forked from grafana/grafana
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
273 lines (213 loc) · 8.36 KB
/
Dockerfile
File metadata and controls
273 lines (213 loc) · 8.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
# syntax=docker/dockerfile:1.7-labs
# to maintain formatting of multiline commands in vscode, add the following to settings.json:
# "docker.languageserver.formatter.ignoreMultilineInstructions": true
ARG GO_IMAGE=go-builder-base
ARG JS_IMAGE=js-builder-base
ARG JS_PLATFORM=linux/amd64
# Default to building locally
ARG GO_SRC=go-builder
ARG JS_SRC=js-builder
# Dependabot cannot update dependencies listed in ARGs
# By using FROM instructions we can delegate dependency updates to dependabot
FROM alpine:3.23.3 AS alpine-base
FROM ubuntu:24.04 AS ubuntu-base
FROM golang:1.25.9-alpine AS go-builder-base
FROM --platform=${JS_PLATFORM} node:24-alpine AS js-builder-base
# Javascript build stage
FROM --platform=${JS_PLATFORM} ${JS_IMAGE} AS js-builder
ARG JS_NODE_ENV=production
ARG JS_YARN_INSTALL_FLAG=--immutable
ARG JS_YARN_BUILD_FLAG=build
ENV NODE_OPTIONS=--max_old_space_size=8000
WORKDIR /tmp/grafana
RUN apk add --no-cache make build-base python3
COPY package.json project.json nx.json yarn.lock .yarnrc.yml ./
COPY .yarn .yarn
COPY packages packages
COPY e2e-playwright e2e-playwright
COPY public public
COPY LICENSE ./
COPY conf/defaults.ini ./conf/defaults.ini
COPY e2e e2e
#
# Set the node env according to defaults or argument passed
#
ENV NODE_ENV=${JS_NODE_ENV}
#
RUN if [ "$JS_YARN_INSTALL_FLAG" = "" ]; then \
yarn install; \
else \
yarn install --immutable; \
fi
COPY tsconfig.json eslint.config.js .editorconfig .browserslistrc .prettierrc.js ./
COPY scripts scripts
COPY emails emails
# Set the build argument according to default or argument passed
RUN yarn ${JS_YARN_BUILD_FLAG}
# Golang build stage
FROM ${GO_IMAGE} AS go-builder
ARG COMMIT_SHA=""
ARG BUILD_BRANCH=""
ARG GO_BUILD_TAGS="oss"
ARG WIRE_TAGS="oss"
RUN if grep -i -q alpine /etc/issue; then \
apk add --no-cache \
bash \
# Install build dependencies
make git; \
fi
WORKDIR /tmp/grafana
COPY go.mod go.sum go.work go.work.sum ./
COPY .citools .citools
# Copy go.mod/go.sum from each workspace module for dependency caching.
# Only dependency file changes invalidate the go mod download cache layer.
# Uses --parents to preserve directory structure with fewer COPY directives.
COPY --parents **/go.mod **/go.sum ./
RUN --mount=type=cache,target=/go/pkg/mod \
go mod download
# Copy full source
COPY embed.go Makefile package.json ./
COPY cue.mod cue.mod
COPY kinds kinds
COPY kindsv2 kindsv2
COPY local local
COPY packages/grafana-schema packages/grafana-schema
COPY packages/grafana-data/src/themes/themeDefinitions packages/grafana-data/src/themes/themeDefinitions
COPY public/app/plugins public/app/plugins
COPY public/api-merged.json public/api-merged.json
COPY pkg pkg
COPY apps apps
COPY scripts scripts
COPY conf conf
COPY .github .github
ENV COMMIT_SHA=${COMMIT_SHA}
ENV BUILD_BRANCH=${BUILD_BRANCH}
RUN --mount=type=cache,target=/go/pkg/mod \
--mount=type=cache,target=/root/.cache/go-build \
make build-go GO_BUILD_TAGS=${GO_BUILD_TAGS} WIRE_TAGS=${WIRE_TAGS}
RUN mkdir -p data/plugins-bundled
# From-tarball build stage
FROM alpine-base AS tgz-builder
WORKDIR /tmp/grafana
ARG GRAFANA_TGZ="grafana-latest.linux-x64-musl.tar.gz"
COPY ${GRAFANA_TGZ} /tmp/grafana.tar.gz
# add -v to make tar print every file it extracts
RUN tar x -z -f /tmp/grafana.tar.gz --strip-components=1
RUN mkdir -p data/plugins-bundled
# helpers for COPY --from
FROM ${GO_SRC} AS go-src
FROM ${JS_SRC} AS js-src
# Alpine final stage
FROM alpine-base AS final-alpine
LABEL maintainer="Grafana Labs <hello@grafana.com>"
LABEL org.opencontainers.image.source="https://github.com/grafana/grafana"
ARG GF_UID="472"
ARG GF_GID="0"
ENV PATH="/usr/share/grafana/bin:$PATH" \
GF_PATHS_CONFIG="/etc/grafana/grafana.ini" \
GF_PATHS_DATA="/var/lib/grafana" \
GF_PATHS_HOME="/usr/share/grafana" \
GF_PATHS_LOGS="/var/log/grafana" \
GF_PATHS_PLUGINS="/var/lib/grafana/plugins" \
GF_PATHS_PROVISIONING="/etc/grafana/provisioning"
WORKDIR $GF_PATHS_HOME
RUN apk add --no-cache ca-certificates bash bubblewrap curl tzdata musl-utils && \
apk info -vv | sort
# glibc support for alpine x86_64 only
# docker run --rm --env STDOUT=1 sgerrand/glibc-builder 2.40 /usr/glibc-compat > glibc-bin-2.40.tar.gz
ARG GLIBC_VERSION=2.40
RUN if [ "$(arch)" = "x86_64" ]; then \
wget -qO- "https://dl.grafana.com/glibc/glibc-bin-$GLIBC_VERSION.tar.gz" | tar zxf - -C / \
usr/glibc-compat/lib/ld-linux-x86-64.so.2 \
usr/glibc-compat/lib/libc.so.6 \
usr/glibc-compat/lib/libdl.so.2 \
usr/glibc-compat/lib/libm.so.6 \
usr/glibc-compat/lib/libpthread.so.0 \
usr/glibc-compat/lib/librt.so.1 \
usr/glibc-compat/lib/libresolv.so.2 && \
mkdir /lib64 && \
ln -s /usr/glibc-compat/lib/ld-linux-x86-64.so.2 /lib64; \
fi
COPY --from=go-src /tmp/grafana/conf ./conf
RUN if [ ! "$(getent group "$GF_GID")" ]; then \
addgroup -S -g $GF_GID grafana; \
fi && \
GF_GID_NAME=$(getent group $GF_GID | cut -d':' -f1) && \
mkdir -p "$GF_PATHS_HOME/.aws" && \
adduser -S -u $GF_UID -G "$GF_GID_NAME" grafana && \
mkdir -p "$GF_PATHS_PROVISIONING/datasources" \
"$GF_PATHS_PROVISIONING/dashboards" \
"$GF_PATHS_PROVISIONING/notifiers" \
