From 591846d2bef085ddd72394496dcddd1ad93d96dd Mon Sep 17 00:00:00 2001 From: jeremy cotineau Date: Fri, 20 Jun 2025 08:58:33 +0200 Subject: [PATCH 1/4] SONAR-25358 create official-image PR automatically --- .github/workflows/release-official-images.yml | 71 +++++++++++++++++++ .../test-official-images-generator.yml | 4 -- 2 files changed, 71 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/release-official-images.yml diff --git a/.github/workflows/release-official-images.yml b/.github/workflows/release-official-images.yml new file mode 100644 index 000000000..8f0775d7d --- /dev/null +++ b/.github/workflows/release-official-images.yml @@ -0,0 +1,71 @@ +name: Release Official Images + +on: + push: + branches: + - master + pull_request: + types: [opened, synchronize, reopened] + +jobs: + go-test: + uses: ./.github/workflows/test-official-images-generator.yml + generate-release-file: + name: Generate release file + runs-on: ubuntu-latest + needs: go-test + steps: + - name: actions/checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Set up Go based on go.mod + uses: actions/setup-go@v4 + with: + go-version-file: docker-official-images/go.mod + - name: generate release file with go script + run: go run main.go + working-directory: docker-official-images/ + - name: Upload release-file + uses: actions/upload-artifact@v4 + with: + name: docker-official-images-release-file-${{ github.sha }} + path: docker-official-images/official_images.txt + retention-days: 1 + create-pr: + runs-on: ubuntu-latest + permissions: + contents: read + pages: write + id-token: write + needs: generate-release-file + steps: + - id: secrets + uses: SonarSource/vault-action-wrapper@v3 + with: + secrets: | + development/github/token/${{ github.repository_owner }}-${{ github.event.repository.name }}-release token | gh-token + - name: actions/checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + repository: docker-library/official-images + token: ${{ fromJSON(steps.secrets.outputs.vault).gh-token }} + - name: retrieve generated official-images file + uses: actions/download-artifact@v4 + with: + name: docker-official-images-release-file-${{ github.sha }} + path: /tmp + - name: Copy official-images.txt to repository + run: | + cp /tmp/official_images.txt library/sonarqube + - name: Create pull request + uses: peter-evans/create-pull-request@v4 + with: + token: ${{ fromJSON(steps.secrets.outputs.vault).gh-token }} + commit-message: "DO-NOT-MERGE trying out automation of sonarqube releases" + title: "DO-NOT-MERGE trying out automation of sonarqube releases" + push-to-fork: ${{ github.repository_owner }}/official-images + body: "" + labels: automated-release + diff --git a/.github/workflows/test-official-images-generator.yml b/.github/workflows/test-official-images-generator.yml index a6f8da59b..9fe4424e1 100644 --- a/.github/workflows/test-official-images-generator.yml +++ b/.github/workflows/test-official-images-generator.yml @@ -5,10 +5,6 @@ name: go test the official images generator jobs: go-test: runs-on: ubuntu-latest-large - permissions: - id-token: write - pull-requests: read - contents: read steps: - uses: actions/checkout@v4 with: From 7f968003b1eccc8656b76b52e4e05dcce29bcd38 Mon Sep 17 00:00:00 2001 From: jeremy cotineau Date: Tue, 1 Jul 2025 15:06:12 +0200 Subject: [PATCH 2/4] SONAR-25358 split token usage into public and private --- .github/workflows/release-official-images.