Merge branch 'master' into feature/quickstarter-golden-test

opendevstack · Sep 9, 2024 · a650ff6 · a650ff6
2 parents 440dbc5 + 7fa2d1d
commit a650ff6
Show file tree

Hide file tree

Showing 90 changed files with 1,587 additions and 1,158 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -8,3 +8,6 @@ updates:
     schedule:
       # Check for updates to GitHub Actions every week
       interval: "weekly"
+    labels:
+      - "dependencies"
+      - "skip changelog"
diff --git a/.github/workflows/changelog-enforcer.yml b/.github/workflows/changelog-enforcer.yml
@@ -8,7 +8,7 @@ jobs:
   changelog:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3.5.2
+      - uses: actions/checkout@v4.1.7
       - uses: dangoslen/changelog-enforcer@v3
         with:
           changeLogPath: 'CHANGELOG.md'

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -15,7 +15,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3.5.2
+      uses: actions/checkout@v4.1.7
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.
@@ -28,14 +28,14 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: go
 
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -49,4 +49,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/continuous-integration-workflow.yml b/.github/workflows/continuous-integration-workflow.yml
@@ -12,7 +12,7 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/checkout@v3.5.2
+        uses: actions/checkout@v4.1.7
       -
         name: Build UBI8 docker image
         run: |
@@ -27,7 +27,7 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/checkout@v3.5.2
+        uses: actions/checkout@v4.1.7
       - name: Build UBI8 docker image
         run: |
           ./.github/workflows/build-docker-image.sh \
@@ -51,12 +51,12 @@ jobs:
     runs-on: ubuntu-22.04
     strategy:
       matrix:
-        version: ['8.9.10.61524'] # 8.9 = LTS
+        version: ['10.6.0'] # 9.9 = LTS
         edition: ['community', 'developer', 'enterprise']
     steps:
       -
         name: Checkout repository
-        uses: actions/checkout@v3.5.2
+        uses: actions/checkout@v4.1.7
       -
         name: Check shell scripts
         run: |
@@ -72,7 +72,7 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/checkout@v3.5.2
+        uses: actions/checkout@v4.1.7
       -
         name: Check shell scripts
         run: |
@@ -88,12 +88,12 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/checkout@v3.5.2
+        uses: actions/checkout@v4.1.7
       -
-        name: Setup Go 1.18
-        uses: actions/setup-go@v4
+        name: Setup Go 1.23
+        uses: actions/setup-go@v5
         with:
-          go-version: 1.18
+          go-version: 1.23
       -
         name: Download goimports
         run: |
@@ -102,7 +102,7 @@ jobs:
         name: Download golangci-lint
         run: |
           curl -sSfL --output /tmp/golangci-lint.sh https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh
-          cat /tmp/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.49.0
+          cat /tmp/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.60.1
       -
         name: Run linter
         working-directory: jenkins/webhook-proxy
@@ -128,7 +128,7 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/checkout@v3.5.2
+        uses: actions/checkout@v4.1.7
       -
           name: Check shell scripts
           run: |
@@ -145,7 +145,7 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/checkout@v3.5.2
+        uses: actions/checkout@v4.1.7
       -
         name: Check jsl expectations
         run: |
@@ -163,10 +163,10 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/checkout@v3.5.2
+        uses: actions/checkout@v4.1.7
       - 
         name: Setup Go 1.18
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: 1.18
       -
@@ -184,7 +184,7 @@ jobs:
           exit 1
       -
         name: Verify all Go tests pass linting
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@v6
         with:
           version: v1.49.0
           working-directory: tests
@@ -207,7 +207,7 @@ jobs:
 #       run: jq . <<< "${GITHUB_CONTEXT}"
 #     -
 #       name: Checkout repository
-#       uses: actions/checkout@v3.5.2
+#       uses: actions/checkout@v4.1.7
 #       with:
 #         fetch-depth: 0
 #         path: 'ods-core'

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,13 +2,65 @@
 
 ## Unreleased
 
-- Memory malloc arena fix for Jenkins ([#1217](https://github.com/opendevstack/ods-core/pull/1217))
+### Added
+
+### Changed
+- Webhook Proxy maintenance ([#1298](https://github.com/opendevstack/ods-core/pull/1298))
+- Update SonarQube to 10.x non LTS ([#1300](https://github.com/opendevstack/ods-core/issues/1300))
+- Jenkins maintenance ([#1299](https://github.com/opendevstack/ods-core/pull/1299)) and update java version in Jenkins ([#1295](https://github.com/opendevstack/ods-core/issues/1295))
+
+### Fixed
+
+## [4.5.1] - 2024-07-17
+
+### Added
+- Added webhook proxy logic to skip requests with the ref id starting with "refs/notes/" ([#1288](https://github.com/opendevstack/ods-core/pull/1288))
+
+### Changed
+- Update SonarQube to 9.9.6 ([#1292](https://github.com/opendevstack/ods-core/pull/1292))
+
+## [4.5.0] - 2024-06-06
+
+### Added
+- Add availability check for DocGen pod ([#1277](https://github.com/opendevstack/ods-core/pull/1277))
+
+### Changed
+- Update SonarQube to 9.9.5 and configure resources for Nexus and Sonarqube in ods-configuration ([#1283](https://github.com/opendevstack/ods-core/pull/1283))
+- Update Nexus to 3.68.1-java11 to address a critical vulnerability ([#1286](https://github.com/opendevstack/ods-core/pull/1286))
+
+## [4.4.0] - 2024-04-22
+
+### Fixed
+- Update Nexus to version 3.67.1-java11 for Critical Bug Fix ([#1271](https://github.com/opendevstack/ods-core/pull/1271))
+
+### Changed
+- Nexus Maintenance (update version to latest, helm migration) ([#1242](https://github.com/opendevstack/ods-core/issues/1242))
+- Update api version in ocp templates for image, buildconfig, route and deploymentconfig ([#1072](https://github.com/opendevstack/ods-jenkins-shared-library/issues/1072))
+- SonarQube Maintenance (LTS update, DB update, SAML setup) ([#1211](https://github.com/opendevstack/ods-core/issues/1211))
+- Update Jenkins and plugins to version v2.426.3, update agent and packages. Switch base image from "registry.redhat.io/openshift4/ose" to "registry.redhat.io/ocp-tools-4" [#1270](https://github.com/opendevstack/ods-core/pull/1270)
+
+## [4.3.1] - 2024-02-19
+
+### Fixed
+- Aqua scanner and Helm deployment conflict fix for jenkins agent ([#1067](https://github.com/opendevstack/ods-jenkins-shared-library/issues/1067))
+- Aligned Prov-app configuration, increasing the timeouts and fixed jenkins agent image in configuration sample ([#1259](https://github.com/opendevstack/ods-core/issues/1259))
+
+## [4.3.0] - 2023-07-03
+
+### Added
 - Added webhook proxy feature to check for Jenkins availability ([#1221](https://github.com/opendevstack/ods-core/issues/1221))
 - Add SonarQube Rust plugin ([#1220](https://github.com/opendevstack/ods-core/issues/1220))
+- Added Trivy into jenkins agent base ([#1236](https://github.com/opendevstack/ods-core/issues/1236))
+
+### Changed
 - Jenkins maintenance, set durability to max performance and remove legacy plugin ([#1225](https://github.com/opendevstack/ods-core/pull/1225))
-- Bump helm-diff plugin version ([#1226](https://github.com/opendevstack/ods-core/issues/1226))
 - Jenkins maintenance, Update resources for deployment for optimal usage ([#1224](https://github.com/opendevstack/ods-core/issues/1224))
 - Jenkins maintenance, Update jenkins base image, plugins, git-lfs, aquacli ([#1224](https://github.com/opendevstack/ods-core/issues/1224))
+- Bump helm-diff plugin version ([#1226](https://github.com/opendevstack/ods-core/issues/1226))
+- Bump helm-diff plugin version to 3.8.1 ([#1239](https://github.com/opendevstack/ods-core/pull/1239))
+
+### Fixed
+- Memory malloc arena fix for Jenkins ([#1217](https://github.com/opendevstack/ods-core/pull/1217))
 
 ## [4.2.0] - 2023-02-21
 
@@ -19,7 +71,6 @@
 - Maintenance, update snyk to version 1.1097.0 ([#1203](https://github.com/opendevstack/ods-core/issues/1199))
 - Removal of Centos and deprecation of ODSBox ([#1209](https://github.com/opendevstack/ods-core/issues/1209))
 
-
 ## [4.1.1] - 2022-11-24
 
 - Fix CI/CD problems in Jenkins pipelines ([#1177](https://github.com/opendevstack/ods-core/pull/1177))

diff --git a/Makefile b/Makefile
@@ -4,9 +4,10 @@ SHELL = /bin/bash
 MAKEFLAGS += --warn-undefined-variables
 MAKEFLAGS += --no-builtin-rules
 
-ODS_NAMESPACE := $(shell $(CURDIR)/scripts/get-config-param.sh ODS_NAMESPACE)
-NEXUS_URL := $(shell $(CURDIR)/scripts/get-config-param.sh NEXUS_URL)
-SONARQUBE_URL := $(shell $(CURDIR)/scripts/get-config-param.sh SONARQUBE_URL)
+# Load environment variables from .env file
+include ../ods-configuration/ods-core.env
+export $(shell sed 's/=.*//' ../ods-configuration/ods-core.env)
+
 INSECURE := false
 INSECURE_FLAG :=
 ifeq ($(INSECURE), $(filter $(INSECURE), true yes))
@@ -120,24 +121,19 @@ start-doc-gen-build:
 
 # SONARQUBE
 ## Install or update SonarQube.
-install-sonarqube: apply-sonarqube-build start-sonarqube-build apply-sonarqube-deploy configure-sonarqube
+install-sonarqube: apply-sonarqube-chart start-sonarqube-build configure-sonarqube
 .PHONY: install-sonarqube
 
-## Update OpenShift resources related to the SonarQube image.
-apply-sonarqube-build:
-	cd sonarqube/ocp-config && tailor apply --namespace $(ODS_NAMESPACE) bc,is
+## Apply OpenShift resources related to the SonarQube.
+apply-sonarqube-chart:
+	cd sonarqube/chart && envsubst < values.yaml.template > values.yaml && helm upgrade --install --namespace $(ODS_NAMESPACE) sonarqube . && rm values.yaml
 .PHONY: apply-sonarqube-build
 
 ## Start build of BuildConfig "sonarqube".
 start-sonarqube-build:
 	ocp-scripts/start-and-follow-build.sh --namespace $(ODS_NAMESPACE) --build-config sonarqube
-.PHONY: start-sonarqube-build
-
-## Update OpenShift resources related to the SonarQube service.
-apply-sonarqube-deploy:
-	cd sonarqube/ocp-config && tailor apply --namespace $(ODS_NAMESPACE) --exclude bc,is
 	@echo "Visit $(SONARQUBE_URL)/setup to see if any update actions need to be taken."
-.PHONY: apply-sonarqube-deploy
+.PHONY: start-sonarqube-build
 
 ## Configure SonarQube service.
 configure-sonarqube:
@@ -147,27 +143,22 @@ configure-sonarqube:
 
 # NEXUS
 ## Install or update Nexus.
-install-nexus: apply-nexus-build start-nexus-build apply-nexus-deploy
+install-nexus: apply-nexus-chart start-nexus-build
 .PHONY: nexus
 
-## Update OpenShift resources related to the Nexus image.
-apply-nexus-build:
-	cd nexus/ocp-config && tailor apply --namespace $(ODS_NAMESPACE) bc,is
-.PHONY: apply-nexus-build
+## Apply OpenShift resources related to the Nexus.
+apply-nexus-chart:
+	cd nexus/chart && envsubst < values.yaml.template > values.yaml && helm upgrade --install --namespace $(ODS_NAMESPACE) nexus . && rm values.yaml
+.PHONY: apply-nexus-chart
 
 ## Start build of BuildConfig "nexus".
 start-nexus-build:
 	ocp-scripts/start-and-follow-build.sh --namespace $(ODS_NAMESPACE) --build-config nexus
 .PHONY: start-nexus-build
 
-## Update OpenShift resources related to the Nexus service.
-apply-nexus-deploy:
-	cd nexus/ocp-config && tailor apply --namespace $(ODS_NAMESPACE) --exclude bc,is
-.PHONY: apply-nexus-deploy
-
 ## Configure Nexus service.
 configure-nexus:
-	cd nexus && ./configure.sh --namespace $(ODS_NAMESPACE) --nexus=$(NEXUS_URL) $(INSECURE_FLAG)
+	cd nexus && ./configure.sh --namespace $(ODS_NAMESPACE) --nexus=$(NEXUS_URL) --admin-password=$(NEXUS_ADMIN_PASSWORD) $(INSECURE_FLAG)
 .PHONY: configure-nexus
 ### configure-nexus is not part of install-nexus because it is not idempotent yet.
 
@@ -177,14 +168,14 @@ configure-nexus:
 backup: backup-sonarqube backup-ocp-config
 .PHONY: backup
 
-## Create a backup of OpenShift resources in "cd" namespace.
+## Create a backup of OpenShift resources in "ods" namespace.
 backup-ocp-config:
-	tailor export --namespace $(ODS_NAMESPACE) > backup_cd.yml
+	tailor export --namespace $(ODS_NAMESPACE) > backup_ods.yml
 .PHONY: backup-ocp-config
 
-## Create a backup of the SonarQube database in the current directory.
+## Create a backup of the SonarQube database in backup storage and in the current directory.
 backup-sonarqube:
-	cd sonarqube && ./backup.sh --namespace $(ODS_NAMESPACE) --backup-dir `pwd`
+	cd sonarqube && ./backup.sh --namespace $(ODS_NAMESPACE) --local-copy=true --backup-dir `pwd`
 .PHONY: backup-sonarqube