diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5615b0f1ab59ac547194f56fc38ba6dbd22ec2ef..4898e56758e1a40f4e8f4810994eeeafa648b63e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,12 @@
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
---
+## [1.0.29-bb.0] - 2022-06-16
+### Changed
+- Updated Sonarqube image to 8.9.9
+- Updated Postgresql12 image to 12.11
+- Updated BB base image to 1.18.0
+
## [1.0.26-bb.2] - 2022-06-16
### Changed
- Updated BB base image to 1.17.0
@@ -13,7 +19,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
## [1.0.26-bb.0] - 2022-05-05
### Changed
-- Updated chart to sync with upstream sonarqube-lts chart
+- Updated chart to sync with upstream sonarqube-lts chart
- Updated SonarQube image to `8.9.8-community`
- Updated PostgreSQL image to `12.10`
- Updated Big Bang Base image to `1.2.0`
@@ -57,7 +63,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
## [9.6.3-bb.16] - 2022-2-15
### Changed
-- Updated default-deny-all network policy to deny all.
+- Updated default-deny-all network policy to deny all.
## [9.6.3-bb.15] - 2022-1-02
### Added
diff --git a/README.md b/README.md
index 6174e22222a5380660b61da8248da1fbf0f65f97..51aa6338a03740b02ffb9291c3bd9c1b986ef908 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,8 @@
# sonarqube
- 
+ 
-SonarQube is an open sourced code quality scanning tool
+SonarQube offers Code Quality and Code Security analysis for up to 27 languages. Find Bugs, Vulnerabilities, Security Hotspots and Code Smells throughout your workflow.
## Upstream References
* <https://www.sonarqube.org/>
@@ -40,7 +40,7 @@ helm install sonarqube chart/
| OpenShift.enabled | bool | `false` | |
| OpenShift.createSCC | bool | `true` | |
| image.repository | string | `"registry1.dso.mil/ironbank/big-bang/sonarqube"` | |
-| image.tag | string | `"8.9.8-community"` | |
+| image.tag | string | `"8.9.9-community"` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.pullSecret | string | `"private-registry"` | |
| securityContext.fsGroup | int | `1000` | |
@@ -74,7 +74,7 @@ helm install sonarqube chart/
| initContainers.resources.requests.memory | string | `"300Mi"` | |
| initContainers.resources.requests.cpu | string | `"50m"` | |
| extraInitContainers | object | `{}` | |
-| waitForDb.image | string | `"registry1.dso.mil/ironbank/opensource/postgres/postgresql12:12.10"` | |
+| waitForDb.image | string | `"registry1.dso.mil/ironbank/opensource/postgres/postgresql12:12.11"` | |
| initSysctl.enabled | bool | `false` | |
| initSysctl.vmMaxMapCount | int | `524288` | |
| initSysctl.fsFileMax | int | `131072` | |
@@ -114,7 +114,7 @@ helm install sonarqube chart/
| postgresql.resources.requests.memory | string | `"200Mi"` | |
| postgresql.image.registry | string | `"registry1.dso.mil"` | |
| postgresql.image.repository | string | `"ironbank/opensource/postgres/postgresql12"` | |
-| postgresql.image.tag | string | `"12.10"` | |
+| postgresql.image.tag | string | `"12.11"` | |
| postgresql.image.pullSecrets[0] | string | `"private-registry"` | |
| postgresql.postgresqlConfiguration.listen_addresses | string | `"*"` | |
| postgresql.pgHbaConfiguration | string | `"local all all md5\nhost all all all md5"` | |
diff --git a/chart/CHANGELOG.md b/chart/CHANGELOG.md
index 2adfd1a7533fcc2f4f96c8012393ecf29525eb7c..33cb4a1e707e0b4a7ab93f386225596ce4e9f0fc 100644
--- a/chart/CHANGELOG.md
+++ b/chart/CHANGELOG.md
@@ -4,6 +4,106 @@ All changes to this chart will be documented in this file.
