-
Notifications
You must be signed in to change notification settings - Fork 1k
/
Copy pathDockerfile
76 lines (66 loc) · 3.04 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
FROM eclipse-temurin:17-jre-noble
LABEL io.k8s.description="SonarQube Community Build is a self-managed, automatic code review tool that systematically helps you deliver Clean Code."
LABEL io.openshift.min-cpu=400m
LABEL io.openshift.min-memory=2048M
LABEL io.openshift.non-scalable=true
LABEL io.openshift.tags=sonarqube,static-code-analysis,code-quality,clean-code
LABEL org.opencontainers.image.url=https://github.com/SonarSource/docker-sonarqube
ENV LANG='en_US.UTF-8' \
LANGUAGE='en_US:en' \
LC_ALL='en_US.UTF-8'
#
# SonarQube setup
#
ARG SONARQUBE_VERSION=25.1.0.102122
ARG SONARQUBE_ZIP_URL=https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-${SONARQUBE_VERSION}.zip
ENV DOCKER_RUNNING="true" \
JAVA_HOME='/opt/java/openjdk' \
SONARQUBE_HOME=/opt/sonarqube \
SONAR_VERSION="${SONARQUBE_VERSION}" \
SQ_DATA_DIR="/opt/sonarqube/data" \
SQ_EXTENSIONS_DIR="/opt/sonarqube/extensions" \
SQ_LOGS_DIR="/opt/sonarqube/logs" \
SQ_TEMP_DIR="/opt/sonarqube/temp"
# Separate stage to use variable expansion
ENV ES_TMPDIR="${SQ_TEMP_DIR}"
RUN set -eux; \
deluser ubuntu; \
useradd --system --uid 1000 --gid 0 sonarqube; \
apt-get update; \
apt-get --no-install-recommends -y install \
bash \
curl \
fonts-dejavu \
gnupg \
unzip; \
echo "networkaddress.cache.ttl=5" >> "${JAVA_HOME}/conf/security/java.security"; \
sed --in-place --expression="s?securerandom.source=file:/dev/random?securerandom.source=file:/dev/urandom?g" "${JAVA_HOME}/conf/security/java.security"; \
# pub 2048R/D26468DE 2015-05-25
# Key fingerprint = F118 2E81 C792 9289 21DB CAB4 CFCA 4A29 D264 68DE
# uid sonarsource_deployer (Sonarsource Deployer) <infra@sonarsource.com>
# sub 2048R/06855C1D 2015-05-25
for server in $(shuf -e hkps://keys.openpgp.org \
hkps://keyserver.ubuntu.com) ; do \
gpg --batch --keyserver "${server}" --recv-keys 679F1EE92B19609DE816FDE81DB198F93525EC1A && break || : ; \
done; \
mkdir --parents /opt; \
cd /opt; \
curl --fail --location --output sonarqube.zip --silent --show-error "${SONARQUBE_ZIP_URL}"; \
curl --fail --location --output sonarqube.zip.asc --silent --show-error "${SONARQUBE_ZIP_URL}.asc"; \
gpg --batch --verify sonarqube.zip.asc sonarqube.zip; \
unzip -q sonarqube.zip; \
mv "sonarqube-${SONARQUBE_VERSION}" sonarqube; \
rm sonarqube.zip*; \
rm -rf ${SONARQUBE_HOME}/bin/*; \
ln -s "${SONARQUBE_HOME}/lib/sonar-application-${SONARQUBE_VERSION}.jar" "${SONARQUBE_HOME}/lib/sonarqube.jar"; \
chmod -R 550 ${SONARQUBE_HOME}; \
chmod -R 770 "${SQ_DATA_DIR}" "${SQ_EXTENSIONS_DIR}" "${SQ_LOGS_DIR}" "${SQ_TEMP_DIR}"; \
apt-get remove -y gnupg unzip; \
rm -rf /var/lib/apt/lists/*;
VOLUME ["${SQ_DATA_DIR}", "${SQ_EXTENSIONS_DIR}", "${SQ_LOGS_DIR}", "${SQ_TEMP_DIR}"]
COPY entrypoint.sh ${SONARQUBE_HOME}/docker/
WORKDIR ${SONARQUBE_HOME}
EXPOSE 9000
USER sonarqube
STOPSIGNAL SIGINT
ENTRYPOINT ["/opt/sonarqube/docker/entrypoint.sh"]