diff --git a/.tekton/build-java-image.yaml b/.tekton/build-java-image.yaml new file mode 100644 index 00000000..795a193c --- /dev/null +++ b/.tekton/build-java-image.yaml @@ -0,0 +1,77 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + name: sonar-java-image + annotations: + pipelinesascode.tekton.dev/on-comment: "^((/test-all)|(/build-java-image))$" + pipelinesascode.tekton.dev/max-keep-runs: "5" +spec: + pipelineRef: + resolver: hub + params: + - name: catalog + value: alauda + - name: type + value: tekton + - name: kind + value: pipeline + - name: name + value: clone-image-build-test-scan + - name: version + value: "0.2" + + params: + - name: git-url + value: "{{ repo_url }}" + - name: git-revision + value: "{{ source_branch }}" + - name: git-commit + value: "{{ revision }}" + - name: pull-request-number + value: "{{ pull_request_number }}" + + - name: image-repository + value: build-harbor.alauda.cn/devops/sonarqube-ce-java-build-202501 + + - name: tags + value: + - latest + + - name: dockerfile-path + value: .tekton/dockerfile/Dockerfile.java + + - name: context + value: ".tekton/dockerfile" + + - name: file-list-for-commit-sha + value: + - .tekton/dockerfile/Dockerfile.java + + - name: ignore-trivy-scan + value: "true" + workspaces: + - name: source + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + - name: dockerconfig + secret: + secretName: build-harbor.kauto.docfj + - name: basic-auth + secret: + secretName: "{{ git_auth_secret }}" + - name: gitversion-config + configMap: + name: gitversion-config + + taskRunTemplate: + podTemplate: + securityContext: + runAsUser: 65532 + runAsGroup: 65532 + fsGroup: 65532 + fsGroupChangePolicy: "OnRootMismatch" diff --git a/.tekton/dockerfile/Dockerfile.java b/.tekton/dockerfile/Dockerfile.java new file mode 100644 index 00000000..eb0beba1 --- /dev/null +++ b/.tekton/dockerfile/Dockerfile.java @@ -0,0 +1,36 @@ +# renovate: datasource=docker depName=eclipse-temurin +FROM docker-mirrors.alauda.cn/library/eclipse-temurin:17.0.15_6-jdk-jammy + +# source: https://github.com/SonarSource/sonarqube/blob/170bd61e5e75fb3668dd31dc71570f5e40a800fd/.cirrus/Dockerfile#L1 +RUN export DEBIAN_FRONTEND=noninteractive; \ + echo 'Acquire::AllowReleaseInfoChange::Suite "true";' > /etc/apt/apt.conf.d/allow_release_info_change.conf; \ + # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863199#23 + mkdir -p /usr/share/man/man1; \ + apt-get update; \ + apt-get -y install --no-install-recommends \ + lsb-release \ + ca-certificates \ + curl \ + wget \ + gnupg; + +RUN export NODE_MAJOR=18; \ + export DISTRO="$(lsb_release -s -c)"; \ + curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg; \ + echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" >> /etc/apt/sources.list.d/nodesource.list; \ + curl -sSL https://packages.atlassian.com/api/gpg/key/public | gpg --dearmor -o /etc/apt/keyrings/atlassian.gpg; \ + echo "deb [signed-by=/etc/apt/keyrings/atlassian.gpg] https://packages.atlassian.com/debian/atlassian-sdk-deb/ stable contrib" >> /etc/apt/sources.list.d/atlassian-sdk.list; \ + curl -sSL https://packages.adoptium.net/artifactory/api/gpg/key/public | gpg --dearmor -o /etc/apt/keyrings/adoptium-archive-keyring.gpg; \ + echo "deb [signed-by=/etc/apt/keyrings/adoptium-archive-keyring.gpg] https://packages.adoptium.net/artifactory/deb $DISTRO main" >> /etc/apt/sources.list.d/adoptopenjdk.list; \ + apt-get update; \ + apt-get -y install --no-install-recommends \ + git \ + unzip \ + nodejs="$NODE_MAJOR".* \ + jq \ + expect \ + temurin-8-jdk \ + xmlstarlet; \ + npm install -g yarn; + +RUN sed -i 's|securerandom.source=file:/dev/random|securerandom.source=file:/dev/urandom|g' "$JAVA_HOME/conf/security/java.security"