diff --git a/CHANGELOG.md b/CHANGELOG.md index 97a78d3ff4d475aef6a11fdc1b8d7e44173b6f67..a57aea22d0fdf0767e2d1903bf3ed6ac6e8aa276 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,11 @@ # Changelog -## Initial Helm Chart Release - 2020-01-22 +## 9.2.6-bb.3 - 2021-03-16 +Plugins have been preinstalled into the container and made available at registry.dso.mil. + +InitContainers have also been pushed into registry.dso.mil until ironbank equivalents can be found. + +## Initial Helm Chart Release - 2021-01-22 Added SAML sso integration Added istio virtual service diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..89ee7bf83b0f90b37ff79644f5830f03a20cbf64 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,12 @@ +# Start with the IronBank Image +FROM registry1.dso.mil/ironbank/sonarsource/sonarqube/sonarqube8-community:8.6-community +# Add needed Plugins +ADD https://github.com/dependency-check/dependency-check-sonar-plugin/releases/download/1.2.6/sonar-dependency-check-plugin-1.2.6.jar /opt/sonarqube/extensions/plugins/ +ADD https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-c-plugin-1.3.2.1853.jar /opt/sonarqube/extensions/plugins/ +ADD https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-cxx-plugin-1.3.2.1853.jar /opt/sonarqube/extensions/plugins/ +ADD https://github.com/dmeiners88/sonarqube-prometheus-exporter/releases/download/v1.0.0-SNAPSHOT-2018-07-04/sonar-prometheus-exporter-1.0.0-SNAPSHOT.jar /opt/sonarqube/extensions/plugins/ +ADD https://github.com/vaulttec/sonar-auth-oidc/releases/download/v2.0.0/sonar-auth-oidc-plugin-2.0.0.jar /opt/sonarqube/extensions/plugins/ +ADD https://github.com/OtherDevOpsGene/zap-sonar-plugin/releases/download/sonar-zap-plugin-2.0.2/sonar-zap-plugin-2.0.2.jar /opt/sonarqube/extensions/plugins/ +USER root +RUN chown -R sonarqube:sonarqube /opt/sonarqube/extensions/plugins +USER sonarqube diff --git a/chart/Chart.yaml b/chart/Chart.yaml index a0431d40fd7846b2e934eed04e855d2bb6e65404..261b90494417214ee956e2ff0651079d2ea53b57 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 8.6-community name: sonarqube description: SonarQube is an open sourced code quality scanning tool -version: 9.2.6-bb.2 +version: 9.2.6-bb.3 keywords: - coverage - security diff --git a/chart/requirements.yaml b/chart/requirements.yaml new file mode 100644 index 0000000000000000000000000000000000000000..8eea6bb3a10dcb5efd6c2fe8df072569d50c39d6 --- /dev/null +++ b/chart/requirements.yaml @@ -0,0 +1,5 @@ +dependencies: + - name: postgresql + version: 8.6.4 + repository: file://charts/postgresql + condition: postgresql.enabled diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml index 4c684084124e97fb23a4307854fce349070e1689..b465e71a9fb7a494bb6dba9b860289af15dea51c 100644 --- a/chart/templates/deployment.yaml +++ b/chart/templates/deployment.yaml @@ -84,7 +84,7 @@ spec: {{- end }} {{- if or .Values.initSysctl.enabled .Values.elasticsearch.configureNode }} - name: init-sysctl - image: {{ default "busybox:1.32" .Values.initSysctl.image }} + image: {{ default "registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/busybox:1.32" .Values.initSysctl.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if $securityContext := (default .Values.initContainers.securityContext .Values.initSysctl.securityContext) }} securityContext: @@ -105,7 +105,7 @@ spec: {{- end }} {{- if .Values.plugins.install }} - name: install-plugins - image: {{ default "rjkernick/alpine-wget:latest" .Values.plugins.image }} + image: {{ default "registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/alpine-wget:latest" .Values.plugins.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["sh", "-e", @@ -136,7 +136,7 @@ spec: {{- end }} {{- if and .Values.sonarProperties .Values.sonarSecretProperties }} - name: concat-properties - image: {{ default "busybox:1.32" .Values.initContainers.image }} + image: {{ default "registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/busybox:1.32" .Values.initContainers.