Prepare 4.5.0 release

.github/workflows/changelog-enforcer.yml

@@ -8,7 +8,7 @@ jobs:
   changelog:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/[email protected].2
+      - uses: actions/[email protected].6
       - uses: dangoslen/changelog-enforcer@v3
         with:
           changeLogPath: 'CHANGELOG.md'

.github/workflows/codeql-analysis.yml

@@ -15,7 +15,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/[email protected].2
+      uses: actions/[email protected].6
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.

.github/workflows/continuous-integration-workflow.yml

@@ -12,7 +12,7 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/[email protected].2
+        uses: actions/[email protected].6
       -
         name: Build UBI8 docker image
         run: |
@@ -27,7 +27,7 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/[email protected].2
+        uses: actions/[email protected].6
       - name: Build UBI8 docker image
         run: |
           ./.github/workflows/build-docker-image.sh \
@@ -56,7 +56,7 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/[email protected].2
+        uses: actions/[email protected].6
       -
         name: Check shell scripts
         run: |
@@ -72,7 +72,7 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/[email protected].2
+        uses: actions/[email protected].6
       -
         name: Check shell scripts
         run: |
@@ -88,7 +88,7 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/[email protected].2
+        uses: actions/[email protected].6
       -
         name: Setup Go 1.18
         uses: actions/setup-go@v5
@@ -128,7 +128,7 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/[email protected].2
+        uses: actions/[email protected].6
       -
           name: Check shell scripts
           run: |
@@ -145,7 +145,7 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/[email protected].2
+        uses: actions/[email protected].6
       -
         name: Check jsl expectations
         run: |
@@ -163,7 +163,7 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/[email protected].2
+        uses: actions/[email protected].6
       - 
         name: Setup Go 1.18
         uses: actions/setup-go@v5
@@ -184,7 +184,7 @@ jobs:
           exit 1
       -
         name: Verify all Go tests pass linting
-        uses: golangci/golangci-lint-action@v4
+        uses: golangci/golangci-lint-action@v6
         with:
           version: v1.49.0
           working-directory: tests
@@ -207,7 +207,7 @@ jobs:
 #       run: jq . <<< "${GITHUB_CONTEXT}"
 #     -
 #       name: Checkout repository
-#       uses: actions/[email protected].2
+#       uses: actions/[email protected].6
 #       with:
 #         fetch-depth: 0
 #         path: 'ods-core'

CHANGELOG.md

@@ -2,11 +2,20 @@
 
 ## Unreleased
 
+### Added
+
+### Changed
+
 ### Fixed
 
+## [4.5.0] - 2024-06-06
+
 ### Added
+- Add availability check for DocGen pod ([#1277](https://github.com/opendevstack/ods-core/pull/1277))
 
 ### Changed
+- Update SonarQube to 9.9.5 and configure resources for Nexus and Sonarqube in ods-configuration ([#1283](https://github.com/opendevstack/ods-core/pull/1283))
+- Update Nexus to 3.68.1-java11 to address a critical vulnerability ([#1286](https://github.com/opendevstack/ods-core/pull/1286))
 
 ## [4.4.0] - 2024-04-22
 

configuration-sample/ods-core.env.sample

@@ -45,8 +45,8 @@ ODS_BITBUCKET_PROJECT=opendevstack
 # Nexus base image
 # See Dockerhub https://hub.docker.com/r/sonatype/nexus3/tags.
 # Officially supported is:
-# - 3.67.1-java11
-NEXUS_IMAGE_TAG=3.67.1-java11
+# - 3.68.1-java11
+NEXUS_IMAGE_TAG=3.68.1-java11
 
 # Nexus host without protocol.
 # The domain should be equal to OPENSHIFT_APPS_BASEDOMAIN (see below).
@@ -71,6 +71,16 @@ NEXUS_AUTH=developer:changeme
 # See https://help.sonatype.com/en/sonatype-nexus-repository-system-requirements.html
 NEXUS_JVM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=/nexus-data/javaprefs"
 
+# Nexus memory and CPU resources
+NEXUS_CPU_REQUEST=200m
+NEXUS_MEMORY_REQUEST=3Gi
+NEXUS_CPU_LIMIT=1
+NEXUS_MEMORY_LIMIT=5Gi
+
+# Nexus data and backup capacity
+NEXUS_DATA_CAPACITY=60Gi
+NEXUS_DATA_BACKUP_CAPACITY=10Gi
+
 #############
 # SonarQube #
 #############
@@ -125,7 +135,27 @@ SONAR_EDITION=community
 # See Dockerhub https://hub.docker.com/_/sonarqube/tags
 # Officially supported is:
 # - 9.9 (LTS release)
-SONAR_VERSION=9.9.4
+SONAR_VERSION=9.9.5
+
+# SonarQube memory and CPU resources
+SONARQUBE_CPU_REQUEST=200m
+SONARQUBE_MEMORY_REQUEST=2Gi
+SONARQUBE_CPU_LIMIT=1
+SONARQUBE_MEMORY_LIMIT=4Gi
+
+# SonarQube data and backup capacity
+SONARQUBE_DATA_CAPACITY=2Gi
+SONARQUBE_EXTENSIONS_CAPACITY=1Gi
+
+# SonarQube database memory and CPU resources
+SONARQUBE_DB_CPU_REQUEST=100m
+SONARQUBE_DB_MEMORY_REQUEST=256Mi
+SONARQUBE_DB_CPU_LIMIT=1
+SONARQUBE_DB_MEMORY_LIMIT=512Mi
+
+# SonarQube database and backup capacity
+SONARQUBE_DB_CAPACITY=2Gi
+SONARQUBE_DB_BACKUP_CAPACITY=1Gi
 
 #########
 # Jira #

jenkins/webhook-proxy/main.go

@@ -101,7 +101,8 @@ type Client interface {
 	GetPipeline(e *Event) (bool, []byte, error)
 	CreateOrUpdatePipeline(exists bool, tmpl *template.Template, e *Event, data BuildConfigData) (int, error)
 	DeletePipeline(e *Event) error
-	CheckAvailability(e *Event)
+	CheckJenkinsAvailability(e *Event)
+	CheckDocGenAvailability(e *Event)
 }
 
 type ocClient struct {
@@ -584,7 +585,8 @@ func (c *ocClient) Forward(e *Event, triggerSecret string) (int, []byte, error)
 	)
 	log.Println(e.RequestID, "Forwarding to", url)
 
-	c.CheckAvailability(e)
+	c.CheckJenkinsAvailability(e)
+	c.CheckDocGenAvailability(e)
 
 	p := struct {
 		Env []EnvPair `json:"env"`
@@ -617,7 +619,8 @@ func (c *ocClient) CreateOrUpdatePipeline(exists bool, tmpl *template.Template,
 		return 500, err
 	}
 
-	c.CheckAvailability(e)
+	c.CheckJenkinsAvailability(e)
+	c.CheckDocGenAvailability(e)
 
 	url := fmt.Sprintf(
 		"%s/namespaces/%s/buildconfigs",
@@ -660,7 +663,8 @@ func (c *ocClient) DeletePipeline(e *Event) error {
 		e.Pipeline,
 	)
 
-	c.CheckAvailability(e)
+	c.CheckJenkinsAvailability(e)
+	c.CheckDocGenAvailability(e)
 
 	req, _ := http.NewRequest(
 		"DELETE",
@@ -685,7 +689,7 @@ func (c *ocClient) DeletePipeline(e *Event) error {
 }
 
 // Check that Jenkins is up in case the service is idle in OpenShift.
-func (c *ocClient) CheckAvailability(e *Event) {
+func (c *ocClient) CheckJenkinsAvailability(e *Event) {
 	url := fmt.Sprintf(
 		"http://jenkins.%s.svc.cluster.local",
 		e.Namespace,
@@ -709,6 +713,31 @@ func (c *ocClient) CheckAvailability(e *Event) {
 	}
 }
 
+// Check that DocGen is up in case the service is idle in OpenShift.
+func (c *ocClient) CheckDocGenAvailability(e *Event) {
+	url := fmt.Sprintf(
+		"http://docgen.%s:8080",
+		e.Namespace,
+	)
+	req, _ := http.NewRequest(
+		"GET",
+		url,
+		nil,
+	)
+
+	res, err := c.do(req)
+
+	if err != nil {
+		log.Println(e.RequestID, "DocGen not reachable, if idled it will scale up in namespace", e.Namespace)
+	} else {
+		if res.StatusCode == 200 {
+			log.Println(e.RequestID, "DocGen available in namespace", e.Namespace)
+		} else {
+			log.Println(e.RequestID, "DocGen not available, status code is", res.StatusCode)
+		}
+	}
+}
+
 // GetPipeline determines whether the pipeline corresponding to the given
 // event already exists.
 func (c *ocClient) GetPipeline(e *Event) (bool, []byte, error) {

jenkins/webhook-proxy/main_test.go

@@ -198,7 +198,10 @@ func (c *mockClient) DeletePipeline(e *Event) error {
 	c.Event = e
 	return nil
 }
-func (c *mockClient) CheckAvailability(e *Event) {
+func (c *mockClient) CheckJenkinsAvailability(e *Event) {
+	c.Event = e
+}
+func (c *mockClient) CheckDocGenAvailability(e *Event) {
 	c.Event = e
 }
 

nexus/chart/Chart.yaml

@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.0.0
+version: 1.1.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "3.67.1-java11"
+appVersion: "3.68.1-java11"

nexus/chart/templates/pvc-data.yml

@@ -13,6 +13,6 @@ spec:
   - ReadWriteOnce
   resources:
     requests:
-      storage: 60Gi
+      storage: {{ .Values.nexus.pvcDataCapacity }}
   storageClassName: {{ .Values.global.storageClassData }}
   volumeMode: Filesystem

nexus/chart/templates/pvc-db-backup.yml

@@ -13,6 +13,6 @@ spec:
   - ReadWriteOnce
   resources:
     requests:
-      storage: 10Gi
+      storage: {{ .Values.nexus.pvcDataBackupCapacity }}
   storageClassName: {{ .Values.global.storageClassData }}
   volumeMode: Filesystem

nexus/chart/values.yaml.template

@@ -15,10 +15,12 @@ global:
   nexusDockerGroup: 'docker-group'
   nexusJvmParams: $NEXUS_JVM_PARAMS
 nexus:
-  cpuRequest: 200m
-  cpuLimit: 1
-  memRequest: 2Gi
-  memLimit: 4Gi
+  cpuRequest: $NEXUS_CPU_REQUEST
+  cpuLimit: $NEXUS_CPU_LIMIT
+  memRequest: $NEXUS_MEMORY_REQUEST
+  memLimit: $NEXUS_MEMORY_LIMIT
+  pvcDataCapacity: $NEXUS_DATA_CAPACITY
+  pvcDataBackupCapacity: $NEXUS_DATA_BACKUP_CAPACITY
 buildConfig:
   cpuRequest: 200m
   cpuLimit: 1

scripts/migrate-sonar-users.sh

@@ -77,11 +77,11 @@ if [ -f "${ODS_CONFIGURATION_DIR}/ods-core.env" ]; then
 
 fi
 
-Email_list=$( curl ${INSECURE} ${SONAR_URL}/api/users/search -u admin:${SONAR_ADMIN_TOKEN} | jq .users | grep login | grep @ | tr -d '"' | tr -d "," | cut -f2 -d ":" )
+Email_list=$( curl ${INSECURE} ${SONARQUBE_URL}/api/users/search -u ${SONAR_ADMIN_USERNAME}:${SONAR_ADMIN_PASSWORD} | jq .users | grep login | grep @ | tr -d '"' | tr -d "," | cut -f2 -d ":" )
 email_list_array=($Email_list)
 
 for email in "${email_list_array[@]}"
 do
-    curl ${INSECURE} -X POST -sSf -u admin:${SONAR_ADMIN_TOKEN} "${SONAR_URL}/api/users/update_identity_provider?newExternalProvider=saml&login=${email}" > /dev/null
+    curl ${INSECURE} -X POST -sSf -u ${SONAR_ADMIN_USERNAME}:${SONAR_ADMIN_PASSWORD} "${SONARQUBE_URL}/api/users/update_identity_provider?newExternalProvider=saml&login=${email}" > /dev/null
     echo "User ${email} migrated to Saml"
 done

sonarqube/chart/Chart.yaml

@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.0.0
+version: 1.1.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "9.9.4"
+appVersion: "9.9.5"

sonarqube/chart/templates/pvc-extensions.yaml

@@ -13,6 +13,6 @@ spec:
   - ReadWriteOnce
   resources:
     requests:
-      storage: 1Gi
+      storage: {{ .Values.sonarqube.pvcExtensionsCapacity }}
   storageClassName: {{ .Values.global.storageClassData }}
   volumeMode: Filesystem

sonarqube/chart/templates/pvc-postgresql-backup.yaml

@@ -13,6 +13,6 @@ spec:
   - ReadWriteOnce
   resources:
     requests:
-      storage: 1Gi
+      storage: {{ .Values.postgresql.pvcDatabaseBackupCapacity }}
   storageClassName: {{ .Values.global.storageClassData }}
   volumeMode: Filesystem

sonarqube/chart/templates/pvc-postgresql.yaml

@@ -13,6 +13,6 @@ spec:
   - ReadWriteOnce
   resources:
     requests:
-      storage: 2Gi
+      storage: {{ .Values.postgresql.pvcDatabaseCapacity }}
   storageClassName: {{ .Values.global.storageClassData }}
   volumeMode: Filesystem

sonarqube/chart/templates/pvc-sonar-data.yaml

@@ -13,6 +13,6 @@ spec:
   - ReadWriteOnce
   resources:
     requests:
-      storage: 2Gi
+      storage: {{ .Values.sonarqube.pvcDataCapacity }}
   storageClassName: {{ .Values.global.storageClassData }}
   volumeMode: Filesystem