DOCKER-61 removed sks keyserver on SonarQube Dockerfiles to follow official library recommendations

9-comm/Dockerfile

@@ -7,7 +7,7 @@ ENV LANG='en_US.UTF-8' \
 #
 # SonarQube setup
 #
-ARG SONARQUBE_VERSION=9.2.4.50792
+ARG SONARQUBE_VERSION=9.3.0.51899
 ARG SONARQUBE_ZIP_URL=https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-${SONARQUBE_VERSION}.zip
 ENV JAVA_HOME='/usr/lib/jvm/java-11-openjdk' \
     PATH="/opt/java/openjdk/bin:$PATH" \
@@ -29,11 +29,8 @@ RUN set -eux; \
     # sub   2048R/06855C1D 2015-05-25
     echo "networkaddress.cache.ttl=5" >> "${JAVA_HOME}/conf/security/java.security"; \
     sed --in-place --expression="s?securerandom.source=file:/dev/random?securerandom.source=file:/dev/urandom?g" "${JAVA_HOME}/conf/security/java.security"; \
-    for server in $(shuf -e ha.pool.sks-keyservers.net \
-                            hkp://p80.pool.sks-keyservers.net:80 \
-                            keyserver.ubuntu.com \
-                            hkp://keyserver.ubuntu.com:80 \
-                            pgp.mit.edu) ; do \
+    for server in $(shuf -e hkps://keys.openpgp.org \
+                            hkps://keyserver.ubuntu.com) ; do \
         gpg --batch --keyserver "${server}" --recv-keys 679F1EE92B19609DE816FDE81DB198F93525EC1A && break || : ; \
     done; \
     mkdir --parents /opt; \
@@ -58,4 +55,4 @@ EXPOSE 9000
 STOPSIGNAL SIGINT
 
 ENTRYPOINT ["/opt/sonarqube/bin/run.sh"]
-CMD ["/opt/sonarqube/bin/sonar.sh"]
+CMD ["/opt/sonarqube/bin/sonar.sh"]

9-comm/run.sh

@@ -56,4 +56,4 @@ if [[ "$1" = '/opt/sonarqube/bin/sonar.sh' ]]; then
     fi
 fi
 
-exec "$@"
+exec "$@"

9-comm/sonar.sh

@@ -1,2 +1,2 @@
 #!/usr/bin/env bash
-exec java -jar lib/sonar-application-"${SONAR_VERSION}".jar -Dsonar.log.console=true "$@"
+exec java -jar lib/sonar-application-"${SONAR_VERSION}".jar -Dsonar.log.console=true "$@"

README.md

@@ -0,0 +1,30 @@
+# About this Repo
+
+This is the Git repo of the official Docker image for [SonarQube](https://registry.hub.docker.com/_/sonarqube/). See the Hub page for the full readme on how to use the Docker image and for information regarding contributing and issues.
+
+The full readme is generated over in [docker-library/docs](https://github.com/docker-library/docs), specifically in [docker-library/docs/sonarqube](https://github.com/docker-library/docs/tree/master/sonarqube).
+
+[![Build Status](https://travis-ci.org/SonarSource/docker-sonarqube.svg)](https://travis-ci.org/SonarSource/docker-sonarqube)
+
+Have Question or Feedback?
+--------------------------
+
+For support questions ("How do I?", "I got this error, why?", ...), please first read the [documentation](https://docs.sonarqube.org) and then head to the [SonarSource forum](https://community.sonarsource.com/). There are chances that a question similar to yours has already been answered.
+
+Be aware that this forum is a community, so the standard pleasantries ("Hi", "Thanks", ...) are expected. And if you don't get an answer to your thread, you should sit on your hands for at least three days before bumping it. Operators are not standing by. :-)
+
+
+Contributing
+------------
+
+If you would like to see a new feature, please create a new thread in the forum ["Suggest new features"](https://community.sonarsource.com/c/suggestions/features).
+
+Please be aware that we are not actively looking for feature contributions. We typically accept minor improvements and bug-fixes.
+
+With that in mind, if you would like to submit a code contribution, please create a pull request for this repository. Please explain your motives to contribute this change: what problem you are trying to fix, what improvement you are trying to make.
+
+### License
+
+Copyright 2015-2020 SonarSource.
+
+Licensed under the [GNU Lesser General Public License, Version 3.0](http://www.gnu.org/licenses/lgpl.txt)

build-and-run.sh

@@ -59,4 +59,4 @@ if ! [[ -d "$image" ]]; then
 fi
 name=sqtest:$image
 docker build -t "$name" -f "$image/Dockerfile" "$PWD/$image"
-docker run -p $port:9000 "$name"
+docker run -p $port:9000 "$name"

example-compose-files/sq-dce-postgres/docker-compose.yml

@@ -0,0 +1,122 @@
+version: "3"
+
+services:
+  sonarqube:
+    image: sonarqube:datacenter-app
+    depends_on:
+      - db
+      - search-1
+      - search-2
+      - search-3
+    networks:
+      - sonar-network
+    deploy:
+      replicas: 2
+    cpus: 0.5
+    mem_limit: 4096M
+    mem_reservation: 1024M
+    environment:
+      SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
+      SONAR_JDBC_USERNAME: sonar
+      SONAR_JDBC_PASSWORD: sonar
+      SONAR_WEB_PORT: 9000
+      SONAR_CLUSTER_SEARCH_HOSTS: "search-1,search-2,search-3"
+      SONAR_CLUSTER_HOSTS: "sonarqube"
+      SONAR_AUTH_JWTBASE64HS256SECRET: "dZ0EB0KxnF++nr5+4vfTCaun/eWbv6gOoXodiAMqcFo="
+      VIRTUAL_HOST: sonarqube.dev.local
+      VIRTUAL_PORT: 9000
+    volumes:
+      - sonarqube_extensions:/opt/sonarqube/extensions
+      - sonarqube_logs:/opt/sonarqube/logs
+  search-1:
+    image: sonarqube:datacenter-search
+    hostname: "search-1"
+    cpus: 0.5
+    mem_limit: 4096M
+    mem_reservation: 1024M
+    depends_on:
+      - db
+    networks:
+      - sonar-network
+    environment:
+      SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
+      SONAR_JDBC_USERNAME: sonar
+      SONAR_JDBC_PASSWORD: sonar
+      SONAR_CLUSTER_ES_HOSTS: "search-1,search-2,search-3"
+      SONAR_CLUSTER_NODE_NAME: "search-1"
+    volumes:
+      - search-data-1:/opt/sonarqube/data
+  search-2:
+    image: sonarqube:datacenter-search
+    hostname: "search-2"
+    cpus: 0.5
+    mem_limit: 4096M
+    mem_reservation: 1024M
+    depends_on:
+      - db
+    networks:
+      - sonar-network
+    environment:
+      SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
+      SONAR_JDBC_USERNAME: sonar
+      SONAR_JDBC_PASSWORD: sonar
+      SONAR_CLUSTER_ES_HOSTS: "search-1,search-2,search-3"
+      SONAR_CLUSTER_NODE_NAME: "search-2"
+    volumes:
+      - search-data-2:/opt/sonarqube/data
+  search-3:
+    image: sonarqube:datacenter-search
+    hostname: "search-3"
+    cpus: 0.5
+    mem_limit: 4096M
+    mem_reservation: 1024M
+    depends_on:
+      - db
+    networks:
+      - sonar-network
+    environment:
+      SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
+      SONAR_JDBC_USERNAME: sonar
+      SONAR_JDBC_PASSWORD: sonar
+      SONAR_CLUSTER_ES_HOSTS: "search-1,search-2,search-3"
+      SONAR_CLUSTER_NODE_NAME: "search-3"
+    volumes:
+      - search-data-3:/opt/sonarqube/data
+  db:
+    image: postgres:12
+    networks:
+      - sonar-network
+    environment:
+      POSTGRES_USER: sonar
+      POSTGRES_PASSWORD: sonar
+    volumes:
+      - postgresql:/var/lib/postgresql
+      - postgresql_data:/var/lib/postgresql/data
+  proxy:
+    image: jwilder/nginx-proxy
+    ports:
+      - "80:80"
+    volumes:
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+      - ./unrestricted_client_body_size.conf:/etc/nginx/conf.d/unrestricted_client_body_size.conf:ro
+    networks:
+      - sonar-network
+      - sonar-public
+
+networks:
+  sonar-network:
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.28.2.0/24
+  sonar-public:
+    driver: bridge
+
+volumes:
+  sonarqube_extensions:
+  sonarqube_logs:
+  search-data-1:
+  search-data-2:
+  search-data-3:
+  postgresql:
+  postgresql_data:

example-compose-files/sq-dce-postgres/unrestricted_client_body_size.conf

@@ -0,0 +1 @@
+client_max_body_size 0;

example-compose-files/sq-with-h2/docker-compose.yml

@@ -0,0 +1,14 @@
+version: "3"
+services:
+  sonarqube:
+    image: sonarqube:community
+    volumes:
+      - sonarqube_data:/opt/sonarqube/data
+      - sonarqube_extensions:/opt/sonarqube/extensions
+      - sonarqube_logs:/opt/sonarqube/logs
+    ports:
+      - "9000:9000"
+volumes:
+  sonarqube_data:
+  sonarqube_extensions:
+  sonarqube_logs:

