SonarSource · carminevassallo · Oct 16, 2025 · Oct 17, 2025
diff --git a/.cirrus/azure_app_verify_and_publish.sh b/.cirrus/azure_app_verify_and_publish.sh
@@ -8,9 +8,9 @@ set -e # Exit immediately if a command exits with a non-zero status.
 
 # Version of the original SonarQube chart (e.g., 2025.3.0)
 # This should match the version in charts/sonarqube/Chart.yaml
-SONARQUBE_CHART_VERSION="${SQ_VERSION:-2025.3.0}"
-SONARQUBE_IMAGE_VERSION="${SQ_IMAGE_VERSION:-2025.3.0}"
-PSQL_VERSION="${PSQL_VERSION:-11.14.0}" # PostgreSQL version used in the SonarQube chart
+SONARQUBE_CHART_VERSION="${SQ_VERSION:-2025.5.0}"
+SONARQUBE_IMAGE_VERSION="${SQ_IMAGE_VERSION:-2025.5.0}"
+AZURE_CHART_VERSION="${AZ_CHART_VERSION:-2025.5.1}"
 
 # Azure Container Registry (ACR) details
 # This should match the 'registryServer' in your manifest.yaml
@@ -25,10 +25,15 @@ APPLICATION_NAME="sonarqube"
 
 echo "--- Starting Azure Marketplace K8s App Packaging Process ---"
 
-# Replace ACR registry placeholder with actual registry value
+# Replace Azure app placeholders with actual registry value
 echo "Replacing ACR registry placeholders with: ${ACR_REGISTRY}"
-sed -i "s|__ACR_REGISTRY_PLACEHOLDER__|${ACR_REGISTRY}|g" azure-marketplace-k8s-app/manifest.yaml
-sed -i "s|__ACR_REGISTRY_PLACEHOLDER__|${ACR_REGISTRY}|g" azure-marketplace-k8s-app/sonarqube-azure/values.yaml
+sed -i '' "s|__ACR_REGISTRY_PLACEHOLDER__|${ACR_REGISTRY}|g" azure-marketplace-k8s-app/manifest.yaml
+sed -i '' "s|__ACR_REGISTRY_PLACEHOLDER__|${ACR_REGISTRY}|g" azure-marketplace-k8s-app/sonarqube-azure/values.yaml
+sed -i '' "s|__AZURE_VERSION_PLACEHOLDER__|${AZURE_CHART_VERSION}|g" azure-marketplace-k8s-app/manifest.yaml
+sed -i '' "s|__AZURE_VERSION_PLACEHOLDER__|${AZURE_CHART_VERSION}|g" azure-marketplace-k8s-app/sonarqube-azure/values.yaml
+sed -i '' "s|__AZURE_VERSION_PLACEHOLDER__|${AZURE_CHART_VERSION}|g" azure-marketplace-k8s-app/sonarqube-azure/Chart.yaml
+sed -i '' "s|__SONARQUBE_CHART_VERSION_PLACEHOLDER__|${SONARQUBE_CHART_VERSION}|g" azure-marketplace-k8s-app/sonarqube-azure/Chart.yaml
+sed -i '' "s|__SONARQUBE_IMAGE_VERSION_PLACEHOLDER__|${SONARQUBE_IMAGE_VERSION}|g" azure-marketplace-k8s-app/sonarqube-azure/Chart.yaml
 
 cd azure-marketplace-k8s-app
 
@@ -45,19 +50,11 @@ rm -rf ../charts/sonarqube/charts
 # Ensure the wrapper chart's charts/ directory exists for unpacking
 mkdir -p sonarqube-azure/charts/
 
-
-# 2. Build all required Helm chart dependencies
-echo "2a. Build fresh SonarQube dependencies..."
-cd ../charts/sonarqube
-rm -rf charts/ Chart.lock
-helm dependency update
-echo "SonarQube dependencies rebuilt successfully."
-
-# 2b. Navigate into the wrapper chart directory and update Helm dependencies
-echo "2b. Updating Helm dependencies for the wrapper chart (sonarqube-azure)..."
+# 2. Navigate into the wrapper chart directory and update Helm dependencies
+echo "2. Updating Helm dependencies for the wrapper chart (sonarqube-azure)..."
 # This command will read sonarqube-azure/Chart.yaml and package the 'sonarqube'
 # dependency (from ../charts/sonarqube) into sonarqube-azure/charts/sonarqube-${SONARQUBE_CHART_VERSION}.tgz
-cd ../../azure-marketplace-k8s-app/sonarqube-azure
+cd sonarqube-azure
 rm -rf ../../charts/sonarqube/.cache/helm/repository/* # Workaround for Helm caching issues on Cirrus
 helm dependency update
 echo "Helm dependencies updated. Packaged subchart is now in sonarqube-azure/charts/."
@@ -66,21 +63,18 @@ echo "Helm dependencies updated. Packaged subchart is now in sonarqube-azure/cha
 echo "3. Decompressing the SonarQube subchart for CPA validation..."
 cd charts
 tar -xzf "sonarqube-${SONARQUBE_CHART_VERSION}.tgz"
-ls -la sonarqube/charts/postgresql
+ls -la sonarqube/
 rm "sonarqube-${SONARQUBE_CHART_VERSION}.tgz"
 echo "SonarQube subchart decompressed and .tgz removed."
 
 # 4. Navigate back to the main offer directory
 cd ../.. # Back to azure-marketplace-k8s-app/
 
-
-# # 5. Push required images to the ACR_REGISTRY registry
-echo "5. Push required images to the ACR_REGISTRY registry..."
+# 5. Push required images to the ACR_REGISTRY registry
+echo "5. Push required images to the ACR_REGISTRY registry... (skipped) "
 ##  Disabled to due images not available
 # docker tag "sonarqube:${SONARQUBE_IMAGE_VERSION}-enterprise" "${ACR_REGISTRY}/sonarqube:${SONARQUBE_IMAGE_VERSION}-enterprise"
 # docker push "${ACR_REGISTRY}/sonarqube:${SONARQUBE_IMAGE_VERSION}-enterprise"
-docker tag "bitnamilegacy/postgresql:${PSQL_VERSION}" "${ACR_REGISTRY}/bitnamilegacy/postgresql:${PSQL_VERSION}"
-docker push "${ACR_REGISTRY}/bitnamilegacy/postgresql:${PSQL_VERSION}"
 
 # 6. Run CPA verify within the container
 echo "6. Running CPA verification (cpa verify)..."
@@ -93,7 +87,7 @@ echo "CPA verification complete."
 echo "7. Building the CPA bundle (cpa buildbundle)..."
 # This creates the .cnab directory and the bundle file (e.g., sonarqube.cnab)
 # in the current directory (mounted as /data in container).
-docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v "$(pwd)":/data mcr.microsoft.com/container-package-app:latest sh -c "echo "${AZURE_ACR_PASSWORD}" | docker login "${AZURE_ACR_REGISTRY}" --username "${AZURE_ACR_USERNAME}" --password-stdin && cd /data && cpa buildbundle --force"
+# docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v "$(pwd)":/data mcr.microsoft.com/container-package-app:latest sh -c "echo "${AZURE_ACR_PASSWORD}" | docker login "${AZURE_ACR_REGISTRY}" --username "${AZURE_ACR_USERNAME}" --password-stdin && cd /data && cpa buildbundle --force"
 echo "CPA bundle built successfully."
 echo "CPA bundle pushed to ACR successfully!"
 

diff --git a/.cirrus/tasks_azure_marketplace.yml b/.cirrus/tasks_azure_marketplace.yml
@@ -2,28 +2,25 @@ build_azure_app_template: &BUILD_AZURE_APP_TEMPLATE
   ec2_instance:
     <<: *VM_TEMPLATE
   env:
-    PSQL_VERSION: 11.14.0
     SQ_VERSION: 2025.2.0
     SQ_IMAGE_VERSION: 2025.2.0
+    AZ_CHART_VERSION: 2025.5.1
   install_helm_script:
     - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
     - chmod 700 get_helm.sh
     - ./get_helm.sh
   login_to_gcr_script:
     - echo "${AZURE_ACR_PASSWORD}" | docker login "${AZURE_ACR_REGISTRY}" --username "${AZURE_ACR_USERNAME}" --password-stdin
-  pull_required_images_script:
-    # - docker pull "docker.io/sonarqube:${SQ_IMAGE_VERSION}-enterprise" # Disabled to due images not available
-    - docker pull "docker.io/bitnamilegacy/postgresql:${PSQL_VERSION}"
   build_app_script:
     - ./.cirrus/azure_app_verify_and_publish.sh
 
 build_azure_staging_app_task:
   <<: *BUILD_AZURE_APP_TEMPLATE
   only_if: $TRIGGER == "PUSH_AZURE_STAGING" || $TRIGGER == "PUSH_AZURE_PRODUCTION"
   env:
-    PSQL_VERSION: 11.14.0
     SQ_VERSION: 2025.5.0
     SQ_IMAGE_VERSION: 2025.5.0
+    AZ_CHART_VERSION: 2025.5.1
     AZURE_ACR_REGISTRY: "${AZURE_ACR_REGISTRY_STAGING}"
     AZURE_ACR_USERNAME: "${AZURE_ACR_USERNAME_STAGING}"
     AZURE_ACR_PASSWORD: "${AZURE_ACR_PASSWORD_STAGING}"
@@ -34,9 +31,9 @@ build_azure_prod_app_task:
   depends_on:
     - build_azure_staging_app
   env:
-    PSQL_VERSION: 11.14.0
     SQ_VERSION: 2025.5.0
     SQ_IMAGE_VERSION: 2025.5.0
+    AZ_CHART_VERSION: 2025.5.1
     AZURE_ACR_REGISTRY: "${AZURE_ACR_REGISTRY_PRODUCTION}"
     AZURE_ACR_USERNAME: "${AZURE_ACR_USERNAME_PRODUCTION}"
     AZURE_ACR_PASSWORD: "${AZURE_ACR_PASSWORD_PRODUCTION}"
diff --git a/azure-marketplace-k8s-app/manifest.yaml b/azure-marketplace-k8s-app/manifest.yaml
@@ -1,7 +1,7 @@
 applicationName: sonarqube
 publisher: "SonarSource"
 description: "SonarQube Server is a self-managed, automatic code review tool that systematically helps you deliver clean code. As a core element of our Sonar solution, SonarQube integrates into your existing workflow and detects issues in your code to help you perform continuous code inspections of your projects. The tool analyses 30+ different programming languages and integrates into your CI pipeline and DevOps platform to ensure that your code meets high-quality standards."
-version: 2025.5.1
+version: __AZURE_VERSION_PLACEHOLDER__
 helmChart: "./sonarqube-azure"
 clusterArmTemplate: "./mainTemplate.json"
 uiDefinition: "./createUIDefinition.json"

diff --git a/azure-marketplace-k8s-app/sonarqube-azure/Chart.yaml b/azure-marketplace-k8s-app/sonarqube-azure/Chart.yaml
@@ -1,10 +1,10 @@
 apiVersion: v2 # Or v1 depending on your Helm version
 name: sonarqube-azure
-version: 2025.5.1
-appVersion: 2025.5.0
+version: __AZURE_VERSION_PLACEHOLDER__
+appVersion: __SONARQUBE_IMAGE_VERSION_PLACEHOLDER__
 description: "SonarQube Server is a self-managed, automatic code review tool that systematically helps you deliver clean code. As a core element of our Sonar solution, SonarQube integrates into your existing workflow and detects issues in your code to help you perform continuous code inspections of your projects. The tool analyses 30+ different programming languages and integrates into your CI pipeline and DevOps platform to ensure that your code meets high-quality standards."
 type: application
 dependencies:
   - name: sonarqube 
-    version: 2025.5.0
+    version: __SONARQUBE_CHART_VERSION_PLACEHOLDER__
     repository: "file://../../charts/sonarqube" # Reference to the local SonarQube chart
diff --git a/azure-marketplace-k8s-app/sonarqube-azure/values.yaml b/azure-marketplace-k8s-app/sonarqube-azure/values.yaml
@@ -6,6 +6,8 @@ sonarqube:
   env:
     - name: MARKETPLACE_AZURE_BILLING
       value: "true"
+  postgresql:
+    enabled: false
 
 global:
   azure:
@@ -23,7 +25,3 @@ global:
         registry: __ACR_REGISTRY_PLACEHOLDER__
         image: sonarqube
         tag: 2025.5.0-enterprise
-      postgresql:
-        registry: __ACR_REGISTRY_PLACEHOLDER__
-        image: bitnamilegacy/postgresql
-        tag: 11.14.0
diff --git a/charts/sonarqube/templates/_pod.tpl b/charts/sonarqube/templates/_pod.tpl
@@ -275,11 +275,13 @@ spec:
         - name: IS_HELM_OPENSHIFT_ENABLED
           value: "true"
         {{- end }}
+        {{- if or .Values.postgresql.enabled .Values.jdbcOverwrite.enabled .Values.jdbcOverwrite.enable }}
         - name: SONAR_JDBC_PASSWORD
           valueFrom:
             secretKeyRef:
               name: {{ include "jdbc.secret" . }}
               key: {{ include "jdbc.secretPasswordKey" . }}
+        {{- end}}
         - name: SONAR_WEB_SYSTEMPASSCODE
           valueFrom:
             secretKeyRef:
@@ -292,8 +294,10 @@ spec:
             {{- end }}
         {{- (include "sonarqube.combined_env" . | fromJsonArray) | toYaml | trim | nindent 8 }}
       envFrom:
+        {{- if or .Values.postgresql.enabled .Values.jdbcOverwrite.enabled .Values.jdbcOverwrite.enable }}
         - configMapRef:
             name: {{ include "sonarqube.fullname" . }}-jdbc-config
+        {{- end}}
         {{- if include "sonarqube.azure.enabled" . }}
         - configMapRef:
             name: {{ template "sonarqube.fullname" . }}-azure-config

diff --git a/charts/sonarqube/templates/jdbc-config.yaml b/charts/sonarqube/templates/jdbc-config.yaml
@@ -1,3 +1,4 @@
+{{- if or .Values.postgresql.enabled .Values.jdbcOverwrite.enabled .Values.jdbcOverwrite.enable }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -10,3 +11,4 @@ data:
   {{- else if and .Values.postgresql.service.port .Values.postgresql.postgresqlDatabase }}
   SONAR_JDBC_URL: "jdbc:postgresql://{{ template "postgresql.hostname" . }}:{{- .Values.postgresql.service.port -}}/{{- .Values.postgresql.postgresqlDatabase -}}"
   {{- end }}
+{{- end }}