* Fixed GH-277 by ensuring current/new admin passwords are URL escaped in the change-admin-password-hook job.
* Add imagepull policy for admin password hook
+## [1.0.29]
+* updated SonarQube LTS to 8.9.9
+
+## [1.0.28]
+* Add documentation for ingress annotations
+
+## [1.0.27]
+* Fix repository issues with bitnami/postgres
+
+## [1.0.26]
+* updated SonarQube LTS to 8.9.8
+
+## [1.0.25]
+* updated SonarQube LTS to 8.9.7
+
+## [1.0.24]
+* fixed missing `env` key for the install-plugins container in both the Deployment and StatefulSet
+
+## [1.0.23]
+* updated SonarQube LTS to 8.9.6
+
+## [1.0.22]
+* updated SonarQube LTS to 8.9.5
+
+## [1.0.21]
+* updated SonarQube LTS to 8.9.4
+
+## [1.0.20]
+* Fixed LTS default version
+
+## [1.0.19]
+* updated appversion to new LTS patch release (8.9.3)
+
+## [1.0.18]
+* fixed artifacthub annotations
+
+## [1.0.17]
+* fixed `invalid: metadata.labels: Invalid value` error on the `chart` label of the pvc
+
+## [1.0.16]
+* release to helm repository
+* updated appversion to new LTS patch release
+
+## [1.0.15]
+* fixed chart name
+
+## [1.0.14]
+* fixed usage of `sonarSecretProperties`
+
+## [1.0.13]
+* made prometheus exporter port configurable and support prometheus PodMonitor
+
+## [1.0.12]
+* make sure SQ is restarted when the JMX Prometheus exporter agents configuration changes
+
+## [1.0.11]
+* JMX Prometheus exporter agent is now also enabled on the CE process
+* `prometheusExporter.ceConfig` allows specific config of the JMX Prometheus exporter agent for the CE process
+
+## [1.0.10]
+* added prometheusExporter.noCheckCertificate option
+
+## [1.0.9]
+* add missing imagePullSecrets in sts install type
+
+## [1.0.8]
+* fix plugin installation init container permissions
+* fix duplicated mount point for conf when sonar.properties are defined
+
+## [1.0.7]
+* fix invalid yaml render in `secret.yaml` when using external postgresql
+
+## [1.0.6]
+* added `prometheusExporter.downloadURL` (custom download URL for the agent jar)
+
+## [1.0.5]
+* fix possible issue with prometheus init container and `env` set in the `values.yaml`
+
+## [1.0.4]
+* fix for missing `serviceAccountName` in STS deployment kind
+
+## [1.0.3]
+* fixed prometheus config volume mount if disabled
+
+## [1.0.2]
+* added option to configure CE java opts separately
+
+## [1.0.1]
+* fixed missing conditional that was introduced in 0.9.2.2 to sonarqube-sts.yaml
+* updated default application version to 8.9
+
+## [1.0.0]
+* changed default deployment from replica set to stateful set
+* added default support for prometheus jmx exporter
+* added init filesystem container
+* added nginx-ingress as optional dependency
+* updated application version to 8.8-community
+* improved readiness/startup and liveness probes
+* improved documentation
+
## [9.6.2]
* Change order of env variables to better support 7.9-lts
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 6de14d1c32037e44661b877f2f732ee242fdfd31..fb8aaffdb41d0a1d70b2a3c53d2b988c2038f901 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,8 +1,8 @@
apiVersion: v1
name: sonarqube
-description: SonarQube is an open sourced code quality scanning tool
-version: 1.0.26-bb.2
-appVersion: 8.9.8-community
+description: SonarQube offers Code Quality and Code Security analysis for up to 27 languages. Find Bugs, Vulnerabilities, Security Hotspots and Code Smells throughout your workflow.
+version: 1.0.29-bb.0
+appVersion: 8.9.9
keywords:
- coverage
- security
@@ -19,4 +19,4 @@ maintainers:
email: tsiddique@live.com
annotations:
bigbang.dev/applicationVersions: |
- - Sonarqube: 8.9.8-community
+ - Sonarqube: 8.9.9-community
diff --git a/chart/Kptfile b/chart/Kptfile
index e526b4caa4195890ab3edaf79a3275dd970735c6..6dcda76c6480c5925675dc31d0783662e407a31a 100644
--- a/chart/Kptfile
+++ b/chart/Kptfile
@@ -5,7 +5,7 @@ metadata:
upstream:
type: git
git:
- commit: 71dd54513d0934e47f7041a43919bc62188ba6e8
+ commit: 9dbab5e70068b76d10723f2387e7ee982a1520de
repo: https://github.com/SonarSource/helm-chart-sonarqube
directory: /charts/sonarqube-lts
- ref: sonarqube-lts-1.0.26
+ ref: sonarqube-lts-1.0.29
diff --git a/chart/OWNERS b/chart/OWNERS
index 30775e3acefd267b7058bf27da73d47e4bc976a0..590e576482e6dccd48443bd533b5fa5f8c14077a 100644
--- a/chart/OWNERS
+++ b/chart/OWNERS
@@ -1,6 +1,6 @@
approvers:
-- rjkernick
-- tsiddique
+- leo-geoffroy-sonarsource
+- pierre-guillot-sonarsource
reviewers:
-- rjkernick
-- tsiddique
+- leo-geoffroy-sonarsource
+- pierre-guillot-sonarsource
diff --git a/chart/README.md b/chart/README.md
index c343b5a0ddb0879051e915c0ff8546a5f105babd..1f2ce50b56acd7d8d123993c30b21f376fd41659 100644
--- a/chart/README.md
+++ b/chart/README.md
@@ -104,6 +104,7 @@ The following table lists the configurable parameters of the Sonarqube chart and
| `ingress.hosts[0].serviceName` | Optional field to override the default serviceName of a path | None |
| `ingress.hosts[0].servicePort` | Optional field to override the default servicePort of a path | None |
| `ingress.tls` | Ingress secrets for TLS certificates | `[]` |
+| `ingress.annotations` | Optional field to add extra annotations to the ingress | `None` |
| `affinity` | Node / Pod affinities | `{}` |
| `tolerations` | List of node taints to tolerate | `[]` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
diff --git a/chart/charts/postgresql-8.6.4.tgz b/chart/charts/postgresql-8.6.4.tgz
index b2fa6c2ec4f854bbec4dd45d8a24705ca2084b6a..f4ccb1f2123c5b4883530be6880f9987030e29c3 100644
Binary files a/chart/charts/postgresql-8.6.4.tgz and b/chart/charts/postgresql-8.6.4.tgz differ
diff --git a/chart/deps/postgresql/values.yaml b/chart/deps/postgresql/values.yaml
index 43486a86ac9dd62371fc07d5f6ac4df5caa1a4f6..457cd799ecd3e0113b6beee7a147190b703278ae 100755
--- a/chart/deps/postgresql/values.yaml
+++ b/chart/deps/postgresql/values.yaml
@@ -15,7 +15,7 @@ global:
image:
registry: registry1.dso.mil
repository: ironbank/opensource/postgres/postgresql12
- tag: "12.10"
+ tag: "12.11"
pullSecrets:
- private-registry
## Specify a imagePullPolicy
@@ -52,7 +52,7 @@ volumePermissions:
image:
registry: registry1.dso.mil
repository: ironbank/big-bang/base
- tag: 1.17.0
+ tag: 1.18.0
pullSecrets:
- private-registry
## Specify a imagePullPolicy
diff --git a/chart/requirements.yaml b/chart/requirements.yaml
index da5323cc20555666e7c5082b5b1b48746c0eae9a..605e3d5e76e8b70317451dffd0b115262e02c0d5 100644
--- a/chart/requirements.yaml
+++ b/chart/requirements.yaml
@@ -5,4 +5,4 @@ dependencies:
condition: postgresql.enabled
