SONAR-21478 Fix the secret retrieval for DockerHub authentication

.cirrus.yaml

@@ -85,13 +85,10 @@ chart_testing_task:
     - export DOCKER_HOST=tcp://localhost:2375
     - ./.cirrus/wait_for_kind.sh
   script:
-    - helm repo add clustersecret https://charts.clustersecret.io/
-    - helm install clustersecret clustersecret/cluster-secret -n clustersecret --create-namespace
-    - DOCKER_CONFIG=$(kubectl create secret docker-registry unused --docker-username=${DOCKER_USERNAME} --docker-password=${DOCKER_PASSWORD} --dry-run -o json | jq '.data.".dockerconfigjson"')
-    - sed -i "s|DOCKER_CONFIG_JSON|${DOCKER_CONFIG}|g" .cirrus/docker_hub_test_pull_secret.yaml
-    - kubectl apply -f .cirrus/docker_hub_test_pull_secret.yaml
+    - kubectl create namespace test
+    - kubectl create secret docker-registry pullsecret --namespace test --docker-username=${DOCKER_USERNAME} --docker-password=${DOCKER_PASSWORD}
     - ct lint --config test.yaml --all
-    - ct install --config test.yaml --all
+    - ct install --namespace test --config test.yaml --all
   artifacthub_lint_script:
     - ah lint
   depends_on:

charts/sonarqube-dce/CHANGELOG.md

@@ -8,7 +8,6 @@ All changes to this chart will be documented in this file.
 * Add revisionHistoryLimit configuration for SonarQube application Deployment ReplicaSets
 * Introduce `ApplicationNodes.podDisruptionBudget` and `searchNodes.podDisruptionBudget` and deprecate `ApplicationNodes.podDistributionBudget` and `searchNodes.podDistributionBudget`.
 * Update the security contexts to use root as group ID
-* Change the compatible SonarQube version to 10.4.0
 
 ## [10.3.0]
 * Upgrade SonarQube to 10.3.0

charts/sonarqube-dce/Chart.yaml

@@ -3,7 +3,7 @@ name: sonarqube-dce
 description: SonarQube is a self-managed, automatic code review tool that systematically helps you deliver clean code. As a core element of our Sonar solution, SonarQube integrates into your existing workflow and detects issues in your code to help you perform continuous code inspections of your projects. The tool analyses 30+ different programming languages and integrates into your CI pipeline and DevOps platform to ensure that your code meets high-quality standards.
 type: application
 version: 10.4.0
-appVersion: 10.4.0
+appVersion: 10.3.0
 keywords:
   - coverage
   - security
@@ -39,8 +39,6 @@ annotations:
       description: "Introduce `ApplicationNodes.podDisruptionBudget` and `searchNodes.podDisruptionBudget` and deprecate `ApplicationNodes.podDistributionBudget` and `searchNodes.podDistributionBudget`."
     - kind: changed
       description: "Update the security contexts to use root as group ID"
-    - kind: changed
-      description: "Change the compatible SonarQube version to 10.4.0"
   artifacthub.io/links: |
     - name: support
       url: https://community.sonarsource.com/
@@ -49,9 +47,9 @@ annotations:
   artifacthub.io/containsSecurityUpdates: "false"
   artifacthub.io/images: |
     - name: sonarqube-app
-      image: sonarqube:10.4.0-datacenter-app
+      image: sonarqube:10.3.0-datacenter-app
     - name: sonarqube-search
-      image: sonarqube:10.4.0-datacenter-search
+      image: sonarqube:10.3.0-datacenter-search
 dependencies:
   - name: postgresql
     version: 10.15.0

charts/sonarqube-dce/README.md

@@ -14,7 +14,7 @@ Please note that this chart does NOT support SonarQube Community, Developer, and
 
 ## Compatibility
 
-Compatible SonarQube Version: `10.4.0`
+Compatible SonarQube Version: `10.3.0`
 
 Supported Kubernetes Versions: From `1.24` to `1.28`
 
@@ -175,7 +175,7 @@ The following table lists the configurable parameters of the SonarQube chart and
 | Parameter                                                 | Description                                                                           | Default                                                                |
 | --------------------------------------------------------- | ------------------------------------------------------------------------------------- | ---------------------------------------------------------------------- |
 | `searchNodes.image.repository`                            | search image repository                                                               | `sonarqube`                                                            |
-| `searchNodes.image.tag`                                   | search image tag                                                                      | `10.4.0-datacenter-search`                                             |
+| `searchNodes.image.tag`                                   | search image tag                                                                      | `10.3.0-datacenter-search`                                             |
 | `searchNodes.image.pullPolicy`                            | search image pull policy                                                              | `IfNotPresent`                                                         |
 | `searchNodes.image.pullSecret`                            | (DEPRECATED) search imagePullSecret to use for private repository                     | `nil`                                                                  |
 | `searchNodes.image.pullSecrets`                           | search imagePullSecrets to use for private repository                                 | `nil`                                                                  |
@@ -225,7 +225,7 @@ The following table lists the configurable parameters of the SonarQube chart and
 | Parameter                                                        | Description                                                                                                                                                                               | Default                                                                |
 | ---------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------- |
 | `ApplicationNodes.image.repository`                              | app image repository                                                                                                                                                                      | `sonarqube`                                                            |
-| `ApplicationNodes.image.tag`                                     | app image tag                                                                                                                                                                             | `10.4.0-datacenter-app`                                                |
+| `ApplicationNodes.image.tag`                                     | app image tag                                                                                                                                                                             | `10.3.0-datacenter-app`                                                |
 | `ApplicationNodes.image.pullPolicy`                              | app image pull policy                                                                                                                                                                     | `IfNotPresent`                                                         |
 | `ApplicationNodes.image.pullSecret`                              | (DEPRECATED) app imagePullSecret to use for private repository                                                                                                                            | `nil`                                                                  |
 | `ApplicationNodes.image.pullSecrets`                             | app imagePullSecrets to use for private repository                                                                                                                                        | `nil`                                                                  |

charts/sonarqube-dce/ci/cirrus-values.yaml

@@ -5,6 +5,7 @@ searchNodes:
   replicaCount: 1
   image:
     repository: "sonarsource/sonarqube"
+    tag: "10.4.0-datacenter-search"
     pullSecrets:
       - name: pullsecret
 
@@ -13,5 +14,6 @@ ApplicationNodes:
   jwtSecret: "mnGBJtmwRbIREqy3vSw6Cinoi2WEom9JH+iw/tXOJX4="
   image:
     repository: "sonarsource/sonarqube"
+    tag: "10.4.0-datacenter-app"
     pullSecrets:
       - name: pullsecret

charts/sonarqube-dce/templates/NOTES.txt

@@ -17,6 +17,9 @@
   echo "Visit http://127.0.0.1:8080 to use your application"
   kubectl port-forward $POD_NAME 8080:{{ .Values.service.externalPort }} -n {{ .Release.Namespace }}
 {{- end }}
+WARNING: 
+         Please note that the SonarQube images run with a non-root user (uid=1000) belonging to the root group (guid=0). In this way, the chart can support arbitrary user ids as recommended in OpenShift.
+         Please visit https://docs.openshift.com/container-platform/4.14/openshift_images/create-images.html#use-uid_create-images for more information.
 {{ if .Values.postgresql.enabled }}
 WARNING: The embedded PostgreSQL is intended for evaluation only, it is DEPRECATED, and it will be REMOVED in a future release.
          Please visit https://artifacthub.io/packages/helm/sonarqube/sonarqube#production-use-case for more information.

charts/sonarqube-dce/values.yaml

@@ -5,7 +5,7 @@
 searchNodes:
   image:
     repository: sonarqube
-    tag: 10.4.0-datacenter-search
+    tag: 10.3.0-datacenter-search
     pullPolicy: IfNotPresent
     # If using a private repository, the imagePullSecrets to use
     # pullSecrets:
@@ -142,7 +142,7 @@ searchNodes:
 ApplicationNodes:
   image:
     repository: sonarqube
-    tag: 10.4.0-datacenter-app
+    tag: 10.3.0-datacenter-app
     pullPolicy: IfNotPresent
     # If using a private repository, the imagePullSecrets to use
     # pullSecrets:

charts/sonarqube/CHANGELOG.md

@@ -7,7 +7,6 @@ All changes to this chart will be documented in this file.
 * Run the initSysctl init-container as root to prevent 'permission denied' issues
 * Add revisionHistoryLimit configuration for SonarQube application Deployment ReplicaSets & StatefulSets
 * Update the security contexts to use root as group ID
-* Change the compatible SonarQube version to 10.4.0
 
 ## [10.3.0]
 * Upgrade SonarQube to 10.3.0

charts/sonarqube/Chart.yaml

@@ -3,7 +3,7 @@ name: sonarqube
 description: SonarQube is a self-managed, automatic code review tool that systematically helps you deliver clean code. As a core element of our Sonar solution, SonarQube integrates into your existing workflow and detects issues in your code to help you perform continuous code inspections of your projects. The tool analyses 30+ different programming languages and integrates into your CI pipeline and DevOps platform to ensure that your code meets high-quality standards.
 type: application
 version: 10.4.0
-appVersion: 10.4.0
+appVersion: 10.3.0
 keywords:
   - coverage
   - security
@@ -42,12 +42,10 @@ annotations:
       description: "Add revisionHistoryLimit configuration for SonarQube application Deployment ReplicaSets & StatefulSets"
     - kind: changed
       description: "Update the security contexts to use root as group ID"
-    - kind: changed
-      description: "Change the compatible SonarQube version to 10.4.0"
   artifacthub.io/containsSecurityUpdates: "false"
   artifacthub.io/images: |
     - name: sonarqube
-      image: sonarqube:10.4.0-community
+      image: sonarqube:10.3.0-community
 dependencies:
   - name: postgresql
     version: 10.15.0

charts/sonarqube/README.md

@@ -14,7 +14,7 @@ Please note that this chart only supports SonarQube Community, Developer, and En
 
 ## Compatibility
 
-Compatible SonarQube Version: `10.4.0`
+Compatible SonarQube Version: `10.3.0`
 
 Supported Kubernetes Versions: From `1.24` to `1.28`
 
@@ -214,7 +214,7 @@ The following table lists the configurable parameters of the SonarQube chart and
 | Parameter           | Description                                                | Default                        |
 | ------------------- | ---------------------------------------------------------- | ------------------------------ |
 | `image.repository`  | image repository                                           | `sonarqube`                    |
-| `image.tag`         | `sonarqube` image tag.                                     | `10.4.0-{{ .Values.edition }}` |
+| `image.tag`         | `sonarqube` image tag.                                     | `10.3.0-{{ .Values.edition }}` |
 | `image.pullPolicy`  | Image pull policy                                          | `IfNotPresent`                 |
 | `image.pullSecret`  | (DEPRECATED) imagePullSecret to use for private repository | `None`                         |
 | `image.pullSecrets` | imagePullSecrets to use for private repository             | `None`                         |

charts/sonarqube/ci/cirrus-values.yaml

@@ -2,3 +2,4 @@ image:
   pullSecrets:
     - name: pullsecret
   repository: "sonarsource/sonarqube"
+  tag: "10.4.0-community"

charts/sonarqube/templates/NOTES.txt

@@ -20,6 +20,9 @@
   echo "Visit http://127.0.0.1:8080 to use your application"
   kubectl port-forward $POD_NAME 8080:{{ .Values.service.externalPort }} -n {{ .Release.Namespace }}
 {{- end }}
+WARNING: 
+         Please note that the SonarQube image runs with a non-root user (uid=1000) belonging to the root group (guid=0). In this way, the chart can support arbitrary user ids as recommended in OpenShift.
+         Please visit https://docs.openshift.com/container-platform/4.14/openshift_images/create-images.html#use-uid_create-images for more information.
 {{ if .Values.postgresql.enabled }}
 WARNING: The embedded PostgreSQL is intended for evaluation only, it is DEPRECATED, and it will be REMOVED in a future release.
          Please visit https://artifacthub.io/packages/helm/sonarqube/sonarqube#production-use-case for more information.

charts/sonarqube/values.yaml

@@ -30,7 +30,7 @@ edition: "community"
 
 image:
   repository: sonarqube
-  tag: 10.4.0-{{ .Values.edition }}
+  tag: 10.3.0-{{ .Values.edition }}
   pullPolicy: IfNotPresent
   # If using a private repository, the imagePullSecrets to use
   # pullSecrets: