REL-3880 Release SonarQube Server 2025.4.0

Author: carminevassallo

.cirrus/tasks_env.yml

@@ -7,7 +7,7 @@ env:
   DOCKER_GCLOUD_SA_KEY: VAULT[development/team/sonarqube/kv/data/gcp-marketplace-registry-staging data.key]
   GCLOUD_REGISTRY: gcr.io/sonarqube-marketplace-provider # This is the staging registry
   GCLOUD_PRODUCT_NAME: sonarqube-dce-staging # This is the staging product name
-  GCLOUD_TAG: 2025.3.0
+  GCLOUD_TAG: 2025.4.0
   ROSA_OPENSHIFT_URL: VAULT[development/team/sonarqube/kv/data/rosa-openshift data.url]
   ROSA_OPENSHIFT_USER: VAULT[development/team/sonarqube/kv/data/rosa-dev data.username]
   ROSA_OPENSHIFT_PASSWORD: VAULT[development/team/sonarqube/kv/data/rosa-dev data.password]

charts/sonarqube-dce/CHANGELOG.md

@@ -3,6 +3,7 @@ All changes to this chart will be documented in this file.
 
 ## [2025.4.0]
 * Update Chart's version to 2025.4.0
+* Upgrade SonarQube Server to to 2025.4.0
 * Upgrade nginx subchart to 4.12.3
 * Support Kubernetes v1.33
 * Added validation to ensure that either the `applicationNodes.jwtSecret` or `applicationNodes.jwtExistingSecret` value is set

charts/sonarqube-dce/Chart.yaml

@@ -3,7 +3,7 @@ name: sonarqube-dce
 description: SonarQube is a self-managed, automatic code review tool that systematically helps you deliver clean code. As a core element of our Sonar solution, SonarQube integrates into your existing workflow and detects issues in your code to help you perform continuous code inspections of your projects. The tool analyses 30+ different programming languages and integrates into your CI pipeline and DevOps platform to ensure that your code meets high-quality standards.
 type: application
 version: 2025.4.0
-appVersion: 2025.3.0
+appVersion: 2025.4.0
 keywords:
   - coverage
   - security
@@ -27,6 +27,8 @@ annotations:
   artifacthub.io/changes: |
     - kind: changed
       description: "Update Chart's version to 2025.4.0"
+    - kind: changed
+      description: "Upgrade SonarQube Server to to 2025.4.0"
     - kind: changed
       description: "Upgrade nginx subchart to 4.12.3"
     - kind: changed
@@ -43,9 +45,9 @@ annotations:
   artifacthub.io/containsSecurityUpdates: "false"
   artifacthub.io/images: |
     - name: sonarqube-app
-      image: sonarqube:2025.3.0-datacenter-app
+      image: sonarqube:2025.4.0-datacenter-app
     - name: sonarqube-search
-      image: sonarqube:2025.3.0-datacenter-search
+      image: sonarqube:2025.4.0-datacenter-search
   charts.openshift.io/name: sonarqube-dce
 dependencies:
   - name: postgresql

charts/sonarqube-dce/README.md

@@ -14,7 +14,7 @@ Please note that this chart does NOT support SonarQube Community, Developer, and
 
 ## Compatibility
 
-Compatible SonarQube Version: `2025.3.0`
+Compatible SonarQube Version: `2025.4.0`
 
 Supported Kubernetes Versions: From `1.30` to `1.33`
 Supported Openshift Versions: From `4.11` to `4.17`
@@ -251,8 +251,16 @@ kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/late
 
 ```
 
+### Upgrading the Helm chart
+
+When upgrading your SonarQube instance, due to high CPU usage, it is recommended to disable the autoscaling before the upgrade process, re-enabling it afterwards.
+
+You can achieve that by either setting `applicationNodes.hpa.enabled` to `false` or by setting `applicationNodes.hpa.maxReplicas` to be the same value as `applicationNodes.hpa.minReplicas`.
+
 ## Working with Istio
 
+> SonarQube Server is tested using Istio in sidecar mode.
+
 When deploying SonarQube in an Istio service mesh environment, you need to configure fixed ports for Hazelcast communication between application nodes. This is required because Istio's sidecar proxy needs to know all ports in advance for traffic management, security policies, and observability.
 
 By default, SonarQube's Hazelcast cluster uses dynamic port allocation, which conflicts with Istio's requirement for explicit port declarations in service definitions and network policies. To resolve this, you must set fixed ports for the following Hazelcast communication channels:
@@ -264,18 +272,12 @@ By default, SonarQube's Hazelcast cluster uses dynamic port allocation, which co
 
