Sonar upgrade to 8.9 LTS (#1096)

* sonarqube upgrade to 8.9 lts
opendevstack · Jan 31, 2023 · cce288b · cce288b
1 parent 489e97a
commit cce288b
Show file tree

Hide file tree

Showing 10 changed files with 30 additions and 73 deletions.
diff --git a/.github/workflows/continuous-integration-workflow.yml b/.github/workflows/continuous-integration-workflow.yml
@@ -71,8 +71,8 @@ jobs:
     runs-on: ubuntu-18.04
     strategy:
       matrix:
-        version: ['7.9', '8.2.0.32929'] # 7.9 = LTS, 8.2 = latest version
-        edition: ['community', 'enterprise']
+        version: ['8.9.10.61524'] # 8.9 = LTS
+        edition: ['community', 'developer', 'enterprise']
     steps:
       -
         name: Checkout repository

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,7 @@
 
 - Maintenance, update nexus to version 3.45.1 ([#1201](https://github.com/opendevstack/ods-core/pull/1201))
 - Update Containers Probes in Jenkins ([#1191](https://github.com/opendevstack/ods-core/issues/1191))
+- Upgrade SonarQube to version 8.9 LTS, removal of plugins that are now bundled ([#1075](https://github.com/opendevstack/ods-core/issues/1075))
 
 ## [4.1.1] - 2022-11-24
 
@@ -92,6 +93,10 @@
 
 - ds-jupyter-notebook renamed to ds-jupyter-lab and upgrade to JupyterLab 3 ([#562](https://github.com/opendevstack/ods-quickstarters/issues/562))
 
+- Updated Tailor to 1.3.4 ([#1090](https://github.com/opendevstack/ods-core/issues/1090))
+- Updated Nexus to 3.40.1 ([#1164](https://github.com/opendevstack/ods-core/pull/1164))
+- Simplify force auth configuration for sonarqube ([#986](https://github.com/opendevstack/ods-core/issues/986))
+
 ### Fixed
 - ODS AMI build failed due to an installation error of chrome package ([#1054](https://github.com/opendevstack/ods-core/pull/1054))
 - ODS AMI build failed due to jira missing permissions on jira data folder ([#1005](https://github.com/opendevstack/ods-core/pull/1005))

diff --git a/configuration-sample/ods-core.env.sample b/configuration-sample/ods-core.env.sample
@@ -110,14 +110,14 @@ SONAR_DATABASE_USER=sonarqube
 # - Use "developer", "enterprise" or "datacenter" for commercial editions
 SONAR_EDITION=community
 # SonarQube version.
-# Officially supported are:
-# - 7.9 (LTS release)
-# - 8.2.0.32929 (latest tested release)
-SONAR_VERSION=8.2.0.32929
+# Officially supported is:
+# - 8.9 (LTS release)
+SONAR_VERSION=8.9.10.61524
+https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.9.10.61524.zip
 # SonarQube distribution URL.
 # Must be aligned with both SONAR_VERSION and SONAR_EDITION.
 # Check https://binaries.sonarsource.com/ for options.
-SONAR_DISTRIBUTION_URL=https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.2.0.32929.zip
+SONAR_DISTRIBUTION_URL=https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.9.10.61524.zip
 
 # Toggle authentication via Crowd plugin
 SONAR_AUTH_CROWD=true

diff --git a/jenkins/agent-base/Dockerfile.centos7 b/jenkins/agent-base/Dockerfile.centos7
@@ -2,8 +2,8 @@ FROM openshift/jenkins-slave-base-centos7
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
-ENV SONAR_SCANNER_VERSION=3.1.0.1141 \
-    CNES_REPORT_VERSION=3.2.2 \
+ENV SONAR_SCANNER_VERSION=4.7.0.2747 \
+    CNES_REPORT_VERSION=4.1.2 \
     TAILOR_VERSION=1.3.4 \
     HELM_VERSION=3.5.3 \
     HELM_PLUGIN_DIFF_VERSION=3.3.2 \

diff --git a/jenkins/agent-base/Dockerfile.ubi8 b/jenkins/agent-base/Dockerfile.ubi8
@@ -2,8 +2,8 @@ FROM quay.io/openshift/origin-jenkins-agent-base
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
-ENV SONAR_SCANNER_VERSION=3.1.0.1141 \
-    CNES_REPORT_VERSION=3.2.2 \
+ENV SONAR_SCANNER_VERSION=4.7.0.2747 \
+    CNES_REPORT_VERSION=4.1.2 \
     TAILOR_VERSION=1.3.4 \
     HELM_VERSION=3.5.3 \
     HELM_PLUGIN_DIFF_VERSION=3.3.2 \

diff --git a/sonarqube/backup.sh b/sonarqube/backup.sh
@@ -37,7 +37,7 @@ podWithPrefix=$(oc get pods -n "${NAMESPACE}" --selector name=sonarqube-postgres
 pod=${podWithPrefix#"pod/"}
 oc rsh -n "${NAMESPACE}" "pod/${pod}" bash -c "mkdir -p /var/lib/pgsql/backup && pg_dump sonarqube > /var/lib/pgsql/backup/sonarqube.sql"
 # Copy export
-oc cp "${NAMESPACE}/${pod}:/var/lib/pgsql/backup/sonarqube.sql" "${destinationFile}"
+oc -n "${NAMESPACE}" cp "${pod}:/var/lib/pgsql/backup/sonarqube.sql" "${destinationFile}"
 # Delete export in pod
 oc rsh -n "${NAMESPACE}" "pod/${pod}" bash -c "rm /var/lib/pgsql/backup/sonarqube.sql"
 

diff --git a/sonarqube/configure.sh b/sonarqube/configure.sh
@@ -197,14 +197,6 @@ else
     echo_info "Default '${ADMIN_USER_NAME}' password is not in use."
 fi
 
-echo_info "Setting sonar.forceAuthentication=true ..."
-if ! curl ${INSECURE} -X POST -sSf --user "${ADMIN_USER_NAME}:${ADMIN_USER_PASSWORD}" \
-    "${SONARQUBE_URL}/api/settings/set?key=sonar.forceAuthentication&value=true"; then
-    echo_error "Could not enable sonar.forceAuthentication."
-    exit 1
-fi
-echo_info "sonar.forceAuthentication is enabled."
-
 echo_info "Checking if '${PIPELINE_USER_NAME}' exists ..."
 encodedPipelineUser="$(uriencode "${PIPELINE_USER_NAME}")"
 encodedPipelinePassword="$(uriencode "${ADMIN_USER_PASSWORD}")"

diff --git a/sonarqube/docker/Dockerfile b/sonarqube/docker/Dockerfile
@@ -54,25 +54,10 @@ COPY run.sh $SONARQUBE_HOME/bin/
 RUN mkdir -p /opt/configuration/sonarqube/plugins
 # General plugins
 ADD https://github.com/deepy/sonar-crowd/releases/download/2.1.3/sonar-crowd-plugin-2.1.3.jar /opt/configuration/sonarqube/plugins/
-ADD https://github.com/vaulttec/sonar-auth-oidc/releases/download/v1.1.0/sonar-auth-oidc-plugin-1.1.0.jar /opt/configuration/sonarqube/plugins/
-ADD https://binaries.sonarsource.com/Distribution/sonar-scm-git-plugin/sonar-scm-git-plugin-1.9.1.1834.jar /opt/configuration/sonarqube/plugins/
-# Language plugins
-ADD https://binaries.sonarsource.com/Distribution/sonar-java-plugin/sonar-java-plugin-6.2.0.21135.jar /opt/configuration/sonarqube/plugins/
-ADD https://binaries.sonarsource.com/Distribution/sonar-jacoco-plugin/sonar-jacoco-plugin-1.0.2.475.jar /opt/configuration/sonarqube/plugins/
-ADD https://binaries.sonarsource.com/Distribution/sonar-go-plugin/sonar-go-plugin-1.6.0.719.jar /opt/configuration/sonarqube/plugins/
-ADD https://binaries.sonarsource.com/Distribution/sonar-javascript-plugin/sonar-javascript-plugin-6.1.0.11503.jar /opt/configuration/sonarqube/plugins/
-ADD https://binaries.sonarsource.com/Distribution/sonar-python-plugin/sonar-python-plugin-2.1.0.5269.jar /opt/configuration/sonarqube/plugins/
-ADD https://binaries.sonarsource.com/Distribution/sonar-typescript-plugin/sonar-typescript-plugin-2.1.0.4359.jar /opt/configuration/sonarqube/plugins/
-ADD https://binaries.sonarsource.com/Distribution/sonar-scala-plugin/sonar-scala-plugin-1.5.0.315.jar /opt/configuration/sonarqube/plugins/
-ADD https://binaries.sonarsource.com/Distribution/sonar-php-plugin/sonar-php-plugin-3.3.0.5166.jar /opt/configuration/sonarqube/plugins/
-ADD https://binaries.sonarsource.com/Distribution/sonar-csharp-plugin/sonar-csharp-plugin-8.6.1.17183.jar /opt/configuration/sonarqube/plugins/
-ADD https://github.com/Inform-Software/sonar-groovy/releases/download/1.6/sonar-groovy-plugin-1.6.jar /opt/configuration/sonarqube/plugins/
-ADD https://github.com/Merck/sonar-r-plugin/releases/download/0.1.3/sonar-r-plugin-0.1.3.jar /opt/configuration/sonarqube/plugins/
-
-# Aditional plugins for Enterprise and Datacenter editions
-RUN if [[ "$sonarEdition" == "enterprise" || "$sonarEdition" == "datacenter" ]] ; \
-        then wget https://binaries.sonarsource.com/CommercialDistribution/sonar-apex-plugin/sonar-apex-plugin-1.8.2.1946.jar -O /opt/configuration/sonarqube/plugins/sonar-apex-plugin-1.8.2.1946.jar ; \
-    else echo No aditional plugins for developer and community editions ; fi
+ADD https://github.com/vaulttec/sonar-auth-oidc/releases/download/v2.1.1/sonar-auth-oidc-plugin-2.1.1.jar /opt/configuration/sonarqube/plugins/
+# Language plugins not bundled
+ADD https://github.com/Inform-Software/sonar-groovy/releases/download/1.7/sonar-groovy-plugin-1.7.jar /opt/configuration/sonarqube/plugins/
+ADD https://github.com/Merck/sonar-r-plugin/releases/download/0.2.1/sonar-r-plugin-0.2.1.jar /opt/configuration/sonarqube/plugins/
 
 RUN chown -R :0 /opt/configuration/sonarqube/plugins; \
     chmod -R g=u /opt/configuration/sonarqube/plugins; \

diff --git a/sonarqube/docker/run.sh b/sonarqube/docker/run.sh
@@ -13,6 +13,9 @@ if [ "${SONAR_AUTH_CROWD}" = "true" ]; then
   } >> conf/sonar.properties
 fi
 
+# enforce authentication to sonar
+echo "sonar.forceAuthentication=true" >> conf/sonar.properties
+
 # Copy plugins into volume
 rm "${SONARQUBE_HOME}"/extensions/plugins/*.jar || true
 ls -lah /opt/configuration/sonarqube/plugins

diff --git a/sonarqube/test.sh b/sonarqube/test.sh
@@ -6,14 +6,14 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 ODS_CORE_DIR=${SCRIPT_DIR%/*}
 ODS_CONFIGURATION_DIR="${ODS_CORE_DIR}/../ods-configuration"
 
-SONAR_VERSION=7.9
+SONAR_VERSION=8.9.10.61524
 SONAR_EDITION="community"
 
 function usage {
     printf "Test SonarQube setup.\n\n"
     printf "\t-h|--help\t\tPrint usage\n"
     printf "\t-v|--verbose\t\tEnable verbose mode\n"
-    printf "\t-s|--sq-version\t\tSonarQube version, e.g. '7.9' or '8.2.0.32929' (defaults to %s)\n" "${SONAR_VERSION}"
+    printf "\t-s|--sq-version\t\tSonarQube version, e.g. '8.9.10.61524' (defaults to %s)\n" "${SONAR_VERSION}"
     printf "\t-e|--sq-edition\t\tSonarQube edition, e.g. 'community' or 'enterprise' (defaults to %s)\n" "${SONAR_EDITION}"
     printf "\t-i|--insecure\t\tAllow insecure server connections when using SSL\n"
     printf "\t--verify\t\tSkips setup of local docker container and instead checks existing sonarqube setup based on ods-core.env\n"
@@ -212,39 +212,11 @@ echo "Check if plugins are installed in correct versions"
 
 case $SONAR_EDITION in
 
-    community | developer)
+    community | developer | enterprise | datacenter)
         expectedPlugins=( "crowd:2.1.3"
-                "authoidc:1.1.0"
-                "scmgit:1.9.1.1834"
-                "java:6.2.0.21135"
-                "jacoco:1.0.2.475"
-                "go:1.6.0.719"
-                "javascript:6.1.0.11503"
-                "python:2.1.0.5269"
-                "typescript:2.1.0.4359"
-                "sonarscala:1.5.0.315"
-                "php:3.3.0.5166"
-                "csharp:8.6.1.17183"
-                "groovy:1.6" 
-                "r:0.1.3" )
-        ;;
-
-    enterprise | datacenter)
-        expectedPlugins=( "crowd:2.1.3"
-                "authoidc:1.1.0"
-                "scmgit:1.9.1.1834"
-                "java:6.2.0.21135"
-                "jacoco:1.0.2.475"
-                "go:1.6.0.719"
-                "javascript:6.1.0.11503"
-                "python:2.1.0.5269"
-                "typescript:2.1.0.4359"
-                "sonarscala:1.5.0.315"
-                "php:3.3.0.5166"
-                "csharp:8.6.1.17183"
-                "groovy:1.6" 
-                "r:0.1.3"
-                "sonarapex:1.8.2.1946" )
+                "authoidc:2.1.1"
+                "groovy:1.7" 
+                "r:0.2.1" )
         ;;
 
     *)