.conf:/etc/nginx/conf.d/unrestricted_client_body_size.conf:ro
+    networks:
+      - sonar-network
+      - sonar-public
+
+networks:
+  sonar-network:
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.28.2.0/24
+  sonar-public:
+    driver: bridge
+
+volumes:
+  sonarqube_extensions:
+  sonarqube_logs:
+  search-data-1:
+  search-data-2:
+  search-data-3:
+  postgresql:
+  postgresql_data:

example-compose-files/sq-dce-postgres/unrestricted_client_body_size.conf

@@ -0,0 +1 @@
+client_max_body_size 0;

example-compose-files/sq-with-h2/docker-compose.yml

@@ -0,0 +1,14 @@
+version: "3"
+services:
+  sonarqube:
+    image: sonarqube:community
+    volumes:
+      - sonarqube_data:/opt/sonarqube/data
+      - sonarqube_extensions:/opt/sonarqube/extensions
+      - sonarqube_logs:/opt/sonarqube/logs
+    ports:
+      - "9000:9000"
+volumes:
+  sonarqube_data:
+  sonarqube_extensions:
+  sonarqube_logs:

example-compose-files/sq-with-postgres/docker-compose.yml

@@ -0,0 +1,36 @@
+version: "3"
+services:
+  sonarqube:
+    image: sonarqube:community
+    hostname: sonarqube
+    container_name: sonarqube
+    depends_on:
+      - db
+    environment:
+      SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
+      SONAR_JDBC_USERNAME: sonar
+      SONAR_JDBC_PASSWORD: sonar
+    volumes:
+      - sonarqube_data:/opt/sonarqube/data
+      - sonarqube_extensions:/opt/sonarqube/extensions
+      - sonarqube_logs:/opt/sonarqube/logs
+    ports:
+      - "9000:9000"
+  db:
+    image: postgres:13
+    hostname: postgresql
+    container_name: postgresql
+    environment:
+      POSTGRES_USER: sonar
+      POSTGRES_PASSWORD: sonar
+      POSTGRES_DB: sonar
+    volumes:
+      - postgresql:/var/lib/postgresql
+      - postgresql_data:/var/lib/postgresql/data
+
+volumes:
+  sonarqube_data:
+  sonarqube_extensions:
+  sonarqube_logs:
+  postgresql:
+  postgresql_data:

examples.md

@@ -7,13 +7,13 @@ This section provides examples on how to run SonarQube server in a container:
 To analyze a project check our [scanner docs](https://docs.sonarqube.org/latest/analysis/overview/).
 
 ## Run SonarQube using docker commands
-Before you start SonarQube, we recommend creating volumes to store SonarQube data, logs, temporary data and extensions. If you don't do that, you can loose them when you decide to update to newer version of SonarQube or upgrade to a higher SonarQube edition. Commands to create the volumes:
+Before you start SonarQube, we recommend creating volumes to store SonarQube data, logs, temporary data and extensions. If you don't do that, you can loose them when you decide to update to newer version of SonarQube or upgrade to a higher SonarQube edition. Commands to create the volumes: 
 ```bash
 $> docker volume create --name sonarqube_data
 $> docker volume create --name sonarqube_extensions
 $> docker volume create --name sonarqube_logs
 $> docker volume create --name sonarqube_temp
-```
+``` 
 
 After that you can start the SonarQube server (this example uses the Community Edition):
 ```bash
@@ -21,8 +21,7 @@ $> docker run \
     -v sonarqube_data:/opt/sonarqube/data \
     -v sonarqube_extensions:/opt/sonarqube/extensions \
     -v sonarqube_logs:/opt/sonarqube/logs \
-    -v sonarqube_temp:/opt/sonarqube/temp \
-    --name="sonarqube" -p 9000:9000 sonarqube:8.2
+    --name="sonarqube" -p 9000:9000 sonarqube:community
 ```
 The above command starts SonarQube with an embedded database. We recommend starting the instance with a separate database
 by providing `SONAR_JDBC_URL`, `SONAR_JDBC_USERNAME` and `SONAR_JDBC_PASSWORD` like this:
@@ -31,18 +30,17 @@ $> docker run \
     -v sonarqube_data:/opt/sonarqube/data \
     -v sonarqube_extensions:/opt/sonarqube/extensions \
     -v sonarqube_logs:/opt/sonarqube/logs \
-    -v sonarqube_temp:/opt/sonarqube/temp \
     -e SONAR_JDBC_URL="..." \
     -e SONAR_JDBC_USERNAME="..." \
     -e SONAR_JDBC_PASSWORD="..." \
-    --name="sonarqube" -p 9000:9000 sonarqube:8.2
+    --name="sonarqube" -p 9000:9000 sonarqube:community
 ```
 
 ## Run SonarQube using Docker Compose
 ### Requirements
 
- * Docker Engine 1.10.1+
- * Docker Compose 1.6.0+
+ * Docker Engine 20.10+
+ * Docker Compose 2.0.0+
 
 ### SonarQube with Postgres:
 

release.md

@@ -0,0 +1,67 @@
+# Releasing
+
+Docker image release cycle and SonarQube product
+---
+We consider the **docker image** as part of the SonarQube **product**. Therefore, it follows the same release process.
+
+Overview
+--------
+
+Release of a new version of the official SonarQube Docker images is made of several operations:
+
+1. bump the version of SonarQube in Dockerfiles
+2. bump the version of `CURRENT_LTS_VERSION` and `CURRENT_VERSION` accordingly in `.cirrus.yml` (please note that the nightly build will fail before the public image becomes available)
+3. Update the docker hub SonarQube's documentation (if applicable)
+4. Update Docker Hub's SonarQube images
+5. add a GIT tag for the new version 
+
+
+Bump the version of SonarQube in Dockerfiles
+-----------------------------
+
+The version of SonarQube is hardcoded in each Dockerfile of this repository and must be updated in master branch.
+
+Update the docker hub SonarQube's documentation (if applicable)
+-------------------------------
+
+If needed, prepare PR of Docker Hub documentation [https://github.com/docker-library/docs](https://github.com/docker-library/docs)
+
+> Note: Please use your own fork like seen in [this closed PR](https://github.com/docker-library/docs/pull/1660)
+
+To create a good PR:
+
+1. The markdown format must follow a certain standard, otherwise automated tests will fail. You can test with the `markdownfmt.sh` tool included in the repository, for example `./markdownfmt.sh -d sonarqube/content.md` will output the diff that would have to be done to make the tests pass. You can use the `patch` command to apply the changes, for example: `./markdownfmt.sh -d sonarqube/content.md | patch sonarqube/content.md`
+2. Verify the Pull Request passes the automated tests (visible in the status of the PR)
+
+To control the generated content of the Docker Hub page, look around in the files in `.template-helpers` of the [`docs` repository][docs]. For example, the "Where to get help" section is customized by a copy of `.template-helpers/get-help.md` in `sonarqube/get-help.md`.
+
+Until SonarQube is released and the public artifacts are available, keep your PR a draft PR to make it clear it is not ready to be merged yet.
+
+For more and up to date documentation, see https://github.com/docker-library/docs.
+
+
+Update Docker Hub's SonarQube images
+-----------------------
+
+In order to update the Docker Hub images, a Pull Request must be created on the [official-images](https://github.com/docker-library/official-images) repository.
+
+To do so you should use your own personal fork
+
+Create a feature branch on the fork:
+* `GitCommit` must be updated to this repository master branch's HEAD.
+* `Tags` and `Directory` must be added/updated appropriatly for each edition
+* see https://github.com/docker-library/official-images/pull/8837/files as an example
+
+Until SonarQube is released and the public artifacts are available, keep your PR a draft PR to make it clear it is not ready to be merged yet.
+* Create the PR [here](https://github.com/docker-library/official-images/compare)
+    * If the documentation was updated in the step before, reference that PR in this PR.
+* Click on *compare across fork* to be able to use the fork as head repository.
+
+
+For more and up to date documentation, see https://github.com/docker-library/official-images.
+
+
+Add a GIT tag for the new version 
+----------------
+
+The commit referenced in the DockerHub Pull Request must be tagged with the (marketing) version of SQ: eg. `8.0`, `8.0.1`, `8.1`.

run-public-image-tests.sh

@@ -100,4 +100,4 @@ if [[ ${results[0]} != success ]]; then
 fi
 
 
-[[ ${failures} = 0 ]]
+[[ ${failures} = 0 ]]

run-tests.sh

@@ -66,7 +66,7 @@ wait_for_sonarqube() {
 }
 
 wait_for_sonarqube_dce() {
-    local image=$1 i web_up=no sonarqube_up=no
+    local image=$1-app i web_up=no sonarqube_up=no
 
     for ((i = 0; i < 80; i++)); do
         info "$image: waiting for web server to start ..."
@@ -112,30 +112,25 @@ sanity_check_image() {
 
         [[ $result == ok ]]
     elif [ $2 == docker-compose ]; then
-        if [[ $1 =~ "8" ]]; then
-            _test_compose_path="tests/8/dce-compose-test"
-        elif [[ $1 =~ "9" ]]; then
-            _test_compose_path="tests/9/dce-compose-test"
-        fi
-        cd $_test_compose_path
+        local test_compose_path="tests/dce-compose-test"
+        cd $test_compose_path
         export PORT=$port
-        docker-compose up -d --scale sonarqube=0
-        sleep 60
-        docker-compose up -d --scale sonarqube=1
+        export IMAGE=$1
+        docker compose up -d sonarqube
         if wait_for_sonarqube_dce "$image"; then
-            info "$image: OK !"
+            info "$image-app: OK !"
             result=ok
         else
-            warn "$image: could not confirm service started"
+            warn "$image-app: could not confirm service started"
             result=failure
         fi
 
-        info "$image: stopping container stack"
-        docker-compose stop
+        info "$image-app: stopping container stack"
+        docker compose stop
 
         [[ $result == ok ]]
     fi
-
+    
 }
 
 require curl docker
@@ -168,4 +163,4 @@ if [[ ${results} != success ]]; then
     ((failures++))
 fi
 
-[[ $failures = 0 ]]
+[[ $failures = 0 ]]

sonar-project.properties

@@ -0,0 +1,3 @@
+sonar.projectKey=SonarSource_docker-sonarqube_AYcnOvlJTpBOcQuGEdI5
+sonar.sources=9/,10/
+sonar.organization=sonarsource

update.sh

@@ -1,9 +1,9 @@
 #!/bin/bash
 
-# Enable globstar for Searching recursively
+# Enable globstar for Searching recursively 
 shopt -s globstar
 # Reset the Option Index in case getopts has been used previously in the same shell.
-OPTIND=1
+OPTIND=1 
 
 function show_help() {
     echo "update.sh help"
@@ -44,6 +44,6 @@ while getopts ":h:o:n:" o; do
 done
 shift $((OPTIND-1))
 
-for i in ./**/Dockerfile; do
+for i in ./**/Dockerfile; do 
     sed -i "s/${OLD_VERSION}/${NEW_VERSION}/g" $i
-done
+done