From 9fb3687195d780300080d7aa509009f0e2b76357 Mon Sep 17 00:00:00 2001 From: "branden.cobb" Date: Fri, 19 Mar 2021 18:42:16 +0000 Subject: [PATCH] bats doesn't work. switching back to busybox and disabling initSysctl. initContainer is only used to wait for DB --- CHANGELOG.md | 7 +++++- Dockerfile | 12 +++++++++++ chart/Chart.yaml | 2 +- chart/requirements.yaml | 5 +++++ chart/templates/deployment.yaml | 15 +++++++------ chart/templates/tests/sonarqube-test.yaml | 4 ++-- chart/values.yaml | 26 +++++++++++------------ tests/test-values.yml | 1 + 8 files changed, 49 insertions(+), 23 deletions(-) create mode 100644 Dockerfile create mode 100644 chart/requirements.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index 97a78d3..a57aea2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,11 @@ # Changelog -## Initial Helm Chart Release - 2020-01-22 +## 9.2.6-bb.3 - 2021-03-16 +Plugins have been preinstalled into the container and made available at registry.dso.mil. + +InitContainers have also been pushed into registry.dso.mil until ironbank equivalents can be found. + +## Initial Helm Chart Release - 2021-01-22 Added SAML sso integration Added istio virtual service diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..89ee7bf --- /dev/null +++ b/Dockerfile @@ -0,0 +1,12 @@ +# Start with the IronBank Image +FROM registry1.dso.mil/ironbank/sonarsource/sonarqube/sonarqube8-community:8.6-community +# Add needed Plugins +ADD https://github.com/dependency-check/dependency-check-sonar-plugin/releases/download/1.2.6/sonar-dependency-check-plugin-1.2.6.jar /opt/sonarqube/extensions/plugins/ +ADD https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-c-plugin-1.3.2.1853.jar /opt/sonarqube/extensions/plugins/ +ADD https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-cxx-plugin-1.3.2.1853.jar /opt/sonarqube/extensions/plugins/ +ADD https://github.com/dmeiners88/sonarqube-prometheus-exporter/releases/download/v1.0.0-SNAPSHOT-2018-07-04/sonar-prometheus-exporter-1.0.0-SNAPSHOT.jar /opt/sonarqube/extensions/plugins/ +ADD https://github.com/vaulttec/sonar-auth-oidc/releases/download/v2.0.0/sonar-auth-oidc-plugin-2.0.0.jar /opt/sonarqube/extensions/plugins/ +ADD https://github.com/OtherDevOpsGene/zap-sonar-plugin/releases/download/sonar-zap-plugin-2.0.2/sonar-zap-plugin-2.0.2.jar /opt/sonarqube/extensions/plugins/ +USER root +RUN chown -R sonarqube:sonarqube /opt/sonarqube/extensions/plugins +USER sonarqube diff --git a/chart/Chart.yaml b/chart/Chart.yaml index a0431d4..261b904 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 8.6-community name: sonarqube description: SonarQube is an open sourced code quality scanning tool -version: 9.2.6-bb.2 +version: 9.2.6-bb.3 keywords: - coverage - security diff --git a/chart/requirements.yaml b/chart/requirements.yaml new file mode 100644 index 0000000..8eea6bb --- /dev/null +++ b/chart/requirements.yaml @@ -0,0 +1,5 @@ +dependencies: + - name: postgresql + version: 8.6.4 + repository: file://charts/postgresql + condition: postgresql.enabled diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml index 4c68408..b465e71 100644 --- a/chart/templates/deployment.yaml +++ b/chart/templates/deployment.yaml @@ -84,7 +84,7 @@ spec: {{- end }} {{- if or .Values.initSysctl.enabled .Values.elasticsearch.configureNode }} - name: init-sysctl - image: {{ default "busybox:1.32" .Values.initSysctl.image }} + image: {{ default "registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/busybox:1.32" .Values.initSysctl.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if $securityContext := (default .Values.initContainers.securityContext .Values.initSysctl.securityContext) }} securityContext: @@ -105,7 +105,7 @@ spec: {{- end }} {{- if .Values.plugins.install }} - name: install-plugins - image: {{ default "rjkernick/alpine-wget:latest" .Values.plugins.image }} + image: {{ default "registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/alpine-wget:latest" .Values.plugins.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["sh", "-e", @@ -136,7 +136,7 @@ spec: {{- end }} {{- if and .Values.sonarProperties .Values.sonarSecretProperties }} - name: concat-properties - image: {{ default "busybox:1.32" .Values.initContainers.image }} + image: {{ default "registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/busybox:1.32" .Values.initContainers.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["sh", "-c", @@ -163,12 +163,15 @@ spec: {{- end }} {{- if .Values.postgresql.enabled }} - name: "wait-for-db" - image: {{ default "busybox:1.32" .Values.initContainers.image }} + image: registry1.dso.mil/ironbank/opensource/postgres/postgresql96:9.6.20 imagePullPolicy: {{ .Values.image.pullPolicy }} resources: {{ toYaml .Values.initContainers.resources | indent 12 }} - command: ["/bin/sh", "-c", "for i in $(seq 1 200); do nc -z -w3 {{ .Release.Name}}-postgresql 5432 && exit 0 || sleep 2; done; exit 1"] - {{- end }} + command: ["/bin/sh", "-c", "until pg_isready -h {{ .Release.Name}}-postgresql -p 5432 -U {{ .Values.postgresql.postgresqlUsername }}; do sleep 2; done"] + {{- end }} + env: + - name: POSTGRES_HOST_AUTH_METHOD + value: "trust" {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} diff --git a/chart/templates/tests/sonarqube-test.yaml b/chart/templates/tests/sonarqube-test.yaml index 9ecef43..3f5b5eb 100644 --- a/chart/templates/tests/sonarqube-test.yaml +++ b/chart/templates/tests/sonarqube-test.yaml @@ -13,7 +13,7 @@ metadata: spec: initContainers: - name: "bats" - image: "bats/bats:1.2.1" + image: "registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/bats:1.2.1" imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["bash", "-c"] args: @@ -25,7 +25,7 @@ spec: name: tools containers: - name: {{ .Release.Name }}-ui-test - image: {{ default "bitnami/minideb-extras" .Values.tests.image }} + image: {{ default "registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/minideb-extras:latest" .Values.tests.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: [ "/tools/bats/bin/bats", diff --git a/chart/values.yaml b/chart/values.yaml index 7f0a2b8..969404e 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -19,8 +19,8 @@ OpenShift: createSCC: true image: - repository: registry1.dso.mil/ironbank/sonarsource/sonarqube/sonarqube8-community - tag: 8.6-community + repository: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/sonarqube8-community-bb + tag: 8.6-community-bb pullPolicy: IfNotPresent # If using a private repository, the name of the imagePullSecret to use pullSecret: [] @@ -37,7 +37,7 @@ containerSecurityContext: # Settings to configure elasticsearch host requirements elasticsearch: # DEPRECATED: Use initSysctl.enabled instead - configureNode: true + configureNode: false bootstrapChecks: true service: @@ -115,7 +115,7 @@ livenessProbe: # sonar.web.context: /sonarqube initContainers: - # image: busybox:1.32 + # image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/busybox:1.32 # We allow the init containers to have a separate security context declaration because # the initContainer may not require the same as SonarQube. # securityContext: {} @@ -131,12 +131,12 @@ initContainers: # secret: my-secret initSysctl: - enabled: true + enabled: false vmMaxMapCount: 524288 fsFileMax: 131072 nofile: 131072 nproc: 8192 - # image: busybox:1.32 + # image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/busybox:1.32 securityContext: privileged: true # resources: {} @@ -149,10 +149,10 @@ initSysctl: # - "https://github.com/SonarSource/sonar-ldap/releases/download/2.2-RC3/sonar-ldap-plugin-2.2.0.601.jar" plugins: install: - - https://github.com/dependency-check/dependency-check-sonar-plugin/releases/download/1.2.6/sonar-dependency-check-plugin-1.2.6.jar - - https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-c-plugin-1.3.2.1853.jar - - https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-cxx-plugin-1.3.2.1853.jar - - https://github.com/dmeiners88/sonarqube-prometheus-exporter/releases/download/v1.0.0-SNAPSHOT-2018-07-04/sonar-prometheus-exporter-1.0.0-SNAPSHOT.jar +# - https://github.com/dependency-check/dependency-check-sonar-plugin/releases/download/1.2.6/sonar-dependency-check-plugin-1.2.6.jar +# - https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-c-plugin-1.3.2.1853.jar +# - https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-cxx-plugin-1.3.2.1853.jar +# - https://github.com/dmeiners88/sonarqube-prometheus-exporter/releases/download/v1.0.0-SNAPSHOT-2018-07-04/sonar-prometheus-exporter-1.0.0-SNAPSHOT.jar lib: [] # For use behind a corporate proxy when downloading plugins @@ -160,7 +160,7 @@ plugins: # httpsProxy: "" # noProxy: "" - # image: rjkernick/alpine-wget:latest + # image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/alpine-wget:latest # resources: {} # .netrc secret file with a key "netrc" to use basic auth while downloading plugins @@ -314,8 +314,8 @@ podLabels: {} sonarqubeFolder: /opt/sonarqube tests: - enabled: true - # image: bitnami/minideb-extras + enabled: false + # image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/minideb-extras:latest serviceAccount: create: false diff --git a/tests/test-values.yml b/tests/test-values.yml index aaddc0c..d5d2b81 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -3,3 +3,4 @@ image: istio: enabled: true + -- GitLab