Last active
July 7, 2020 13:34
-
-
Save degree/51accc0da6cab6d8b5fb06b833bdac76 to your computer and use it in GitHub Desktop.
SonarQube 7.x Developer Edition
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM openjdk:8 | |
| ARG SONAR_VERSION | |
| ENV SONARQUBE_HOME=/opt/sonarqube \ | |
| SONARQUBE_JDBC_USERNAME=sonar \ | |
| SONARQUBE_JDBC_PASSWORD=sonar \ | |
| SONARQUBE_JDBC_URL="" \ | |
| SONAR_VERSION=$SONAR_VERSION | |
| RUN groupadd -r sonarqube && useradd -r -g sonarqube sonarqube \ | |
| && export GNUPGHOME="$(mktemp -d)" \ | |
| && /usr/bin/gpg-agent --daemon \ | |
| && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture)" \ | |
| && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture).asc" \ | |
| && (gpg --batch --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ | |
| || gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net:80 --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4) \ | |
| && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ | |
| && curl -o /opt/sonarqube.zip -fSL https://binaries.sonarsource.com/CommercialDistribution/sonarqube-developer/sonarqube-developer-$SONAR_VERSION.zip \ | |
| && curl -o /opt/sonarqube.zip.asc -fSL https://binaries.sonarsource.com/CommercialDistribution/sonarqube-developer/sonarqube-developer-$SONAR_VERSION.zip.asc \ | |
| && (gpg --batch --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys F1182E81C792928921DBCAB4CFCA4A29D26468DE \ | |
| || gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net:80 --recv-keys F1182E81C792928921DBCAB4CFCA4A29D26468DE) \ | |
| && gpg --batch --verify /opt/sonarqube.zip.asc /opt/sonarqube.zip \ | |
| && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc /opt/sonarqube.zip.asc \ | |
| && chmod +x /usr/local/bin/gosu \ | |
| && gosu nobody true \ | |
| && cd /opt \ | |
| && unzip sonarqube.zip \ | |
| && mv /opt/sonarqube-$SONAR_VERSION $SONARQUBE_HOME \ | |
| && chown -R sonarqube:sonarqube $SONARQUBE_HOME \ | |
| && rm /opt/sonarqube.zip* \ | |
| && rm -rf $SONARQUBE_HOME/bin/* | |
| COPY run.sh $SONARQUBE_HOME/bin/ | |
| EXPOSE 9000 | |
| VOLUME "$SONARQUBE_HOME/data" | |
| WORKDIR $SONARQUBE_HOME | |
| USER sonarqube | |
| ENTRYPOINT ["./bin/run.sh"] |
Hi, could anyone explain what this code does?
RUN groupadd -r sonarqube && useradd -r -g sonarqube sonarqube \
&& export GNUPGHOME="$(mktemp -d)" \
&& /usr/bin/gpg-agent --daemon \
&& wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture)" \
&& wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture).asc" \
&& (gpg --batch --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
|| gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net:80 --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4) \
&& gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
&& curl -o /opt/sonarqube.zip -fSL https://binaries.sonarsource.com/CommercialDistribution/sonarqube-developer/sonarqube-developer-$SONAR_VERSION.zip \
&& curl -o /opt/sonarqube.zip.asc -fSL https://binaries.sonarsource.com/CommercialDistribution/sonarqube-developer/sonarqube-developer-$SONAR_VERSION.zip.asc \
&& (gpg --batch --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys F1182E81C792928921DBCAB4CFCA4A29D26468DE \
|| gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net:80 --recv-keys F1182E81C792928921DBCAB4CFCA4A29D26468DE) \
&& gpg --batch --verify /opt/sonarqube.zip.asc /opt/sonarqube.zip \
&& rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc /opt/sonarqube.zip.asc \
&& chmod +x /usr/local/bin/gosu \
&& gosu nobody true \
&& cd /opt \
&& unzip sonarqube.zip \
&& mv /opt/sonarqube-$SONAR_VERSION $SONARQUBE_HOME \
&& chown -R sonarqube:sonarqube $SONARQUBE_HOME \
&& rm /opt/sonarqube.zip* \
&& rm -rf $SONARQUBE_HOME/bin/*
```
I can't understand how can help with key licenses.
Thank you in advance
- adds sonarqube group and user
- creates temp dir for GPG
- downloads gosu tool and its signature as asc
- gets gpg key from either server hkp://...
- verifies that gosu was not manipulated using key B42...
- does the same to sonarqube.zip of specific version and verifies it with another key F1182...
- removes temp GPG dir and signature files .asc
- makes gosu executable and checks gosu running for at least user 'nobody'
- unzips sonarqube to /opt, moves directories, changes ownership,
- cleans up to reduce docker image footprint
I am not sure that I have understood your question about key licenses. I have installed SQ license through SQ UI.
1. adds sonarqube group and user 2. creates temp dir for GPG 3. downloads gosu tool and its signature as asc 4. gets gpg key from either server hkp://... 5. verifies that gosu was not manipulated using key B42... 6. does the same to sonarqube.zip of specific version and verifies it with another key F1182... 7. removes temp GPG dir and signature files .asc 8. makes gosu executable and checks gosu running for at least user 'nobody' 9. unzips sonarqube to /opt, moves directories, changes ownership, 10. cleans up to reduce docker image footprintI am not sure that I have understood your question about key licenses. I have installed SQ license through SQ UI.
thank you so much @degree
you are welcome, though i would recommend to use official docker images for
commercial versions. they should be available already
…On Mon, 6 Jul 2020, 16:28 Luke Cottage, ***@***.***> wrote:
***@***.**** commented on this gist.
------------------------------
1. adds sonarqube group and user
2. creates temp dir for GPG
3. downloads gosu tool and its signature as asc
4. gets gpg key from either server hkp://...
5. verifies that gosu was not manipulated using key B42...
6. does the same to sonarqube.zip of specific version and verifies it with another key F1182...
7. removes temp GPG dir and signature files .asc
8. makes gosu executable and checks gosu running for at least user 'nobody'
9. unzips sonarqube to /opt, moves directories, changes ownership,
10. cleans up to reduce docker image footprint
I am not sure that I have understood your question about key licenses. I
have installed SQ license through SQ UI.
thank you so much @degree <https://github.com/degree>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<https://gist.github.com/51accc0da6cab6d8b5fb06b833bdac76#gistcomment-3365699>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGV2365SZ77JJ2FS6JUTRDR2HNPRANCNFSM4H2ORGTA>
.
@x21Kenobi consider using official docker images from SonarSource. They should be available already.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@jarnohenneman
no. that's exactly the issue that sonar source did not provide one and we add users have to build our own images.