diff --git a/.cirrus.yaml b/.cirrus.yaml index 7d89d01b6..f76068d0d 100644 --- a/.cirrus.yaml +++ b/.cirrus.yaml @@ -85,13 +85,10 @@ chart_testing_task: - export DOCKER_HOST=tcp://localhost:2375 - ./.cirrus/wait_for_kind.sh script: - - helm repo add clustersecret https://charts.clustersecret.io/ - - helm install clustersecret clustersecret/cluster-secret -n clustersecret --create-namespace - - DOCKER_CONFIG=$(kubectl create secret docker-registry unused --docker-username=${DOCKER_USERNAME} --docker-password=${DOCKER_PASSWORD} --dry-run -o json | jq '.data.".dockerconfigjson"') - - sed -i "s|DOCKER_CONFIG_JSON|${DOCKER_CONFIG}|g" .cirrus/docker_hub_test_pull_secret.yaml - - kubectl apply -f .cirrus/docker_hub_test_pull_secret.yaml + - kubectl create namespace test + - kubectl create secret docker-registry pullsecret --namespace test --docker-username=${DOCKER_USERNAME} --docker-password=${DOCKER_PASSWORD} - ct lint --config test.yaml --all - - ct install --config test.yaml --all + - ct install --namespace test --config test.yaml --all artifacthub_lint_script: - ah lint depends_on: diff --git a/.cirrus/docker_hub_test_pull_secret.yaml b/.cirrus/docker_hub_test_pull_secret.yaml deleted file mode 100644 index a3fcab538..000000000 --- a/.cirrus/docker_hub_test_pull_secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: clustersecret.io/v1 -kind: ClusterSecret -metadata: - namespace: clustersecret - name: pullsecret -matchNamespace: - - '*' -avoidNamespaces: - - default - - kube-system -type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: DOCKER_CONFIG_JSON diff --git a/charts/sonarqube-dce/CHANGELOG.md b/charts/sonarqube-dce/CHANGELOG.md index f3e5920dc..9332c990c 100644 --- a/charts/sonarqube-dce/CHANGELOG.md +++ b/charts/sonarqube-dce/CHANGELOG.md @@ -8,7 +8,6 @@ All changes to this chart will be documented in this file. * Add revisionHistoryLimit configuration for SonarQube application Deployment ReplicaSets * Introduce `ApplicationNodes.podDisruptionBudget` and `searchNodes.podDisruptionBudget` and deprecate `ApplicationNodes.podDistributionBudget` and `searchNodes.podDistributionBudget`. * Update the security contexts to use root as group ID -* Change the compatible SonarQube version to 10.4.0 ## [10.3.0] * Upgrade SonarQube to 10.3.0 diff --git a/charts/sonarqube-dce/Chart.yaml b/charts/sonarqube-dce/Chart.yaml index b8dc71e0c..15bf29cfb 100644 --- a/charts/sonarqube-dce/Chart.yaml +++ b/charts/sonarqube-dce/Chart.yaml @@ -3,7 +3,7 @@ name: sonarqube-dce description: SonarQube is a self-managed, automatic code review tool that systematically helps you deliver clean code. As a core element of our Sonar solution, SonarQube integrates into your existing workflow and detects issues in your code to help you perform continuous code inspections of your projects. The tool analyses 30+ different programming languages and integrates into your CI pipeline and DevOps platform to ensure that your code meets high-quality standards. type: application version: 10.4.0 -appVersion: 10.4.0 +appVersion: 10.3.0 keywords: - coverage - security @@ -39,8 +39,6 @@ annotations: description: "Introduce `ApplicationNodes.podDisruptionBudget` and `searchNodes.podDisruptionBudget` and deprecate `ApplicationNodes.podDistributionBudget` and `searchNodes.podDistributionBudget`." - kind: changed description: "Update the security contexts to use root as group ID" - - kind: changed - description: "Change the compatible SonarQube version to 10.4.0" artifacthub.io/links: | - name: support url: https://community.sonarsource.com/ @@ -49,9 +47,9 @@ annotations: artifacthub.io/containsSecurityUpdates: "false" artifacthub.io/images: | - name: sonarqube-app - image: sonarqube:10.4.0-datacenter-app + image: sonarqube:10.3.0-datacenter-app - name: sonarqube-search - image: sonarqube:10.4.0-datacenter-search + image: sonarqube:10.3.0-datacenter-search dependencies: - name: postgresql version: 10.15.0 diff --git a/charts/sonarqube-dce/README.md b/charts/sonarqube-dce/README.md index 47c7d8d3f..16ecc051c 100644 --- a/charts/sonarqube-dce/README.md +++ b/charts/sonarqube-dce/README.md @@ -14,7 +14,7 @@ Please note that this chart does NOT support SonarQube Community, Developer, and ## Compatibility -Compatible SonarQube Version: `10.4.0` +Compatible SonarQube Version: `10.3.0` Supported Kubernetes Versions: From `1.24` to `1.28` @@ -175,7 +175,7 @@ The following table lists the configurable parameters of the SonarQube chart and | Parameter | Description | Default | | --------------------------------------------------------- | ------------------------------------------------------------------------------------- | ---------------------------------------------------------------------- | | `searchNodes.image.repository` | search image repository | `sonarqube` | -| `searchNodes.image.tag` | search image tag | `10.4.0-datacenter-search` | +| `searchNodes.image.tag` | search image tag | `10.3.0-datacenter-search` | | `searchNodes.image.pullPolicy` | search image pull policy | `IfNotPresent` | | `searchNodes.image.pullSecret` | (DEPRECATED) search imagePullSecret to use for private repository | `nil` | | `searchNodes.image.pullSecrets` | search imagePullSecrets to use for private repository | `nil` | @@ -225,7 +225,7 @@ The following table lists the configurable parameters of the SonarQube chart and | Parameter | Description | Default | | ---------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------- | | `ApplicationNodes.image.repository` | app image repository | `sonarqube` | -| `ApplicationNodes.image.tag` | app image tag | `10.4.0-datacenter-app` | +| `ApplicationNodes.image.tag` | app image tag | `10.3.0-datacenter-app` | | `ApplicationNodes.image.pullPolicy` | app image pull policy | `IfNotPresent` | | `ApplicationNodes.image.pullSecret` | (DEPRECATED) app imagePullSecret to use for private repository | `nil` | | `ApplicationNodes.image.pullSecrets` | app imagePullSecrets to use for private repository | `nil` | diff --git a/charts/sonarqube-dce/ci/cirrus-values.yaml b/charts/sonarqube-dce/ci/cirrus-values.yaml index e7e56ae17..b9f95da0d 100644 --- a/charts/sonarqube-dce/ci/cirrus-values.yaml +++ b/charts/sonarqube-dce/ci/cirrus-values.yaml @@ -5,6 +5,7 @@ searchNodes: replicaCount: 1 image: repository: "sonarsource/sonarqube" + tag: "10.4.0-datacenter-search" pullSecrets: - name: pullsecret @@ -13,5 +14,6 @@ ApplicationNodes: jwtSecret: "mnGBJtmwRbIREqy3vSw6Cinoi2WEom9JH+iw/tXOJX4=" image: repository: "sonarsource/sonarqube" + tag: "10.4.0-datacenter-app" pullSecrets: - name: pullsecret diff --git a/charts/sonarqube-dce/templates/NOTES.txt b/charts/sonarqube-dce/templates/NOTES.txt index 7927362ed..b79e2f9ad 100644 --- a/charts/sonarqube-dce/templates/NOTES.txt +++ b/charts/sonarqube-dce/templates/NOTES.txt @@ -17,6 +17,9 @@ echo "Visit http://127.0.0.1:8080 to use your application" kubectl port-forward $POD_NAME 8080:{{ .Values.service.externalPort }} -n {{ .Release.Namespace }} {{- end }} +WARNING: + Please note that the SonarQube images run with a non-root user (uid=1000) belonging to the root group (guid=0). In this way, the chart can support arbitrary user ids as recommended in OpenShift. + Please visit https://docs.openshift.com/container-platform/4.14/openshift_images/create-images.html#use-uid_create-images for more information. {{ if .Values.postgresql.enabled }} WARNING: The embedded PostgreSQL is intended for evaluation only, it is DEPRECATED, and it will be REMOVED in a future release. Please visit https://artifacthub.io/packages/helm/sonarqube/sonarqube#production-use-case for more information. diff --git a/charts/sonarqube-dce/values.yaml b/charts/sonarqube-dce/values.yaml index 666ab393c..b950209b7 100644 --- a/charts/sonarqube-dce/values.yaml +++ b/charts/sonarqube-dce/values.yaml @@ -5,7 +5,7 @@ searchNodes: image: repository: sonarqube - tag: 10.4.0-datacenter-search + tag: 10.3.0-datacenter-search pullPolicy: IfNotPresent # If using a private repository, the imagePullSecrets to use # pullSecrets: @@ -142,7 +142,7 @@ searchNodes: ApplicationNodes: image: repository: sonarqube - tag: 10.4.0-datacenter-app + tag: 10.3.0-datacenter-app pullPolicy: IfNotPresent # If using a private repository, the imagePullSecrets to use # pullSecrets: diff --git a/charts/sonarqube/CHANGELOG.md b/charts/sonarqube/CHANGELOG.md index ff1accca1..b53f6eb79 100644 --- a/charts/sonarqube/CHANGELOG.md +++ b/charts/sonarqube/CHANGELOG.md @@ -7,7 +7,6 @@ All changes to this chart will be documented in this file. * Run the initSysctl init-container as root to prevent 'permission denied' issues * Add revisionHistoryLimit configuration for SonarQube application Deployment ReplicaSets & StatefulSets * Update the security contexts to use root as group ID -* Change the compatible SonarQube version to 10.4.0 ## [10.3.0] * Upgrade SonarQube to 10.3.0 diff --git a/charts/sonarqube/Chart.yaml b/charts/sonarqube/Chart.yaml index 431a847c5..d13caea5e 100644 --- a/charts/sonarqube/Chart.yaml +++ b/charts/sonarqube/Chart.yaml @@ -3,7 +3,7 @@ name: sonarqube description: SonarQube is a self-managed, automatic code review tool that systematically helps you deliver clean code. As a core element of our Sonar solution, SonarQube integrates into your existing workflow and detects issues in your code to help you perform continuous code inspections of your projects. The tool analyses 30+ different programming languages and integrates into your CI pipeline and DevOps platform to ensure that your code meets high-quality standards. type: application version: 10.4.0 -appVersion: 10.4.0 +appVersion: 10.3.0 keywords: - coverage - security @@ -42,12 +42,10 @@ annotations: description: "Add revisionHistoryLimit configuration for SonarQube application Deployment ReplicaSets & StatefulSets" - kind: changed description: "Update the security contexts to use root as group ID" - - kind: changed - description: "Change the compatible SonarQube version to 10.4.0" artifacthub.io/containsSecurityUpdates: "false" artifacthub.io/images: | - name: sonarqube - image: sonarqube:10.4.0-community + image: sonarqube:10.3.0-community dependencies: - name: postgresql version: 10.15.0 diff --git a/charts/sonarqube/README.md b/charts/sonarqube/README.md index fc4b39634..bce5ada9f 100644 --- a/charts/sonarqube/README.md +++ b/charts/sonarqube/README.md @@ -14,7 +14,7 @@ Please note that this chart only supports SonarQube Community, Developer, and En ## Compatibility -Compatible SonarQube Version: `10.4.0` +Compatible SonarQube Version: `10.3.0` Supported Kubernetes Versions: From `1.24` to `1.28` @@ -214,7 +214,7 @@ The following table lists the configurable parameters of the SonarQube chart and | Parameter | Description | Default | | ------------------- | ---------------------------------------------------------- | ------------------------------ | | `image.repository` | image repository | `sonarqube` | -| `image.tag` | `sonarqube` image tag. | `10.4.0-{{ .Values.edition }}` | +| `image.tag` | `sonarqube` image tag. | `10.3.0-{{ .Values.edition }}` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `image.pullSecret` | (DEPRECATED) imagePullSecret to use for private repository | `None` | | `image.pullSecrets` | imagePullSecrets to use for private repository | `None` | diff --git a/charts/sonarqube/ci/cirrus-values.yaml b/charts/sonarqube/ci/cirrus-values.yaml index 2f0fe47d4..85e93df29 100644 --- a/charts/sonarqube/ci/cirrus-values.yaml +++ b/charts/sonarqube/ci/cirrus-values.yaml @@ -2,3 +2,4 @@ image: pullSecrets: - name: pullsecret repository: "sonarsource/sonarqube" + tag: "10.4.0-community" diff --git a/charts/sonarqube/templates/NOTES.txt b/charts/sonarqube/templates/NOTES.txt index c05ea97d3..c8a25dd94 100644 --- a/charts/sonarqube/templates/NOTES.txt +++ b/charts/sonarqube/templates/NOTES.txt @@ -20,6 +20,9 @@ echo "Visit http://127.0.0.1:8080 to use your application" kubectl port-forward $POD_NAME 8080:{{ .Values.service.externalPort }} -n {{ .Release.Namespace }} {{- end }} +WARNING: + Please note that the SonarQube image runs with a non-root user (uid=1000) belonging to the root group (guid=0). In this way, the chart can support arbitrary user ids as recommended in OpenShift. + Please visit https://docs.openshift.com/container-platform/4.14/openshift_images/create-images.html#use-uid_create-images for more information. {{ if .Values.postgresql.enabled }} WARNING: The embedded PostgreSQL is intended for evaluation only, it is DEPRECATED, and it will be REMOVED in a future release. Please visit https://artifacthub.io/packages/helm/sonarqube/sonarqube#production-use-case for more information. diff --git a/charts/sonarqube/values.yaml b/charts/sonarqube/values.yaml index 2edd7219c..6563e5489 100644 --- a/charts/sonarqube/values.yaml +++ b/charts/sonarqube/values.yaml @@ -30,7 +30,7 @@ edition: "community" image: repository: sonarqube - tag: 10.4.0-{{ .Values.edition }} + tag: 10.3.0-{{ .Values.edition }} pullPolicy: IfNotPresent # If using a private repository, the imagePullSecrets to use # pullSecrets: