Merge branch 'release/v9.9.8-1'

cloudogu · Jan 13, 2025 · b41c1d7 · b41c1d7
2 parents 53ccf42 + d7dccbe
commit b41c1d7
Show file tree

Hide file tree

Showing 14 changed files with 181 additions and 20 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v9.9.8-1] - 2025-01-13
+- [#118] Update SonarQube to 9.9.8.100196
+- [#118] Update dogu-build-lib to 3.0.0, ces-build-lib to 4.0.1 
+- [#118] Added directory creation for trivy output in Dockerfile
+- [#118] Update cas plugin version in goss to sonar-cas-plugin-5.1.0.jar
+- [#118] Update cas plugin to 5.1.0
+- [#118] Update Java Base Image to 17.0.13-1
+- [#116] Update Makefiles to 9.5.0
+
 ## [v9.9.7-1] - 2024-11-04
 ### Changed
 - [#114] upgrade SonarQube to 9.9.7

diff --git a/Dockerfile b/Dockerfile
@@ -1,16 +1,16 @@
-FROM registry.cloudogu.com/official/java:17.0.12-3 as base
+FROM registry.cloudogu.com/official/java:17.0.13-1 as base
 
 ENV SONARQUBE_HOME=/opt/sonar \
     # mark as webapp for nginx
     SERVICE_TAGS=webapp \
-    SONAR_VERSION=9.9.7.96285 \
-    CAS_PLUGIN_VERSION=5.0.2 \
+    SONAR_VERSION=9.9.8.100196 \
+    CAS_PLUGIN_VERSION=5.1.0 \
     STARTUP_DIR="/"
 
 FROM base as builder
 
-ENV SONARQUBE_ZIP_SHA256=82eb93a1380dac4725ad24fd94a11917fb2e0ac6b9a9c98b20e436ed2a50f351 \
-    CAS_PLUGIN_JAR_SHA256=82f9fd7f65c9ce255f4f1dd6649a65a1f7eaf2acbc6a54f2c8103cbc2a42010f \
+ENV SONARQUBE_ZIP_SHA256=07d9100c95e5c19f1785c0e9ffc7c8973ce3069a568d2500146a5111b6e966cd \
+    CAS_PLUGIN_JAR_SHA256=67a127a4f8fd247b2f2c84869d62d960c97fb546083a79fbac637163123490a2 \
     BUILDER_HOME="/builder/sonar"
 
 WORKDIR /builder
@@ -27,7 +27,7 @@ RUN echo "${CAS_PLUGIN_JAR_SHA256} *${BUILDER_HOME}/sonar-cas-plugin-${CAS_PLUGI
 FROM base
 
 LABEL NAME="official/sonar" \
-    VERSION="9.9.7-1" \
+    VERSION="9.9.8-1" \
     maintainer="[email protected]"
 
 RUN set -eux \

diff --git a/Jenkinsfile b/Jenkinsfile
@@ -1,5 +1,5 @@
 #!groovy
-@Library(['github.com/cloudogu/ces-build-lib@2.4.0', 'github.com/cloudogu/dogu-build-lib@v2.5.0'])
+@Library(['github.com/cloudogu/[email protected].1', 'github.com/cloudogu/dogu-build-lib@v3.0.0'])
 import com.cloudogu.ces.cesbuildlib.*
 import com.cloudogu.ces.dogubuildlib.*
 
