Merge pull request #6 from stakater-docker/use-base-sonarqube

Use base sonarqube

Dockerfile

@@ -1,58 +1,17 @@
-FROM stakater/java-centos:7-1.8
-
-ENV SONAR_VERSION=7.1 \
-    SONARQUBE_HOME=/opt/app/sonarqube \
-    # Database configuration
-    # Defaults to using H2
-    SONARQUBE_JDBC_USERNAME=sonar \
-    SONARQUBE_JDBC_PASSWORD=sonar \
-    SONARQUBE_JDBC_URL=  \
-    CONF_MOUNT_PATH="/opt/app/tmp/conf/sonar.properties"
-
-# Comma separated list of Plugin URLS to install 
-ARG PLUGIN_URLS="https://github.com/vaulttec/sonar-auth-oidc/releases/download/v1.0.4/sonar-auth-oidc-plugin-1.0.4.jar"
-
-# Change to user root to install jdk, cant install it with any other user
-USER root 
-RUN yum install -y unzip && \
-    yum clean all
-
-RUN set -x \
-    # pub   2048R/D26468DE 2015-05-25
-    #       Key fingerprint = F118 2E81 C792 9289 21DB  CAB4 CFCA 4A29 D264 68DE
-    # uid                  sonarsource_deployer (Sonarsource Deployer) <[email protected]>
-    # sub   2048R/06855C1D 2015-05-25
-    && (gpg --keyserver ha.pool.sks-keyservers.net --recv-keys F1182E81C792928921DBCAB4CFCA4A29D26468DE \
-	    || gpg --keyserver ipv4.pool.sks-keyservers.net --recv-keys F1182E81C792928921DBCAB4CFCA4A29D26468DE) \
-    && curl -o sonarqube.zip -fSL https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-$SONAR_VERSION.zip \
-    && curl -o sonarqube.zip.asc -fSL https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-$SONAR_VERSION.zip.asc \
-    && gpg --batch --verify sonarqube.zip.asc sonarqube.zip \
-    && unzip sonarqube.zip \
-    && mv sonarqube-$SONAR_VERSION sonarqube \
-    && rm sonarqube.zip* \
-    && rm -rf $SONARQUBE_HOME/bin/*
-
-# Download plugins from list 
-RUN mkdir -p ${HOME}/downloads/plugins \
-    && cd ${HOME}/downloads/plugins \
-    && IFS=, read -ra pluginUrlList <<< "$PLUGIN_URLS" \
-    && for plugin_url in "${pluginUrlList[@]}"; \
-       do \
-         wget "${plugin_url}"; \
-       done
-
-# Add Plugins as jar files
-ADD plugins/* ${HOME}/downloads/plugins/
-
-RUN chown -R 10001 $SONARQUBE_HOME \
-      && chown -R 10001 ${HOME}/downloads/
-
-# Again using non-root user i.e. stakater as set in base image
-USER 10001
-
-# Http port
-EXPOSE 9000
-
-WORKDIR $SONARQUBE_HOME
-COPY run.sh $SONARQUBE_HOME/bin/
-ENTRYPOINT ["./bin/run.sh"]
+FROM docker.io/sonarqube:7.9.1-community
+
+USER root
+ARG sonar_plugins="pmd ldap"
+ADD sonar.properties /opt/sonarqube/conf/sonar.properties
+ADD run.sh /opt/sonarqube/bin/run.sh
+CMD /opt/sonarqube/bin/run.sh
+RUN cp -a /opt/sonarqube/data /opt/sonarqube/data-init && \
+	cp -a /opt/sonarqube/extensions /opt/sonarqube/extensions-init && \
+	chown root:root /opt/sonarqube && chmod -R gu+rwX /opt/sonarqube
+ADD plugins.sh /opt/sonarqube/bin/plugins.sh
+ADD https://github.com/rht-labs/sonar-auth-openshift/releases/latest/download/sonar-auth-openshift-plugin.jar /opt/sonarqube/extensions-init/plugins/
+ADD https://github.com/dmeiners88/sonarqube-prometheus-exporter/releases/download/v1.0.0-SNAPSHOT-2018-07-04/sonar-prometheus-exporter-1.0.0-SNAPSHOT.jar /opt/sonarqube/extensions-init/plugins/
+RUN /opt/sonarqube/bin/plugins.sh $sonar_plugins
+RUN chown root:root /opt/sonarqube -R; \
+    chmod 6775 /opt/sonarqube -R
+USER 1001

Jenkinsfile

@@ -1,7 +1,7 @@
 #!/usr/bin/env groovy
-@Library('github.com/stakater/fabric8-pipeline-library@v2.9.4') _
+@Library('github.com/stakater/stakater-pipeline-library@v2.16.35') _
 
 pushDockerImage {
-    dockerRegistryURL = "docker.io"
-    imagePrefix = "7.1-jdk1.8-centos7"
-}
+    dockerRepositoryURL = "docker.io"
+    imagePrefix = "7.9.1-community-jdk11.0.5-debian10"
+}

plugins.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+set -e
+# set -x	## Uncomment for debugging
+
+printf 'Downloading plugin details\n'
+
+## Extract sonarqube version
+export SQ_VERSION=$(ls /opt/sonarqube/lib/sonar-application* | awk -F"-" '{print $3}' | sed 's@\.jar$@@g')
+echo "SONARQUBE_VERSION: ${SQ_VERSION}"
+
+
+curl -L -sS -o /tmp/pluginList.txt https://update.sonarsource.org/update-center.properties
+printf "Downloading additional plugins\n"
+for PLUGIN in "$@"
+do
+	printf '\tExtracting plugin download location - %s\n' ${PLUGIN}
+	MATCH_STRING=$(cat /tmp/pluginList.txt | grep requiredSonarVersions | grep -E "[,=]${SQ_VERSION}(,|$)" | sed 's@\.requiredSonarVersions.*@@g' | sort -V | grep "^${PLUGIN}\." | tail -n 1 | sed 's@[email protected]@g')
+
+	if ! [[ -z "${MATCH_STRING}" ]]; then
+		DOWNLOAD_URL=$(cat /tmp/pluginList.txt | grep ${MATCH_STRING} | awk -F"=" '{print $2}' | sed 's@\\:@:@g')
+		PLUGIN_FILE=$(echo ${DOWNLOAD_URL} | sed 's@.*/\(.*\)$@\1@g')
+
+		## Check to see if plugin exists, attempt to download the plugin if it does exist.
+		if ! [[ -z "${DOWNLOAD_URL}" ]]; then
+			curl -L -sS -o /opt/sonarqube/extensions-init/plugins/${PLUGIN_FILE} ${DOWNLOAD_URL} && printf "\t\t%-35s%10s" "${PLUGIN_FILE}" "DONE" || printf "\t\t%-35s%10s" "${PLUGIN_FILE}" "FAILED"
+			printf "\n"
+		else
+			## Plugin was not found in the plugin inventory
+			printf "\t\t%-15s%10s\n" "${PLUGIN}" "NOT FOUND"
+		fi
+	else
+		printf "\t\t%-15s%10s\n" $PLUGIN "NOT FOUND"
+	fi
+done
+
+rm -f /tmp/pluginList.txt

requirements.yml

@@ -0,0 +1,8 @@
+# This is the Ansible Galaxy requirements file to pull in the correct roles
+# to support the operation of CASL provisioning/runs.
+
+# From 'openshift-applier'
+- name: openshift-applier
+  scm: git
+  src: https://github.com/redhat-cop/openshift-applier
+  version: v2.1.1

run.sh

@@ -1,28 +1,28 @@
 #!/bin/bash
 
+set -x
 set -e
 
-if [ "${1:0:1}" != '-' ]; then
-  exec "$@"
-fi
+## If the mounted data volume is empty, populate it from the default data
+cp -a /opt/sonarqube/data-init/* /opt/sonarqube/data/
 
-# Create extensions directories to enable usage after volume mounting
-mkdir -p ${SONARQUBE_HOME}/extensions/plugins ${SONARQUBE_HOME}/extensions/jdbc-driver 
+## Link the plugins directory from the mounted volume
+rm -rf /opt/sonarqube/extensions/plugins
+ln -s /opt/sonarqube/data/plugins /opt/sonarqube/extensions/plugins
 
-# Install plugins from download dir
-mv ${HOME}/downloads/plugins/* ${SONARQUBE_HOME}/extensions/plugins
+mkdir -p /opt/sonarqube/data/plugins
+for I in $(ls /opt/sonarqube/extensions-init/plugins/*.jar);
+do
+  TARGET_PATH=$(echo ${I} | sed 's@extensions-init/plugins@data/plugins@g')
+  if ! [[ -e ${TARGET_PATH} ]]; then
+    cp ${I} ${TARGET_PATH}
+  fi
+done
 
-# Move conf from temp mount path to conf location
-if [ -f ${CONF_MOUNT_PATH} ];
-then
-  rm -f ${SONARQUBE_HOME}/conf/sonar.properties
-  mv ${CONF_MOUNT_PATH} ${SONARQUBE_HOME}/conf/
+if [ "${1:0:1}" != '-' ]; then
+  exec "$@"
 fi
 
-exec java -jar lib/sonar-application-$SONAR_VERSION.jar \
-  -Dsonar.log.console=true \
-  -Dsonar.jdbc.username="$SONARQUBE_JDBC_USERNAME" \
-  -Dsonar.jdbc.password="$SONARQUBE_JDBC_PASSWORD" \
-  -Dsonar.jdbc.url="$SONARQUBE_JDBC_URL" \
-  -Dsonar.web.javaAdditionalOpts="$SONARQUBE_WEB_JVM_OPTS -Djava.security.egd=file:/dev/./urandom" \
-  "$@"
+java -jar lib/sonar-application-$SONAR_VERSION.jar \
+    -Dsonar.web.javaAdditionalOpts="${SONARQUBE_WEB_JVM_OPTS} -Djava.security.egd=file:/dev/./urandom" \
+    "$@"