Merge branch 'release/v9.9.1-2'

CHANGELOG.md

@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v9.9.1-2] - 2023-05-11
+### Fixed
+- Update installed plugins when upgrading to sonar 9.9.1
+
 ## [v9.9.1-1] - 2023-05-04
 ### Changed
 - Upgrade sonar to version 9.9.1.69595 (#80)

Dockerfile

@@ -4,13 +4,13 @@ ENV SONARQUBE_HOME=/opt/sonar \
     # mark as webapp for nginx
     SERVICE_TAGS=webapp \
     SONAR_VERSION=9.9.1.69595 \
-    CAS_PLUGIN_VERSION=5.0.0 \
+    CAS_PLUGIN_VERSION=5.0.1 \
     STARTUP_DIR="/"
 
 FROM BASE as builder
 
 ENV SONARQUBE_ZIP_SHA256=40bb45f551c7959ba1d3a5ff7b5432a558a5b2ad2efa5e9e1fcf52b83142897b \
-    CAS_PLUGIN_JAR_SHA256=c5f45bed9d4dc748a28f14bd2d1885996ae6c63361be4d1818da258e985ead81 \
+    CAS_PLUGIN_JAR_SHA256=d154d2c5872eb4086a2261fa3c090322eb6e73f11707bc2ea34e47795f22f175 \
     BUILDER_HOME="/builder/sonar"
 
 WORKDIR /builder
@@ -27,7 +27,7 @@ RUN echo "${CAS_PLUGIN_JAR_SHA256} *${BUILDER_HOME}/sonar-cas-plugin-${CAS_PLUGI
 FROM BASE
 
 LABEL NAME="official/sonar" \
-    VERSION="9.9.1-1" \
+    VERSION="9.9.1-2" \
     maintainer="[email protected]"
 
 RUN set -eux \

Jenkinsfile

@@ -1,5 +1,5 @@
 #!groovy
-@Library(['github.com/cloudogu/[email protected]', 'github.com/cloudogu/dogu-build-lib@v2.0.0'])
+@Library(['github.com/cloudogu/[email protected]', 'github.com/cloudogu/dogu-build-lib@v2.1.0'])
 import com.cloudogu.ces.cesbuildlib.*
 import com.cloudogu.ces.dogubuildlib.*
 
@@ -25,10 +25,13 @@ node('vagrant') {
                         booleanParam(defaultValue: false, description: 'Test dogu upgrade from latest release or optionally from defined version below', name: 'TestDoguUpgrade'),
                         string(defaultValue: '', description: 'Old Dogu version for the upgrade test (optional; e.g. 2.222.1-1)', name: 'OldDoguVersionForUpgradeTest'),
                         booleanParam(defaultValue: false, description: 'Enables the video recording during the test execution', name: 'EnableVideoRecording'),
+                        choice(name: 'TrivyScanLevels', choices: [TrivyScanLevel.CRITICAL, TrivyScanLevel.HIGH, TrivyScanLevel.MEDIUM, TrivyScanLevel.ALL], description: 'The levels to scan with trivy'),
+                        choice(name: 'TrivyStrategy', choices: [TrivyScanStrategy.UNSTABLE, TrivyScanStrategy.FAIL, TrivyScanStrategy.IGNORE], description: 'Define whether the build should be unstable, fail or whether the error should be ignored if any vulnerability was found.'),
                 ])
         ])
 
         EcoSystem ecoSystem = new EcoSystem(this, "gcloud-ces-operations-internal-packer", "jenkins-gcloud-ces-operations-internal")
+        Trivy trivy = new Trivy(this, ecoSystem)
 
         stage('Checkout') {
             checkout scm
@@ -68,6 +71,12 @@ node('vagrant') {
                 ecoSystem.build("/dogu")
             }
 
+            stage('Trivy scan') {
+                trivy.scanDogu("/dogu", TrivyScanFormat.HTML, params.TrivyScanLevels, params.TrivyStrategy)
+                trivy.scanDogu("/dogu", TrivyScanFormat.JSON,  params.TrivyScanLevels, params.TrivyStrategy)
+                trivy.scanDogu("/dogu", TrivyScanFormat.PLAIN, params.TrivyScanLevels, params.TrivyStrategy)
+            }
+
             stage('Verify') {
                 ecoSystem.verify("/dogu")
             }

dogu.json

@@ -1,6 +1,6 @@
 {
   "Name": "official/sonar",
-  "Version": "9.9.1-1",
+  "Version": "9.9.1-2",
   "DisplayName": "SonarQube",
   "Description": "SonarQube is an open source quality management platform, dedicated to continuously analyze and measure source code quality",
   "Category": "Development Apps",

resources/post-upgrade.sh

@@ -11,6 +11,10 @@ set -o pipefail
 # wait_for_sonar_to_get_up()
 # wait_for_sonar_to_get_healthy()
 # set_successful_first_start_flag()
+# remove_temporary_admin_user()
+# remove_temporary_admin_group()
+# add_temporary_admin_group()
+# create_temporary_admin_user_with_temporary_admin_group()
 # shellcheck disable=SC1091
 source "${STARTUP_DIR}/util.sh"
 
@@ -147,6 +151,38 @@ function run_post_upgrade() {
     migrate_cas_identity_provider_in_db
   fi
 
+  if [[ ${FROM_VERSION} == "8"* ]] && [[ ${TO_VERSION} == "9.9"* ]]; then
+    # reinstall missing plugins if there are any
+    if doguctl config install_plugins >/dev/null; then
+      TEMPORARY_ADMIN_GROUP=$(doguctl random)
+      TEMPORARY_ADMIN_USER=$(doguctl random)
+      TEMPORARY_ADMIN_PASSWORD=$(doguctl random)
+
+      # remove user in case it already exists
+      remove_temporary_admin_user "${TEMPORARY_ADMIN_USER}"
+      remove_temporary_admin_group "${TEMPORARY_ADMIN_GROUP}"
+
+      echo "Waiting for SonarQube to get up (max ${WAIT_TIMEOUT} seconds)..."
+      wait_for_sonar_to_get_up ${WAIT_TIMEOUT}
+
+      echo "Creating temporary user \"${TEMPORARY_ADMIN_USER}\"..."
+      add_temporary_admin_group "${TEMPORARY_ADMIN_GROUP}"
+      create_temporary_admin_user_with_temporary_admin_group "${TEMPORARY_ADMIN_USER}" "${TEMPORARY_ADMIN_PASSWORD}" "${TEMPORARY_ADMIN_GROUP}" ${CURL_LOG_LEVEL}
+
+      echo "Waiting for SonarQube to get healthy (max. ${WAIT_TIMEOUT} seconds)..."
+      # default admin credentials (admin, admin) are used
+      wait_for_sonar_to_get_healthy ${WAIT_TIMEOUT} "${TEMPORARY_ADMIN_USER}" "${TEMPORARY_ADMIN_PASSWORD}" ${CURL_LOG_LEVEL}
+
+      reinstall_plugins "${TEMPORARY_ADMIN_USER}" "${TEMPORARY_ADMIN_PASSWORD}"
+
+      echo "Remove temporary admin user"
+      remove_temporary_admin_user "${TEMPORARY_ADMIN_USER}"
+      remove_temporary_admin_group "${TEMPORARY_ADMIN_GROUP}"
+
+      doguctl config --remove install_plugins
+    fi
+  fi
+
   doguctl config post_upgrade_running false
 }
 

resources/pre-upgrade.sh

@@ -3,6 +3,16 @@ set -o errexit
 set -o nounset
 set -o pipefail
 
+# import util functions:
+# execute_sql_statement_on_database()
+# getSHA1PW()
+# remove_temporary_admin_user()
+# remove_temporary_admin_group()
+# add_temporary_admin_group()
+# create_temporary_admin_user_with_temporary_admin_group()
+# shellcheck disable=SC1091
+source "${STARTUP_DIR}/util.sh"
+
 function run_pre_upgrade() {
   FROM_VERSION="${1}"
   TO_VERSION="${2}"
@@ -15,6 +25,8 @@ function run_pre_upgrade() {
   DATABASE_DB=$(doguctl config -e sa-postgresql/database)
 
   echo "Running pre-upgrade script..."
+  echo "  FROM_VERSION: ${FROM_VERSION}"
+  echo "  TO_VERSION: ${TO_VERSION}"
 
   if [[ ${FROM_VERSION} == "5"* ]]; then
     echo "Upgrade from version ${FROM_VERSION} to ${TO_VERSION} is not supported. Upgrade to version 6.7.7-2 before."
@@ -30,33 +42,24 @@ function run_pre_upgrade() {
   if [[ ${FROM_VERSION} == "6"* ]] && [[ ${TO_VERSION} == "7.9"* ]]; then
     TEMPORARY_ADMIN_USER=$(doguctl random)
     # remove user in case it already exists
-    remove_temporary_admin_user "${TEMPORARY_ADMIN_USER}"
+    remove_temporary_admin_user_db "${TEMPORARY_ADMIN_USER}"
     echo "Creating temporary user \"${TEMPORARY_ADMIN_USER}\"..."
     PW=$(doguctl random)
     SALT=$(doguctl random)
     HASH=$(getSHA1PW "${PW}" "${SALT}")
     add_temporary_admin_user_sonar6 "${TEMPORARY_ADMIN_USER}" "${HASH}" "${SALT}"
 