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release-official-images.yml b/.github/workflows/release-official-images.yml index 8f0775d7d..b82753217 100644 --- a/.github/workflows/release-official-images.yml +++ b/.github/workflows/release-official-images.yml @@ -44,13 +44,14 @@ jobs: uses: SonarSource/vault-action-wrapper@v3 with: secrets: | - development/github/token/${{ github.repository_owner }}-${{ github.event.repository.name }}-release token | gh-token + development/github/token/${{ github.repository_owner }}-${{ github.event.repository.name }}-release token | gh-token; + development/team/sonarqube/kv/data/github-public-user token | gh-public-token; - name: actions/checkout uses: actions/checkout@v4 with: fetch-depth: 0 repository: docker-library/official-images - token: ${{ fromJSON(steps.secrets.outputs.vault).gh-token }} + token: ${{ fromJSON(steps.secrets.outputs.vault).gh-public-token }} - name: retrieve generated official-images file uses: actions/download-artifact@v4 with: @@ -60,9 +61,10 @@ jobs: run: | cp /tmp/official_images.txt library/sonarqube - name: Create pull request - uses: peter-evans/create-pull-request@v4 + uses: peter-evans/create-pull-request@v7 with: - token: ${{ fromJSON(steps.secrets.outputs.vault).gh-token }} + token: ${{ fromJSON(steps.secrets.outputs.vault).gh-public-token }} + branch-token: ${{ fromJSON(steps.secrets.outputs.vault).gh-token }} commit-message: "DO-NOT-MERGE trying out automation of sonarqube releases" title: "DO-NOT-MERGE trying out automation of sonarqube releases" push-to-fork: ${{ github.repository_owner }}/official-images From 9013268043dcad8ce8dc77c35a86f835022b4742 Mon Sep 17 00:00:00 2001 From: jeremy cotineau Date: Wed, 2 Jul 2025 09:00:40 +0200 Subject: [PATCH 3/4] SONAR-25358 move to internal fork for testing --- .github/workflows/release-official-images.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release-official-images.yml b/.github/workflows/release-official-images.yml index b82753217..93d40044f 100644 --- a/.github/workflows/release-official-images.yml +++ b/.github/workflows/release-official-images.yml @@ -50,8 +50,11 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - repository: docker-library/official-images - token: ${{ fromJSON(steps.secrets.outputs.vault).gh-public-token }} + # repository: docker-library/official-images + # token: ${{ fromJSON(steps.secrets.outputs.vault).gh-public-token }} + repository: ${{ github.repository_owner }}/official-images + token: ${{ fromJSON(steps.secrets.outputs.vault).gh-token }} + - name: retrieve generated official-images file uses: actions/download-artifact@v4 with: @@ -63,11 +66,11 @@ jobs: - name: Create pull request uses: peter-evans/create-pull-request@v7 with: - token: ${{ fromJSON(steps.secrets.outputs.vault).gh-public-token }} + # token: ${{ fromJSON(steps.secrets.outputs.vault).gh-public-token }} + token: ${{ fromJSON(steps.secrets.outputs.vault).gh-token }} branch-token: ${{ fromJSON(steps.secrets.outputs.vault).gh-token }} commit-message: "DO-NOT-MERGE trying out automation of sonarqube releases" title: "DO-NOT-MERGE trying out automation of sonarqube releases" - push-to-fork: ${{ github.repository_owner }}/official-images + # push-to-fork: ${{ github.repository_owner }}/official-images body: "" - labels: automated-release From dda37c689ea4589e05feacd6b310b023e938a049 Mon Sep 17 00:00:00 2001 From: jeremy cotineau Date: Thu, 10 Jul 2025 16:32:47 +0200 Subject: [PATCH 4/4] NO-JIRA update release and update tpl --- .../fixtures/active_versions.json | 12 ++++++++---- .../fixtures/docker-official-sonarqube | 14 ++++++++++++++ docker-official-images/internal/build/build.go | 7 ++++++- docker-official-images/official_images.tmpl | 1 + release.md | 9 +++++++-- 5 files changed, 36 insertions(+), 7 deletions(-) diff --git a/docker-official-images/fixtures/active_versions.json b/docker-official-images/fixtures/active_versions.json index 8450316df..e6aa186f9 100644 --- a/docker-official-images/fixtures/active_versions.json +++ b/docker-official-images/fixtures/active_versions.json @@ -1,20 +1,24 @@ [ { - "branch": "0330278146e14fdbde39328ab2c9e10a66f9fbe8", + "branch": "origin/master", + "commitSha": "0330278146e14fdbde39328ab2c9e10a66f9fbe8", "type": "commercialEditions", "isLatest": true }, { - "branch": "31fac30f5087cc490c9cd266e2279729a2fbdd7c", + "branch": "origin/master", + "commitSha": "31fac30f5087cc490c9cd266e2279729a2fbdd7c", "type": "commercialEditions", "isLatestLTATag": true }, { - "branch": "0330278146e14fdbde39328ab2c9e10a66f9fbe8", + "branch": "origin/master", + "commitSha": "0330278146e14fdbde39328ab2c9e10a66f9fbe8", "type": "communityBuild" }, { - "branch": "0330278146e14fdbde39328ab2c9e10a66f9fbe8", + "branch": "origin/master", + "commitSha": "0330278146e14fdbde39328ab2c9e10a66f9fbe8", "type": "legacy", "isLatestLTSTag": true } diff --git a/docker-official-images/fixtures/docker-official-sonarqube b/docker-official-images/fixtures/docker-official-sonarqube index e98c6c842..0b7cf8292 100644 --- a/docker-official-images/fixtures/docker-official-sonarqube +++ b/docker-official-images/fixtures/docker-official-sonarqube @@ -8,55 +8,69 @@ Builder: buildkit Tags: 2025.3.1-developer, 2025.3-developer, developer Directory: commercial-editions/developer GitCommit: 0330278146e14fdbde39328ab2c9e10a66f9fbe8 +GitFetch: refs/heads/master Tags: 2025.3.1-enterprise, 2025.3-enterprise, enterprise Directory: commercial-editions/enterprise GitCommit: 0330278146e14fdbde39328ab2c9e10a66f9fbe8 +GitFetch: refs/heads/master Tags: 2025.3.1-datacenter-app, 2025.3-datacenter-app, datacenter-app Directory: commercial-editions/datacenter/app GitCommit: 0330278146e14fdbde39328ab2c9e10a66f9fbe8 +GitFetch: refs/heads/master Tags: 2025.3.1-datacenter-search, 2025.3-datacenter-search, datacenter-search Directory: commercial-editions/datacenter/search GitCommit: 0330278146e14fdbde39328ab2c9e10a66f9fbe8 +GitFetch: refs/heads/master Tags: 2025.1.2-developer, 2025.1-developer, 2025-lta-developer Directory: commercial-editions/developer GitCommit: 31fac30f5087cc490c9cd266e2279729a2fbdd7c +GitFetch: refs/heads/master Tags: 2025.1.2-enterprise, 2025.1-enterprise, 2025-lta-enterprise Directory: commercial-editions/enterprise GitCommit: 31fac30f5087cc490c9cd266e2279729a2fbdd7c +GitFetch: refs/heads/master Tags: 2025.1.2-datacenter-app, 2025.1-datacenter-app, 2025-lta-datacenter-app Directory: commercial-editions/datacenter/app GitCommit: 31fac30f5087cc490c9cd266e2279729a2fbdd7c +GitFetch: refs/heads/master Tags: 2025.1.2-datacenter-search, 2025.1-datacenter-search, 2025-lta-datacenter-search Directory: commercial-editions/datacenter/search GitCommit: 31fac30f5087cc490c9cd266e2279729a2fbdd7c +GitFetch: refs/heads/master Tags: 25.6.0.109173-community, community, latest Directory: community-build GitCommit: 0330278146e14fdbde39328ab2c9e10a66f9fbe8 +GitFetch: refs/heads/master Tags: 9.9.8-community, 9.9-community, 9-community, lts, lts-community Directory: 9/community GitCommit: 0330278146e14fdbde39328ab2c9e10a66f9fbe8 +GitFetch: refs/heads/master Tags: 9.9.8-developer, 9.9-developer, 9-developer, lts-developer Directory: 9/developer GitCommit: 0330278146e14fdbde39328ab2c9e10a66f9fbe8 +GitFetch: refs/heads/master Tags: 9.9.9-enterprise, 9.9-enterprise, 9-enterprise, lts-enterprise Directory: 9/enterprise GitCommit: 0330278146e14fdbde39328ab2c9e10a66f9fbe8 +GitFetch: refs/heads/master Tags: 9.9.9-datacenter-app, 9.9-datacenter-app, 9-datacenter-app, lts-datacenter-app Directory: 9/datacenter/app GitCommit: 0330278146e14fdbde39328ab2c9e10a66f9fbe8 +GitFetch: refs/heads/master Tags: 9.9.9-datacenter-search, 9.9-datacenter-search, 9-datacenter-search, lts-datacenter-search Directory: 9/datacenter/search GitCommit: 0330278146e14fdbde39328ab2c9e10a66f9fbe8 +GitFetch: refs/heads/master diff --git a/docker-official-images/internal/build/build.go b/docker-official-images/internal/build/build.go index 6f9fc0825..97ec5d02a 100644 --- a/docker-official-images/internal/build/build.go +++ b/docker-official-images/internal/build/build.go @@ -157,8 +157,13 @@ func GetBuildMetadataFromConfig(cfg config.ActiveVersionConfig, fileFetcher fetc return nil, fmt.Errorf("GenerateTags(%q, %q, %t, %t, %t, %q) error = %v", version, editionType, cfg.IsLatestLTSTag, cfg.IsLatestLTATag, cfg.IsLatest, cfg.Type, err) } + branch := cfg.Branch + if strings.HasPrefix(branch, "origin/") { + branch = strings.Replace(branch, "origin/", "refs/heads/", 1) + } + metadata := ImageBuildMetadata{ - Branch: cfg.Branch, + Branch: branch, Version: version, Architectures: []string{"amd64", "arm64v8"}, GitCommit: branchOrCommit, diff --git a/docker-official-images/official_images.tmpl b/docker-official-images/official_images.tmpl index 7b06294d2..44d58c79d 100644 --- a/docker-official-images/official_images.tmpl +++ b/docker-official-images/official_images.tmpl @@ -10,5 +10,6 @@ Builder: buildkit Tags: {{ range $index, $tag := .Tags -}}{{ if $index }}, {{ end }}{{ $tag }}{{- end }} Directory: {{ .ImageDirectory }} GitCommit: {{ .GitCommit }} +GitFetch: {{ .Branch }} {{- "\n" -}} {{- end -}} diff --git a/release.md b/release.md index 218783f56..fd2816138 100644 --- a/release.md +++ b/release.md @@ -9,7 +9,8 @@ We consider the **docker image** as part of the SonarQube Server **product**. Th Release of a new version of the official SonarQube Server Docker images is made of several operations. (Please note that in case of an LTA patch release that should not include the latest changes on master, you need to release from a new branch - e.g., `release/2025.4` - and propagate the changes to master afterwards). 1. Set the new version of SonarQube Server (`SONARQUBE_VERSION`) to be released in the Dockerfiles. In case of community build, please remember to update `community-build/Dockerfile` only. -2. If you are releasing a new LTA, set `CURRENT_LTA_VERSION` in `.cirrus/tasks.yml`. Otherwise, if you are releasing a Community build, set `COMMUNITY_BUILD_VERSION` only. In all the other cases where a paid edition is about to be releases, set `CURRENT_VERSION` (please note that the nightly build will fail before the public image becomes available). +2. The step 2 is about updating `.cirrus/tasls/yml`, due to `renovate.json5` this step can be trigger automatically trought [renovate mend](https://developer.mend.io/) -> docker-sonarqube -> Actions -> Run Renovate Scan. Please note this is new and should be carefully reviewed before merging. + 1. (Deprecated, Manual action) If you are releasing a new LTA, set `CURRENT_VERSION` in `.cirrus/tasks.yml` on the related lta branch. Otherwise, if you are releasing a Community build, set `COMMUNITY_BUILD_VERSION` only. In all the other cases where a paid edition is about to be releases, set `CURRENT_VERSION` (please note that the nightly build will fail before the public image becomes available). 3. Update the docker hub SonarQube Server's documentation (if applicable) 4. Update Docker Hub's SonarQube Server images 5. Add a GIT tag for the new version (This needs to be done after the images become available on DockerHub) @@ -42,7 +43,11 @@ For more and up to date documentation, see https://github.com/docker-library/doc In order to update the Docker Hub images, a Pull Request must be created on the [official-images](https://github.com/docker-library/official-images) repository. -To do so you can use your own personal fork. +Please use the go-tool [described here](./docker-official-images/README.md) that will automatically generate a `docker-official-images/official_images.txt` + +(Deprecated, Manual Action) + +You can use your own personal fork or SonarSource fork. Create a feature branch on the fork: