Create an image for quay.io (#14)

* quay

* travis is not building

Author: mcanoy

.travis.yml

@@ -1,5 +1,5 @@
 language: java
-if: tag IS present OR NOT (branch == master)
+if: tag IS present OR (branch == master)
 jdk:
   - openjdk8
 cache:
@@ -20,13 +20,18 @@ before_deploy:
   - export PLUGIN_JAR=$(ls target/sonar-auth-openshift-plugin*jar)
   - echo "deploying $PLUGIN_JAR to GitHub releases"
 deploy:
-  provider: releases
-  api_key: "${GITHUB_OAUTH_TOKEN}"
-  file_glob: true
-  file:
-    - "${PLUGIN_JAR}"
-    #    - "target/site/jacoco/*"
-    #    - "target/dependency-check-report.html"
-  skip_cleanup: true
-  on:
-    tags: true
+  - provider: releases
+    api_key: "${GITHUB_OAUTH_TOKEN}"
+    file_glob: true
+    file:
+      - "${PLUGIN_JAR}"
+      #    - "target/site/jacoco/*"
+      #    - "target/dependency-check-report.html"
+    skip_cleanup: true
+    on:
+      tags: true
+  - provider: script
+    skip_cleanup: true
+    script: bash quay_io
+    on:
+      tags: true

example/templates/sonarqube-image-stream-deploy.yml

@@ -0,0 +1,237 @@
+apiVersion: v1
+kind: Template
+metadata:
+  name: "sonarqube"
+objects:
+- apiVersion: v1
+  kind: ServiceAccount
+  metadata:
+    annotations:
+      serviceaccounts.openshift.io/oauth-redirectreference.sonarqube: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"${ROUTE_NAME}"}}'
+    name: sonarqube
+- apiVersion: v1
+  kind: RoleBinding
+  metadata:
+    name: sonarqube_view
+  roleRef:
+    name: view
+  subjects:
+  - kind: ServiceAccount
+    name: sonarqube
+- apiVersion: v1
+  kind: PersistentVolumeClaim
+  metadata:
+    name: sonarqube-data
+  spec:
+    accessModes:
+    - ReadWriteOnce
+    resources:
+      requests:
+        storage: ${SONARQUBE_PERSISTENT_VOLUME_SIZE}
+  status: {}
+- apiVersion: v1
+  kind: ImageStream
+  metadata:
+    labels:
+      name: "${NAME}"
+      app: "${NAME}"
+    name: "${NAME}"
+  spec:
+    tags:
+    - annotations:
+        openshift.io/imported-from: "${CONTAINER_IMAGE}"
+      from:
+        kind: DockerImage
+        name: "${CONTAINER_IMAGE}"
+      importPolicy: {}
+      name: latest
+      referencePolicy:
+        type: Source
+- apiVersion: v1
+  kind: DeploymentConfig
+  metadata:
+    generation: 1
+    labels:
+      app: sonarqube
+    name: sonarqube
+  spec:
+    replicas: 1
+    selector:
+      app: sonarqube
+      deploymentconfig: sonarqube
+    strategy:
+      activeDeadlineSeconds: 21600
+      recreateParams:
+        timeoutSeconds: 600
+        post:
+          execNewPod:
+            command:
+            - /bin/sh
+            - -c
+            - sleep 30 && curl http://admin:admin@sonarqube:9000/api/webhooks/create
+              -X POST -d "name=jenkins&url=${JENKINS_URL}/sonarqube-webhook/"
+            containerName: sonarqube
+          failurePolicy: Abort
+      type: Recreate
+    template:
+      metadata:
+        annotations:
+          openshift.io/generated-by: OpenShiftWebConsole
+        labels:
+          app: sonarqube
+          deploymentconfig: sonarqube
+      spec:
+        containers:
+        - env:
+          - name: JDBC_URL
+            value: jdbc:postgresql://sonardb:5432/sonar
+          - name: JDBC_USERNAME
+            valueFrom:
+              secretKeyRef:
+                key: database-user
+                name: sonardb
+          - name: JDBC_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                key: database-password
+                name: sonardb
+          - name: FORCE_AUTHENTICATION
+            value: "true"
+          - name: PROXY_HOST
+            value: ${PROXY_HOST}
+          - name: PROXY_PORT
+            value: ${PROXY_PORT}
+          - name: PROXY_USER
+            value: ${PROXY_USER}
+          - name: PROXY_PASSWORD
+            value: ${PROXY_PASSWORD}