@@ -22,16 +22,16 @@ node('vagrant') {
                 disableConcurrentBuilds(),
                 // Parameter to activate dogu upgrade test on demand
                 parameters([
-                        booleanParam(defaultValue: false, description: 'Test dogu upgrade from latest release or optionally from defined version below', name: 'TestDoguUpgrade'),
-                        string(defaultValue: '', description: 'Old Dogu version for the upgrade test (optional; e.g. 2.222.1-1)', name: 'OldDoguVersionForUpgradeTest'),
-                        booleanParam(defaultValue: false, description: 'Enables the video recording during the test execution', name: 'EnableVideoRecording'),
-                        choice(name: 'TrivyScanLevels', choices: [TrivyScanLevel.CRITICAL, TrivyScanLevel.HIGH, TrivyScanLevel.MEDIUM, TrivyScanLevel.ALL], description: 'The levels to scan with trivy'),
-                        choice(name: 'TrivyStrategy', choices: [TrivyScanStrategy.UNSTABLE, TrivyScanStrategy.FAIL, TrivyScanStrategy.IGNORE], description: 'Define whether the build should be unstable, fail or whether the error should be ignored if any vulnerability was found.'),
+                    booleanParam(defaultValue: false, description: 'Test dogu upgrade from latest release or optionally from defined version below', name: 'TestDoguUpgrade'),
+                    string(defaultValue: '', description: 'Old Dogu version for the upgrade test (optional; e.g. 2.222.1-1)', name: 'OldDoguVersionForUpgradeTest'),
+                    booleanParam(defaultValue: false, description: 'Enables the video recording during the test execution', name: 'EnableVideoRecording'),
+                    booleanParam(defaultValue: false, description: 'Enables the screenshot recording during the test execution', name: 'EnableScreenshotRecording'),
+                    choice(name: 'TrivySeverityLevels', choices: [TrivySeverityLevel.CRITICAL, TrivySeverityLevel.HIGH_AND_ABOVE, TrivySeverityLevel.MEDIUM_AND_ABOVE, TrivySeverityLevel.ALL], description: 'The levels to scan with trivy'),
+                    choice(name: 'TrivyStrategy', choices: [TrivyScanStrategy.UNSTABLE, TrivyScanStrategy.FAIL, TrivyScanStrategy.IGNORE], description: 'Define whether the build should be unstable, fail or whether the error should be ignored if any vulnerability was found.'),
                 ])
         ])
 
         EcoSystem ecoSystem = new EcoSystem(this, "gcloud-ces-operations-internal-packer", "jenkins-gcloud-ces-operations-internal")
-        Trivy trivy = new Trivy(this, ecoSystem)
 
         stage('Checkout') {
             checkout scm
@@ -73,9 +73,12 @@ node('vagrant') {
             }
 
             stage('Trivy scan') {
-                trivy.scanDogu("/dogu", TrivyScanFormat.HTML, params.TrivyScanLevels, params.TrivyStrategy)
-                trivy.scanDogu("/dogu", TrivyScanFormat.JSON,  params.TrivyScanLevels, params.TrivyStrategy)
-                trivy.scanDogu("/dogu", TrivyScanFormat.PLAIN, params.TrivyScanLevels, params.TrivyStrategy)
+                ecoSystem.copyDoguImageToJenkinsWorker("/dogu")
+                Trivy trivy = new Trivy(this)
+                trivy.scanDogu(".", params.TrivySeverityLevels, params.TrivyStrategy)
+                trivy.saveFormattedTrivyReport(TrivyScanFormat.TABLE)
+                trivy.saveFormattedTrivyReport(TrivyScanFormat.JSON)
+                trivy.saveFormattedTrivyReport(TrivyScanFormat.HTML)
             }
 
             stage('Verify') {

diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-MAKEFILES_VERSION=9.3.2
+MAKEFILES_VERSION=9.5.0
 .DEFAULT_GOAL:=dogu-release
 
 WORKSPACE=/workspace

diff --git a/build/make/prerelease.mk b/build/make/prerelease.mk
@@ -0,0 +1,6 @@
+# used to create switch the dogu to a prerelease namespace
+# e.g. official/usermgmt -> prerelease_official/usermgmt
+
+.PHONY: prerelease_namespace
+prerelease_namespace:
+	build/make/stagex.sh prerelease_namespace
diff --git a/build/make/prerelease.sh b/build/make/prerelease.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+set -o errexit
+set -o nounset
+set -o pipefail
+
+prerelease_namespace() {
+
+  # Update version in dogu.json
+  if [ -f "dogu.json" ]; then
+    echo "Updating name in dogu.json..."
+    ORIG_NAME="$(jq -r ".Name" ./dogu.json)"
+    PRERELEASE_NAME="prerelease_${ORIG_NAME}"
+    jq ".Name = \"${PRERELEASE_NAME}\"" dogu.json >dogu2.json && mv dogu2.json dogu.json
+    jq ".Image = \"registry.cloudogu.com/${PRERELEASE_NAME}\"" dogu.json >dogu2.json && mv dogu2.json dogu.json
+  fi
+
+  # Update version in Dockerfile
+  if [ -f "Dockerfile" ]; then
+    echo "Updating version in Dockerfile..."
+    ORIG_NAME="$(grep -oP "^[ ]*NAME=\"([^\"]*)" Dockerfile | awk -F "\"" '{print $2}')"
+    PRERELEASE_NAME="prerelease_$( echo -e "$ORIG_NAME" | sed 's/\//\\\//g' )"
+    sed -i "s/\(^[ ]*NAME=\"\)\([^\"]*\)\(.*$\)/\1${PRERELEASE_NAME}\3/" Dockerfile
+  fi
+
+}
+
+
+TYPE="${1}"
+
+echo ${TYPE}
+if [[ "${TYPE}" == "prerelease_namespace" ]];then
+  prerelease_namespace
+fi
diff --git a/build/make/release.sh b/build/make/release.sh
@@ -56,6 +56,7 @@ fi
 
 update_versions "${NEW_RELEASE_VERSION}"
 update_changelog "${NEW_RELEASE_VERSION}" "${FIXED_CVE_LIST}"
+update_releasenotes "${NEW_RELEASE_VERSION}"
 show_diff
 
 if [[ -n "${DRY_RUN}" ]]; then

diff --git a/build/make/release_functions.sh b/build/make/release_functions.sh
@@ -207,6 +207,50 @@ update_changelog() {
   git commit -m "Update changelog"
 }
 
+update_releasenotes() {
+  local NEW_RELEASE_VERSION="${1}"
+
+  # ReleaseNotes update
+  local CURRENT_DATE
+  CURRENT_DATE=$(date --rfc-3339=date)
+  local NEW_RELEASENOTE_TITLE="## [v${NEW_RELEASE_VERSION}] - ${CURRENT_DATE}"
+  rm -rf ".rn_changed"
+  find . -name "*release_notes*.md" -print0 | while read -d $'\0' file
+  do
+     # Check if "Unreleased" tag exists
+     while ! grep --silent "## \[Unreleased\]" "${file}"; do
+       echo ""
+       echo -e "\e[31mYour ${file} does not contain a \"## [Unreleased]\" line!\e[0m"
+       echo "Please add one to make it comply to https://keepachangelog.com/en/1.0.0/"
+       wait_for_ok "Please insert a \"## [Unreleased]\" line into ${file} now."
+     done
+
+     # Add new title line to changelog
+     sed -i "s|## \[Unreleased\]|## \[Unreleased\]\n\n${NEW_RELEASENOTE_TITLE}|g" "${file}"
+     echo "Processed ${file}"
+     echo true > ".rn_changed"
+  done
+
+  if test -f ".rn_changed" ; then
+    # Wait for user to validate changelog changes
+    wait_for_ok "Please make sure your release notes looks as desired."
+
+    find . -name "*release_notes*.md" -print0 | while read -d $'\0' file
+    do
+      # Check if new version tag still exists
+      while ! grep --silent "$(echo $NEW_RELEASENOTE_TITLE | sed -e 's/[]\/$*.^[]/\\&/g')" "${file}"; do
+        echo ""
+        echo -e "\e[31mYour ${file} does not contain \"${NEW_RELEASENOTE_TITLE}\"!\e[0m"
+        wait_for_ok "Please update your ${file} now."
+      done
+      git add "${file}"
+    done
+
+    git commit -m "Update ReleaseNotes"
+  fi
+  rm -rf ".rn_changed"
+}
+
 # addFixedCVEListFromReRelease is used in dogu cve releases. The method adds the fixed CVEs under the ### Fixed header
 # in the unreleased section.
 addFixedCVEListFromReRelease() {

diff --git a/build/make/self-update.mk b/build/make/self-update.mk
@@ -19,4 +19,9 @@ remove-old-files:
 
 .PHONY: copy-new-files
 copy-new-files:
-	@cp -r $(TMP_DIR)/makefiles-$(MAKEFILES_VERSION)/build/make $(BUILD_DIR)
+	@cp -r $(TMP_DIR)/makefiles-$(MAKEFILES_VERSION)/build/make $(BUILD_DIR)
+
+.PHONY: update-build-libs
+update-build-libs:
+	@echo "Check for newer Build-Lib versions"
+	build/make/self-update.sh buildlibs
diff --git a/build/make/self-update.sh b/build/make/self-update.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+set -o errexit
+set -o nounset
+set -o pipefail
+
+TYPE="${1}"
+
+update_build_libs() {
+  echo "Get newest version of ces-build-lib and dogu-build-lib"
+  update_jenkinsfile
+  echo "Newest Versions set. Please check your Jenkinsfile"
+}
+
+get_highest_version() {
+  local target="${1}"
+  local gitCesBuildLib
+  # getting tags from ces-build.libs OR dogu-build-libs
+  gitCesBuildLib="$(git ls-remote --tags --refs https://github.com/cloudogu/${target}-build-lib)"
+  local highest
+  # Flagfile for getting results out of while-loop
+  rm -rf .versions
+  while IFS= read -r line; do
+      local version
+      version="$(awk -F'/tags/' '{ for(i=1;i<=NF;i++) print $i }' <<< $line | tail -n 1 | sed 's/[^0-9\.]*//g')"
+      if [[ $version == *"."* ]] ; then
+        echo $version >> ".versions"
+      fi
+  done <<< "$gitCesBuildLib"
+  highest=$(sort .versions | tail -n 1)
+  rm -rf .versions
+  echo "${highest}"
+}
+
+# Patch Jenkinsfile
+update_jenkinsfile() {
+  sed -i "s/ces-build-lib@[[:digit:]].[[:digit:]].[[:digit:]]/ces-build-lib@$(get_highest_version ces)/g" Jenkinsfile
+  sed -i "s/dugu-build-lib@[[:digit:]].[[:digit:]].[[:digit:]]/dogu-build-lib@$(get_highest_version dogu)/g" Jenkinsfile
+}
+
+# switch for script entrypoint
+if [[ "${TYPE}" == "buildlibs" ]];then
+  update_build_libs
+else
+  echo "Unknown target ${TYPE}"
+fi
+
+
+
diff --git a/docs/gui/release_notes_de.md b/docs/gui/release_notes_de.md
@@ -4,6 +4,12 @@ Im Folgenden finden Sie die Release Notes für das SonarQube-Dogu.
 
 Technische Details zu einem Release finden Sie im zugehörigen [Changelog](https://docs.cloudogu.com/de/docs/dogus/sonar/CHANGELOG/).
 
+## [Unreleased]
+
+## [v9.9.8-1] - 2025-01-13
+* Das Dogu bietet nun die SonarQube-Version 9.9.8 an. Die Release Notes von SonarQube finden Sie [hier](https://docs.sonarsource.com/sonarqube/latest/setup-and-upgrade/release-upgrade-notes/#release-9.9-upgrade-notes).
+Eine Liste der im aktuellen Patch-release enthaltenen Verbesserungen findet sich [hier](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010139%20AND%20fixVersion%20%3D%2016011%20AND%20issuetype%20%21%3D%20Task)
+
 ## 9.9.7-1
 * Das Dogu bietet nun die SonarQube-Version 9.9.7 an. Die Release Notes von SonarQube finden Sie [hier](https://docs.sonarsource.com/sonarqube/latest/setup-and-upgrade/release-upgrade-notes/#release-9.9-upgrade-notes).
 Eine Liste der im aktuellen Patch-release enthaltenen Verbesserungen findet sich [hier](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010139%20AND%20fixVersion%20%3D%2015864%20AND%20issuetype%20%21%3D%20Task)

diff --git a/docs/gui/release_notes_en.md b/docs/gui/release_notes_en.md
@@ -4,6 +4,12 @@ Below you will find the release notes for the SonarQube Dogu.
 
 Technical details on a release can be found in the corresponding [Changelog](https://docs.cloudogu.com/en/docs/dogus/sonar/CHANGELOG/).
 
+## [Unreleased]
+
+## [v9.9.8-1] - 2025-01-13
+* The Dogu now offers SonarQube version 9.9.8. The SonarQube release notes can be found [here](https://docs.sonarsource.com/sonarqube/latest/setup-and-upgrade/release-upgrade-notes/#release-9.9-upgrade-notes).
+A list of the improvements included in the current patch release can be found [here](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010139%20AND%20fixVersion%20%3D%2016011%20AND%20issuetype%20%21%3D%20Task)
+
 ## 9.9.7-1
 * The Dogu now offers SonarQube version 9.9.7. The SonarQube release notes can be found [here](https://docs.sonarsource.com/sonarqube/latest/setup-and-upgrade/release-upgrade-notes/#release-9.9-upgrade-notes).
 A list of the improvements included in the current patch release can be found [here](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010139%20AND%20fixVersion%20%3D%2015864%20AND%20issuetype%20%21%3D%20Task)

diff --git a/dogu.json b/dogu.json
@@ -1,6 +1,6 @@
 {
   "Name": "official/sonar",
-  "Version": "9.9.7-1",
+  "Version": "9.9.8-1",
   "DisplayName": "SonarQube",
   "Description": "SonarQube is an open source quality management platform, dedicated to continuously analyze and measure source code quality",
   "Category": "Development Apps",

diff --git a/spec/goss/goss.yaml b/spec/goss/goss.yaml
@@ -12,7 +12,7 @@ file:
     group: sonar
     filetype: file
     contains: []
-  /opt/sonar/extensions/plugins/sonar-cas-plugin-5.0.2.jar:
+  /opt/sonar/extensions/plugins/sonar-cas-plugin-5.1.0.jar:
     exists: true
     filetype: file
     contains: []