Prepare release 4.11.1 (#1359)

BraisVQ · web-flow · commit d8898d91ae56 · 2025-12-05T09:45:46.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,14 +8,18 @@
 
 ### Fixed
 
+## [4.11.1] - 2025-12-05
+
+### Changed
+- Adapted Sonarqube server configuration to make projects private and have custom gate ([#1347](https://github.com/opendevstack/ods-core/pull/1347))
+
 ## [4.11.0] - 2025-12-03
 
 ### Added
 - New core component, OpenDevStack API service ([#1356](https://github.com/opendevstack/ods-core/pull/1356)) & ([#1357](https://github.com/opendevstack/ods-core/pull/1357))
 
 ### Changed
 - Change Cnes report to custom SonarQube report ([#1354](https://github.com/opendevstack/ods-core/pull/1354))
-- Adapted Sonarqube server configuration to make projects private and have custom gate ([#1347](https://github.com/opendevstack/ods-core/pull/1347))
 - Update Aqua cli to 2022.4.829 ([#1353](https://github.com/opendevstack/ods-core/pull/1353))
 - Update SonarQube and use local image for database ([#1343](https://github.com/opendevstack/ods-core/pull/1343))
 - Cleanup SonarQube backup process as data folder for server does not need backup ([#1355](https://github.com/opendevstack/ods-core/pull/1355))
diff --git a/sonarqube/chart/templates/cm-scan.yaml b/sonarqube/chart/templates/cm-scan.yaml
@@ -0,0 +1,13 @@
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ .Values.global.appName }}
+  name: {{ .Values.global.appName }}-scan
+apiVersion: v1
+data:
+  alertEmails: {{ .Values.scan.sonarAlertEmails }} 
+  enabled: {{ .Values.scan.sonarEnabled | quote }} 
+  exclusions: {{ .Values.scan.sonarExclusions | quote }}
+  nexusRepository: {{ .Values.scan.sonarNexusRepository }} 
+  sonarQubeAccount: {{ .Values.scan.sonarQubeAccount }} 
+  sonarQubeProjectsPrivate: {{ .Values.scan.sonarProjectsPrivate | quote }} 
diff --git a/sonarqube/chart/templates/cm-server.yaml b/sonarqube/chart/templates/cm-server.yaml
diff --git a/sonarqube/chart/values.yaml.template b/sonarqube/chart/values.yaml.template
@@ -58,9 +58,9 @@ buildConfig:
   memRequest: 1Gi
   memLimit: 2Gi
 scan:
-  sonarAlertEmails: $SONAR_SCAN_ALERT_EMAILS
   sonarEnabled: $SONAR_SCAN_ENABLED
   sonarExclusions: $SONAR_SCAN_EXCLUSIONS
   sonarNexusRepository: $SONAR_SCAN_NEXUS_REPOSITORY
+  sonarAlertEmails: $SONAR_SCAN_ALERT_EMAILS
   sonarProjectsPrivate: $SONAR_SCAN_PROJECTS_PRIVATE
   sonarQubeAccount: $SONAR_SCAN_ACCOUNT
diff --git a/sonarqube/configure.sh b/sonarqube/configure.sh
@@ -210,26 +210,43 @@ else
     echo_info "Default '${ADMIN_USER_NAME}' password is not in use."
 fi
 
+# Check whether pipeline user exists; create it if missing.
 echo_info "Checking if '${PIPELINE_USER_NAME}' exists ..."
 encodedPipelineUser="$(uriencode "${PIPELINE_USER_NAME}")"
-encodedPipelinePassword="$(uriencode "${ADMIN_USER_PASSWORD}")"
-if curl ${INSECURE} -X POST -sSf --user "${ADMIN_USER_NAME}:${ADMIN_USER_PASSWORD}" \
-    "${SONARQUBE_URL}/api/users/search?q=${encodedPipelineUser}" | grep '"users":\[\]' >/dev/null; then
-    echo_info "No user '${PIPELINE_USER_NAME}' present yet."
+
+# Query SonarQube for matching users and get count (fallback to 0 on error).
+userCount=$(curl ${INSECURE} -sS --user "${ADMIN_USER_NAME}:${ADMIN_USER_PASSWORD}" \
+    "${SONARQUBE_URL}/api/users/search?q=${encodedPipelineUser}" | jq -r '.users | length' || echo 0)
+
+if [ "${userCount}" -eq 0 ]; then
+    echo_info "No user '${PIPELINE_USER_NAME}' found — creating it now."
+
     if [ -z "${PIPELINE_USER_PWD}" ]; then
-        echo "Please enter '${PIPELINE_USER_NAME}' password:"
+        echo "Enter password for '${PIPELINE_USER_NAME}':"
         read -r -e -s input
         PIPELINE_USER_PWD=${input:-""}
     fi
-    echo_info "Trying to login in as '${PIPELINE_USER_NAME}' ..."
+
+    encodedPipelinePassword="$(uriencode "${PIPELINE_USER_PWD}")"
+
+    echo_info "Creating SonarQube user '${PIPELINE_USER_NAME}' ..."
+    if ! curl ${INSECURE} -X POST -sSf --user "${ADMIN_USER_NAME}:${ADMIN_USER_PASSWORD}" \
+        "${SONARQUBE_URL}/api/users/create?login=${encodedPipelineUser}&name=${encodedPipelineUser}&password=${encodedPipelinePassword}"; then
+        echo_error "Could not create user '${PIPELINE_USER_NAME}'."
+        exit 1
+    fi
+    echo_info "User '${PIPELINE_USER_NAME}' created."
+
+    echo_info "Verifying login for '${PIPELINE_USER_NAME}' ..."
     if ! curl ${INSECURE} -X POST -sSf \
         "${SONARQUBE_URL}/api/authentication/login?login=${encodedPipelineUser}&password=${encodedPipelinePassword}"; then
-        echo_error "Could not login as '${PIPELINE_USER_NAME}'."
+        echo_error "Login verification for '${PIPELINE_USER_NAME}' failed."
         exit 1
     fi
     echo_info "Login for '${PIPELINE_USER_NAME}' successful."
+else
+    echo_info "User '${PIPELINE_USER_NAME}' already exists in SonarQube."
 fi
-echo_info "User '${PIPELINE_USER_NAME}' exists in SonarQube."
 
 sampleToken=$(grep SONAR_AUTH_TOKEN_B64 "${ODS_CORE_DIR}/configuration-sample/ods-core.env.sample" | cut -d "=" -f 2-)
 configuredToken=$(grep SONAR_AUTH_TOKEN_B64 "${ODS_CONFIGURATION_DIR}/ods-core.env" | cut -d "=" -f 2- | base64 --decode)
