Skip to content

Instantly share code, notes, and snippets.

@degree
Last active Jul 7, 2020
Embed
What would you like to do?
SonarQube 7.x Developer Edition
FROM openjdk:8
ARG SONAR_VERSION
ENV SONARQUBE_HOME=/opt/sonarqube \
SONARQUBE_JDBC_USERNAME=sonar \
SONARQUBE_JDBC_PASSWORD=sonar \
SONARQUBE_JDBC_URL="" \
SONAR_VERSION=$SONAR_VERSION
RUN groupadd -r sonarqube && useradd -r -g sonarqube sonarqube \
&& export GNUPGHOME="$(mktemp -d)" \
&& /usr/bin/gpg-agent --daemon \
&& wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture)" \
&& wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture).asc" \
&& (gpg --batch --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
|| gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net:80 --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4) \
&& gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
&& curl -o /opt/sonarqube.zip -fSL https://binaries.sonarsource.com/CommercialDistribution/sonarqube-developer/sonarqube-developer-$SONAR_VERSION.zip \
&& curl -o /opt/sonarqube.zip.asc -fSL https://binaries.sonarsource.com/CommercialDistribution/sonarqube-developer/sonarqube-developer-$SONAR_VERSION.zip.asc \
&& (gpg --batch --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys F1182E81C792928921DBCAB4CFCA4A29D26468DE \
|| gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net:80 --recv-keys F1182E81C792928921DBCAB4CFCA4A29D26468DE) \
&& gpg --batch --verify /opt/sonarqube.zip.asc /opt/sonarqube.zip \
&& rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc /opt/sonarqube.zip.asc \
&& chmod +x /usr/local/bin/gosu \
&& gosu nobody true \
&& cd /opt \
&& unzip sonarqube.zip \
&& mv /opt/sonarqube-$SONAR_VERSION $SONARQUBE_HOME \
&& chown -R sonarqube:sonarqube $SONARQUBE_HOME \
&& rm /opt/sonarqube.zip* \
&& rm -rf $SONARQUBE_HOME/bin/*
COPY run.sh $SONARQUBE_HOME/bin/
EXPOSE 9000
VOLUME "$SONARQUBE_HOME/data"
WORKDIR $SONARQUBE_HOME
USER sonarqube
ENTRYPOINT ["./bin/run.sh"]
@degree
Copy link
Author

degree commented Jan 23, 2019

added USER sonarqube

@Jaff
Copy link

Jaff commented Feb 6, 2019

Here's my version, still flaps with docker logs sonarqube reporting not needed

FROM openjdk:8



ENV SONAR_VERSION=7.6 \
    SONARQUBE_HOME=/opt/sonarqube \
    SONARQUBE_JDBC_USERNAME=sonar \
    SONARQUBE_JDBC_PASSWORD=sonar \
    SONARQUBE_JDBC_URL=""

RUN groupadd -r sonarqube && useradd -r -g sonarqube sonarqube \
    && export GNUPGHOME="$(mktemp -d)" \
    && /usr/bin/gpg-agent --daemon \
    && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture)" \
    && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture).asc" \
    && (gpg --batch --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
    || gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net:80 --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4) \
    && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu

RUN wget -O /opt/sonarqube.zip --no-verbose "https://binaries.sonarsource.com/CommercialDistribution/sonarqube-developer/sonarqube-developer-${SONAR_VERSION}.zip" \
    && wget -O /opt/sonarqube.zip.asc --no-verbose "https://binaries.sonarsource.com/CommercialDistribution/sonarqube-developer/sonarqube-developer-${SONAR_VERSION}.zip.asc" \
    && (gpg --batch --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys F1182E81C792928921DBCAB4CFCA4A29D26468DE \
    || gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net:80 --recv-keys F1182E81C792928921DBCAB4CFCA4A29D26468DE) \
    && gpg --batch --verify /opt/sonarqube.zip.asc /opt/sonarqube.zip \
    && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc /opt/sonarqube.zip.asc

RUN chmod +x /usr/local/bin/gosu \
    && gosu nobody true \
    && cd /opt \
    && unzip sonarqube.zip \
    && mv "/opt/sonarqube-$SONAR_VERSION" $SONARQUBE_HOME \
    && chown -R sonarqube:sonarqube $SONARQUBE_HOME \
    && rm /opt/sonarqube.zip* \
    && rm -rf $SONARQUBE_HOME/bin/*

COPY run.sh $SONARQUBE_HOME/bin/

EXPOSE 9000

VOLUME "$SONARQUBE_HOME/data"

WORKDIR $SONARQUBE_HOME

USER sonarqube

ENTRYPOINT ["./bin/run.sh"]

@Jaff
Copy link

Jaff commented Feb 13, 2019

My bad; I had the wrong copy of run.sh in my build directory

@jarnohenneman
Copy link

jarnohenneman commented Jun 21, 2019

@degree is there any official docker developer image available on docker hub or repository with full working scripts?

@degree
Copy link
Author

degree commented Jun 21, 2019

@jarnohenneman
no. that's exactly the issue that sonar source did not provide one and we add users have to build our own images.

@motoreagattoimburrato
Copy link

motoreagattoimburrato commented Jul 6, 2020

Hi, could anyone explain what this code does?

RUN groupadd -r sonarqube && useradd -r -g sonarqube sonarqube \
    && export GNUPGHOME="$(mktemp -d)" \
    && /usr/bin/gpg-agent --daemon \
    && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture)" \
    && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture).asc" \
    && (gpg --batch --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
    || gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net:80 --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4) \
    && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
    && curl -o /opt/sonarqube.zip -fSL https://binaries.sonarsource.com/CommercialDistribution/sonarqube-developer/sonarqube-developer-$SONAR_VERSION.zip \
    && curl -o /opt/sonarqube.zip.asc -fSL https://binaries.sonarsource.com/CommercialDistribution/sonarqube-developer/sonarqube-developer-$SONAR_VERSION.zip.asc \
    && (gpg --batch --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys F1182E81C792928921DBCAB4CFCA4A29D26468DE \
    || gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net:80 --recv-keys F1182E81C792928921DBCAB4CFCA4A29D26468DE) \
    && gpg --batch --verify /opt/sonarqube.zip.asc /opt/sonarqube.zip \
    && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc /opt/sonarqube.zip.asc \
    && chmod +x /usr/local/bin/gosu \
    && gosu nobody true \
    && cd /opt \
    && unzip sonarqube.zip \
    && mv /opt/sonarqube-$SONAR_VERSION $SONARQUBE_HOME \
    && chown -R sonarqube:sonarqube $SONARQUBE_HOME \
    && rm /opt/sonarqube.zip* \
    && rm -rf $SONARQUBE_HOME/bin/*
```

I can't understand how can help with key licenses.

Thank you in advance

@degree
Copy link
Author

degree commented Jul 6, 2020

  1. adds sonarqube group and user
  2. creates temp dir for GPG
  3. downloads gosu tool and its signature as asc
  4. gets gpg key from either server hkp://...
  5. verifies that gosu was not manipulated using key B42...
  6. does the same to sonarqube.zip of specific version and verifies it with another key F1182...
  7. removes temp GPG dir and signature files .asc
  8. makes gosu executable and checks gosu running for at least user 'nobody'
  9. unzips sonarqube to /opt, moves directories, changes ownership,
  10. cleans up to reduce docker image footprint

I am not sure that I have understood your question about key licenses. I have installed SQ license through SQ UI.

@motoreagattoimburrato
Copy link

motoreagattoimburrato commented Jul 6, 2020

1. adds sonarqube group and user

2. creates temp dir for GPG

3. downloads gosu tool and its signature as asc

4. gets gpg key from either server hkp://...

5. verifies that gosu was not manipulated using key B42...

6. does the same to sonarqube.zip of specific version and verifies it with another key F1182...

7. removes temp GPG dir and signature files .asc

8. makes gosu executable and checks gosu running for at least user 'nobody'

9. unzips sonarqube to /opt, moves directories, changes ownership,

10. cleans up to reduce docker image footprint

I am not sure that I have understood your question about key licenses. I have installed SQ license through SQ UI.

thank you so much @degree

@degree
Copy link
Author

degree commented Jul 6, 2020

@degree
Copy link
Author

degree commented Jul 6, 2020

@x21Kenobi consider using official docker images from SonarSource. They should be available already.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment