From e23d9938ffe13d43c133a2924da80117cb9d29b6 Mon Sep 17 00:00:00 2001 From: ironbank-bot Date: Thu, 10 Dec 2020 01:10:38 +0000 Subject: [PATCH 1/4] Migrate to hardening_manifest.yaml --- Dockerfile | 5 ---- Jenkinsfile | 2 -- download.yaml | 4 --- hardening_manifest.yaml | 55 +++++++++++++++++++++++++++++++++++++++++ renovate.json | 55 ++++++++++++++++++++++++++++++----------- 5 files changed, 96 insertions(+), 25 deletions(-) delete mode 100644 Jenkinsfile delete mode 100644 download.yaml create mode 100644 hardening_manifest.yaml diff --git a/Dockerfile b/Dockerfile index 7ec24c5..8fa1589 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,11 +6,6 @@ FROM sonarqube:8.5-community AS build FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -LABEL org.opencontainers.image.title="SonarQube" \ - org.opencontainers.image.description="SonarQube is an automatic code review tool to detect bugs, vulnerabilities and code smells in your code." \ - org.opencontainers.image.licenses="LGPL-3.0-only" \ - org.opencontainers.image.version="8.5-community" \ - maintainer="SonarSource" ARG SONARQUBE_VERSION="8.5-community" ENV SONAR_VERSION="${SONARQUBE_VERSION}" \ diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index c3e3b9e..0000000 --- a/Jenkinsfile +++ /dev/null @@ -1,2 +0,0 @@ -@Library('DCCSCR@master') _ -dccscrPipeline(version: "8.5-community") diff --git a/download.yaml b/download.yaml deleted file mode 100644 index d705595..0000000 --- a/download.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -resources: - - url: docker://docker.io/library/sonarqube@sha256:3444998c3219ea0490ed583b536ff9ba5031920603442680f5123b0628506d28 - tag: sonarqube:8.5-community diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml new file mode 100644 index 0000000..b3fd043 --- /dev/null +++ b/hardening_manifest.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: v1 + +# The repository name in registry1, excluding /ironbank/ +name: "sonarsource/sonarqube/sonarqube8-community" + +# List of tags to push for the repository in registry1 +# The most specific version should be the first tag and will be shown +# on ironbank.dsop.io +tags: +- "8.5-community" +- "latest" + +# Build args passed to Dockerfile ARGs +args: + BASE_IMAGE: "redhat/openjdk/openjdk11" + BASE_TAG: "1.11" + +# Docker image labels +labels: + org.opencontainers.image.title: "sonarqube8-community" + ## Human-readable description of the software packaged in the image + # org.opencontainers.image.description: "FIXME" + ## License(s) under which contained software is distributed + # org.opencontainers.image.licenses: "FIXME" + ## URL to find more information on the image + # org.opencontainers.image.url: "FIXME" + ## Name of the distributing entity, organization or individual + # org.opencontainers.image.vendor: "FIXME" + org.opencontainers.image.version: "8.5-community" + ## Keywords to help with search (ex. "cicd,gitops,golang") + # mil.dso.ironbank.image.keywords: "FIXME" + ## This value can be "opensource" or "commercial" + # mil.dso.ironbank.image.type: "FIXME" + ## Product the image belongs to for grouping multiple images + # mil.dso.ironbank.product.name: "FIXME" + +# List of resources to make available to the offline build context +resources: +- tag: sonarqube:8.5-community + url: docker://docker.io/library/sonarqube@sha256:3444998c3219ea0490ed583b536ff9ba5031920603442680f5123b0628506d28 + +# List of project maintainers +# FIXME: Fill in the following details for the current container owner in the whitelist +# FIXME: Include any other vendor information if applicable +maintainers: +- email: "melissari_sean@bah.com" +# # The name of the current container owner +# name: "FIXME" +# # The gitlab username of the current container owner +# username: "FIXME" +# cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT +# - name: "FIXME" +# username: "FIXME" +# email: "FIXME" diff --git a/renovate.json b/renovate.json index 69654f7..1ff40b9 100644 --- a/renovate.json +++ b/renovate.json @@ -1,13 +1,23 @@ { - "assignees": ["@sean.melissari"], - "baseBranches": ["development"], + "assignees": [ + "@sean.melissari" + ], + "baseBranches": [ + "development" + ], "postUpgradeTasks": { - "commands": ["kpt pkg sync ."], - "fileFilters": ["scripts/*"] + "commands": [ + "kpt pkg sync ." + ], + "fileFilters": [ + "scripts/*" + ] }, "regexManagers": [ { - "fileMatch": ["^Dockerfile$"], + "fileMatch": [ + "^Dockerfile$" + ], "matchStrings": [ "version=\"(?.*?)\"" ], @@ -16,7 +26,9 @@ "versioningTemplate": "docker" }, { - "fileMatch": ["^Dockerfile$"], + "fileMatch": [ + "^Dockerfile$" + ], "matchStrings": [ "SONARQUBE_VERSION=\"(?.*?)\"" ], @@ -25,22 +37,37 @@ "versioningTemplate": "docker" }, { - "fileMatch": ["^Jenkinsfile$"], + "fileMatch": [ + "^Kptfile$" + ], + "matchStrings": [ + "\\s+ref:\\s+(?.*?)\n" + ], + "depNameTemplate": "SonarSource/docker-sonarqube", + "datasourceTemplate": "github-tags", + "versioningTemplate": "loose" + }, + { + "fileMatch": [ + "^hardening_manifest.yaml$" + ], "matchStrings": [ - "version:\\s+\"(?.*?)\"" + "org\\.opencontainers\\.image\\.version:\\s+\"(?.+?)