SONAR-23559 Improves editions and versions setting for sonarqube chart

.cirrus/Dockerfile

@@ -1,7 +1,7 @@
 ARG CIRRUS_AWS_ACCOUNT
-FROM ${CIRRUS_AWS_ACCOUNT:-275878209202}.dkr.ecr.eu-central-1.amazonaws.com/base:j11-latest as tools
+FROM ${CIRRUS_AWS_ACCOUNT:-275878209202}.dkr.ecr.eu-central-1.amazonaws.com/base:j11-latest AS tools
 
-FROM docker:20.10
+FROM docker:27.4
 
 USER root
 
@@ -27,24 +27,25 @@ ENV PATH=/usr/bin/google-cloud-sdk/bin:${PATH}
 
 RUN apk add --update --no-cache \
     aws-cli \
-    ca-certificates \
     bash \
-    jq \
-    moreutils \
+    ca-certificates \
     curl \
     gcompat \
     git \
     gnupg \
+    go \
+    jq \
     libc6-compat \
     libstdc++ \
+    moreutils \
     openssh-client \
     py3-pip \
     py3-wheel \
     python3 && \
-    pip install --upgrade pip==24.2
+    pip install --break-system-packages --upgrade pip==24.2
 
-RUN pip install "yamllint==${YAMLLINT_VERSION}" && \
-    pip install "yamale==${YAMALE_VERSION}"
+RUN pip install --break-system-packages "yamllint==${YAMLLINT_VERSION}" && \
+    pip install --break-system-packages "yamale==${YAMALE_VERSION}"
 
 RUN set -eux; \
     curl -sL ${HELM_BASE_URL}/${HELM_TAR_FILE} -o ${HELM_TAR_FILE} ; \

.cirrus/schema_test.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -euo pipefail
+
+cd "$(dirname "$0")/../tests/unit-test"
+
+go test -timeout=0 -v schema_test.go

.cirrus/tasks.yml

@@ -137,6 +137,17 @@ chart_static_compatibility_test_task:
     - ./.cirrus/build_chart_dependencies.sh charts/sonarqube-dce
     - ./.cirrus/unit_helm_compatibility_test.sh sonarqube-dce
 
+chart_schema_test_task:
+  eks_container:
+    <<: *CONTAINER_TEMPLATE
+    cpu: 1
+    memory: 2Gb
+  <<: *CLONE_SCRIPT_TEMPLATE
+  script:
+    - ./.cirrus/build_chart_dependencies.sh charts/sonarqube
+    - ./.cirrus/build_chart_dependencies.sh charts/sonarqube-dce
+    - ./.cirrus/schema_test.sh
+
 chart_fixture_test_task:
   <<: *ONLY_ON_NON_RELEASE_DRAFT_TEMPLATE
   timeout_in: 30m

.tool-versions

@@ -1,3 +1,4 @@
 gcloud      470.0.0
 helm-ct     3.10.1
 kubeconform 0.6.3
+golang 1.22.0

charts/sonarqube-dce/templates/_helpers.tpl

@@ -146,7 +146,7 @@ Determine JDBC username
 {{- end -}}
 
 {{/*
-Determine the k8s secretKey contrining the JDBC password
+Determine the k8s secretKey containing the JDBC password
 */}}
 {{- define "jdbc.secretPasswordKey" -}}
 {{- if .Values.postgresql.enabled -}}

charts/sonarqube/CHANGELOG.md

@@ -7,6 +7,7 @@ All changes to this chart will be documented in this file.
 * Support Kubernetes v1.32
 * Remove the default passcode provided with `monitoringPasscode`
 * Support Openshift v4.17
+* Improves editions and versions setting for sonarqube chart
 
