Add with-browser Docker image (#829)

* Add Drone stages to build *-with-browser images. Updates the Dockerfile into a multi-stage build. The new final stage is based off of Alpine to enable simple access to chromium-swiftshader as the choice of headless browser. The Drone CI config is updated with additional stages to tag and push alternate Docker images corresponding to this stage.
grafana · Aug 27, 2024 · dd89415 · dd89415
1 parent b771e06
commit dd89415
Show file tree

Hide file tree

Showing 4 changed files with 115 additions and 6 deletions.
diff --git a/.drone.yml b/.drone.yml
@@ -53,6 +53,7 @@ steps:
     - TARGETARCH=amd64
     dry_run: "true"
     repo: grafana/synthetic-monitoring-agent
+    target: release
 - commands: []
   depends_on:
   - build
@@ -68,10 +69,27 @@ steps:
     - TARGETVARIANT=v8
     dry_run: "true"
     repo: grafana/synthetic-monitoring-agent
+    target: release
+- commands: []
+  depends_on:
+  - build
+  environment:
+    DOCKER_BUILDKIT: "1"
+  image: plugins/docker
+  name: docker build (with browser) (linux/amd64)
+  settings:
+    build_args:
+    - TARGETPLATFORM=linux/amd64
+    - TARGETOS=linux
+    - TARGETARCH=amd64
+    dry_run: "true"
+    repo: grafana/synthetic-monitoring-agent
+    target: with-browser
 - commands:
   - "true"
   depends_on:
   - docker build (linux/amd64)
+  - docker build (with browser) (linux/amd64)
   - docker build (linux/arm64/v8)
   image: alpine
   name: docker build
@@ -130,6 +148,38 @@ steps:
   when:
     ref:
     - refs/tags/v*.*.*
+- commands:
+  - echo "latest-browser,$(./scripts/version)-browser" > .tags
+  depends_on:
+  - docker publish (release)
+  image: ghcr.io/grafana/grafana-build-tools:v0.23.0
+  name: docker publish (with browser) tags
+- commands: []
+  depends_on:
+  - docker publish (with browser) tags
+  environment:
+    DOCKER_BUILDKIT: "1"
+  image: plugins/docker
+  name: docker publish (with browser) to docker (linux/amd64)
+  settings:
+    dry_run: "false"
+    password:
+      from_secret: docker_password
+    repo: grafana/synthetic-monitoring-agent
+    username:
+      from_secret: docker_username
+  when:
+    ref:
+    - refs/tags/v*.*.*
+- commands:
+  - "true"
+  depends_on:
+  - docker publish (with browser) to docker (linux/amd64)
+  image: alpine
+  name: docker publish (with browser) (release)
+  when:
+    ref:
+    - refs/tags/v*.*.*
 - commands: []
   depends_on:
   - docker publish (dev)
@@ -300,6 +350,6 @@ kind: secret
 name: gpg_private_key
 ---
 kind: signature
-hmac: 698b37f156f33b7a50b91862c9fea26f77799ec55c1146bf8e4f16ac0c18e36d
+hmac: d4db61b261c83fd65b96a3ea5bec1f3a1d8a5a4e7e80619c8573e6fd5dc6bbbd
 
 ...
diff --git a/Dockerfile b/Dockerfile
@@ -7,7 +7,7 @@ RUN apt-get update && apt-get -y install ca-certificates
 
 ARG TARGETPLATFORM
 
-FROM --platform=$TARGETPLATFORM debian:stable-slim
+FROM --platform=$TARGETPLATFORM debian:stable-slim as release
 ARG TARGETOS
 ARG TARGETARCH
 ARG HOST_DIST=$TARGETOS-$TARGETARCH
@@ -18,3 +18,18 @@ COPY scripts/pre-stop.sh /usr/local/lib/synthetic-monitoring-agent/pre-stop.sh
 COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 
 ENTRYPOINT ["/usr/local/bin/synthetic-monitoring-agent"]
+
+# third stage with alpine base for better access to chromium
+FROM alpine:3.18 as with-browser
+
+RUN apk --no-cache add tini
+RUN apk --no-cache add chromium-swiftshader
+
+COPY --from=release /usr/local/bin/synthetic-monitoring-agent /usr/local/bin/synthetic-monitoring-agent
+COPY --from=release /usr/local/bin/sm-k6 /usr/local/bin/sm-k6
+COPY --from=release /usr/local/lib/synthetic-monitoring-agent/pre-stop.sh /usr/local/lib/synthetic-monitoring-agent/pre-stop.sh
+COPY --from=release /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+
+ENV K6_BROWSER_ARGS=no-sandbox,disable-dev-shm-usage
+
+ENTRYPOINT ["tini", "--", "/usr/local/bin/synthetic-monitoring-agent"]
diff --git a/README.md b/README.md
@@ -32,6 +32,18 @@ Please refer to [Private Probe docs](https://grafana.com/docs/grafana-cloud/synt
 
 See [examples/kubernetes](./examples/kubernetes) for the documentation and example yaml files
 
+
+Docker Images
+-------------
+We release 2 versions of the [Docker image](https://hub.docker.com/r/grafana/synthetic-monitoring-agent) for the agent, depending on whether or not Chromium is installed in the environment for use in browser checks.
+
+Variants with the browser installed are tagged with the suffix `*-browser`. These images are substantially larger and shouldn't be used unless you need the browser functionality to keep memory requirements minimal.
+
+These are built using the same multi-stage Dockerfile, so be aware that `Docker build` scripts failing to specify a build target will produce the larger image every time.
+* Without chromium: `docker build --target release .`
+* With chromium: `docker build .` or `docker build --target with-browser .`
+
+
 Signals
 -------
 

diff --git a/scripts/configs/drone/main.jsonnet b/scripts/configs/drone/main.jsonnet
@@ -75,7 +75,7 @@ local vault_secret(name, vault_path, key) = {
   },
 };
 
-local docker_step(tag, os, arch, version='') =
+local docker_step(tag, os, arch, version='', with_browser=false) =
   // We can't use 'make docker' without making this repo priveleged in drone
   // so we will use the native docker plugin instead for security.
   local platform = std.join('/', [ os, arch, if std.length(version) > 0 then version ]);
@@ -87,6 +87,7 @@ local docker_step(tag, os, arch, version='') =
     settings: {
       repo: docker_repo,
       dry_run: 'true',
+      target: if with_browser then 'with-browser' else 'release',
       build_args: [
         'TARGETPLATFORM=' + platform,
         'TARGETOS=' + os,
@@ -97,15 +98,24 @@ local docker_step(tag, os, arch, version='') =
     },
   };
 
-local docker_build(os, arch, version='') =
-  docker_step('docker build', os, arch, version)
+local docker_build(os, arch, version='', with_browser=false) =
+  local step = if with_browser then
+      'docker build (with browser)'
+        else
+      'docker build';
+  docker_step(step, os, arch, version, with_browser)
   + dependsOn([ 'build' ]);
 
 local docker_publish(repo, auth, tag, os, arch, version='') =
-  docker_step('docker publish to ' + tag, os, arch, version)
+  docker_step('docker publish to ' + tag, os, arch, version, false)
   + { settings: { repo: repo, dry_run: 'false' } + auth }
   + dependsOn([ 'test', 'docker build' ]);
 
+  local docker_publish_with_browser(repo, auth, tag, os, arch) =
+  docker_step('docker publish (with browser) to ' + tag, os, arch, '', true)
+  + { settings: { repo: repo, dry_run: 'false' } + auth }
+  + dependsOn([ 'docker publish (with browser) tags' ]); // step to update .tags file with browser-specific image tags
+
 [
   pipeline('build', [
     step('deps', [
@@ -141,9 +151,13 @@ local docker_publish(repo, auth, tag, os, arch, version='') =
     docker_build('linux', 'amd64'),
     docker_build('linux', 'arm64', 'v8'),
 
+    // dry run build with browser
+    docker_build('linux', 'amd64', '', true),
+
     step('docker build', [ 'true' ], 'alpine')
     + dependsOn([
       'docker build (linux/amd64)',
+      'docker build (with browser) (linux/amd64)',
       'docker build (linux/arm64/v8)',
     ]),
 
@@ -174,6 +188,24 @@ local docker_publish(repo, auth, tag, os, arch, version='') =
     ])
     + releaseOnly,
 
+    step(
+      'docker publish (with browser) tags',
+      [
+        'echo "latest-browser,$(./scripts/version)-browser" > .tags',  // use with-browser tags for docker plugin
+      ],
+      go_tools_image,
+    )
+    + dependsOn([ 'docker publish (release)' ]),
+
+    // publish image with chromium browser available
+    docker_publish_with_browser(docker_repo, docker_auth, 'docker', 'linux', 'amd64') + releaseOnly,
+
+    step('docker publish (with browser) (release)', [ 'true' ], 'alpine')
+    + dependsOn([
+      'docker publish (with browser) to docker (linux/amd64)',
+    ])
+    + releaseOnly,
+
     step('trigger argo workflow (dev)', [])
     + {
       settings: {