- name: gluon
version: "0.2.3"
- repository: "oci://registry.dso.mil/platform-one/big-bang/apps/library-charts/gluon"
\ No newline at end of file
+ repository: "oci://registry.dso.mil/platform-one/big-bang/apps/library-charts/gluon"
diff --git a/chart/values.yaml b/chart/values.yaml
index 391760ffa7c0337e028b6d0b1ae2298a8f4ea437..447bfc0753e2e801e0de6f0824b26076d66bdd49 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -21,7 +21,7 @@ OpenShift:
image:
repository: registry1.dso.mil/ironbank/big-bang/sonarqube
- tag: 8.9.8-community
+ tag: 8.9.9-community
pullPolicy: IfNotPresent
# If using a private repository, the name of the imagePullSecret to use
pullSecret: private-registry
@@ -117,13 +117,13 @@ livenessProbe:
# sonar.web.context: /sonarqube
initContainers:
- # image:
+ # image:
# We allow the init containers to have a separate security context declaration because
# the initContainer may not require the same as SonarQube.
# securityContext: {}
# We allow the init containers to have a separate resources declaration because
# the initContainer does not take as much resources.
- resources:
+ resources:
limits:
memory: 300Mi
cpu: 50m
@@ -148,7 +148,7 @@ extraInitContainers: {}
# mountPath: "/downloads"
waitForDb:
- image: registry1.dso.mil/ironbank/opensource/postgres/postgresql12:12.10
+ image: registry1.dso.mil/ironbank/opensource/postgres/postgresql12:12.11
## Provide a secret containing one or more certificate files in the keys that will be added to cacerts
## The cacerts file will be set via SONARQUBE_WEB_JVM_OPTS and SONAR_CE_JAVAOPTS
@@ -165,7 +165,7 @@ initSysctl:
fsFileMax: 131072
nofile: 131072
nproc: 8192
- # image:
+ # image:
securityContext:
privileged: true
# resources: {}
@@ -185,7 +185,7 @@ plugins:
# httpsProxy: ""
# noProxy: ""
- # image:
+ # image:
# resources: {}
# .netrc secret file with a key "netrc" to use basic auth while downloading plugins
@@ -316,7 +316,7 @@ postgresql:
image:
registry: registry1.dso.mil
repository: ironbank/opensource/postgres/postgresql12
- tag: "12.10"
+ tag: "12.11"
pullSecrets:
- private-registry
postgresqlConfiguration: {"listen_addresses": "*"}
@@ -364,7 +364,7 @@ sonarqubeFolder: /opt/sonarqube
tests:
enabled: false
- # image:
+ # image:
serviceAccount:
create: false
@@ -407,7 +407,7 @@ terminationGracePeriodSeconds: 60
## Your FQDN will be ${ .Values.subdomain }.${ .Values.domain }
domain: bigbang.dev
istio:
- # Toggle istio integration
+ # Toggle istio integration
enabled: false
# -- Default argocd peer authentication
mtls:
@@ -426,7 +426,7 @@ istio:
injection: disabled
monitoring:
enabled: false
-
+
networkPolicies:
enabled: false
ingressLabels:
diff --git a/tests/test-values.yaml b/tests/test-values.yaml
index 260bc1fe292118569869b6a1ef104fbe759bc66d..bad859837152191725c89859811e25b8c76ca149 100644
--- a/tests/test-values.yaml
+++ b/tests/test-values.yaml
@@ -1,7 +1,7 @@
account:
adminPassword: new_admin_password
currentAdminPassword: admin
-curlContainerImage: registry1.dso.mil/ironbank/big-bang/base:1.2.0
+curlContainerImage: registry1.dso.mil/ironbank/big-bang/base:1.18.0
bbtests:
enabled: true