diff --git a/README.md b/README.md index 3cb641e..d70f480 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,15 @@ _MinIO is a High Performance Object Storage released under GNU Affero General Pu [Official Repo](https://github.com/minio/minio) +### [SonarQube](./sonarqube) + +![Supports amd64 Architecture][amd64-shield] +![Supports aarch64 Architecture][aarch64-shield] + +_SonarQube Server helps you comply with common code security standards, such as the NIST SSDF, OWASP, CWE, STIG, and CASA._ + +[Official Repo](https://github.com/SonarSource/sonarqube) + ## Sponsoring โค๏ธ If you like this add-on and would like to support my work and future projects, you can buy me a coffee. โ˜• diff --git a/minio/README.md b/minio/README.md index b5b16b9..1ae69ea 100644 --- a/minio/README.md +++ b/minio/README.md @@ -36,7 +36,7 @@ drive: storage Once installed, access MinIO via the sidebar or at: -`http://:9000` (if Ingress is not available) +`http://:9001` (if Ingress is not available) ## ๐Ÿงพ Requirements diff --git a/minio/config.json b/minio/config.json index 82c13f9..b0fb223 100644 --- a/minio/config.json +++ b/minio/config.json @@ -21,10 +21,10 @@ "9001/tcp": 9001 }, "ports_description": { - "9000/tcp": "Web Interface", - "9001/tcp": "Web Console" + "9001/tcp": "Web Interface", + "9000/tcp": "Web Console" }, - "webui": "[PROTO:ssl]://[HOST]:[PORT:9000]", + "webui": "[PROTO:ssl]://[HOST]:[PORT:9001]", "map": { "config": "rw", "share": "rw", diff --git a/sonarqube/CHANGELOG.md b/sonarqube/CHANGELOG.md new file mode 100644 index 0000000..0946ace --- /dev/null +++ b/sonarqube/CHANGELOG.md @@ -0,0 +1,2 @@ +## 0.0.1-beta +- Initial release \ No newline at end of file diff --git a/sonarqube/Dockerfile b/sonarqube/Dockerfile new file mode 100644 index 0000000..50174b1 --- /dev/null +++ b/sonarqube/Dockerfile @@ -0,0 +1,44 @@ +# Use Alpine as the base image +FROM alpine:3.18 + +LABEL io.hass.name="SonarQube" +LABEL io.hass.description="SonarQube Server helps you comply with common code security standards, such as the NIST SSDF, OWASP, CWE, STIG, and CASA." +LABEL io.hass.arch="amd64|aarch64" +LABEL io.hass.type="addon" +LABEL io.hass.version="0.0.1-beta" + +# Build parameters +ARG SONARQUBE_VERSION=9.9.6.92038 +ENV SONARQUBE_VERSION=${SONARQUBE_VERSION} \ + SONARQUBE_HOME=/opt/sonarqube \ + SONARQUBE_BIN=/opt/sonarqube/bin/linux-x86-64 + +# Install runtime dependencies +RUN apk add --no-cache \ + openjdk11-jre \ + curl \ + unzip \ + su-exec \ + tzdata + +# Create a user with uid/gid 1000 +RUN addgroup -S sonarqube -g 1000 \ + && adduser -S sonarqube -u 1000 -G sonarqube + +# Download and extract SonarQube +RUN curl -L "https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-${SONARQUBE_VERSION}.zip" -o /tmp/sonarqube.zip \ + && unzip /tmp/sonarqube.zip -d /opt \ + && mv /opt/sonarqube-${SONARQUBE_VERSION} "${SONARQUBE_HOME}" \ + && rm /tmp/sonarqube.zip \ + && chown -R sonarqube:sonarqube "${SONARQUBE_HOME}" + +# Copy the startup script +COPY run.sh /usr/local/bin/run.sh +RUN chmod +x /usr/local/bin/run.sh + +# Expose the internal port (always 9000) +EXPOSE 9000 + +# Run as the 'sonarqube' user +USER sonarqube +ENTRYPOINT ["/usr/local/bin/run.sh"] diff --git a/sonarqube/README.md b/sonarqube/README.md new file mode 100644 index 0000000..a998b9e --- /dev/null +++ b/sonarqube/README.md @@ -0,0 +1,87 @@ +# Home Assistant Add-on: SonarQube + +![Supports amd64 Architecture](https://img.shields.io/badge/amd64-yes-green.svg) +![Supports aarch64 Architecture](https://img.shields.io/badge/aarch64-yes-green.svg) + +This add-on provides a **SonarQube** server that helps you comply with common code security standards such as the NIST SSDF, OWASP, CWE, STIG, and CASA. It is designed to be **production-ready**, secure, and lightweight, and integrates seamlessly with Home Assistant. + +## โš™๏ธ Configuration + +The add-on uses the following configuration which is defined in the `config.json` file: + +```yaml +data_path: /share/sonarqube/data +extensions_path: /share/sonarqube/extensions +ui_port: 9000 +jdbc_url: "jdbc:postgresql://sonarqube_db:5432/sonar" +jdbc_username: "" +jdbc_password: "" +TZ: "Europe/Rome" +``` + +### Parameters + +| Variable | Default | Description | +|--------------------|-------------------------------|-----------------------------------------------------------------| +| `data_path` | `/share/sonarqube/data` | Directory where SonarQube data is stored | +| `extensions_path` | `/share/sonarqube/extensions` | Directory for SonarQube extensions | +| `ui_port` | `9000` | Port for the SonarQube web interface | +| `jdbc_url` | (Required) | JDBC URL for the database connection (e.g., PostgreSQL) | +| `jdbc_username` | (Required) | Username for the JDBC database connection | +| `jdbc_password` | (Required) | Password for the JDBC database connection | +| `TZ` | `Europe/Rome` | Timezone setting for the add-on | + +## ๐Ÿš€ Installation + +1. Go to Home Assistant โ†’ **Supervisor โ†’ Add-on Store** +2. Add the repository (Settings โ†’ Repositories โ†’ `https://github.com/martemme/HomeAssistantAddons`) +3. Install the **SonarQube** add-on +4. Configure the required options and start the add-on + +## ๐ŸŒ Access + +Once installed, access the SonarQube web interface at: + +`http://:9000` + +## ๐Ÿงพ Requirements + +- Home Assistant OS or Supervised installation +- Supported architectures: `amd64`, `aarch64` +- Persistent storage for `/share/sonarqube/data` and `/share/sonarqube/extensions` +- A running PostgreSQL database for SonarQube connectivity + +## ๐Ÿ“‚ Repository Structure + +```bash +sonarqube/ +โ”œโ”€โ”€ CHANGELOG.md # Changelog for the add-on +โ”œโ”€โ”€ config.json # Add-on configuration definition +โ”œโ”€โ”€ Dockerfile # Dockerfile for the SonarQube container +โ”œโ”€โ”€ icon.png # Icon for the add-on +โ”œโ”€โ”€ logo.png # Logo for the add-on +โ”œโ”€โ”€ README.md # This file +โ””โ”€โ”€ run.sh # Startup script for SonarQube +``` + +## ๐Ÿง  Notes + +- The add-on requires a PostgreSQL database. Ensure that `jdbc_url`, `jdbc_username`, and `jdbc_password` are correctly configured. +- Timezone configuration can be customized via the `TZ` option. +- The Home Assistant add-on system creates the options file (`/data/options.json`) automatically based on your configuration. + +## ๐Ÿ›ก Security + +> โš ๏ธ Always use strong passwords and ensure secure network settings, especially for database connections. + +--- + +Made with โค๏ธ for automation and resilience. + +[semver]: http://semver.org/spec/v2.0.0.html +[aarch64-shield]: https://img.shields.io/badge/aarch64-yes-green.svg +[amd64-shield]: https://img.shields.io/badge/amd64-yes-green.svg +[armv7-shield]: https://img.shields.io/badge/armv7-yes-green.svg +[i386-shield]: https://img.shields.io/badge/i386-yes-green.svg +[repository-badge]: https://img.shields.io/badge/Add%20repository%20to%20my-Home%20Assistant-41BDF5?logo=home-assistant&style=for-the-badge +[repository-url]: https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Fmartemme%2FHomeAssistantAddons \ No newline at end of file diff --git a/sonarqube/config.json b/sonarqube/config.json new file mode 100644 index 0000000..c2d7f25 --- /dev/null +++ b/sonarqube/config.json @@ -0,0 +1,49 @@ +{ + "name": "SonarQube", + "version": "0.0.1-beta", + "slug": "sonarqube", + "description": "SonarQube Server helps you comply with common code security standards, such as the NIST SSDF, OWASP, CWE, STIG, and CASA.", + "arch": ["amd64", "armv7", "aarch64"], + "startup": "services", + "boot": "auto", + "host_network": false, + "privileged": true, + "options": { + "data_path": "/share/sonarqube/data", + "extensions_path": "/share/sonarqube/extensions", + "ui_port": 9000, + "jdbc_url": "jdbc:postgresql://sonarqube_db:5432/sonar", + "jdbc_username": "", + "jdbc_password": "", + "TZ": "Europe/Rome" + }, + "schema": { + "data_path": "string", + "extensions_path": "string", + "ui_port": "integer", + "jdbc_url": "string", + "jdbc_username": "string", + "jdbc_password": "string", + "TZ": "string" + }, + "ports": { + "ui": "ui_port" + }, + "ports_description": { + "ui": "Web Interface" + }, + "map": ["config"], + "environment": [ + "TZ", + "SONAR_JDBC_URL", + "SONAR_JDBC_USERNAME", + "SONAR_JDBC_PASSWORD" + ], + "image": "sonarqube:community", + "webui": "http://[HOST]:[PORT:ui]", + "build_from": { + "amd64": "alpine:3.18", + "aarch64": "alpine:3.18" + } + } + \ No newline at end of file diff --git a/sonarqube/icon.png b/sonarqube/icon.png new file mode 100644 index 0000000..049f89b Binary files /dev/null and b/sonarqube/icon.png differ diff --git a/sonarqube/logo.png b/sonarqube/logo.png new file mode 100644 index 0000000..77dbd8d Binary files /dev/null and b/sonarqube/logo.png differ diff --git a/sonarqube/run.sh b/sonarqube/run.sh new file mode 100644 index 0000000..8210ee3 --- /dev/null +++ b/sonarqube/run.sh @@ -0,0 +1,35 @@ +#!/usr/bin/env sh +set -e + +# --- Default paths se non passati via env --- +: "${DATA_PATH:=/share/sonarqube/data}" +: "${EXT_PATH:=/share/sonarqube/extensions}" +: "${TZ:=Europe/Rome}" + +# --- Variabili JDBC (obbligatorie) --- +: "${SONAR_JDBC_URL:?Serve SONAR_JDBC_URL, es. jdbc:postgresql://sonarqube_db:5432/sonar}" +: "${SONAR_JDBC_USERNAME:?Serve SONAR_JDBC_USERNAME}" +: "${SONAR_JDBC_PASSWORD:?Serve SONAR_JDBC_PASSWORD}" + +# --- Imposto timezone a container start --- +ln -snf "/usr/share/zoneinfo/${TZ}" /etc/localtime && echo "${TZ}" > /etc/timezone + +# --- Creo e monto le cartelle host in container --- +mkdir -p "${DATA_PATH}" "${EXT_PATH}" +cd "${SONARQUBE_HOME}" + +# sposto le cartelle interne originali (evt. backup) +[ -d data ] && mv data data.orig || true +[ -d extensions ]&& mv extensions extensions.orig || true + +# link simbolici verso le cartelle condivise +ln -s "${DATA_PATH}" data +ln -s "${EXT_PATH}" extensions + +# --- Esporto le variabili per SonarQube --- +export SONAR_JDBC_URL +export SONAR_JDBC_USERNAME +export SONAR_JDBC_PASSWORD + +# --- Avvio SonarQube in foreground --- +exec "${SONARQUBE_BIN}/sonar.sh" console \ No newline at end of file