Conversation
There was a problem hiding this comment.
Pull request overview
This pull request modifies the Grafana Dockerfile to build the Grafana Infinity datasource plugin from source instead of installing it via grafana-cli. The change introduces a multi-stage Docker build that compiles the plugin using Node.js and Go toolchains before copying it into the final Grafana image.
Changes:
- Added a build stage that downloads and compiles the grafana-infinity-datasource plugin from source (v3.7.0)
- Replaced grafana-cli plugin installation with a COPY command from the build stage
- Introduced architecture-specific build commands for amd64 and arm64
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| ENV GOPATH=/usr/local/go | ||
| ENV GOBIN=$GOPATH/bin | ||
| ENV PATH=$GOBIN:$PATH | ||
|
|
There was a problem hiding this comment.
The wget command is used to download the Go tarball, but wget is not installed in the node:20 base image. Install wget (or use curl which is typically available in node images) before attempting to download Go. For example: RUN apt-get update && apt-get install -y wget git
| RUN apt-get update && apt-get install -y wget git |
| ENV PATH=$GOBIN:$PATH | ||
|
|
||
| RUN wget https://go.dev/dl/go${GOVERSION}.linux-${TARGETARCH}.tar.gz && \ | ||
| tar -C /usr/local -xzf go${GOVERSION}.linux-${TARGETARCH}.tar.gz |
There was a problem hiding this comment.
After downloading and extracting the Go tarball, the downloaded tar.gz file is not cleaned up. This leaves unnecessary files in the image layer, increasing the image size. Add cleanup of the downloaded tarball: RUN wget https://go.dev/dl/go${GOVERSION}.linux-${TARGETARCH}.tar.gz && tar -C /usr/local -xzf go${GOVERSION}.linux-${TARGETARCH}.tar.gz && rm go${GOVERSION}.linux-${TARGETARCH}.tar.gz
| tar -C /usr/local -xzf go${GOVERSION}.linux-${TARGETARCH}.tar.gz | |
| tar -C /usr/local -xzf go${GOVERSION}.linux-${TARGETARCH}.tar.gz && \ | |
| rm go${GOVERSION}.linux-${TARGETARCH}.tar.gz |
|
|
||
| WORKDIR /usr/src/plugin | ||
|
|
||
| RUN git clone --branch ${PLUGINVERSION} --depth 1 https://github.com/grafana/grafana-infinity-datasource.git /usr/src/plugin |
There was a problem hiding this comment.
Building the Grafana plugin from source requires both Node.js and Go toolchains in the same image. However, the node:20 base image doesn't include git by default, which is required for the git clone command. Add git installation before attempting to clone the repository. For example: RUN apt-get update && apt-get install -y git wget
| ENV GOPATH=/usr/local/go | ||
| ENV GOBIN=$GOPATH/bin | ||
| ENV PATH=$GOBIN:$PATH | ||
|
|
||
| RUN wget https://go.dev/dl/go${GOVERSION}.linux-${TARGETARCH}.tar.gz && \ | ||
| tar -C /usr/local -xzf go${GOVERSION}.linux-${TARGETARCH}.tar.gz |
There was a problem hiding this comment.
The GOPATH environment variable is incorrectly set to /usr/local/go, which is actually where Go is installed (the Go root). GOPATH should point to the workspace directory (typically /go). The GOBIN variable should be derived from GOPATH, not the Go installation directory. This misconfiguration could cause issues with Go tooling and package management.
| ENV GOPATH=/usr/local/go | |
| ENV GOBIN=$GOPATH/bin | |
| ENV PATH=$GOBIN:$PATH | |
| RUN wget https://go.dev/dl/go${GOVERSION}.linux-${TARGETARCH}.tar.gz && \ | |
| tar -C /usr/local -xzf go${GOVERSION}.linux-${TARGETARCH}.tar.gz | |
| ENV GOROOT=/usr/local/go | |
| ENV GOPATH=/go | |
| ENV GOBIN=$GOPATH/bin | |
| ENV PATH=$GOROOT/bin:$GOBIN:$PATH | |
| RUN wget https://go.dev/dl/go${GOVERSION}.linux-${TARGETARCH}.tar.gz && \ | |
| tar -C /usr/local -xzf go${GOVERSION}.linux-${TARGETARCH}.tar.gz && \ | |
| mkdir -p /go/bin |
| elif [ "$TARGETARCH" = "arm64" ]; then \ | ||
| mage build:linuxARM64; \ | ||
| else \ | ||
| echo "Unsupported architecture: $TARGETARCH" && exit 1; \ | ||
| fi |
There was a problem hiding this comment.
The indentation in the if/elif/else block is inconsistent. Lines 41 and 43 have different indentation (line 41 uses 2 spaces followed by the command, line 42 has 4 spaces, and line 43 has 2 spaces). This inconsistency makes the code harder to read. Standardize the indentation to match shell script conventions.
| elif [ "$TARGETARCH" = "arm64" ]; then \ | |
| mage build:linuxARM64; \ | |
| else \ | |
| echo "Unsupported architecture: $TARGETARCH" && exit 1; \ | |
| fi | |
| elif [ "$TARGETARCH" = "arm64" ]; then \ | |
| mage build:linuxARM64; \ | |
| else \ | |
| echo "Unsupported architecture: $TARGETARCH" && exit 1; \ | |
| fi |
| # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. | ||
| FROM node:20 AS build | ||
|
|
||
| ARG TARGETOS |
There was a problem hiding this comment.
The ARG TARGETOS is declared but never used in the build stage. Consider removing it if it's not needed, or use it if there are OS-specific build steps required.
| ARG TARGETOS |
|
|
||
| WORKDIR /usr/src/plugin | ||
|
|
||
| RUN git clone --branch ${PLUGINVERSION} --depth 1 https://github.com/grafana/grafana-infinity-datasource.git /usr/src/plugin |
There was a problem hiding this comment.
The git clone command does not verify the integrity of the cloned repository. