fix all now

.drone.yml

@@ -0,0 +1,48 @@
+kind: pipeline
+type: docker
+name: sonarqube_Build
+platform:
+  arch: arm64
+
+steps:
+- name: dryrun-sonarqube-build
+  image: plugins/docker
+  settings:
+    repo:
+      from_secret: docker_regst
+    registry:
+      from_secret: docker_vrepo
+    dockerfile: 9-comm/Dockerfile
+    context: ./9-comm
+    insecure: true
+    tags: test
+    dry_run: true
+  when:
+    branch:
+      exclude:
+      - master
+
+
+- name: docker-build-push
+  image: plugins/docker
+  settings:
+    repo:
+      from_secret: docker_repo
+    username:
+      from_secret: docker_user
+    password:
+      from_secret: docker_pass
+    registry:
+      from_secret: docker_vrepo
+    cache_from:
+      from_secret: docker_repo
+    dockerfile: 9-comm/Dockerfile
+    context: ./9-comm
+    auto_tag: true
+    insecure: true
+    when:
+      branch:
+      - master
+      event:
+      - push
+      - tag

.gitignore

@@ -32,4 +32,4 @@ Desktop.ini
 # ---- Linux
 .directory
 
-*.zip
+*.zip

9-comm/Dockerfile

@@ -1,4 +1,6 @@
-FROM alpine:3.15
+FROM eclipse-temurin:17-jre
+
+LABEL org.opencontainers.image.url=https://github.com/SonarSource/docker-sonarqube
 
 ENV LANG='en_US.UTF-8' \
     LANGUAGE='en_US:en' \
@@ -7,11 +9,9 @@ ENV LANG='en_US.UTF-8' \
 #
 # SonarQube setup
 #
-ARG JAVA_VERSION=17
-ARG SONARQUBE_VERSION=9.8.0.63668
+ARG SONARQUBE_VERSION=9.9.1.69595
 ARG SONARQUBE_ZIP_URL=https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-${SONARQUBE_VERSION}.zip
-ENV JAVA_HOME="/usr/lib/jvm/java-${JAVA_VERSION}-openjdk" \
-    PATH="/opt/java/openjdk/bin:$PATH" \
+ENV JAVA_HOME='/opt/java/openjdk' \
     SONARQUBE_HOME=/opt/sonarqube \
     SONAR_VERSION="${SONARQUBE_VERSION}" \
     SQ_DATA_DIR="/opt/sonarqube/data" \
@@ -20,16 +20,16 @@ ENV JAVA_HOME="/usr/lib/jvm/java-${JAVA_VERSION}-openjdk" \
     SQ_TEMP_DIR="/opt/sonarqube/temp"
 
 RUN set -eux; \
-    addgroup -S -g 1000 sonarqube; \
-    adduser -S -D -u 1000 -G sonarqube sonarqube; \
-    apk add --no-cache --virtual build-dependencies gnupg unzip curl; \
-    apk add --no-cache bash su-exec ttf-dejavu "openjdk${JAVA_VERSION}-jre"; \
+    groupadd --system --gid 1000 sonarqube; \
+    useradd --system --uid 1000 --gid sonarqube sonarqube; \
+    apt-get update; \
+    apt-get install -y gnupg unzip curl bash fonts-dejavu; \
+    echo "networkaddress.cache.ttl=5" >> "${JAVA_HOME}/conf/security/java.security"; \
+    sed --in-place --expression="s?securerandom.source=file:/dev/random?securerandom.source=file:/dev/urandom?g" "${JAVA_HOME}/conf/security/java.security"; \
     # pub   2048R/D26468DE 2015-05-25
     #       Key fingerprint = F118 2E81 C792 9289 21DB  CAB4 CFCA 4A29 D264 68DE
     # uid                  sonarsource_deployer (Sonarsource Deployer) <infra@sonarsource.com>
     # sub   2048R/06855C1D 2015-05-25
-    echo "networkaddress.cache.ttl=5" >> "${JAVA_HOME}/conf/security/java.security"; \
-    sed --in-place --expression="s?securerandom.source=file:/dev/random?securerandom.source=file:/dev/urandom?g" "${JAVA_HOME}/conf/security/java.security"; \
     for server in $(shuf -e hkps://keys.openpgp.org \
                             hkps://keyserver.ubuntu.com) ; do \
         gpg --batch --keyserver "${server}" --recv-keys 679F1EE92B19609DE816FDE81DB198F93525EC1A && break || : ; \
@@ -43,17 +43,18 @@ RUN set -eux; \
     mv "sonarqube-${SONARQUBE_VERSION}" sonarqube; \
     rm sonarqube.zip*; \
     rm -rf ${SONARQUBE_HOME}/bin/*; \
-    chown -R sonarqube:sonarqube ${SONARQUBE_HOME}; \
-    # this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
-    chmod -R 777 "${SQ_DATA_DIR}" "${SQ_EXTENSIONS_DIR}" "${SQ_LOGS_DIR}" "${SQ_TEMP_DIR}"; \
-    apk del --purge build-dependencies;
+    ln -s "${SONARQUBE_HOME}/lib/sonar-application-${SONARQUBE_VERSION}.jar" "${SONARQUBE_HOME}/lib/sonarqube.jar"; \
+    chmod -R 555 ${SONARQUBE_HOME}; \
+    chmod -R ugo+wrX "${SQ_DATA_DIR}" "${SQ_EXTENSIONS_DIR}" "${SQ_LOGS_DIR}" "${SQ_TEMP_DIR}"; \
+    apt-get remove -y gnupg unzip curl; \
+    rm -rf /var/lib/apt/lists/*;
 
-COPY --chown=sonarqube:sonarqube run.sh sonar.sh ${SONARQUBE_HOME}/bin/
+COPY entrypoint.sh ${SONARQUBE_HOME}/docker/
 
 WORKDIR ${SONARQUBE_HOME}
 EXPOSE 9000
 
+USER sonarqube
 STOPSIGNAL SIGINT
 
-ENTRYPOINT ["/opt/sonarqube/bin/run.sh"]
-CMD ["/opt/sonarqube/bin/sonar.sh"]
+ENTRYPOINT ["/opt/sonarqube/docker/entrypoint.sh"]

9-comm/entrypoint.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+set -e
+
+DEFAULT_CMD=('/opt/java/openjdk/bin/java' '-jar' 'lib/sonarqube.jar' '-Dsonar.log.console=true')
+
+# this if will check if the first argument is a flag
+# but only works if all arguments require a hyphenated flag
+# -v; -SL; -f arg; etc will work, but not arg1 arg2
+if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then
+    set -- "${DEFAULT_CMD[@]}" "$@"
+fi
+
+exec "$@"

9-comm/run.sh

@@ -1,59 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-declare -a sq_opts=()
-set_prop_from_deprecated_env_var() {
-  if [ "$2" ]; then
-    sq_opts+=("-D$1=$2")
-  fi
-}
-
-# if nothing is passed, assume we want to run sonarqube server
-if [ "$#" == 0 ]; then
-  set -- /opt/sonarqube/bin/sonar.sh
-fi
-
-# if first arg looks like a flag, assume we want to run sonarqube server with flags
-if [ "${1:0:1}" = '-' ]; then
-    set -- /opt/sonarqube/bin/sonar.sh "$@"
-fi
-
-if [[ "$1" = '/opt/sonarqube/bin/sonar.sh' ]]; then
-    chown -R "$(id -u):$(id -g)" "${SQ_DATA_DIR}" "${SQ_EXTENSIONS_DIR}" "${SQ_LOGS_DIR}" "${SQ_TEMP_DIR}" 2>/dev/null || :
-    chmod -R 700 "${SQ_DATA_DIR}" "${SQ_EXTENSIONS_DIR}" "${SQ_LOGS_DIR}" "${SQ_TEMP_DIR}" 2>/dev/null || :
-
-    # Allow the container to be started with `--user`
-    if [[ "$(id -u)" = '0' ]]; then
-        chown -R sonarqube:sonarqube "${SQ_DATA_DIR}" "${SQ_EXTENSIONS_DIR}" "${SQ_LOGS_DIR}" "${SQ_TEMP_DIR}"
-        echo "Dropping Privileges"
-        exec su-exec sonarqube "$0" "$@"
-    fi
-
-    #
-    # Deprecated way to pass settings to SonarQube that will be removed in future versions.
-    # Please use environment variables (https://docs.sonarqube.org/latest/setup/environment-variables/)
-    # instead to customize SonarQube.
-    #
-    while IFS='=' read -r envvar_key envvar_value
-    do
-        if [[ "$envvar_key" =~ sonar.* ]] || [[ "$envvar_key" =~ ldap.* ]]; then
-            sq_opts+=("-D${envvar_key}=${envvar_value}")
-        fi
-    done < <(env)
-
-    #
-    # Deprecated environment variable mapping that will be removed in future versions.
-    # Please use environment variables from https://docs.sonarqube.org/latest/setup/environment-variables/
-    # instead of using these 4 environment variables below.
-    #
-    set_prop_from_deprecated_env_var "sonar.jdbc.username" "${SONARQUBE_JDBC_USERNAME:-}"
-    set_prop_from_deprecated_env_var "sonar.jdbc.password" "${SONARQUBE_JDBC_PASSWORD:-}"
-    set_prop_from_deprecated_env_var "sonar.jdbc.url" "${SONARQUBE_JDBC_URL:-}"
-    set_prop_from_deprecated_env_var "sonar.web.javaAdditionalOpts" "${SONARQUBE_WEB_JVM_OPTS:-}"
-    if [ ${#sq_opts[@]} -ne 0 ]; then
-        set -- "$@" "${sq_opts[@]}"
-    fi
-fi
-
-exec "$@"

9-comm/sonar.sh

@@ -1,2 +0,0 @@
-#!/usr/bin/env bash
-exec java -jar lib/sonar-application-"${SONAR_VERSION}".jar -Dsonar.log.console=true "$@"

LICENSE

@@ -10,7 +10,7 @@
 the terms and conditions of version 3 of the GNU General Public
 License, supplemented by the additional permissions listed below.
 
-  0. Additional Definitions.
+  0. Additional Definitions. 
 
   As used herein, "this License" refers to version 3 of the GNU Lesser
 General Public License, and the "GNU GPL" refers to version 3 of the GNU
@@ -111,7 +111,7 @@ the following:
        a copy of the Library already present on the user's computer
        system, and (b) will operate properly with a modified version
        of the Library that is interface-compatible with the Linked
-       Version.
+       Version. 
 
    e) Provide Installation Information, but only if you would otherwise
    be required to provide such information under section 6 of the
@@ -162,4 +162,4 @@ General Public License ever published by the Free Software Foundation.
 whether future versions of the GNU Lesser General Public License shall
 apply, that proxy's public statement of acceptance of any version is
 permanent authorization for you to choose that version for the
-Library.
+Library.

README.md

@@ -1,15 +1,13 @@
-# About this Repo
+# About this Repo [![Build Status](https://api.cirrus-ci.com/github/SonarSource/docker-sonarqube.svg)](https://cirrus-ci.com/github/SonarSource/docker-sonarqube)
 
 This is the Git repo of the official Docker image for [SonarQube](https://registry.hub.docker.com/_/sonarqube/). See the Hub page for the full readme on how to use the Docker image and for information regarding contributing and issues.
 
 The full readme is generated over in [docker-library/docs](https://github.com/docker-library/docs), specifically in [docker-library/docs/sonarqube](https://github.com/docker-library/docs/tree/master/sonarqube).
 
-[![Build Status](https://travis-ci.org/SonarSource/docker-sonarqube.svg)](https://travis-ci.org/SonarSource/docker-sonarqube)
-
 Have Question or Feedback?
 --------------------------
 
-For support questions ("How do I?", "I got this error, why?", ...), please first read the [documentation](https://docs.sonarqube.org) and then head to the [SonarSource forum](https://community.sonarsource.com/). There are chances that a question similar to yours has already been answered.
+For support questions ("How do I?", "I got this error, why?", ...), please first read the [documentation](https://docs.sonarqube.org) and then head to the [SonarSource forum](https://community.sonarsource.com/). There are chances that a question similar to yours has already been answered. 
 