\"" ], "depNameTemplate": "sonarqube", "datasourceTemplate": "docker", "versioningTemplate": "docker" }, { - "fileMatch": ["^Kptfile$"], + "fileMatch": [ + "^hardening_manifest.yaml$" + ], "matchStrings": [ - "\\s+ref:\\s+(?.*?)\n" + "tags:\\s+-\\s+\"(?.+?)\"" ], - "depNameTemplate": "SonarSource/docker-sonarqube", - "datasourceTemplate": "github-tags", - "versioningTemplate": "loose" + "depNameTemplate": "sonarqube", + "datasourceTemplate": "docker", + "versioningTemplate": "docker" } ] -} +} \ No newline at end of file -- GitLab From cc846c20eb947c693ebc6c6a61a93d5bbad2b095 Mon Sep 17 00:00:00 2001 From: tobias-trabelsi-sonarsource Date: Thu, 10 Dec 2020 08:19:35 +0100 Subject: [PATCH 2/4] adressed FIXME annotations in hardening manifest --- hardening_manifest.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index b3fd043..9a64f73 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -20,20 +20,20 @@ args: labels: org.opencontainers.image.title: "sonarqube8-community" ## Human-readable description of the software packaged in the image - # org.opencontainers.image.description: "FIXME" + org.opencontainers.image.description: "SonarQube is an automatic code review tool to detect bugs, vulnerabilities and code smells in your code." ## License(s) under which contained software is distributed - # org.opencontainers.image.licenses: "FIXME" + org.opencontainers.image.licenses: "LGPL-3.0-only" ## URL to find more information on the image - # org.opencontainers.image.url: "FIXME" + org.opencontainers.image.url: "https://docs.sonarqube.org/latest/" ## Name of the distributing entity, organization or individual - # org.opencontainers.image.vendor: "FIXME" + org.opencontainers.image.vendor: "SonarSource SA" org.opencontainers.image.version: "8.5-community" ## Keywords to help with search (ex. "cicd,gitops,golang") - # mil.dso.ironbank.image.keywords: "FIXME" + mil.dso.ironbank.image.keywords: "cicd,devops,sast,review" ## This value can be "opensource" or "commercial" - # mil.dso.ironbank.image.type: "FIXME" + mil.dso.ironbank.image.type: "opensource" ## Product the image belongs to for grouping multiple images - # mil.dso.ironbank.product.name: "FIXME" + mil.dso.ironbank.product.name: "sonarqube" # List of resources to make available to the offline build context resources: -- GitLab From 4558de3ef3f6b61fd1657e70a3b8392f882cb2dc Mon Sep 17 00:00:00 2001 From: tobias-trabelsi-sonarsource Date: Thu, 10 Dec 2020 08:24:27 +0100 Subject: [PATCH 3/4] fixup cc846c20eb947c693ebc6c6a61a93d5bbad2b095 --- hardening_manifest.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 9a64f73..8223f53 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -44,12 +44,12 @@ resources: # FIXME: Fill in the following details for the current container owner in the whitelist # FIXME: Include any other vendor information if applicable maintainers: -- email: "melissari_sean@bah.com" + - email: "melissari_sean@bah.com" # # The name of the current container owner -# name: "FIXME" + name: "Sean Melissari" # # The gitlab username of the current container owner -# username: "FIXME" -# cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT -# - name: "FIXME" + username: "sean.melissari" + cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT +# - name: "FIXME" # username: "FIXME" # email: "FIXME" -- GitLab From 7d618786d24ecd62f380ad0c6ed0735c55635b03 Mon Sep 17 00:00:00 2001 From: renovate Date: Fri, 11 Dec 2020 01:07:47 +0000 Subject: [PATCH 4/4] Update sonarqube Docker tag to v8.6 --- Dockerfile | 6 +++--- Jenkinsfile | 2 +- download.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7ec24c5..2ca7f7d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,17 +2,17 @@ ARG BASE_REGISTRY=registry1.dsop.io ARG BASE_IMAGE=ironbank/redhat/openjdk/openjdk11 ARG BASE_TAG=1.11 -FROM sonarqube:8.5-community AS build +FROM sonarqube:8.6-community AS build FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} LABEL org.opencontainers.image.title="SonarQube" \ org.opencontainers.image.description="SonarQube is an automatic code review tool to detect bugs, vulnerabilities and code smells in your code." \ org.opencontainers.image.licenses="LGPL-3.0-only" \ - org.opencontainers.image.version="8.5-community" \ + org.opencontainers.image.version="8.6-community" \ maintainer="SonarSource" -ARG SONARQUBE_VERSION="8.5-community" +ARG SONARQUBE_VERSION="8.6-community" ENV SONAR_VERSION="${SONARQUBE_VERSION}" \ SONARQUBE_HOME="/opt/sonarqube" \ SQ_DATA_DIR="/opt/sonarqube/data" \ diff --git a/Jenkinsfile b/Jenkinsfile index c3e3b9e..7344147 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,2 +1,2 @@ @Library('DCCSCR@master') _ -dccscrPipeline(version: "8.5-community") +dccscrPipeline(version: "8.6-community") diff --git a/download.yaml b/download.yaml index d705595..2b08747 100644 --- a/download.yaml +++ b/download.yaml @@ -1,4 +1,4 @@ --- resources: - - url: docker://docker.io/library/sonarqube@sha256:3444998c3219ea0490ed583b536ff9ba5031920603442680f5123b0628506d28 - tag: sonarqube:8.5-community + - url: docker://docker.io/library/sonarqube@sha256:993b79a45e985a36046327759ecc76d711dfde123ed11944d32a3282d66758cb + tag: sonarqube:8.6-community -- GitLab