 ```yaml
 applicationNodes:
-  webPort: 9001   # Web process communication
-  cePort: 9002    # Compute Engine process communication
+  webPort: 4023   # Web process communication
+  cePort: 4024    # Compute Engine process communication
 ```
 
 This ensures that Istio can properly route traffic, apply security policies, and provide telemetry for all inter-node communication within the SonarQube cluster.
 
-### Upgrading the Helm chart
-
-When upgrading your SonarQube instance, due to high CPU usage, it is recommended to disable the autoscaling before the upgrade process, re-enabling it afterwards.
-
-You can achieve that by either setting `applicationNodes.hpa.enabled` to `false` or by setting `applicationNodes.hpa.maxReplicas` to be the same value as `applicationNodes.hpa.minReplicas`.
-
 ## Secure the communication within the cluster
 
 In order to secure the communication between Application and Search nodes, you need to set both `nodeEncryption.enabled` and `searchNodes.searchAuthentication.enabled` to `true`.
@@ -312,7 +314,7 @@ The following table lists the configurable parameters of the SonarQube chart and
 | Parameter                                                 | Description                                                                                | Default                                                                |
 | --------------------------------------------------------- | ------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------- |
 | `searchNodes.image.repository`                            | search image repository                                                                    | `sonarqube`                                                            |
-| `searchNodes.image.tag`                                   | search image tag                                                                           | `2025.3.0-datacenter-search`                                             |
+| `searchNodes.image.tag`                                   | search image tag                                                                           | `2025.4.0-datacenter-search`                                             |
 | `searchNodes.image.pullPolicy`                            | search image pull policy                                                                   | `IfNotPresent`                                                         |
 | `searchNodes.image.pullSecret`                            | (DEPRECATED) search imagePullSecret to use for private repository                          | `nil`                                                                  |
 | `searchNodes.image.pullSecrets`                           | search imagePullSecrets to use for private repository                                      | `nil`                                                                  |
@@ -368,7 +370,7 @@ The following table lists the configurable parameters of the SonarQube chart and
 | Parameter                                                        | Description                                                                                                                                                                                                    | Default                                                                |
 | ---------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------- |
 | `applicationNodes.image.repository`                              | app image repository                                                                                                                                                                                           | `sonarqube`                                                            |
-| `applicationNodes.image.tag`                                     | app image tag                                                                                                                                                                                                  | `2025.3.0-datacenter-app`                                                |
+| `applicationNodes.image.tag`                                     | app image tag                                                                                                                                                                                                  | `2025.4.0-datacenter-app`                                                |
 | `applicationNodes.image.pullPolicy`                              | app image pull policy                                                                                                                                                                                          | `IfNotPresent`                                                         |