 Be aware that this forum is a community, so the standard pleasantries ("Hi", "Thanks", ...) are expected. And if you don't get an answer to your thread, you should sit on your hands for at least three days before bumping it. Operators are not standing by. :-)
 
@@ -27,4 +25,4 @@ With that in mind, if you would like to submit a code contribution, please creat
 
 Copyright 2015-2020 SonarSource.
 
-Licensed under the [GNU Lesser General Public License, Version 3.0](http://www.gnu.org/licenses/lgpl.txt)
+Licensed under the [GNU Lesser General Public License, Version 3.0](http://www.gnu.org/licenses/lgpl.txt)

example-compose-files/sq-dce-postgres/docker-compose.yml

@@ -4,14 +4,14 @@ services:
   sonarqube:
     image: sonarqube:datacenter-app
     depends_on:
-      - db
-      - search-1
-      - search-2
-      - search-3
+      search-1:
+        condition: service_healthy
+      search-2:
+        condition: service_healthy
+      search-3:
+        condition: service_healthy
     networks:
       - sonar-network
-    deploy:
-      replicas: 2
     cpus: 0.5
     mem_limit: 4096M
     mem_reservation: 1024M
@@ -46,6 +46,12 @@ services:
       SONAR_CLUSTER_NODE_NAME: "search-1"
     volumes:
       - search-data-1:/opt/sonarqube/data
+    healthcheck:
+        test: wget --no-proxy -qO- "http://$$SONAR_CLUSTER_NODE_NAME:9001/_cluster/health?wait_for_status=yellow&timeout=50s" | grep -q -e '"status":"green"' -e '"status":"yellow"';  if [ $? -eq 0 ]; then exit 0; else exit 1; fi
+        interval: 25s
+        timeout: 1s
+        retries: 3
+        start_period: 55s
   search-2:
     image: sonarqube:datacenter-search
     hostname: "search-2"
@@ -64,6 +70,12 @@ services:
       SONAR_CLUSTER_NODE_NAME: "search-2"
     volumes:
       - search-data-2:/opt/sonarqube/data
+    healthcheck:
+        test: wget --no-proxy -qO- "http://$$SONAR_CLUSTER_NODE_NAME:9001/_cluster/health?wait_for_status=yellow&timeout=50s" | grep -q -e '"status":"green"' -e '"status":"yellow"';  if [ $? -eq 0 ]; then exit 0; else exit 1; fi
+        interval: 25s
+        timeout: 1s
+        retries: 3
+        start_period: 55s
   search-3:
     image: sonarqube:datacenter-search
     hostname: "search-3"
@@ -82,6 +94,12 @@ services:
       SONAR_CLUSTER_NODE_NAME: "search-3"
     volumes:
       - search-data-3:/opt/sonarqube/data
+    healthcheck:
+        test: wget --no-proxy -qO- "http://$$SONAR_CLUSTER_NODE_NAME:9001/_cluster/health?wait_for_status=yellow&timeout=50s" | grep -q -e '"status":"green"' -e '"status":"yellow"';  if [ $? -eq 0 ]; then exit 0; else exit 1; fi
+        interval: 25s
+        timeout: 1s
+        retries: 3
+        start_period: 55s
   db:
     image: postgres:13
     networks:

examples.md

@@ -7,13 +7,13 @@ This section provides examples on how to run SonarQube server in a container:
 To analyze a project check our [scanner docs](https://docs.sonarqube.org/latest/analysis/overview/).
 
 ## Run SonarQube using docker commands
-Before you start SonarQube, we recommend creating volumes to store SonarQube data, logs, temporary data and extensions. If you don't do that, you can loose them when you decide to update to newer version of SonarQube or upgrade to a higher SonarQube edition. Commands to create the volumes:
+Before you start SonarQube, we recommend creating volumes to store SonarQube data, logs, temporary data and extensions. If you don't do that, you can loose them when you decide to update to newer version of SonarQube or upgrade to a higher SonarQube edition. Commands to create the volumes: 
 ```bash
 $> docker volume create --name sonarqube_data
 $> docker volume create --name sonarqube_extensions
 $> docker volume create --name sonarqube_logs
 $> docker volume create --name sonarqube_temp
-```
+``` 
 
 After that you can start the SonarQube server (this example uses the Community Edition):
 ```bash
@@ -21,8 +21,7 @@ $> docker run \
     -v sonarqube_data:/opt/sonarqube/data \
     -v sonarqube_extensions:/opt/sonarqube/extensions \
     -v sonarqube_logs:/opt/sonarqube/logs \
-    -v sonarqube_temp:/opt/sonarqube/temp \
-    --name="sonarqube" -p 9000:9000 sonarqube:8.2
+    --name="sonarqube" -p 9000:9000 sonarqube:community
 ```
 The above command starts SonarQube with an embedded database. We recommend starting the instance with a separate database
 by providing `SONAR_JDBC_URL`, `SONAR_JDBC_USERNAME` and `SONAR_JDBC_PASSWORD` like this:
@@ -31,18 +30,17 @@ $> docker run \
     -v sonarqube_data:/opt/sonarqube/data \
     -v sonarqube_extensions:/opt/sonarqube/extensions \
     -v sonarqube_logs:/opt/sonarqube/logs \
-    -v sonarqube_temp:/opt/sonarqube/temp \
     -e SONAR_JDBC_URL="..." \
     -e SONAR_JDBC_USERNAME="..." \
     -e SONAR_JDBC_PASSWORD="..." \
-    --name="sonarqube" -p 9000:9000 sonarqube:8.2
+    --name="sonarqube" -p 9000:9000 sonarqube:community
 ```
 
 ## Run SonarQube using Docker Compose
 ### Requirements
 
- * Docker Engine 1.10.1+
- * Docker Compose 1.6.0+
+ * Docker Engine 20.10+
+ * Docker Compose 2.0.0+
 
 ### SonarQube with Postgres:
 

release.md

@@ -1,5 +1,9 @@
 # Releasing
 
+Docker image release cycle and SonarQube product
+---
+We consider the **docker image** as part of the SonarQube **product**. Therefore, it follows the same release process.
+
 Overview
 --------
 
@@ -14,8 +18,7 @@ Release of a new version of the official SonarQube Docker images is made of seve
 Bump the version of SonarQube in Dockerfiles
 -----------------------------
 
-The version of SQ is hardcoded in each Dockerfile and must be updated in master branch.
-
+The version of SonarQube is hardcoded in each Dockerfile of this repository and must be updated in master branch.
 
 Update the docker hub SonarQube's documentation (if applicable)
 -------------------------------

run-tests.sh

@@ -66,7 +66,7 @@ wait_for_sonarqube() {
 }
 
 wait_for_sonarqube_dce() {
-    local image=$1 i web_up=no sonarqube_up=no
+    local image=$1-app i web_up=no sonarqube_up=no
 
     for ((i = 0; i < 80; i++)); do
         info "$image: waiting for web server to start ..."
@@ -112,25 +112,20 @@ sanity_check_image() {
 
         [[ $result == ok ]]
     elif [ $2 == docker-compose ]; then
-        if [[ $1 =~ "8" ]]; then
-            _test_compose_path="tests/8/dce-compose-test"
-        elif [[ $1 =~ "9" ]]; then
-            _test_compose_path="tests/9/dce-compose-test"
-        fi
-        cd $_test_compose_path
+        local test_compose_path="tests/dce-compose-test"
+        cd $test_compose_path
         export PORT=$port
-        docker-compose up -d --scale sonarqube=0
-        sleep 60
-        docker-compose up -d --scale sonarqube=1
+        export IMAGE=$1
+        docker-compose up -d sonarqube
         if wait_for_sonarqube_dce "$image"; then
-            info "$image: OK !"
+            info "$image-app: OK !"
             result=ok
         else
-            warn "$image: could not confirm service started"
+            warn "$image-app: could not confirm service started"
             result=failure
         fi
 
-        info "$image: stopping container stack"
+        info "$image-app: stopping container stack"
         docker-compose stop
 
         [[ $result == ok ]]