example-compose-files/sq-with-postgres/docker-compose.yml

@@ -0,0 +1,31 @@
+version: "3"
+services:
+  sonarqube:
+    image: sonarqube:community
+    depends_on:
+      - db
+    environment:
+      SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
+      SONAR_JDBC_USERNAME: sonar
+      SONAR_JDBC_PASSWORD: sonar
+    volumes:
+      - sonarqube_data:/opt/sonarqube/data
+      - sonarqube_extensions:/opt/sonarqube/extensions
+      - sonarqube_logs:/opt/sonarqube/logs
+    ports:
+      - "9000:9000"
+  db:
+    image: postgres:12
+    environment:
+      POSTGRES_USER: sonar
+      POSTGRES_PASSWORD: sonar
+    volumes:
+      - postgresql:/var/lib/postgresql
+      - postgresql_data:/var/lib/postgresql/data
+
+volumes:
+  sonarqube_data:
+  sonarqube_extensions:
+  sonarqube_logs:
+  postgresql:
+  postgresql_data:

release.md

@@ -0,0 +1,61 @@
+# Releasing
+
+Overview
+--------
+
+Release of a new version of the official SonarQube Docker images is made of several operations:
+
+1. bump the version of SonarQube in Dockerfiles
+2. Update the docker hub SonarQube's documentation (if applicable)
+3. Update Docker Hub's SonarQube images
+4. add a GIT tag for the new version 
+
+
+Bump the version of SonarQube in Dockerfiles
+-----------------------------
+
+The version of SQ is hardcoded in each Dockerfile and must be updated in master branch.
+
+
+Update the docker hub SonarQube's documentation (if applicable)
+-------------------------------
+
+If needed, prepare PR of Docker Hub documentation from SonarSource's fork of [https://github.com/docker-library/docs](https://github.com/docker-library/docs) named [sonarqube-docker-docs](https://github.com/SonarSource/sonarqube-docker-docs)
+
+> Note: updating the fork should not be necessary as we only care about the `sonarqube` directory and are the only people updating it
+
+To create a good PR:
+
+1. The markdown format must follow a certain standard, otherwise automated tests will fail. You can test with the `markdownfmt.sh` tool included in the repository, for example `./markdownfmt.sh -d sonarqube/content.md` will output the diff that would have to be done to make the tests pass. You can use the `patch` command to apply the changes, for example: `./markdownfmt.sh -d sonarqube/content.md | patch sonarqube/content.md`
+2. Verify the Pull Request passes the automated tests (visible in the status of the PR)
+
+To control the generated content of the Docker Hub page, look around in the files in `.template-helpers` of the [`docs` repository][docs]. For example, the "Where to get help" section is customized by a copy of `.template-helpers/get-help.md` in `sonarqube/get-help.md`.
+
+Until SonarQube is released and the public artifacts are available, keep your PR a draft PR to make it clear it is not ready to be merged yet.
+
+For more and up to date documentation, see https://github.com/docker-library/docs.
+
+
+Update Docker Hub's SonarQube images
+-----------------------
+
+Update the SonarSource [fork](https://github.com/SonarSource/official-images) of the [official-images](https://github.com/docker-library/official-images) to ensure that the `sonarqube` library is the latest version.
+
+Create a feature branch on the company fork:
+* `GitCommit` must be updated to this repository master branch's HEAD.
+* `Tags` and `Directory` must be added/updated appropriatly for each edition
+* see https://github.com/docker-library/official-images/pull/8837/files as an example
+
+Until SonarQube is released and the public artifacts are available, keep your PR a draft PR to make it clear it is not ready to be merged yet.
+* Create the PR [here](https://github.com/docker-library/official-images/compare)
+    * If the documentation was updated in the step before, reference that PR in this PR.
+* Click on *compare across fork* to be able to use the SonarSource fork as head repository.
+
+
+For more and up to date documentation, see https://github.com/docker-library/official-images.
+
+
+Add a GIT tag for the new version 
+----------------
+
+The commit referenced in the DockerHub Pull Request must be tagged with the (marketing) version of SQ: eg. `8.0`, `8.0.1`, `8.1`.

run-public-image-tests.sh

@@ -100,4 +100,4 @@ if [[ ${results[0]} != success ]]; then
 fi
 
 
-[[ ${failures} = 0 ]]
+[[ ${failures} = 0 ]]

run-tests.sh

@@ -135,7 +135,7 @@ sanity_check_image() {
 
         [[ $result == ok ]]
     fi
-
+    
 }
 
 require curl docker
@@ -168,4 +168,4 @@ if [[ ${results} != success ]]; then
     ((failures++))
 fi
 
-[[ $failures = 0 ]]
+[[ $failures = 0 ]]

update.sh

@@ -1,9 +1,9 @@
 #!/bin/bash
 
-# Enable globstar for Searching recursively
+# Enable globstar for Searching recursively 
 shopt -s globstar
 # Reset the Option Index in case getopts has been used previously in the same shell.
-OPTIND=1
+OPTIND=1 
 
 function show_help() {
     echo "update.sh help"
@@ -44,6 +44,6 @@ while getopts ":h:o:n:" o; do
 done
 shift $((OPTIND-1))
 
-for i in ./**/Dockerfile; do
+for i in ./**/Dockerfile; do 
     sed -i "s/${OLD_VERSION}/${NEW_VERSION}/g" $i
-done
+done