 | `applicationNodes.image.pullSecret`                              | (DEPRECATED) app imagePullSecret to use for private repository                                                                                                                                                 | `nil`                                                                  |
 | `applicationNodes.image.pullSecrets`                             | app imagePullSecrets to use for private repository                                                                                                                                                             | `nil`                                                                  |

charts/sonarqube-dce/ci/cirrus-values.yaml

@@ -5,7 +5,7 @@ searchNodes:
   replicaCount: 3
   image:
     repository: "sonarsource/sonarqube"
-    tag: "2025.3.0-datacenter-search"
+    tag: "2025.4.0-datacenter-search"
     pullSecrets:
       - name: pullsecret
 
@@ -14,7 +14,7 @@ ApplicationNodes:
   jwtSecret: "mnGBJtmwRbIREqy3vSw6Cinoi2WEom9JH+iw/tXOJX4="
   image:
     repository: "sonarsource/sonarqube"
-    tag: "2025.3.0-datacenter-app"
+    tag: "2025.4.0-datacenter-app"
     pullSecrets:
       - name: pullsecret
   webPort: 4023

charts/sonarqube-dce/openshift-verifier/values.yaml

@@ -13,7 +13,7 @@ searchNodes:
   replicaCount: 1
   image:
     repository: "sonarsource/sonarqube"
-    tag: "2025.3.0-datacenter-search"
+    tag: "2025.4.0-datacenter-search"
     pullSecrets:
       - name: pullsecret
 
@@ -22,7 +22,7 @@ ApplicationNodes:
   jwtSecret: "dZ0EB0KxnF++nr5+4vfTCaun/eWbv6gOoXodiAMqcFo="
   image:
     repository: "sonarsource/sonarqube"
-    tag: "2025.3.0-datacenter-app"
+    tag: "2025.4.0-datacenter-app"
     pullSecrets:
       - name: pullsecret
 

charts/sonarqube-dce/values.yaml

@@ -5,7 +5,7 @@
 searchNodes:
   image:
     repository: sonarqube
-    tag: 2025.3.0-datacenter-search
+    tag: 2025.4.0-datacenter-search
     pullPolicy: IfNotPresent
     # If using a private repository, the imagePullSecrets to use
     # pullSecrets:
@@ -153,7 +153,7 @@ searchNodes:
 applicationNodes:
   image:
     repository: sonarqube
-    tag: 2025.3.0-datacenter-app
+    tag: 2025.4.0-datacenter-app
     pullPolicy: IfNotPresent
     # If using a private repository, the imagePullSecrets to use
     # pullSecrets:

charts/sonarqube/CHANGELOG.md

@@ -3,6 +3,7 @@ All changes to this chart will be documented in this file.
 
 ## [2025.4.0]
 * Update Chart's version to 2025.4.0
+* Upgrade SonarQube Server to to 2025.4.0
 * Upgrade SonarQube Community Build to 25.7.0.110598
 * Upgrade nginx subchart to 4.12.3
 * Support Kubernetes v1.32

charts/sonarqube/Chart.yaml

@@ -3,7 +3,7 @@ name: sonarqube
 description: SonarQube is a self-managed, automatic code review tool that systematically helps you deliver clean code. As a core element of our Sonar solution, SonarQube integrates into your existing workflow and detects issues in your code to help you perform continuous code inspections of your projects. The tool analyses 30+ different programming languages and integrates into your CI pipeline and DevOps platform to ensure that your code meets high-quality standards.
 type: application
 version: 2025.4.0
-appVersion: 2025.3.0
+appVersion: 2025.4.0
 keywords:
   - coverage
   - security
@@ -32,6 +32,8 @@ annotations:
   artifacthub.io/changes: |
     - kind: changed
       description: "Update Chart's version to 2025.4.0"
+    - kind: changed
+      description: "Upgrade SonarQube Server to to 2025.4.0"
     - kind: changed
       description: "Upgrade SonarQube Community Build to 25.7.0.110598"
     - kind: changed
@@ -45,9 +47,9 @@ annotations:
     - name: sonarqube-community
       image: sonarqube:25.7.0.110598-community
     - name: sonarqube-developer
-      image: sonarqube:2025.3.0-developer
+      image: sonarqube:2025.4.0-developer
     - name: sonarqube-enterprise
-      image: sonarqube:2025.3.0-enterprise
+      image: sonarqube:2025.4.0-enterprise
   charts.openshift.io/name: sonarqube
 dependencies:
   - name: postgresql

charts/sonarqube/README.md

@@ -14,7 +14,7 @@ Please note that this chart only supports SonarQube Server Developer and Enterpr
 
 ## Default Versions
 
-SonarQube Server Version: `2025.3.0`
+SonarQube Server Version: `2025.4.0`
 
 SonarQube Community Build: `25.7.0.110598`. If you want the use a more recent SonarQube Community Build, please set the `community.buildNumber` with the desired version.