From 059840224f9e4e9f6861ff2d3cfaa3193380a232 Mon Sep 17 00:00:00 2001 From: wkoot <3715211+wkoot@users.noreply.github.com> Date: Thu, 7 Nov 2024 21:19:04 +0100 Subject: [PATCH 1/9] Update version spec --- Dockerfile | 2 +- MAINTENANCE.md | 2 +- helm/Chart.yaml | 6 +++--- helm/values.yaml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index bb05605..ec681e7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ ARG IMAGE_NAME=sonarqube -ARG IMAGE_VERSION=10.5.1 +ARG IMAGE_VERSION=10.7.0 ARG IMAGE_EDITION=community FROM $IMAGE_NAME:$IMAGE_VERSION-$IMAGE_EDITION diff --git a/MAINTENANCE.md b/MAINTENANCE.md index c3fcdb3..41199a4 100644 --- a/MAINTENANCE.md +++ b/MAINTENANCE.md @@ -3,7 +3,7 @@ ## Version upgrade workflow -1. Update `Dockerfile`s with the new version of SonarQube +1. Update version spec in `Dockerfile`, `helm/Chart.yaml` and `helm/values.yaml` with the new version of SonarQube 1. Update external plugins in the [config.json](https://github.com/ICTU/sonar/blob/master/src/config.json) 1. Create profiles based on the internal plugin versions in the [config.json](https://github.com/ICTU/sonar/blob/master/src/config.json) 1. Obtain the base version numbers from the vanilla SonarQube image directory `/opt/sonarqube/lib/extensions`, excluding build number diff --git a/helm/Chart.yaml b/helm/Chart.yaml index 7f1dedd..144c93a 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,8 +1,8 @@ --- apiVersion: v2 name: ictu-sonarqube -version: 10.5.1 -appVersion: "10.5.1" +version: 10.7.0 +appVersion: "10.7.0" description: A SonarQube helm chart with plugins, profiles and config used at ICTU type: application home: https://github.com/ICTU/sonar @@ -11,5 +11,5 @@ dependencies: version: 15.5.38 # this corresponds with appVersion 16.4.0, upstream sonarqube helm chart uses version 10.15.0 repository: https://charts.bitnami.com/bitnami # https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml - name: sonarqube - version: 10.5.1 + version: 10.7.0 repository: https://SonarSource.github.io/helm-chart-sonarqube # https://github.com/SonarSource/helm-chart-sonarqube/blob/master/charts/sonarqube/Chart.yaml diff --git a/helm/values.yaml b/helm/values.yaml index 9169d50..8d00603 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -31,7 +31,7 @@ postgresql: sonarqube: image: repository: ictu/sonar - tag: "10.5.1" + tag: "10.7.0" pullPolicy: IfNotPresent jdbcOverwrite: enable: true From 478d6638ce1090552f418c4c34f20ee5e5e9b447 Mon Sep 17 00:00:00 2001 From: wkoot <3715211+wkoot@users.noreply.github.com> Date: Thu, 7 Nov 2024 21:48:26 +0100 Subject: [PATCH 2/9] Update external plugins --- MAINTENANCE.md | 2 +- src/config.json | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/MAINTENANCE.md b/MAINTENANCE.md index 41199a4..7de96dc 100644 --- a/MAINTENANCE.md +++ b/MAINTENANCE.md @@ -4,7 +4,7 @@ ## Version upgrade workflow 1. Update version spec in `Dockerfile`, `helm/Chart.yaml` and `helm/values.yaml` with the new version of SonarQube -1. Update external plugins in the [config.json](https://github.com/ICTU/sonar/blob/master/src/config.json) +1. Update external plugins in the [config.json](https://github.com/ICTU/sonar/blob/master/src/config.json) with latest versions listed in their respective repository `/releases/` url 1. Create profiles based on the internal plugin versions in the [config.json](https://github.com/ICTU/sonar/blob/master/src/config.json) 1. Obtain the base version numbers from the vanilla SonarQube image directory `/opt/sonarqube/lib/extensions`, excluding build number 1. Update the configuration rules version number `rules_version` if the rules have been changed diff --git a/src/config.json b/src/config.json index 2141c59..b0981f6 100644 --- a/src/config.json +++ b/src/config.json @@ -1,11 +1,11 @@ { "rules_version": 20231222, "plugins": [ - "https://github.com/checkstyle/sonar-checkstyle/releases/download/10.16.0/checkstyle-sonar-plugin-10.16.0.jar", + "https://github.com/checkstyle/sonar-checkstyle/releases/download/10.19.0/checkstyle-sonar-plugin-10.19.0.jar", "https://github.com/dependency-check/dependency-check-sonar-plugin/releases/download/5.0.0/sonar-dependency-check-plugin-5.0.0.jar", "https://github.com/sbaudoin/sonar-ansible/releases/download/v2.5.1/sonar-ansible-plugin-2.5.1.jar", "https://github.com/sbaudoin/sonar-yaml/releases/download/v1.9.1/sonar-yaml-plugin-1.9.1.jar", - "https://github.com/spotbugs/sonar-findbugs/releases/download/4.2.9/sonar-findbugs-plugin-4.2.9.jar", + "https://github.com/spotbugs/sonar-findbugs/releases/download/4.3.0/sonar-findbugs-plugin-4.3.0.jar", "https://github.com/vaulttec/sonar-auth-oidc/releases/download/v2.1.1/sonar-auth-oidc-plugin-2.1.1.jar" ], "profiles": { From b16e47aa0600c8d031e311cd0e3455d8f55c46f4 Mon Sep 17 00:00:00 2001 From: wkoot <3715211+wkoot@users.noreply.github.com> Date: Thu, 7 Nov 2024 21:52:42 +0100 Subject: [PATCH 3/9] Update profile versions --- MAINTENANCE.md | 2 +- src/config.json | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/MAINTENANCE.md b/MAINTENANCE.md index 7de96dc..4a1dbd7 100644 --- a/MAINTENANCE.md +++ b/MAINTENANCE.md @@ -5,7 +5,7 @@ 1. Update version spec in `Dockerfile`, `helm/Chart.yaml` and `helm/values.yaml` with the new version of SonarQube 1. Update external plugins in the [config.json](https://github.com/ICTU/sonar/blob/master/src/config.json) with latest versions listed in their respective repository `/releases/` url -1. Create profiles based on the internal plugin versions in the [config.json](https://github.com/ICTU/sonar/blob/master/src/config.json) +1. Update profile versions based on the internal plugin versions in the [config.json](https://github.com/ICTU/sonar/blob/master/src/config.json) 1. Obtain the base version numbers from the vanilla SonarQube image directory `/opt/sonarqube/lib/extensions`, excluding build number 1. Update the configuration rules version number `rules_version` if the rules have been changed 1. Create new version tags on GitHub diff --git a/src/config.json b/src/config.json index b0981f6..02f027c 100644 --- a/src/config.json +++ b/src/config.json @@ -1,5 +1,4 @@ { - "rules_version": 20231222, "plugins": [ "https://github.com/checkstyle/sonar-checkstyle/releases/download/10.19.0/checkstyle-sonar-plugin-10.19.0.jar", "https://github.com/dependency-check/dependency-check-sonar-plugin/releases/download/5.0.0/sonar-dependency-check-plugin-5.0.0.jar", @@ -16,15 +15,15 @@ }, "cs": { "plugin_name": "csharp-plugin", - "version": "cs-profile-v9.23.2" + "version": "cs-profile-v9.32.0" }, "java": { "plugin_name": "java-plugin", - "version": "java-profile-v7.33.0" + "version": "java-profile-v8.2.0" }, "js": { "plugin_name": "javascript-plugin", - "version": "js-profile-v10.13.2" + "version": "js-profile-v10.16.0" }, "kotlin": { "plugin_name": "kotlin-plugin", @@ -32,7 +31,7 @@ }, "py": { "plugin_name": "python-plugin", - "version": "py-profile-v4.17.0" + "version": "py-profile-v4.22.0" }, "swift": { "plugin_name": "swift-plugin", @@ -40,17 +39,18 @@ }, "ts": { "plugin_name": "javascript-plugin", - "version": "js-profile-v10.13.2" + "version": "js-profile-v10.16.0" }, "vbnet": { "plugin_name": "vbnet-plugin", - "version": "vbnet-profile-v9.23.2" + "version": "vbnet-profile-v9.32.0" }, "web": { "plugin_name": "html-plugin", - "version": "web-profile-v3.15.0" + "version": "web-profile-v3.16.0" } }, + "rules_version": 20231222, "rules": { "cs": [ "+types=SECURITY_HOTSPOT,VULNERABILITY", From 1de05655ef65b309001707b1ab6a311a7cbd7e9c Mon Sep 17 00:00:00 2001 From: wkoot <3715211+wkoot@users.noreply.github.com> Date: Thu, 7 Nov 2024 22:18:39 +0100 Subject: [PATCH 4/9] Update broken ci and sample config rules --- .github/workflows/docker-image.yml | 2 +- MAINTENANCE.md | 4 +--- README.md | 4 ++-- docker/docker-compose.ci.yml | 2 +- tests/test_functional.py | 2 +- 5 files changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 26b74b8..2785be9 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -10,7 +10,7 @@ on: env: CODE: "PROJ1" - RULES: "+csharpsquid:S104;-ts:S1561;+Web:WhiteSpaceAroundCheck" + RULES: "+csharpsquid:S104;-typescript:S1301;+Web:UnclosedTagCheck" jobs: build: diff --git a/MAINTENANCE.md b/MAINTENANCE.md index 4a1dbd7..d4c0cc2 100644 --- a/MAINTENANCE.md +++ b/MAINTENANCE.md @@ -8,9 +8,7 @@ 1. Update profile versions based on the internal plugin versions in the [config.json](https://github.com/ICTU/sonar/blob/master/src/config.json) 1. Obtain the base version numbers from the vanilla SonarQube image directory `/opt/sonarqube/lib/extensions`, excluding build number 1. Update the configuration rules version number `rules_version` if the rules have been changed -1. Create new version tags on GitHub - 1. `MAJOR.MINOR.PATCH` - 1. `MAJOR.MINOR.PATCH-developer` +1. Check for any runtime errors and warnings in the container logs 1. Build and push new images to docker hub with [CircleCI](https://app.circleci.com/pipelines/github/ICTU/sonar) 1. Update helm `Chart.yaml` with the new chart versions, corresponding with the new `appVersion` 1. Update the helm `values.yaml` with the new `ictu/sonar` image tag diff --git a/README.md b/README.md index e7a004f..a5071a8 100644 --- a/README.md +++ b/README.md @@ -20,12 +20,12 @@ Add a list of semicolon separated rule ids to be enabled or disabled to the envi Example to explicitly enable (+) a C# rule and disable (-) a TypeScript rule: PROJECT_CODE=PROJ1 - PROJECT_RULES=+csharpsquid:S104;-ts:S1561 + PROJECT_RULES=+csharpsquid:S104;-typescript:S1301 It is also possible to adjust individual rule parameter values: PROJECT_CODE=PROJ1 - PROJECT_RULES=+csharpsquid:S110|max=6;-ts:S1561 + PROJECT_RULES=+csharpsquid:S110|max=6;-typescript:S1301 ## Running with PostgreSQL via a Docker-composition diff --git a/docker/docker-compose.ci.yml b/docker/docker-compose.ci.yml index 1a346c6..aa5fc4c 100644 --- a/docker/docker-compose.ci.yml +++ b/docker/docker-compose.ci.yml @@ -9,7 +9,7 @@ services: SONAR_JDBC_PASSWORD: "sonar_pass" SONARQUBE_PASSWORD: "admin123" PROJECT_CODE: "PROJ1" - PROJECT_RULES: "+csharpsquid:S104;-ts:S1561;+Web:WhiteSpaceAroundCheck" + PROJECT_RULES: "+csharpsquid:S104;-typescript:S1301;+Web:UnclosedTagCheck" db: environment: diff --git a/tests/test_functional.py b/tests/test_functional.py index 86c6dac..8ba0936 100644 --- a/tests/test_functional.py +++ b/tests/test_functional.py @@ -42,7 +42,7 @@ def test_sonar_way_profile_remains(self): @skipUnless(PROJECT_RULES, "PROJECT_RULES was not passed") def test_project_override_profile(self): """Check that overridden rule activation is applied.""" - overridden_key = "Web:WhiteSpaceAroundCheck" + overridden_key = "Web:UnclosedTagCheck" self.assertTrue(any([rule_line == f"+{overridden_key}" for rule_line in PROJECT_RULES.split(";")])) version_profile = f"ictu-{self.config_json['profiles']['web']['version']}-{self.config_json['rules_version']}" From 3b7d2f2e63737cf619897cb838980f653ab30a9a Mon Sep 17 00:00:00 2001 From: wkoot <3715211+wkoot@users.noreply.github.com> Date: Thu, 7 Nov 2024 23:41:19 +0100 Subject: [PATCH 5/9] Workaround 10.7 bug, force full reindex of rules --- src/start-with-profile.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/start-with-profile.sh b/src/start-with-profile.sh index d6454d2..e3c9a80 100644 --- a/src/start-with-profile.sh +++ b/src/start-with-profile.sh @@ -37,6 +37,13 @@ function waitForDatabase { count=$((count+sleep)) done echo "Database listening on ${host}:${port}" + + # Reset all plugin hashes to trigger a full reindex of ElasticSearch data, so coding_rules are indexed correctly + # Underlying bug should be fixed in 10.8 release, see also: + # - https://community.sonarsource.com/t/rules-not-registered-and-index-correctly-after-upgrade-to-10-7/128030 + # - https://sonarsource.atlassian.net/browse/SONAR-23466 + echo "Forcing ElasticSearch full reindex of rules, due to bug in version 10.7.0" + PGPASSWORD=${SONAR_JDBC_PASSWORD} psql -h "${host}" -p "${port}" ${SONAR_JDBC_USERNAME:+-U "$SONAR_JDBC_USERNAME"} -d "$(basename "${SONAR_JDBC_URL}")" -c "UPDATE PLUGINS SET FILE_HASH = ''" } # Wait until SonarQube is operational From d7d73a463f3d9478e15e7317f2ad50a454584b21 Mon Sep 17 00:00:00 2001 From: wkoot <3715211+wkoot@users.noreply.github.com> Date: Thu, 7 Nov 2024 23:41:38 +0100 Subject: [PATCH 6/9] Update workflow publish container images --- .circleci/config.yml | 40 ---------------------------- .github/workflows/docker-release.yml | 37 +++++++++++++++++++++++++ .github/workflows/helm-release.yml | 5 ++-- MAINTENANCE.md | 9 +++---- 4 files changed, 43 insertions(+), 48 deletions(-) delete mode 100644 .circleci/config.yml create mode 100644 .github/workflows/docker-release.yml diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index e2603a4..0000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,40 +0,0 @@ -version: 2 - -jobs: - build_and_push_tag: - machine: true - steps: - - checkout - - run: - shell: /bin/bash - command: | - docker build -t ictu/sonar:${CIRCLE_TAG} . - docker login -u $DOCKER_USER -p $DOCKER_PASS - docker push ictu/sonar:${CIRCLE_TAG} - build_and_push_de_tag: - machine: true - steps: - - checkout - - run: - shell: /bin/bash - command: | - docker build --build-arg="IMAGE_EDITION=developer" -t ictu/sonar:${CIRCLE_TAG} . - docker login -u $DOCKER_USER -p $DOCKER_PASS - docker push ictu/sonar:${CIRCLE_TAG} - -workflows: - version: 2 - build_and_push: - jobs: - - build_and_push_tag: - filters: - tags: - only: /^[0-9]+\.[0-9]+(\.[0-9])*(-[0-9]+)*$/ - branches: - ignore: /.*/ - - build_and_push_de_tag: - filters: - tags: - only: /^[0-9]+\.[0-9]+(\.[0-9])*(-[0-9]+)*-developer$/ - branches: - ignore: /.*/ diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml new file mode 100644 index 0000000..afaac69 --- /dev/null +++ b/.github/workflows/docker-release.yml @@ -0,0 +1,37 @@ +--- +name: Publish container images to Docker Hub + +on: workflow_dispatch # Only triggered manually, must be done from a semantic version tag + +jobs: + push_to_registry: + runs-on: ubuntu-latest + strategy: + matrix: + include: + - env: + IMAGE_EDITION: community + IMAGE_SUFFIX: + - env: + IMAGE_EDITION: developer + IMAGE_SUFFIX: -developer + steps: + - uses: actions/checkout@v4 + + - id: semver + name: Ensure that selected tag is a semantic version + uses: matt-usurp/validate-semver@v2 + with: + version: ${{ github.ref }} + + - uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Package and push container to Docker Hub + if: ${{ github.ref_type == "tag" }} + run: | + export CONTAINER_TAG="${{ steps.semver.outputs.version }}${{ matrix.env.IMAGE_SUFFIX }}" + docker build --build-arg="IMAGE_EDITION=${{ matrix.env.IMAGE_EDITION }}" -t ictu/sonar:${CONTAINER_TAG} . + docker push ictu/sonar:${CONTAINER_TAG} diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml index d32ca19..7afe3c5 100644 --- a/.github/workflows/helm-release.yml +++ b/.github/workflows/helm-release.yml @@ -1,5 +1,5 @@ --- -name: Release Helm chart +name: Release Helm chart to Docker Hub on: workflow_dispatch # Only triggered manually @@ -9,8 +9,7 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Login to Docker Hub - uses: docker/login-action@v3 + - uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/MAINTENANCE.md b/MAINTENANCE.md index d4c0cc2..08c0f21 100644 --- a/MAINTENANCE.md +++ b/MAINTENANCE.md @@ -9,11 +9,10 @@ 1. Obtain the base version numbers from the vanilla SonarQube image directory `/opt/sonarqube/lib/extensions`, excluding build number 1. Update the configuration rules version number `rules_version` if the rules have been changed 1. Check for any runtime errors and warnings in the container logs -1. Build and push new images to docker hub with [CircleCI](https://app.circleci.com/pipelines/github/ICTU/sonar) -1. Update helm `Chart.yaml` with the new chart versions, corresponding with the new `appVersion` -1. Update the helm `values.yaml` with the new `ictu/sonar` image tag -1. Push the new chart as OCI artifact to docker hub `ictu/ictu-sonarqube`, with the GitHub action - +1. Create new version tag on GitHub, following semantic versioning as: `MAJOR.MINOR.PATCH` +1. Build and push new container images to Docker Hub `ictu/sonar`, with the [docker release GitHub action](https://github.com/ICTU/sonar/actions/workflows/docker-release.yml) +1. Push the updated helm chart as OCI artifact to Docker Hub `ictu/ictu-sonarqube`, with the [helm release GitHub action](https://github.com/ICTU/sonar/actions/workflows/helm-release.yml) +1. Update the Docker Hub overview pages if README content has changed ## Adding plugins From 929299e1a957e46b7467b41a83576c4c2ee29959 Mon Sep 17 00:00:00 2001 From: wkoot <3715211+wkoot@users.noreply.github.com> Date: Thu, 7 Nov 2024 23:48:12 +0100 Subject: [PATCH 7/9] Add failsafe --- .github/workflows/docker-release.yml | 2 +- .github/workflows/helm-chart.yml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml index afaac69..1dbcfc7 100644 --- a/.github/workflows/docker-release.yml +++ b/.github/workflows/docker-release.yml @@ -34,4 +34,4 @@ jobs: run: | export CONTAINER_TAG="${{ steps.semver.outputs.version }}${{ matrix.env.IMAGE_SUFFIX }}" docker build --build-arg="IMAGE_EDITION=${{ matrix.env.IMAGE_EDITION }}" -t ictu/sonar:${CONTAINER_TAG} . - docker push ictu/sonar:${CONTAINER_TAG} + echo "Would run: docker push ictu/sonar:${CONTAINER_TAG}" diff --git a/.github/workflows/helm-chart.yml b/.github/workflows/helm-chart.yml index aca302b..7bb65fd 100644 --- a/.github/workflows/helm-chart.yml +++ b/.github/workflows/helm-chart.yml @@ -41,17 +41,17 @@ jobs: - name: Build and run chart run: | - docker build --build-arg="IMAGE_EDITION=${{ matrix.env.IMAGE_EDITION }}" -t ci . + docker build --build-arg="IMAGE_EDITION=${{ matrix.env.IMAGE_EDITION }}" -t ictu/sonar:ci-latest . eval $(minikube -p minikube docker-env) kubectl apply -f helm/deploy-ci.yaml helm dependency build helm - helm upgrade --install --render-subchart-notes ictu-sonarqube helm + helm upgrade --set-json='sonarqube.image.tag="ci-latest"' --install --render-subchart-notes ictu-sonarqube helm - name: Wait for Sonar instance to start # profile for language 'web' is the last; assume everything is working if we got this far run: | eval $(minikube -p minikube docker-env) - kubectl wait --all pods --timeout=4m --for=condition=Ready + kubectl wait --all pods --timeout=5m --for=condition=Ready kubectl wait --all statefulsets --timeout=30s --for=jsonpath=status.availableReplicas=1 kubectl logs -f pod/ictu-sonarqube-sonarqube-0 |& sed "/Current profile for language 'web' is 'Sonar way'/ q" - timeout-minutes: 5 + timeout-minutes: 6 From bd8697eea0391312e4e531c59b0798f33e35fa65 Mon Sep 17 00:00:00 2001 From: wkoot <3715211+wkoot@users.noreply.github.com> Date: Fri, 8 Nov 2024 11:15:17 +0100 Subject: [PATCH 8/9] Fixes for Kubernetes deploy and ES Signed-off-by: wkoot <3715211+wkoot@users.noreply.github.com> --- .github/workflows/helm-chart.yml | 11 ++++++++++- helm/Chart.yaml | 2 +- src/start-with-profile.sh | 9 +++++---- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/.github/workflows/helm-chart.yml b/.github/workflows/helm-chart.yml index 7bb65fd..496dc80 100644 --- a/.github/workflows/helm-chart.yml +++ b/.github/workflows/helm-chart.yml @@ -43,9 +43,18 @@ jobs: run: | docker build --build-arg="IMAGE_EDITION=${{ matrix.env.IMAGE_EDITION }}" -t ictu/sonar:ci-latest . eval $(minikube -p minikube docker-env) + minikube image load ictu/sonar:ci-latest kubectl apply -f helm/deploy-ci.yaml helm dependency build helm - helm upgrade --set-json='sonarqube.image.tag="ci-latest"' --install --render-subchart-notes ictu-sonarqube helm + helm upgrade --set-json='sonarqube.elasticsearch.bootstrapChecks="false"' --set-json='sonarqube.image.tag="ci-latest"' --install --render-subchart-notes ictu-sonarqube helm + + - name: Disable ES disk watermark checks + run: | + eval $(minikube -p minikube docker-env) + kubectl wait pod/ictu-sonarqube-sonarqube-0 --timeout=1m --for=jsonpath='{.status.phase}'=Running + kubectl logs -f pod/ictu-sonarqube-sonarqube-0 |& sed "/app\[\]\[o.s.a.SchedulerImpl\] Process\[es\] is up/ q" + kubectl exec pod/ictu-sonarqube-sonarqube-0 -- curl -s -XPUT "http://localhost:9001/_cluster/settings" -H "Content-Type: application/json" -d '{"transient":{"cluster.routing.allocation.disk.threshold_enabled":false}}' + timeout-minutes: 2 - name: Wait for Sonar instance to start # profile for language 'web' is the last; assume everything is working if we got this far diff --git a/helm/Chart.yaml b/helm/Chart.yaml index 144c93a..6908917 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -11,5 +11,5 @@ dependencies: version: 15.5.38 # this corresponds with appVersion 16.4.0, upstream sonarqube helm chart uses version 10.15.0 repository: https://charts.bitnami.com/bitnami # https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml - name: sonarqube - version: 10.7.0 + version: 10.6.0 repository: https://SonarSource.github.io/helm-chart-sonarqube # https://github.com/SonarSource/helm-chart-sonarqube/blob/master/charts/sonarqube/Chart.yaml diff --git a/src/start-with-profile.sh b/src/start-with-profile.sh index e3c9a80..0b49d47 100644 --- a/src/start-with-profile.sh +++ b/src/start-with-profile.sh @@ -21,12 +21,13 @@ function waitForDatabase { echo "Only PostgreSQL databases are supported" return fi - echo "Waiting for database connection on ${host}:${port}" + local pg_connect_params + pg_connect_params="-h ${host} -p ${port} ${SONAR_JDBC_USERNAME:+-U "$SONAR_JDBC_USERNAME"} -d $(basename "${SONAR_JDBC_URL%%\?*}")" + echo "Waiting for database connection with pg connect params '${pg_connect_params}'" local count=0 local sleep=5 local timeout=${DB_START_TIMEOUT:-60} - until pg_isready -h "${host}" -p "${port}" ${SONAR_JDBC_USERNAME:+-U "$SONAR_JDBC_USERNAME"} - do + until pg_isready ${pg_connect_params} ; do if [[ count -gt timeout ]]; then echo "ERROR: Failed to start database within ${timeout} seconds" exit 1 @@ -43,7 +44,7 @@ function waitForDatabase { # - https://community.sonarsource.com/t/rules-not-registered-and-index-correctly-after-upgrade-to-10-7/128030 # - https://sonarsource.atlassian.net/browse/SONAR-23466 echo "Forcing ElasticSearch full reindex of rules, due to bug in version 10.7.0" - PGPASSWORD=${SONAR_JDBC_PASSWORD} psql -h "${host}" -p "${port}" ${SONAR_JDBC_USERNAME:+-U "$SONAR_JDBC_USERNAME"} -d "$(basename "${SONAR_JDBC_URL}")" -c "UPDATE PLUGINS SET FILE_HASH = ''" + PGPASSWORD=${SONAR_JDBC_PASSWORD} psql ${pg_connect_params} -c "UPDATE PLUGINS SET FILE_HASH = ''" } # Wait until SonarQube is operational From a7b168fddfc059b7fbcdf637aee9b5590cb30f25 Mon Sep 17 00:00:00 2001 From: wkoot <3715211+wkoot@users.noreply.github.com> Date: Thu, 14 Nov 2024 14:53:42 +0100 Subject: [PATCH 9/9] Update changelog Signed-off-by: wkoot <3715211+wkoot@users.noreply.github.com> --- CHANGELOG.md | 5 +++++ MAINTENANCE.md | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f0b8d17..f37894c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,10 +2,15 @@ ## [Unreleased] +## [10.7.0](https://github.com/ICTU/sonar/releases/tag/10.7.0) - 2024-11-14 + ### Added - Kubernetes Helm chart (#74). - Changelog with backdated changes (#72). +- Update to [SonarQube version 10.7.0](https://www.sonarsource.com/products/sonarqube/whats-new/sonarqube-10-7/) (#80). +- Update plugin `checkstyle/sonar-checkstyle` to [version 10.19.0](https://github.com/checkstyle/sonar-checkstyle/releases/tag/10.19.0) (#80). +- Update plugin `spotbugs/sonar-findbugs` to [version 4.3.0](https://github.com/spotbugs/sonar-findbugs/releases/tag/4.3.0) (#80). ## [10.5.1](https://github.com/ICTU/sonar/releases/tag/10.5.1) - 2024-05-23 diff --git a/MAINTENANCE.md b/MAINTENANCE.md index 08c0f21..9c34582 100644 --- a/MAINTENANCE.md +++ b/MAINTENANCE.md @@ -12,7 +12,8 @@ 1. Create new version tag on GitHub, following semantic versioning as: `MAJOR.MINOR.PATCH` 1. Build and push new container images to Docker Hub `ictu/sonar`, with the [docker release GitHub action](https://github.com/ICTU/sonar/actions/workflows/docker-release.yml) 1. Push the updated helm chart as OCI artifact to Docker Hub `ictu/ictu-sonarqube`, with the [helm release GitHub action](https://github.com/ICTU/sonar/actions/workflows/helm-release.yml) -1. Update the Docker Hub overview pages if README content has changed +1. Update the `CHANGELOG.md` with new version information and move `[Unreleased]` items to new version section +1. Update the Docker Hub overview pages if `README.md` content has changed ## Adding plugins