 ## [10.8.1]
 * Update Chart's version to 10.8.1

charts/sonarqube/Chart.yaml

@@ -40,6 +40,8 @@ annotations:
       description: "Remove the default passcode provided with 'monitoringPasscode'"
     - kind: changed
       description: "Support Openshift v4.17"
+    - kind: changed
+      description: "Improves editions and versions setting for sonarqube chart"
   artifacthub.io/containsSecurityUpdates: "false"
   artifacthub.io/images: |
     - name: sonarqube

charts/sonarqube/README.md

@@ -31,7 +31,7 @@ kubectl create namespace sonarqube
 helm upgrade --install -n sonarqube sonarqube sonarqube/sonarqube
 ```
 
-The above command deploys SonarQube on the Kubernetes cluster in the default configuration in the sonarqube namespace. 
+The above command deploys SonarQube on the Kubernetes cluster in the default configuration in the sonarqube namespace.
 If you are interested in deploying SonarQube on Openshift, please check the [dedicated section](#openshift).
 
 The [configuration](#configuration) section lists the parameters that can be configured during installation.
@@ -43,7 +43,6 @@ The default login is admin/admin.
 The SonarQube Community Edition has been replaced by the SonarQube Community Build.
 If you want to install the SonarQube Community Build chart, please set `community.enabled` to `true`.
 The `community.buildNumber` parameter will be set to the latest Community Build.
-The `community` value is deprecated and won't be supported for `edition` anymore.
 
 ## Installing the SonarQube 9.9 LTA chart
 
@@ -146,9 +145,9 @@ For this reason, it is recommended to set Xmx to the ~80% of the total amount of
 
 Please find here the default SonarQube Xmx parameters to setup the memory requests and limits accordingly.
 
-| Edition            | Sum of Xmx |
+| SonarQube Offering | Sum of Xmx |
 | ------------------ | ---------- |
-| community edition  | 1536M      |
+| community build    | 1536M      |
 | developer edition  | 1536M      |
 | enterprise edition | 5G         |
 
@@ -240,29 +239,29 @@ The following table lists the configurable parameters of the SonarQube chart and
 
 ### Global
 
-| Parameter               | Description                                                                                                                             | Default            |
-| ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------- | ------------------ |
-| `deploymentType`        | (DEPRECATED) Deployment Type (supported values are `StatefulSet` or `Deployment`)                                                       | `StatefulSet`      |
-| `replicaCount`          | Number of replicas deployed (supported values are 0 and 1)                                                                              | `1`                |
-| `deploymentStrategy`    | Deployment strategy. Setting the strategy type is deprecated and it will be hardcoded to `Recreate`                                     | `{type: Recreate}` |
-| `priorityClassName`     | Schedule pods on priority (e.g. `high-priority`)                                                                                        | `None`             |
-| `schedulerName`         | Kubernetes scheduler name                                                                                                               | `None`             |
-| `affinity`              | Node / Pod affinities                                                                                                                   | `{}`               |
-| `tolerations`           | List of node taints to tolerate                                                                                                         | `[]`               |
-| `nodeSelector`          | Node labels for pod assignment                                                                                                          | `{}`               |
-| `hostAliases`           | Aliases for IPs in /etc/hosts                                                                                                           | `[]`               |
-| `podLabels`             | Map of labels to add to the pods                                                                                                        | `{}`               |
-| `env`                   | Environment variables to attach to the pods                                                                                             | `{}`               |
-| `annotations`           | SonarQube Pod annotations                                                                                                               | `{}`               |
-| `edition`               | SonarQube Edition to use (e.g. `community`, `developer` or `enterprise`). Please note that the default `community` value is deprecated. | `community`        |
-| `community.enabled`     | Install SonarQube Community Build. When set to `true`, this parameter replaces `edition=community`                                      | `true`             |
-| `community.buildNumber` | The SonarQube Community Build number to install                                                                                         | `24.12.0.100206`   |
-| `sonarWebContext`       | SonarQube web context, also serve as default value for `ingress.path`, `account.sonarWebContext` and probes path.                       | ``                 |
-| `httpProxySecret`       | Should contain `http_proxy`, `https_proxy` and `no_proxy` keys, will superseed every other proxy variables                              | ``                 |
-| `httpProxy`             | HTTP proxy for downloading JMX agent and install plugins, will superseed initContainer specific http proxy variables                    | ``                 |
-| `httpsProxy`            | HTTPS proxy for downloading JMX agent and install plugins, will superseed initContainer specific https proxy variable                   | ``                 |
-| `noProxy`               | No proxy for downloading JMX agent and install plugins, will superseed initContainer specific no proxy variables                        | ``                 |
-| `ingress-nginx.enabled` | Install Nginx Ingress Helm                                                                                                              | `false`            |
+| Parameter               | Description                                                                                                           | Default            |
+| ----------------------- | --------------------------------------------------------------------------------------------------------------------- | ------------------ |
+| `deploymentType`        | (DEPRECATED) Deployment Type (supported values are `StatefulSet` or `Deployment`)                                     | `StatefulSet`      |
+| `replicaCount`          | Number of replicas deployed (supported values are 0 and 1)                                                            | `1`                |
+| `deploymentStrategy`    | Deployment strategy. Setting the strategy type is deprecated and it will be hardcoded to `Recreate`                   | `{type: Recreate}` |
+| `priorityClassName`     | Schedule pods on priority (e.g. `high-priority`)                                                                      | `None`             |
+| `schedulerName`         | Kubernetes scheduler name                                                                                             | `None`             |
+| `affinity`              | Node / Pod affinities                                                                                                 | `{}`               |
+| `tolerations`           | List of node taints to tolerate                                                                                       | `[]`               |
+| `nodeSelector`          | Node labels for pod assignment                                                                                        | `{}`               |
+| `hostAliases`           | Aliases for IPs in /etc/hosts                                                                                         | `[]`               |
+| `podLabels`             | Map of labels to add to the pods                                                                                      | `{}`               |
+| `env`                   | Environment variables to attach to the pods                                                                           | `{}`               |
+| `annotations`           | SonarQube Pod annotations                                                                                             | `{}`               |
+| `edition`               | SonarQube Edition to use (`developer` or `enterprise`).                                                               | `None`             |
+| `community.enabled`     | Install SonarQube Community Build. When set to `true`, `edition` must not be set.                                     | `false`            |
+| `community.buildNumber` | The SonarQube Community Build number to install                                                                       | `24.12.0.100206`   |
+| `sonarWebContext`       | SonarQube web context, also serve as default value for `ingress.path`, `account.sonarWebContext` and probes path.     | ``                 |
+| `httpProxySecret`       | Should contain `http_proxy`, `https_proxy` and `no_proxy` keys, will supersede every other proxy variables            | ``                 |
+| `httpProxy`             | HTTP proxy for downloading JMX agent and install plugins, will supersede initContainer specific http proxy variables  | ``                 |
+| `httpsProxy`            | HTTPS proxy for downloading JMX agent and install plugins, will supersede initContainer specific https proxy variable | ``                 |
+| `noProxy`               | No proxy for downloading JMX agent and install plugins, will supersede initContainer specific no proxy variables      | ``                 |
+| `ingress-nginx.enabled` | Install Nginx Ingress Helm                                                                                            | `false`            |
 
 ### NetworkPolicies
 

charts/sonarqube/ci/cirrus-values.yaml

@@ -1,3 +1,6 @@
+community:
+  enabled: true
+
 image:
   pullSecrets:
     - name: pullsecret

charts/sonarqube/openshift-verifier/values.yaml

@@ -1,3 +1,6 @@
+community:
+  enabled: true
+
 OpenShift:
   enabled: true
   route:

charts/sonarqube/templates/_helpers.tpl

@@ -58,17 +58,39 @@ Expand the Application Image name.
 
 {{/*
   Define the image.tag value that computes the right tag to be used as `sonarqube.image`
+  The tag is derived from the following parameters:
+  - .Values.image.tag
+  - .Values.community.enabled
+  - .Values.community.buildNumber
+  - .Values.edition
+  - .Chart.AppVersion
+
+  The logic to generate the tag is as follows:
+  There should not be a default edition, with users that specify it.
+  The edition must be one of these values: developer/enterprise.
+  When “edition“ is used and “image.tag” is not, we use “appVersion” for paid editions and the latest release of SQ-CB for the community.
+  The CI supports the release of the Server edition.
 */}}
 {{- define "image.tag" -}}
-{{- if empty .Values.image.tag -}}
-{{- if and (not (empty .Values.edition)) (or (eq .Values.edition "developer") (eq .Values.edition "enterprise")) -}}
-{{- printf "%s-%s"  .Chart.AppVersion .Values.edition -}}
-{{- else if or (.Values.community.enabled) (and (not (empty .Values.edition)) (eq .Values.edition "community"))  -}}
-{{- printf "%s-%s" .Values.community.buildNumber "community" -}}
-{{- end -}}
-{{- else -}}
-{{- .Values.image.tag -}}
-{{- end -}}
+  {{- $imageTag := "" -}}
+  {{- if not (empty .Values.edition) -}}
+    {{- if or (empty .Values.image) (empty .Values.image.tag) -}}
+      {{- $imageTag = printf "%s-%s" .Chart.AppVersion .Values.edition -}}
+    {{- else -}}
+      {{- $imageTag = printf "%s" .Values.image.tag -}}
+    {{- end -}}
+  {{- else if (and (.Values.community) .Values.community.enabled) -}}
+    {{- if or (empty .Values.image) (empty .Values.image.tag) -}}
+      {{- if not (empty .Values.community.buildNumber) -}}
+        {{- $imageTag = printf "%s-%s" .Values.community.buildNumber "community" -}}
+      {{- else -}}
+        {{- $imageTag = printf "community" -}}
+      {{- end -}}
+    {{- else -}}
+      {{- $imageTag = printf "%s" .Values.image.tag -}}
+    {{- end -}}
+  {{- end -}}
+  {{- printf "%s" $imageTag -}}
 {{- end -}}
 
 {{/*
@@ -431,4 +453,4 @@ Remove incompatible user/group values that do not work in Openshift out of the b
 
 {{- $accountDeprecation := (include "deepMerge" (dict "map1" $map1 "map2" $map2)) -}}
 {{- $accountDeprecation }}
-{{- end -}}
+{{- end -}}

charts/sonarqube/templates/validation.yaml

@@ -1,3 +1,29 @@
+{{/*
+This file is for validating the values.yaml file.
+It is used to validate the values.yaml file before the installation starts.
+*/}}
+{{- define "sonarqube.fail" -}}
+{{- printf "\n ** The values.yaml file is not valid. ** \n %s\n" . | fail -}}
+{{- end -}}
+
+{{/*
+* Validates the monitoring passcode logic.
+*/}}
 {{- if or (and (not .Values.monitoringPasscode) (not .Values.monitoringPasscodeSecretName) (not .Values.monitoringPasscodeSecretKey)) (and (not .Values.monitoringPasscodeSecretName) .Values.monitoringPasscodeSecretKey) (and .Values.monitoringPasscodeSecretName (not .Values.monitoringPasscodeSecretKey)) -}}
-{{- fail "\n ** The values.yaml file is not valid. ** \n Please provide a passcode either setting \"monitoringPasscode\" or \"monitoringPasscodeSecretName\" and \"monitoringPasscodeSecretKey\"" -}}
+{{- include "sonarqube.fail" "Please provide a passcode either setting \"monitoringPasscode\" or \"monitoringPasscodeSecretName\" and \"monitoringPasscodeSecretKey\"" -}}
+{{- end -}}
+
+{{/*
+* Validates the community.enabled, edition, and tag logic.
+*/}}
+{{- if eq .Values.edition "community" -}}
+    {{- include "sonarqube.fail" "'community' is not a valid edition. If you want to use SonarQube Community Build, unset 'edition' and set 'community.enabled=true' instead." -}}
+{{- else if and (.Values.community.enabled) (not (empty .Values.edition)) -}}
+    {{- include "sonarqube.fail" "You can't set 'community.enabled=true' and an 'edition' at the same time." -}}
+{{- else if not .Values.community.enabled -}}
+    {{- if empty .Values.edition -}}
+        {{- include "sonarqube.fail" "You must choose an 'edition' to install: 'developer' or 'enterprise'.\nIf you want to use SonarQube Community Build, unset 'edition' and set 'community.enabled=true' instead." -}}
+    {{- else if not (has .Values.edition (list "developer" "enterprise")) -}}
+        {{- include "sonarqube.fail" "The 'edition' must be either 'developer' or 'enterprise'." -}}
+    {{- end -}}
 {{- end -}}

charts/sonarqube/values.schema.json

@@ -4,17 +4,6 @@
         "replicaCount"
     ],
     "properties": {
-        "edition": {
-            "type": "string",
-            "enum": ["community", "developer", "enterprise"],
-            "properties": {
-                "community": {
-                    "type": "string",
-                    "deprecated": true,
-                    "$comment": "(DEPRECATED) Please use `community.enabled` instead"
-                }
-            }
-        },
         "persistence": {
             "type": "object",
             "properties": {
@@ -40,8 +29,7 @@
                 }
             }
         },
-        "OpenShift":
-        {
+        "OpenShift": {
             "type": "object",
             "properties": {
                 "createSCC": {
@@ -98,7 +86,10 @@
         },
         "replicaCount": {
             "type": "integer",
-            "enum": [0, 1]
+            "enum": [
+                0,
+                1
+            ]
         },
         "jvmOpts": {
             "type": "string",
@@ -172,20 +163,17 @@
             "deprecated": true,
             "$comment": "(DEPRECATED) this option will be removed in the next major release"
         },
-        "curlContainerImage":
-        {
+        "curlContainerImage": {
             "type": "string",
             "deprecated": true,
             "$comment": "(DEPRECATED) please use `setAdminPassword.image` at the value top level"
         },
-        "adminJobAnnotations":
-        {
+        "adminJobAnnotations": {
             "type": "object",
             "deprecated": true,
             "$comment": "(DEPRECATED) please use `setAdminPassword.annotations` at the value top level"
         },
-        "sonarqubeFolder":
-        {
+        "sonarqubeFolder": {
             "type": "string",
             "deprecated": true,
             "$comment": "(DEPRECATED) This value will is no longer required and will be dropped in future releases"
@@ -206,4 +194,4 @@
             }
         }
     }
- }
+}

charts/sonarqube/values.yaml

@@ -48,19 +48,17 @@ OpenShift:
     # labels:
     #  external: 'true'
 
-# (DEPRECATED) The "community" value as the default of "edition" is deprecated and will be removed in the next release (in favor of an empty value). Please set "community" to "true", if you want to use SonarQube Community Build.
-edition: "community"
+# Configure the edition of SonarQube Server to deploy: developer or enterprise
+# edition: ""
 
 # Set the chart to use the latest released SonarQube Community Build
 community:
-  enabled: true
+  enabled: false
   buildNumber: "24.12.0.100206"
 
 image:
   repository: sonarqube
-  # (DEPRECATED) The "image.tag" parameter is set to be empty as default.
-  # image.tag is set according to the edition and community fields, user-defined have precedance.
-  # tag: 10.8.1-{{ .Values.edition }}
+  # tag: ""
   pullPolicy: IfNotPresent
   # If using a private repository, the imagePullSecrets to use
   # pullSecrets: