feat: init sonarqube infra as code state

This commit is contained in:
Ivan I. Ovchinnikov
2025-12-08 19:22:40 +00:00
commit 7454f6d686
6 changed files with 122 additions and 0 deletions
+3
View File
@@ -0,0 +1,3 @@
postgresql/
sonarqube/
db.env
Executable
+32
View File
@@ -0,0 +1,32 @@
FROM sonarqube:25.9.0.112764-community
# Установка дополнительных плагинов. Ставим и настраиваем под рутом
USER root
# Скачиваем все плагины одной командой для минимизации слоев
RUN apt-get update && apt-get install -y unzip && \
wget -O /opt/sonarqube/extensions/plugins/sonar-auth-oidc-plugin-3.0.0.jar \
https://github.com/vaulttec/sonar-auth-oidc/releases/download/v3.0.0/sonar-auth-oidc-plugin-3.0.0.jar && \
wget -O /opt/sonarqube/extensions/plugins/sonar-cxx-plugin-2.2.2.1332.jar \
https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-2.2.1/sonar-cxx-plugin-2.2.1.1248.jar && \
wget -O /opt/sonarqube/extensions/plugins/sonarqube-community-branch-plugin-25.9.0.jar \
https://github.com/mc1arke/sonarqube-community-branch-plugin/releases/download/25.9.0/sonarqube-community-branch-plugin-25.9.0.jar && \
wget -O /opt/sonarqube/extensions/plugins/sonar-cnes-report-5.0.2.jar \
https://github.com/cnescatlab/sonar-cnes-report/releases/download/5.0.2/sonar-cnes-report-5.0.2.jar && \
wget -O /opt/sonarqube/extensions/plugins/sonar-zpa-plugin-4.0.0.jar \
https://github.com/felipebz/zpa/releases/download/4.0.0/sonar-zpa-plugin-4.0.0.jar && \
# Скачиваем и распаковываем webapp для branch plugin
wget -O /tmp/sonarqube-webapp.zip \
https://github.com/mc1arke/sonarqube-community-branch-plugin/releases/download/25.9.0/sonarqube-webapp.zip && \
unzip -o /tmp/sonarqube-webapp.zip -d /tmp/webapp && \
rm -rf /opt/sonarqube/web/* && \
cp -r /tmp/webapp/* /opt/sonarqube/web/ && \
rm -rf /tmp/webapp /tmp/sonarqube-webapp.zip && \
# Чистим кэш apt и удаляем unzip
apt-get remove -y unzip && \
apt-get autoremove -y && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
# Возвращаем к пользователю по умолчанию для продакшена
USER sonarqube
Executable
+3
View File
@@ -0,0 +1,3 @@
POSTGRES_USER=
POSTGRES_PASSWORD=
POSTGRES_DB=sonar
+22
View File
@@ -0,0 +1,22 @@
services:
sonarqube:
build:
context: .
dockerfile: Dockerfile
depends_on:
- sonar_db
ports:
- "9001:9000"
volumes:
- ./sonarqube/sonarqube_data/:/opt/sonarqube/data
- ./sonarqube/sonarqube_logs:/opt/sonarqube/logs
- ./sonarqube/sonarqube_temp:/opt/sonarqube/temp
- ./sonar.properties:/opt/sonarqube/conf/sonar.properties
sonar_db:
image: postgres:13
env_file:
- db.env
volumes:
- ./postgresql/postgresql:/var/lib/postgresql
- ./postgresql/postgresql_data:/var/lib/postgresql/data
- ./init_sonar_alm.sql:/init_sonar_alm.sql:ro
+34
View File
@@ -0,0 +1,34 @@
---
- name: Start SonarQube and configure DB
hosts: localhost
become: yes
vars:
sonar_port: 9001
sonar_data_dir: "{{ playbook_dir }}/sonarqube/sonarqube_data"
sonar_temp_dir: "{{ playbook_dir }}/sonarqube/sonarqube_temp"
sonar_logs_dir: "{{ playbook_dir }}/sonarqube/sonarqube_logs"
tasks:
- name: Ensure SonarQube directories exist
file:
path: "{{ item }}"
state: directory
mode: '777'
loop:
- "{{ sonar_data_dir }}"
- "{{ sonar_temp_dir }}"
- "{{ sonar_logs_dir }}"
- name: Start SonarQube and PostgreSQL
command: docker-compose up -d
args:
chdir: "{{ playbook_dir }}"
- name: Wait for SonarQube to be ready
uri:
url: "http://localhost:{{ sonar_port }}"
status_code: 200
register: result
until: result.status == 200
retries: 30
delay: 10
+28
View File
@@ -0,0 +1,28 @@
# Настройка базового адреса
sonar.core.serverBaseURL=https://qube.nstest.local
# Настройка подключения к базе
sonar.jdbc.url=jdbc:postgresql://sonar_db:5432/sonar
sonar.jdbc.username=
sonar.jdbc.password=
# Настройка JVM
sonar.web.javaOpts=-Xmx1g -Xms1g -XX:+HeapDumpOnOutOfMemoryError
sonar.ce.javaOpts=-Xmx1g -Xms1g -XX:+HeapDumpOnOutOfMemoryError
sonar.search.javaOpts=-Xmx1g -Xms1g -XX:+HeapDumpOnOutOfMemoryError
# Настройка OIDC плагина
sonar.auth.oidc.enabled=true
sonar.auth.oidc.issuerUri=https://auth.nstart.space/realms/nstart
sonar.auth.oidc.clientId.secured=sonarqube
sonar.auth.oidc.clientSecret.secured=
sonar.auth.oidc.allowUsersToSignUp=true
sonar.auth.oidc.loginStrategy=Unique
sonar.auth.oidc.loginStrategy.customClaim.name=upn
sonar.auth.oidc.groupSync=true
sonar.auth.oidc.groupSync.claimName=groups
sonar.auth.oidc.loginButtonText="Новый старт ID"
# Настройка branch плагина
sonar.web.javaAdditionalOpts=-javaagent:./extensions/plugins/sonarqube-community-branch-plugin-25.9.0.jar=web
sonar.ce.javaAdditionalOpts=-javaagent:./extensions/plugins/sonarqube-community-branch-plugin-25.9.0.jar=ce