release 4.4.0 (#1274)

Author: BraisVQ

.github/workflows/changelog-enforcer.yml

@@ -8,7 +8,7 @@ jobs:
   changelog:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4.1.1
+      - uses: actions/checkout@v4.1.2
       - uses: dangoslen/changelog-enforcer@v3
         with:
           changeLogPath: 'CHANGELOG.md'

.github/workflows/codeql-analysis.yml

@@ -15,7 +15,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4.1.1
+      uses: actions/checkout@v4.1.2
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.

.github/workflows/continuous-integration-workflow.yml

@@ -12,7 +12,7 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.1.2
       -
         name: Build UBI8 docker image
         run: |
@@ -27,7 +27,7 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.1.2
       - name: Build UBI8 docker image
         run: |
           ./.github/workflows/build-docker-image.sh \
@@ -51,12 +51,12 @@ jobs:
     runs-on: ubuntu-22.04
     strategy:
       matrix:
-        version: ['8.9.10.61524'] # 8.9 = LTS
+        version: ['9.9.4'] # 9.9 = LTS
         edition: ['community', 'developer', 'enterprise']
     steps:
       -
         name: Checkout repository
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.1.2
       -
         name: Check shell scripts
         run: |
@@ -72,7 +72,7 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.1.2
       -
         name: Check shell scripts
         run: |
@@ -88,7 +88,7 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.1.2
       -
         name: Setup Go 1.18
         uses: actions/setup-go@v5
@@ -128,7 +128,7 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.1.2
       -
           name: Check shell scripts
           run: |
@@ -145,7 +145,7 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.1.2
       -
         name: Check jsl expectations
         run: |
@@ -163,7 +163,7 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.1.2
       - 
         name: Setup Go 1.18
         uses: actions/setup-go@v5
@@ -207,7 +207,7 @@ jobs:
 #       run: jq . <<< "${GITHUB_CONTEXT}"
 #     -
 #       name: Checkout repository
-#       uses: actions/checkout@v4.1.1
+#       uses: actions/checkout@v4.1.2
 #       with:
 #         fetch-depth: 0
 #         path: 'ods-core'

CHANGELOG.md

@@ -2,6 +2,22 @@
 
 ## Unreleased
 
+### Fixed
+
+### Added
+
+### Changed
+
+## [4.4.0] - 2024-04-22
+
+### Fixed
+- Update Nexus to version 3.67.1-java11 for Critical Bug Fix ([#1271](https://github.com/opendevstack/ods-core/pull/1271))
+
+### Changed
+- Nexus Maintenance (update version to latest, helm migration) ([#1242](https://github.com/opendevstack/ods-core/issues/1242))
+- Update api version in ocp templates for image, buildconfig, route and deploymentconfig ([#1072](https://github.com/opendevstack/ods-jenkins-shared-library/issues/1072))
+- SonarQube Maintenance (LTS update, DB update, SAML setup) ([#1211](https://github.com/opendevstack/ods-core/issues/1211))
+- Update Jenkins and plugins to version v2.426.3, update agent and packages. Switch base image from "registry.redhat.io/openshift4/ose" to "registry.redhat.io/ocp-tools-4" [#1270](https://github.com/opendevstack/ods-core/pull/1270)
 
 ## [4.3.1] - 2024-02-19
 

Makefile

@@ -4,9 +4,10 @@ SHELL = /bin/bash
 MAKEFLAGS += --warn-undefined-variables
 MAKEFLAGS += --no-builtin-rules
 
-ODS_NAMESPACE := $(shell $(CURDIR)/scripts/get-config-param.sh ODS_NAMESPACE)
-NEXUS_URL := $(shell $(CURDIR)/scripts/get-config-param.sh NEXUS_URL)
-SONARQUBE_URL := $(shell $(CURDIR)/scripts/get-config-param.sh SONARQUBE_URL)
+# Load environment variables from .env file
+include ../ods-configuration/ods-core.env
+export $(shell sed 's/=.*//' ../ods-configuration/ods-core.env)
+
 INSECURE := false
 INSECURE_FLAG :=
 ifeq ($(INSECURE), $(filter $(INSECURE), true yes))
@@ -120,24 +121,19 @@ start-doc-gen-build:
 
