Merge branch 'renovate/ironbank' into 'main'

Update Ironbank See merge request platform-one/big-bang/apps/developer-tools/sonarqube!84

Merge branch 'renovate/ironbank' into 'main'
26bacbaa · Branden Cobb · 9cd1ee60 · 87b6b9cc · 26bacbaa · 26bacbaa
Commit 26bacbaa authored 2 years ago by Branden Cobb
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,12 @@
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

 ---
+## [1.0.29-bb.0] - 2022-06-16
+### Changed
+- Updated Sonarqube image to 8.9.9
+- Updated Postgresql12 image to 12.11
+- Updated BB base image to 1.18.0
+
 ## [1.0.26-bb.2] - 2022-06-16
 ### Changed
 - Updated BB base image to 1.17.0
@@ -13,7 +19,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),

 ## [1.0.26-bb.0] - 2022-05-05
 ### Changed
- Updated chart to sync with upstream sonarqube-lts chart 
+- Updated chart to sync with upstream sonarqube-lts chart
 - Updated SonarQube image to `8.9.8-community`
 - Updated PostgreSQL image to `12.10`
 - Updated Big Bang Base image to `1.2.0`
@@ -57,7 +63,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),

 ## [9.6.3-bb.16] - 2022-2-15
 ### Changed
- Updated default-deny-all network policy to deny all. 
+- Updated default-deny-all network policy to deny all.

 ## [9.6.3-bb.15] - 2022-1-02
 ### Added

--- a/README.md
+++ b/README.md
 # sonarqube

-![Version: 1.0.26-bb.2](https://img.shields.io/badge/Version-1.0.26--bb.2-informational?style=flat-square) ![AppVersion: 8.9.8-community](https://img.shields.io/badge/AppVersion-8.9.8--community-informational?style=flat-square)
+![Version: 1.0.29-bb.0](https://img.shields.io/badge/Version-1.0.29--bb.0-informational?style=flat-square) ![AppVersion: 8.9.9](https://img.shields.io/badge/AppVersion-8.9.9-informational?style=flat-square)

-SonarQube is an open sourced code quality scanning tool
+SonarQube offers Code Quality and Code Security analysis for up to 27 languages. Find Bugs, Vulnerabilities, Security Hotspots and Code Smells throughout your workflow.

 ## Upstream References
 * <https://www.sonarqube.org/>
@@ -40,7 +40,7 @@ helm install sonarqube chart/
 | OpenShift.enabled | bool | `false` |  |
 | OpenShift.createSCC | bool | `true` |  |
 | image.repository | string | `"registry1.dso.mil/ironbank/big-bang/sonarqube"` |  |
-| image.tag | string | `"8.9.8-community"` |  |
+| image.tag | string | `"8.9.9-community"` |  |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.pullSecret | string | `"private-registry"` |  |
 | securityContext.fsGroup | int | `1000` |  |
@@ -74,7 +74,7 @@ helm install sonarqube chart/
 | initContainers.resources.requests.memory | string | `"300Mi"` |  |
 | initContainers.resources.requests.cpu | string | `"50m"` |  |
 | extraInitContainers | object | `{}` |  |
-| waitForDb.image | string | `"registry1.dso.mil/ironbank/opensource/postgres/postgresql12:12.10"` |  |
+| waitForDb.image | string | `"registry1.dso.mil/ironbank/opensource/postgres/postgresql12:12.11"` |  |
 | initSysctl.enabled | bool | `false` |  |
 | initSysctl.vmMaxMapCount | int | `524288` |  |
 | initSysctl.fsFileMax | int | `131072` |  |
@@ -114,7 +114,7 @@ helm install sonarqube chart/
 | postgresql.resources.requests.memory | string | `"200Mi"` |  |
 | postgresql.image.registry | string | `"registry1.dso.mil"` |  |
 | postgresql.image.repository | string | `"ironbank/opensource/postgres/postgresql12"` |  |
-| postgresql.image.tag | string | `"12.10"` |  |
+| postgresql.image.tag | string | `"12.11"` |  |
 | postgresql.image.pullSecrets[0] | string | `"private-registry"` |  |
 | postgresql.postgresqlConfiguration.listen_addresses | string | `"*"` |  |
 | postgresql.pgHbaConfiguration | string | `"local all all md5\nhost all all all md5"` |  |

--- a/chart/CHANGELOG.md
+++ b/chart/CHANGELOG.md
@@ -4,6 +4,106 @@ All changes to this chart will be documented in this file.
 * Fixed GH-277 by ensuring current/new admin passwords are URL escaped in the change-admin-password-hook job.
 * Add imagepull policy for admin password hook

+## [1.0.29]
+* updated SonarQube LTS to 8.9.9
+
+## [1.0.28]
+* Add documentation for ingress annotations
+
+## [1.0.27]
+* Fix repository issues with bitnami/postgres
+
+## [1.0.26]
+* updated SonarQube LTS to 8.9.8
+
+## [1.0.25]
+* updated SonarQube LTS to 8.9.7
+
+## [1.0.24]
+* fixed missing `env` key for the install-plugins container in both the Deployment and StatefulSet
+
+## [1.0.23]
+* updated SonarQube LTS to 8.9.6
+
+## [1.0.22]
+* updated SonarQube LTS to 8.9.5
+
+## [1.0.21]
+* updated SonarQube LTS to 8.9.4
+
+## [1.0.20]
+* Fixed LTS default version
+
+## [1.0.19]
+* updated appversion to new LTS patch release (8.9.3)
+
+## [1.0.18]
+* fixed artifacthub annotations
+
+## [1.0.17]
+* fixed `invalid: metadata.labels: Invalid value` error on the `chart` label of the pvc
+
+## [1.0.16]
+* release to helm repository
+* updated appversion to new LTS patch release
+
+## [1.0.15]
+* fixed chart name
+
+## [1.0.14]
+* fixed usage of `sonarSecretProperties`
+
+## [1.0.13]
+* made prometheus exporter port configurable and support prometheus PodMonitor
+
+## [1.0.12]
+* make sure SQ is restarted when the JMX Prometheus exporter agents configuration changes
+
+## [1.0.11]
+* JMX Prometheus exporter agent is now also enabled on the CE process
+* `prometheusExporter.ceConfig` allows specific config of the JMX Prometheus exporter agent for the CE process
+
+## [1.0.10]
+* added prometheusExporter.noCheckCertificate option
+
+## [1.0.9]
+* add missing imagePullSecrets in sts install type
+
+## [1.0.8]
+* fix plugin installation init container permissions
+* fix duplicated mount point for conf when sonar.properties are defined
+
+## [1.0.7]
+* fix invalid yaml render in `secret.yaml` when using external postgresql
+
+## [1.0.6]
+* added `prometheusExporter.downloadURL` (custom download URL for the agent jar)
+
+## [1.0.5]
+* fix possible issue with prometheus init container and `env` set in the `values.yaml`
+
+## [1.0.4]
+* fix for missing `serviceAccountName` in STS deployment kind
+
+## [1.0.3]
+* fixed prometheus config volume mount if disabled
+
+## [1.0.2]
+* added option to configure CE java opts separately
+
+## [1.0.1]
+* fixed missing conditional that was introduced in 0.9.2.2 to sonarqube-sts.yaml
+* updated default application version to 8.9
+
+## [1.0.0]
+* changed default deployment from replica set to stateful set
+* added default support for prometheus jmx exporter
+* added init filesystem container
+* added nginx-ingress as optional dependency
+* updated application version to 8.8-community
+* improved readiness/startup and liveness probes
+* improved documentation
+
 ## [9.6.2]
 * Change order of env variables to better support 7.9-lts


--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
 apiVersion: v1
 name: sonarqube
-description: SonarQube is an open sourced code quality scanning tool
-version: 1.0.26-bb.2
-appVersion: 8.9.8-community
+description: SonarQube offers Code Quality and Code Security analysis for up to 27 languages. Find Bugs, Vulnerabilities, Security Hotspots and Code Smells throughout your workflow.
+version: 1.0.29-bb.0
+appVersion: 8.9.9
 keywords:
  - coverage
  - security
@@ -19,4 +19,4 @@ maintainers:
    email: tsiddique@live.com
 annotations:
  bigbang.dev/applicationVersions: |
-    - Sonarqube: 8.9.8-community
+    - Sonarqube: 8.9.9-community
--- a/chart/Kptfile
+++ b/chart/Kptfile
@@ -5,7 +5,7 @@ metadata:
 upstream:
  type: git
  git:
-    commit: 71dd54513d0934e47f7041a43919bc62188ba6e8
+    commit: 9dbab5e70068b76d10723f2387e7ee982a1520de
    repo: https://github.com/SonarSource/helm-chart-sonarqube
    directory: /charts/sonarqube-lts
-    ref: sonarqube-lts-1.0.26
+    ref: sonarqube-lts-1.0.29
--- a/chart/OWNERS
+++ b/chart/OWNERS
 approvers:
- rjkernick
- tsiddique
+- leo-geoffroy-sonarsource
+- pierre-guillot-sonarsource
 reviewers:
- rjkernick
- tsiddique
+- leo-geoffroy-sonarsource
+- pierre-guillot-sonarsource
--- a/chart/README.md
+++ b/chart/README.md
@@ -104,6 +104,7 @@ The following table lists the configurable parameters of the Sonarqube chart and
 | `ingress.hosts[0].serviceName`                           | Optional field to override the default serviceName of a path                                                              | None                            |
 | `ingress.hosts[0].servicePort`                           | Optional field to override the default servicePort of a path                                                              | None                            |
 | `ingress.tls`                                            | Ingress secrets for TLS certificates                                                                                      | `[]`                            |
+| `ingress.annotations` | Optional field to add extra annotations to the ingress | `None` |
 | `affinity`                                               | Node / Pod affinities                                                                                                     | `{}`                            |
 | `tolerations`                                            | List of node taints to tolerate                                                                                           | `[]`                            |
 | `nodeSelector`                                           | Node labels for pod assignment                                                                                            | `{}`                            |

--- a/chart/charts/postgresql-8.6.4.tgz
+++ b/chart/charts/postgresql-8.6.4.tgz
--- a/chart/deps/postgresql/values.yaml
+++ b/chart/deps/postgresql/values.yaml
@@ -15,7 +15,7 @@ global:
 image:
  registry: registry1.dso.mil
  repository: ironbank/opensource/postgres/postgresql12
-  tag: "12.10"
+  tag: "12.11"
  pullSecrets:
    - private-registry
  ## Specify a imagePullPolicy
@@ -52,7 +52,7 @@ volumePermissions:
  image:
    registry: registry1.dso.mil
    repository: ironbank/big-bang/base
-    tag: 1.17.0
+    tag: 1.18.0
    pullSecrets:
      - private-registry
    ## Specify a imagePullPolicy

--- a/chart/requirements.yaml
+++ b/chart/requirements.yaml
@@ -5,4 +5,4 @@ dependencies:
  condition: postgresql.enabled
 - name: gluon
  version: "0.2.3"
-  repository: "oci://registry.dso.mil/platform-one/big-bang/apps/library-charts/gluon"
\ No newline at end of file
+  repository: "oci://registry.dso.mil/platform-one/big-bang/apps/library-charts/gluon"
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -21,7 +21,7 @@ OpenShift:

 image:
  repository: registry1.dso.mil/ironbank/big-bang/sonarqube
-  tag: 8.9.8-community
+  tag: 8.9.9-community
  pullPolicy: IfNotPresent
  # If using a private repository, the name of the imagePullSecret to use
  pullSecret: private-registry
@@ -117,13 +117,13 @@ livenessProbe:
  # sonar.web.context: /sonarqube

 initContainers:
-  # image: 
+  # image:
  # We allow the init containers to have a separate security context declaration because
  # the initContainer may not require the same as SonarQube.
  # securityContext: {}
  # We allow the init containers to have a separate resources declaration because
  # the initContainer does not take as much resources.
-  resources: 
+  resources:
    limits:
      memory: 300Mi
      cpu: 50m
@@ -148,7 +148,7 @@ extraInitContainers: {}
 #        mountPath: "/downloads"

 waitForDb:
-  image: registry1.dso.mil/ironbank/opensource/postgres/postgresql12:12.10
+  image: registry1.dso.mil/ironbank/opensource/postgres/postgresql12:12.11

 ## Provide a secret containing one or more certificate files in the keys that will be added to cacerts
 ## The cacerts file will be set via SONARQUBE_WEB_JVM_OPTS and SONAR_CE_JAVAOPTS
@@ -165,7 +165,7 @@ initSysctl:
  fsFileMax: 131072
  nofile: 131072
  nproc: 8192
-  # image: 
+  # image:
  securityContext:
    privileged: true
  # resources: {}
@@ -185,7 +185,7 @@ plugins:
  # httpsProxy: ""
  # noProxy: ""

-  # image: 
+  # image:
  # resources: {}

  # .netrc secret file with a key "netrc" to use basic auth while downloading plugins
@@ -316,7 +316,7 @@ postgresql:
  image:
    registry: registry1.dso.mil
    repository: ironbank/opensource/postgres/postgresql12
-    tag: "12.10"
+    tag: "12.11"
    pullSecrets:
      - private-registry
  postgresqlConfiguration: {"listen_addresses": "*"}
@@ -364,7 +364,7 @@ sonarqubeFolder: /opt/sonarqube

 tests:
  enabled: false
-  # image: 
+  # image:

 serviceAccount:
  create: false
@@ -407,7 +407,7 @@ terminationGracePeriodSeconds: 60
 ## Your FQDN will be ${ .Values.subdomain }.${ .Values.domain }
 domain: bigbang.dev
 istio:
-  # Toggle istio integration 
+  # Toggle istio integration
  enabled: false
  # -- Default argocd peer authentication
  mtls:
@@ -426,7 +426,7 @@ istio:
  injection: disabled
 monitoring:
  enabled: false
-  
+
 networkPolicies:
  enabled: false
  ingressLabels:

--- a/tests/test-values.yaml
+++ b/tests/test-values.yaml
 account:
  adminPassword: new_admin_password
  currentAdminPassword: admin
-curlContainerImage: registry1.dso.mil/ironbank/big-bang/base:1.2.0
+curlContainerImage: registry1.dso.mil/ironbank/big-bang/base:1.18.0

 bbtests:
  enabled: true