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["sh", "-c", @@ -163,12 +163,15 @@ spec: {{- end }} {{- if .Values.postgresql.enabled }} - name: "wait-for-db" - image: {{ default "busybox:1.32" .Values.initContainers.image }} + image: registry1.dso.mil/ironbank/opensource/postgres/postgresql96:9.6.20 imagePullPolicy: {{ .Values.image.pullPolicy }} resources: {{ toYaml .Values.initContainers.resources | indent 12 }} - command: ["/bin/sh", "-c", "for i in $(seq 1 200); do nc -z -w3 {{ .Release.Name}}-postgresql 5432 && exit 0 || sleep 2; done; exit 1"] - {{- end }} + command: ["/bin/sh", "-c", "until pg_isready -h {{ .Release.Name}}-postgresql -p 5432 -U {{ .Values.postgresql.postgresqlUsername }}; do sleep 2; done"] + {{- end }} + env: + - name: POSTGRES_HOST_AUTH_METHOD + value: "trust" {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} diff --git a/chart/templates/tests/sonarqube-test.yaml b/chart/templates/tests/sonarqube-test.yaml index 9ecef43edb490f256c0b7a2e8d52922867d296aa..3f5b5ebc919f9034f2a4798a96e2d4b87411b0cc 100644 --- a/chart/templates/tests/sonarqube-test.yaml +++ b/chart/templates/tests/sonarqube-test.yaml @@ -13,7 +13,7 @@ metadata: spec: initContainers: - name: "bats" - image: "bats/bats:1.2.1" + image: "registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/bats:1.2.1" imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["bash", "-c"] args: @@ -25,7 +25,7 @@ spec: name: tools containers: - name: {{ .Release.Name }}-ui-test - image: {{ default "bitnami/minideb-extras" .Values.tests.image }} + image: {{ default "registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/minideb-extras:latest" .Values.tests.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: [ "/tools/bats/bin/bats", diff --git a/chart/values.yaml b/chart/values.yaml index 7f0a2b84e663a4eb5a247e6b0e60a66ed2ad0e5b..969404eb5a9bb09c954a92da4a860c5bdb8a612c 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -19,8 +19,8 @@ OpenShift: createSCC: true image: - repository: registry1.dso.mil/ironbank/sonarsource/sonarqube/sonarqube8-community - tag: 8.6-community + repository: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/sonarqube8-community-bb + tag: 8.6-community-bb pullPolicy: IfNotPresent # If using a private repository, the name of the imagePullSecret to use pullSecret: [] @@ -37,7 +37,7 @@ containerSecurityContext: # Settings to configure elasticsearch host requirements elasticsearch: # DEPRECATED: Use initSysctl.enabled instead - configureNode: true + configureNode: false bootstrapChecks: true service: @@ -115,7 +115,7 @@ livenessProbe: # sonar.web.context: /sonarqube initContainers: - # image: busybox:1.32 + # image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/busybox:1.32 # We allow the init containers to have a separate security context declaration because # the initContainer may not require the same as SonarQube. # securityContext: {} @@ -131,12 +131,12 @@ initContainers: # secret: my-secret initSysctl: - enabled: true + enabled: false vmMaxMapCount: 524288 fsFileMax: 131072 nofile: 131072 nproc: 8192 - # image: busybox:1.32 + # image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/busybox:1.32 securityContext: privileged: true # resources: {} @@ -149,10 +149,10 @@ initSysctl: # - "https://github.com/SonarSource/sonar-ldap/releases/download/2.2-RC3/sonar-ldap-plugin-2.2.0.601.jar" plugins: install: - - https://github.com/dependency-check/dependency-check-sonar-plugin/releases/download/1.2.6/sonar-dependency-check-plugin-1.2.6.jar - - https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-c-plugin-1.3.2.1853.jar - - https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-cxx-plugin-1.3.2.1853.jar - - https://github.com/dmeiners88/sonarqube-prometheus-exporter/releases/download/v1.0.0-SNAPSHOT-2018-07-04/sonar-prometheus-exporter-1.0.0-SNAPSHOT.jar +# - https://github.com/dependency-check/dependency-check-sonar-plugin/releases/download/1.2.6/sonar-dependency-check-plugin-1.2.6.jar +# - https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-c-plugin-1.3.2.1853.jar +# - https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-cxx-plugin-1.3.2.1853.jar +# - https://github.com/dmeiners88/sonarqube-prometheus-exporter/releases/download/v1.0.0-SNAPSHOT-2018-07-04/sonar-prometheus-exporter-1.0.0-SNAPSHOT.jar lib: [] # For use behind a corporate proxy when downloading plugins @@ -160,7 +160,7 @@ plugins: # httpsProxy: "" # noProxy: "" - # image: rjkernick/alpine-wget:latest + # image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/alpine-wget:latest # resources: {} # .netrc secret file with a key "netrc" to use basic auth while downloading plugins @@ -314,8 +314,8 @@ podLabels: {} sonarqubeFolder: /opt/sonarqube tests: - enabled: true - # image: bitnami/minideb-extras + enabled: false + # image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/minideb-extras:latest serviceAccount: create: false diff --git a/tests/test-values.yml b/tests/test-values.yml index aaddc0cfbbe077fa397c2be1b467e11d09e6ff9a..d5d2b8117db78ed870547e92d309c004e87e22c7 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -3,3 +3,4 @@ image: istio: enabled: true +