 # SONARQUBE
 ## Install or update SonarQube.
-install-sonarqube: apply-sonarqube-build start-sonarqube-build apply-sonarqube-deploy configure-sonarqube
+install-sonarqube: apply-sonarqube-chart start-sonarqube-build configure-sonarqube
 .PHONY: install-sonarqube
 
-## Update OpenShift resources related to the SonarQube image.
-apply-sonarqube-build:
-	cd sonarqube/ocp-config && tailor apply --namespace $(ODS_NAMESPACE) bc,is
+## Apply OpenShift resources related to the SonarQube.
+apply-sonarqube-chart:
+	cd sonarqube/chart && envsubst < values.yaml.template > values.yaml && helm upgrade --install --namespace $(ODS_NAMESPACE) sonarqube . && rm values.yaml
 .PHONY: apply-sonarqube-build
 
 ## Start build of BuildConfig "sonarqube".
 start-sonarqube-build:
 	ocp-scripts/start-and-follow-build.sh --namespace $(ODS_NAMESPACE) --build-config sonarqube
-.PHONY: start-sonarqube-build
-
-## Update OpenShift resources related to the SonarQube service.
-apply-sonarqube-deploy:
-	cd sonarqube/ocp-config && tailor apply --namespace $(ODS_NAMESPACE) --exclude bc,is
 	@echo "Visit $(SONARQUBE_URL)/setup to see if any update actions need to be taken."
-.PHONY: apply-sonarqube-deploy
+.PHONY: start-sonarqube-build
 
 ## Configure SonarQube service.
 configure-sonarqube:
@@ -147,27 +143,22 @@ configure-sonarqube:
 
 # NEXUS
 ## Install or update Nexus.
-install-nexus: apply-nexus-build start-nexus-build apply-nexus-deploy
+install-nexus: apply-nexus-chart start-nexus-build
 .PHONY: nexus
 
-## Update OpenShift resources related to the Nexus image.
-apply-nexus-build:
-	cd nexus/ocp-config && tailor apply --namespace $(ODS_NAMESPACE) bc,is
-.PHONY: apply-nexus-build
+## Apply OpenShift resources related to the Nexus.
+apply-nexus-chart:
+	cd nexus/chart && envsubst < values.yaml.template > values.yaml && helm upgrade --install --namespace $(ODS_NAMESPACE) nexus . && rm values.yaml
+.PHONY: apply-nexus-chart
 
 ## Start build of BuildConfig "nexus".
 start-nexus-build:
 	ocp-scripts/start-and-follow-build.sh --namespace $(ODS_NAMESPACE) --build-config nexus
 .PHONY: start-nexus-build
 
-## Update OpenShift resources related to the Nexus service.
-apply-nexus-deploy:
-	cd nexus/ocp-config && tailor apply --namespace $(ODS_NAMESPACE) --exclude bc,is
-.PHONY: apply-nexus-deploy
-
 ## Configure Nexus service.
 configure-nexus:
-	cd nexus && ./configure.sh --namespace $(ODS_NAMESPACE) --nexus=$(NEXUS_URL) $(INSECURE_FLAG)
+	cd nexus && ./configure.sh --namespace $(ODS_NAMESPACE) --nexus=$(NEXUS_URL) --admin-password=$(NEXUS_ADMIN_PASSWORD) $(INSECURE_FLAG)
 .PHONY: configure-nexus
 ### configure-nexus is not part of install-nexus because it is not idempotent yet.
 
@@ -177,14 +168,14 @@ configure-nexus:
 backup: backup-sonarqube backup-ocp-config
 .PHONY: backup
 
-## Create a backup of OpenShift resources in "cd" namespace.
+## Create a backup of OpenShift resources in "ods" namespace.
 backup-ocp-config:
-	tailor export --namespace $(ODS_NAMESPACE) > backup_cd.yml
+	tailor export --namespace $(ODS_NAMESPACE) > backup_ods.yml
 .PHONY: backup-ocp-config
 
-## Create a backup of the SonarQube database in the current directory.
+## Create a backup of the SonarQube database in backup storage and in the current directory.
 backup-sonarqube:
-	cd sonarqube && ./backup.sh --namespace $(ODS_NAMESPACE) --backup-dir `pwd`
+	cd sonarqube && ./backup.sh --namespace $(ODS_NAMESPACE) --local-copy=true --backup-dir `pwd`
 .PHONY: backup-sonarqube
 
 

configuration-sample/ods-core.env.sample

@@ -43,8 +43,10 @@ ODS_BITBUCKET_PROJECT=opendevstack
 #########
 
 # Nexus base image
-# See https://hub.docker.com/r/sonatype/nexus3/tags.
-NEXUS_FROM_IMAGE=sonatype/nexus3:3.45.1
+# See Dockerhub https://hub.docker.com/r/sonatype/nexus3/tags.
+# Officially supported is:
+# - 3.67.1-java11
+NEXUS_IMAGE_TAG=3.67.1-java11
 
 # Nexus host without protocol.
 # The domain should be equal to OPENSHIFT_APPS_BASEDOMAIN (see below).
@@ -58,11 +60,16 @@ NEXUS_URL=https://nexus-cd.192.168.56.101.nip.io
 NEXUS_USERNAME=developer
 NEXUS_PASSWORD=changeme
 NEXUS_PASSWORD_B64=changeme
+# Password of Nexus administrator - should be set to a secure password
+# of your choice.
+NEXUS_ADMIN_PASSWORD=changeme
+NEXUS_ADMIN_PASSWORD_B64=changeme
 # Nexus (basic) authentication username:password
 NEXUS_AUTH=developer:changeme
 
-# All params defined in the template https://github.com/opendevstack/ods-core/blob/master/nexus/ocp-config/bc.yml
-# can be overwritten by specifying the param in this file.
+# Nexus JVM parameters, adjust acording to organization size
+# See https://help.sonatype.com/en/sonatype-nexus-repository-system-requirements.html
+NEXUS_JVM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=/nexus-data/javaprefs"
 
 #############
 # SonarQube #
@@ -85,16 +92,21 @@ SONAR_ADMIN_PASSWORD_B64=changeme
 # Do not change the value manually - the token is created and set automatically during "make configure-sonarqube".
 SONAR_AUTH_TOKEN_B64=changeme
 
-# Application in Crowd used for authentication
-SONAR_CROWD_APPLICATION=sonarqube
-SONAR_CROWD_PASSWORD_B64=changeme
+# Toggle authentication via SAML
+SONAR_AUTH_SAML='true'
+
+# SAML Application used for authentication
+SONAR_SAML_APPLICATION_ID=https://sonarqube-cd.192.168.56.101.nip.io/sonar/saml
+SONAR_SAML_PROVIDER_ID_B64=changeme
+SONAR_SAML_LOGIN_URL_B64=changeme
+SONAR_SAML_CERTIFICATE_B64=changeme
 