"$GF_PATHS_PROVISIONING/plugins" \
"$GF_PATHS_PROVISIONING/access-control" \
"$GF_PATHS_PROVISIONING/alerting" \
"$GF_PATHS_LOGS" \
"$GF_PATHS_PLUGINS" \
"$GF_PATHS_DATA" && \
cp conf/sample.ini "$GF_PATHS_CONFIG" && \
cp conf/ldap.toml /etc/grafana/ldap.toml && \
chown -R "grafana:$GF_GID_NAME" "$GF_PATHS_DATA" "$GF_PATHS_HOME/.aws" "$GF_PATHS_LOGS" "$GF_PATHS_PLUGINS" "$GF_PATHS_PROVISIONING" && \
chmod -R 777 "$GF_PATHS_DATA" "$GF_PATHS_HOME/.aws" "$GF_PATHS_LOGS" "$GF_PATHS_PLUGINS" "$GF_PATHS_PROVISIONING"
COPY --from=go-src /tmp/grafana/bin/grafana* /tmp/grafana/bin/*/grafana* ./bin/
COPY --from=js-src /tmp/grafana/public ./public
COPY --from=js-src /tmp/grafana/LICENSE ./
COPY --from=go-src /tmp/grafana/data/plugins-bundled ./data/plugins-bundled
RUN grafana server -v | sed -e 's/Version //' > /.grafana-version
RUN chmod 644 /.grafana-version
EXPOSE 3000
ARG RUN_SH=./packaging/docker/run.sh
COPY ${RUN_SH} /run.sh
USER "$GF_UID"
ENTRYPOINT [ "/run.sh" ]
# Ubuntu final stage — use --target=final-ubuntu to select this variant
FROM ubuntu-base AS final-ubuntu
LABEL maintainer="Grafana Labs <hello@grafana.com>"
LABEL org.opencontainers.image.source="https://github.com/grafana/grafana"
ARG GF_UID="472"
ARG GF_GID="0"
ENV PATH="/usr/share/grafana/bin:$PATH" \
GF_PATHS_CONFIG="/etc/grafana/grafana.ini" \
GF_PATHS_DATA="/var/lib/grafana" \
GF_PATHS_HOME="/usr/share/grafana" \
GF_PATHS_LOGS="/var/log/grafana" \
GF_PATHS_PLUGINS="/var/lib/grafana/plugins" \
GF_PATHS_PROVISIONING="/etc/grafana/provisioning"
WORKDIR $GF_PATHS_HOME
RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
apt-get install -y ca-certificates curl tzdata musl && \
apt-get autoremove -y && \
rm -rf /var/lib/apt/lists/*
COPY --from=go-src /tmp/grafana/conf ./conf
RUN if [ ! "$(getent group "$GF_GID")" ]; then \
groupadd --system --gid $GF_GID grafana; \
fi && \
GF_GID_NAME=$(getent group $GF_GID | cut -d':' -f1) && \
mkdir -p "$GF_PATHS_HOME/.aws" && \
useradd --system --uid $GF_UID --gid "$GF_GID_NAME" --no-create-home grafana && \
mkdir -p "$GF_PATHS_PROVISIONING/datasources" \
"$GF_PATHS_PROVISIONING/dashboards" \
"$GF_PATHS_PROVISIONING/notifiers" \
"$GF_PATHS_PROVISIONING/plugins" \
"$GF_PATHS_PROVISIONING/access-control" \
"$GF_PATHS_PROVISIONING/alerting" \
"$GF_PATHS_LOGS" \
"$GF_PATHS_PLUGINS" \
"$GF_PATHS_DATA" && \
cp conf/sample.ini "$GF_PATHS_CONFIG" && \
cp conf/ldap.toml /etc/grafana/ldap.toml && \
chown -R "grafana:$GF_GID_NAME" "$GF_PATHS_DATA" "$GF_PATHS_HOME/.aws" "$GF_PATHS_LOGS" "$GF_PATHS_PLUGINS" "$GF_PATHS_PROVISIONING" && \
chmod -R 777 "$GF_PATHS_DATA" "$GF_PATHS_HOME/.aws" "$GF_PATHS_LOGS" "$GF_PATHS_PLUGINS" "$GF_PATHS_PROVISIONING"
COPY --from=go-src /tmp/grafana/bin/grafana* /tmp/grafana/bin/*/grafana* ./bin/
COPY --from=js-src /tmp/grafana/public ./public
COPY --from=js-src /tmp/grafana/LICENSE ./
COPY --from=go-src /tmp/grafana/data/plugins-bundled ./data/plugins-bundled
RUN grafana server -v | sed -e 's/Version //' > /.grafana-version
RUN chmod 644 /.grafana-version
EXPOSE 3000
ARG RUN_SH=./packaging/docker/run.sh
COPY ${RUN_SH} /run.sh
USER "$GF_UID"
ENTRYPOINT [ "/run.sh" ]
# Default stage — alpine. Builds without --target produce an alpine image.
# Use --target=final-ubuntu to build the ubuntu variant instead.
FROM final-alpine