+          imagePullPolicy: Always
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /
+              port: 9000
+              scheme: HTTP
+            initialDelaySeconds: 45
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+          name: sonarqube
+          ports:
+          - containerPort: 9000
+            protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /
+              port: 9000
+              scheme: HTTP
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+          resources: {}
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          volumeMounts:
+          - mountPath: /opt/sonarqube/data
+            name: sonar-data
+        dnsPolicy: ClusterFirst
+        restartPolicy: Always
+        schedulerName: default-scheduler
+        securityContext: {}
+        serviceAccount: sonarqube
+        serviceAccountName: sonarqube
+        terminationGracePeriodSeconds: 30
+        volumes:
+        - name: sonar-data
+          persistentVolumeClaim:
+            claimName: sonarqube-data
+    test: false
+    triggers:
+    - imageChangeParams:
+        automatic: true
+        containerNames:
+        - sonarqube
+        from:
+          kind: ImageStreamTag
+          name: sonarqube:latest
+      type: ImageChange
+    - type: ConfigChange
+- apiVersion: v1
+  kind: Route
+  metadata:
+    labels:
+      app: sonarqube
+    name: "${ROUTE_NAME}"
+  spec:
+    port:
+      targetPort: 9000-tcp
+    tls:
+      termination: edge
+    to:
+      kind: Service
+      name: sonarqube
+      weight: 100
+    wildcardPolicy: None
+- apiVersion: v1
+  kind: Service
+  metadata:
+    labels:
+      app: sonarqube
+    name: sonarqube
+  spec:
+    ports:
+    - name: 9000-tcp
+      port: 9000
+      protocol: TCP
+      targetPort: 9000
+    selector:
+      deploymentconfig: sonarqube
+    sessionAffinity: None
+    type: ClusterIP
+parameters:
+  - description: Database name for the Posgres Database to be used by Sonarqube
+    displayName: Postgres database name
+    name: POSTGRES_DATABASE_NAME
+    value: sonar
+    required: true
+  - name: SONARQUBE_PERSISTENT_VOLUME_SIZE
+    description: The persistent storage volume for SonarQube to use for plugins/config/logs/etc...
+    displayName: SonarQube Storage Space Size
+    required: true
+    value: 5Gi
+  - name: ROUTE_NAME
+    value: sonarqube
+    description: The name of the route for sonarqube
+    displayName: SonarQube Route Name
+  - name: SONAR_AUTOCREATE_USERS
+    value: 'false'
+    description: When using an external authentication system, should SonarQube automatically create accounts for users?
+    displayName: Enable auto-creation of users from external authentication systems?
+    required: true
+  - name: PROXY_HOST
+    description: Hostname of proxy server the SonarQube application should use to access the Internet
+    displayName: Proxy server hostname/IP
+  - name: PROXY_PORT
+    description: TCP port of proxy server the SonarQube application should use to access the Internet
+    displayName: Proxy server port
+  - name: PROXY_USER
+    description: Username credential when the Proxy Server requires authentication
+    displayName: Proxy server username
+  - name: PROXY_PASSWORD
+    description: Password credential when the Proxy Server requires authentication
+    displayName: Proxy server password
+  - name: JENKINS_URL
+    description: The Jenkins URL used for the webhook
+    displayName: Jenkins URL
+    value: http://jenkins
+  - name: CONTAINER_IMAGE
+    description: The Container Image to use for the ImageStream
+    displayName: Nexus Container Image
+    value: quay.io/mcanoy/labs-sonarqube:latest
+  - name: NAME
+    displayName: Name
+    description: The name assigned to all objects and the resulting imagestream.
+    required: true
+    value: sonarqube

images/Dockerfile

@@ -0,0 +1,16 @@
+FROM docker.io/sonarqube:latest
+
+USER root
+ARG sonar_plugins="pmd ldap"
+ADD sonar.properties /opt/sonarqube/conf/sonar.properties
+ADD run.sh /opt/sonarqube/bin/run.sh
+CMD /opt/sonarqube/bin/run.sh
+RUN cp -a /opt/sonarqube/data /opt/sonarqube/data-init && \
+	cp -a /opt/sonarqube/extensions /opt/sonarqube/extensions-init && \
+	chown root:root /opt/sonarqube && chmod -R gu+rwX /opt/sonarqube
+ADD plugins.sh /opt/sonarqube/bin/plugins.sh
+RUN /opt/sonarqube/bin/plugins.sh $sonar_plugins
+ADD sonar-auth-openshift-plugin.jar  /opt/sonarqube/extensions-init/plugins/
+RUN chown root:root /opt/sonarqube -R; \
+    chmod 6775 /opt/sonarqube -R
+USER 1001

images/plugins.sh

@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+set -e
+# set -x	## Uncomment for debugging
+
+printf 'Downloading plugin details\n'
+
+## Extract sonarqube version
+export SQ_VERSION=$(ls /opt/sonarqube/lib/sonar-application* | awk -F"-" '{print $3}' | sed 's@\.jar$@@g')
+echo "SONARQUBE_VERSION: ${SQ_VERSION}"
+
+
+curl -L -sS -o /tmp/pluginList.txt https://update.sonarsource.org/update-center.properties
+printf "Downloading additional plugins\n"
+for PLUGIN in "$@"
+do
+	printf '\tExtracting plugin download location - %s\n' ${PLUGIN}
+	MATCH_STRING=$(cat /tmp/pluginList.txt | grep requiredSonarVersions | grep -E "[,=]${SQ_VERSION}(,|$)" | sed 's@\.requiredSonarVersions.*@@g' | sort -V | grep "^${PLUGIN}\." | tail -n 1 | sed 's@[email protected]@g')
+
+	if ! [[ -z "${MATCH_STRING}" ]]; then
+		DOWNLOAD_URL=$(cat /tmp/pluginList.txt | grep ${MATCH_STRING} | awk -F"=" '{print $2}' | sed 's@\\:@:@g')
+		PLUGIN_FILE=$(echo ${DOWNLOAD_URL} | sed 's@.*/\(.*\)$@\1@g')
+
+		## Check to see if plugin exists, attempt to download the plugin if it does exist.
+		if ! [[ -z "${DOWNLOAD_URL}" ]]; then
+			curl -L -sS -o /opt/sonarqube/extensions-init/plugins/${PLUGIN_FILE} ${DOWNLOAD_URL} && printf "\t\t%-35s%10s" "${PLUGIN_FILE}" "DONE" || printf "\t\t%-35s%10s" "${PLUGIN_FILE}" "FAILED"
+			printf "\n"
+		else
+			## Plugin was not found in the plugin inventory
+			printf "\t\t%-15s%10s\n" "${PLUGIN}" "NOT FOUND"
+		fi
+	else
+		printf "\t\t%-15s%10s\n" $PLUGIN "NOT FOUND"
+	fi
+done
+
+ls /opt/sonarqube/extensions-init/plugins/
+
+rm -f /tmp/pluginList.txt

images/run.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -x
+set -e
+
+rm -rf /opt/sonarqube/data/plugins/sonar-auth-openshift-plugin*.jar
+
+## If the mounted data volume is empty, populate it from the default data
+cp -a /opt/sonarqube/data-init/* /opt/sonarqube/data/
+
+## Link the plugins directory from the mounted volume
+rm -rf /opt/sonarqube/extensions/plugins
+ln -s /opt/sonarqube/data/plugins /opt/sonarqube/extensions/plugins
+
+mkdir -p /opt/sonarqube/data/plugins
+for I in $(ls /opt/sonarqube/extensions-init/plugins/*.jar);
+do
+  TARGET_PATH=$(echo ${I} | sed 's@extensions-init/plugins@data/plugins@g')
+  if ! [[ -e ${TARGET_PATH} ]]; then
+    cp ${I} ${TARGET_PATH}
+  fi
+done
+
+if [ "${1:0:1}" != '-' ]; then
+  exec "$@"
+fi
+
+java -jar lib/sonar-application-$SONAR_VERSION.jar \
+    -Dsonar.web.javaAdditionalOpts="${SONARQUBE_WEB_JVM_OPTS} -Djava.security.egd=file:/dev/./urandom" \
+    "$@"

images/sonar.properties

@@ -0,0 +1,19 @@
+sonar.log.console=true
+sonar.jdbc.username=${env:JDBC_USERNAME}
+sonar.jdbc.password=${env:JDBC_PASSWORD}
+sonar.jdbc.url=${env:JDBC_URL}
+sonar.forceAuthentication=${env:FORCE_AUTHENTICATION}
+sonar.authenticator.createUsers=${env:SONAR_AUTOCREATE_USERS}
+sonar.log.level=${env:SONAR_LOG_LEVEL}
+http.proxyHost=${env:PROXY_HOST}
+http.proxyPort=${env:PROXY_PORT}
+http.proxyUser=${env:PROXY_USER}
+http.proxyPassword=${env:PROXY_PASSWORD}
+kubernetes.service=https://${env:KUBERNETES_SERVICE_HOST}:${env:KUBERNETES_SERVICE_PORT}/
+sonar.auth.openshift.isEnabled=true
+sonar.auth.openshift.button.color=#000000
+sonar.auth.openshift.sar.groups=sonarqube_admin=sonar-administrators,sonarqube_user=sonar-users
+ignore.certs=false
+#oauth.cert=/opt/sonarqube/conf/oauth.crt
+sonar.search.javaAdditionalOpts=-Dnode.store.allow_mmapfs=false
+#sonar.auth.openshift.route.name=customname

quay_io

@@ -0,0 +1,6 @@
+cp $PLUGIN_JAR images/
+cd images
+QUAY_OWNER=$(echo $TRAVIS_REPO_SLUG | cut -d/ -f1)
+docker build -t quay.io/$QUAY_OWNER/labs-sonarqube:$TRAVIS_BRANCH -t quay.io/$QUAY_OWNER/labs-sonarqube:latest .
+echo "$QUAY_BOT_PASSWORD" | docker login -u "$QUAY_BOT_USERNAME" --password-stdin quay.io
+docker push quay.io/$QUAY_OWNER/labs-sonarqube