 # Postgres DB for SonarQube
 # Image to use for the PostgreSQL database. This needs to be compatible with
 # your SonarQube version, see https://docs.sonarqube.org/latest/requirements/requirements/.
 # Take care when upgrading either database or SQ version.
-# E.g. registry.redhat.io/rhel8/postgresql-12
-SONAR_DATABASE_IMAGE=docker-registry.default.svc:5000/openshift/postgresql:9.6
+# E.g. registry.redhat.io/rhel9/postgresql-15
+SONAR_DATABASE_IMAGE=docker-registry.default.svc:5000/openshift/postgresql:15
 # Connection string for JDBC. Typically this does not need to be changed.
 SONAR_DATABASE_JDBC_URL=jdbc:postgresql://sonarqube-postgresql:5432/sonarqube
 # Database name for SonarQube. Typically this does not need to be changed.
@@ -110,20 +122,10 @@ SONAR_DATABASE_USER=sonarqube
 # - Use "developer", "enterprise" or "datacenter" for commercial editions
 SONAR_EDITION=community
 # SonarQube version.
+# See Dockerhub https://hub.docker.com/_/sonarqube/tags
 # Officially supported is:
-# - 8.9 (LTS release)
-SONAR_VERSION=8.9.10.61524
-https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.9.10.61524.zip
-# SonarQube distribution URL.
-# Must be aligned with both SONAR_VERSION and SONAR_EDITION.
-# Check https://binaries.sonarsource.com/ for options.
-SONAR_DISTRIBUTION_URL=https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.9.10.61524.zip
-
-# Toggle authentication via Crowd plugin
-SONAR_AUTH_CROWD=true
-
-# All params defined in the template https://github.com/opendevstack/ods-core/blob/master/sonarqube/ocp-config/sonarqube.yml
-# can be overwritten by specifying the param in this file.
+# - 9.9 (LTS release)
+SONAR_VERSION=9.9.4
 
 #########
 # Jira #
@@ -183,32 +185,25 @@ CONFLUENCE_URL=http://192.168.56.31:8090
 
 # Base image for Jenkins master.
 # For UBI8-based images (OpenShift 4):
-# - RHEL variant: https://catalog.redhat.com/software/containers/openshift4/ose-jenkins/5cdd918ad70cc57c44b2d279
-# -      Example: registry.redhat.io/openshift4/ose-jenkins:v4.6
-# -      Last tested: registry.redhat.io/openshift4/ose-jenkins:v4.10.0-202305170515.p0.g2988625.assembly.stream
+# - RHEL variant: https://catalog.redhat.com/software/containers/ocp-tools-4/jenkins-rhel8/5fe1f38288e9c2f788526306
+# -      Example: registry.redhat.io/ocp-tools-4/jenkins-rhel8:v4.14.0
+# -      Last tested: registry.redhat.io/ocp-tools-4/jenkins-rhel8:v4.14.0-1706517686
 # - Community variant: https://quay.io/repository/openshift/origin-jenkins?tab=tags
 # -           Example: quay.io/openshift/origin-jenkins:4.6
-# For RHEL7-based images (OpenShift 3.11):
-# - Available tags listed at: https://catalog.redhat.com/software/containers/openshift3/jenkins-2-rhel7/581d2f4500e5d05639b6517b
-# - Example: registry.access.redhat.com/openshift3/jenkins-2-rhel7:v3.11
-JENKINS_MASTER_BASE_FROM_IMAGE=registry.redhat.io/openshift4/ose-jenkins:v4.10.0-202305170515.p0.g2988625.assembly.stream
+JENKINS_MASTER_BASE_FROM_IMAGE=registry.redhat.io/ocp-tools-4/jenkins-rhel8:v4.14.0-1706517686
 
 # Dockerfile to use for Jenkins master.
 # Use "Dockerfile.ubi8" for both OpenShift 3.11 and 4  (UBI8 base image)
 JENKINS_MASTER_DOCKERFILE_PATH=Dockerfile.ubi8
 