-    echo "Getting all installed plugins..."
-    INSTALLED_PLUGINS=$(curl --silent --fail -u "${TEMPORARY_ADMIN_USER}":"${PW}" -X GET localhost:9000/sonar/api/plugins/installed | jq '.plugins' | jq '.[]' | jq -r '.key')
-    echo "The following plugins are installed. They will be re-installed after dogu upgrade:"
-    echo "${INSTALLED_PLUGINS}"
-    SAVED_PLUGIN_NAMES=""
-    while read -r PLUGIN; do
-      SAVED_PLUGIN_NAMES+=${PLUGIN},
-    done <<<"${INSTALLED_PLUGINS}"
+    collectInstalledPlugins "${TEMPORARY_ADMIN_USER}"
 
     echo "Remove temporary admin user"
-    remove_temporary_admin_user "${TEMPORARY_ADMIN_USER}"
-    echo "Saving plugin names to registry..."
-    doguctl config install_plugins "${SAVED_PLUGIN_NAMES}"
+    remove_temporary_admin_user_db "${TEMPORARY_ADMIN_USER}" "${PW}"
 
     mv /opt/sonar/extensions/plugins "/opt/sonar/extensions/plugins-${FROM_VERSION}"
   fi
 
   if [[ ${FROM_VERSION} == "6"* || "${FROM_VERSION}" =~ ^7.9.1-[1234]$ || ${FROM_VERSION} == "7.9.3-1" ]]; then
     echo "Removing deprecated sonarqubedoguadmin..."
-    remove_temporary_admin_user "sonarqubedoguadmin"
+    remove_temporary_admin_user_db "sonarqubedoguadmin"
 
     echo "Removing es6 cache..."
     rm -r /opt/sonar/data/es6
@@ -66,6 +69,28 @@ function run_pre_upgrade() {
     migrateDeprecatedPluginsForSQ8
   fi
 
+  if [[ ${FROM_VERSION} == "8"* ]] && [[ ${TO_VERSION} == "9.9"* ]]; then
+      TEMPORARY_ADMIN_GROUP=$(doguctl random)
+      TEMPORARY_ADMIN_USER=$(doguctl random)
+      TEMPORARY_ADMIN_PASSWORD=$(doguctl random)
+
+      # remove user in case it already exists
+      remove_temporary_admin_user "${TEMPORARY_ADMIN_USER}"
+      remove_temporary_admin_group "${TEMPORARY_ADMIN_GROUP}"
+
+      echo "Creating temporary user \"${TEMPORARY_ADMIN_USER}\"..."
+      add_temporary_admin_group "${TEMPORARY_ADMIN_GROUP}"
+      create_temporary_admin_user_with_temporary_admin_group "${TEMPORARY_ADMIN_USER}" "${TEMPORARY_ADMIN_PASSWORD}" "${TEMPORARY_ADMIN_GROUP}" "--silent"
+
+      collectInstalledPlugins "${TEMPORARY_ADMIN_USER}" "${TEMPORARY_ADMIN_PASSWORD}"
+
+      echo "Remove temporary admin user"
+      remove_temporary_admin_user "${TEMPORARY_ADMIN_USER}"
+      remove_temporary_admin_group "${TEMPORARY_ADMIN_GROUP}"
+
+      mv /opt/sonar/extensions/plugins "/opt/sonar/extensions/plugins-${FROM_VERSION}"
+    fi
+
   # set this so the startup.sh waits for the post_upgrade to finish
   doguctl config post_upgrade_running true
 }
@@ -75,6 +100,22 @@ function sql() {
   return $?
 }
 
+function collectInstalledPlugins() {
+  TEMPORARY_ADMIN_USER=${1}
+  PW=${2}
+  echo "Getting all installed plugins..."
+  INSTALLED_PLUGINS=$(curl --silent --fail -u "${TEMPORARY_ADMIN_USER}":"${PW}" -X GET localhost:9000/sonar/api/plugins/installed | jq '.plugins' | jq '.[]' | jq -r '.key')
+  echo "The following plugins are installed. They will be re-installed after dogu upgrade:"
+  echo "${INSTALLED_PLUGINS}"
+  SAVED_PLUGIN_NAMES=""
+  while read -r PLUGIN; do
+    SAVED_PLUGIN_NAMES+=${PLUGIN},
+  done <<<"${INSTALLED_PLUGINS}"
+
+  echo "Saving plugin names to registry..."
+  doguctl config install_plugins "${SAVED_PLUGIN_NAMES}"
+}
+
 function add_temporary_admin_user_sonar6() {
   # temporarily create admin user and add to admin groups
   TEMPORARY_ADMIN_USER=${1}
@@ -98,7 +139,7 @@ function getSHA1PW() {
   echo -n "--${SALT}--${PW}--" | sha1sum | awk '{print $1}'
 }
 
-function remove_temporary_admin_user() {
+function remove_temporary_admin_user_db() {
   TEMPORARY_ADMIN_USER=${1}
   sql "DELETE FROM users WHERE login='${TEMPORARY_ADMIN_USER}';"
 }

spec/goss/goss.yaml

@@ -12,7 +12,7 @@ file:
     group: sonar
     filetype: file
     contains: []
-  /opt/sonar/extensions/plugins/sonar-cas-plugin-5.0.0.jar:
+  /opt/sonar/extensions/plugins/sonar-cas-plugin-5.0.1.jar:
     exists: true
     filetype: file
     contains: []