 # Base image for Jenkins agent base.
 # For UBI8-based images (OpenShift 4):
-# - RHEL variant: https://catalog.redhat.com/software/containers/openshift4/ose-jenkins-agent-base/5cdd8e2fbed8bd5717d66e77
-# -      Example: registry.redhat.io/openshift4/ose-jenkins-agent-base:v4.6
-# -      Last tested: registry.redhat.io/openshift4/ose-jenkins:v4.10.0-202305170515.p0.g2988625.assembly.stream
+# - RHEL variant: https://catalog.redhat.com/software/containers/ocp-tools-4/jenkins-agent-base-rhel8/6241e3457847116cf8577aea
+# -      Example: registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8:v4.14.0
+# -      Last tested: registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8:v4.14.0-1706516367
 # - Community variant: https://quay.io/repository/openshift/origin-jenkins-agent-base?tab=tags
 # -           Example: quay.io/openshift/origin-jenkins-agent-base:4.6
-# For RHEL7-based images (OpenShift 3.11):
-# - Available tags listed at: https://catalog.redhat.com/software/containers/openshift3/jenkins-slave-base-rhel7/581d2f3f00e5d05639b6515b.
-# - Example: registry.access.redhat.com/openshift3/jenkins-slave-base-rhel7:v3.11
-# - Latest tested tag: v3.11.248 (v3.11 is a moving target)
-JENKINS_AGENT_BASE_FROM_IMAGE=registry.redhat.io/openshift4/ose-jenkins-agent-base:v4.10.0-202305170515.p0.g2988625.assembly.stream
+JENKINS_AGENT_BASE_FROM_IMAGE=registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8:v4.14.0-1706516367
 
 # Dockerfile to use for Jenkins agents.
 # Use "Dockerfile.ubi8" for both OpenShift 3.11 and 4  (UBI8 base image)
@@ -217,25 +212,25 @@ JENKINS_AGENT_DOCKERFILE_PATH=Dockerfile.ubi8
 # Snyk CLI binary distribution url
 # Leave empty to avoid installing Snyk.
 # Releases are published at https://github.com/snyk/snyk/releases.
-# Latest tested version is v1.1097.0.
-JENKINS_AGENT_BASE_SNYK_DISTRIBUTION_URL=https://github.com/snyk/snyk/releases/download/v1.1097.0/snyk-linux
+# Latest tested version is v1.1284.0.
+JENKINS_AGENT_BASE_SNYK_DISTRIBUTION_URL=https://github.com/snyk/snyk/releases/download/v1.1284.0/snyk-linux
 
 # AquaSec CLI binary distribution url
 # Leave empty to avoid installing AquaSec.
 # Releases are published at https://download.aquasec.com/scanner
 # Check Aqua versions backward compatibility at https://docs.aquasec.com/docs/version-compatibility-of-components#section-backward-compatibility-across-two-major-versions
 # To Download the aquaSec scanner cli and check their documentaion requires a valid account on aquasec.com
-# Latest tested version is 2022.4.284
-# Example: https://<USER>:<PASSWORD>@download.aquasec.com/scanner/2022.4.284/scannercli
+# Latest tested version is 2022.4.517
+# Example: https://<USER>:<PASSWORD>@download.aquasec.com/scanner/2022.4.517/scannercli
 JENKINS_AGENT_BASE_AQUASEC_SCANNERCLI_URL=
 
 # Repository of shared library
 # You may also point to repository underneath REPO_BASE.
 SHARED_LIBRARY_REPOSITORY=https://github.com/opendevstack/ods-jenkins-shared-library.git
 
-####################
-# OpenShift (3.11) #
-####################
+#############
+# OpenShift #
+#############
 
 # Internal docker registry host and port - this is used
 # for pulling the agent images in jenkins.

docs/modules/administration/nav.adoc

@@ -1,6 +1,7 @@
 * Administration
 ** xref:administration:installation.adoc[Installation]
 ** Upgrade
+*** xref:administration:helm-migration.adoc[Helm migration]
 *** xref:administration:update-2-to-3.adoc[2.x to 3.x]
 *** xref:administration:update-older.adoc[older]
 ** xref:provisioning-app:configuration.adoc[Provisioning App]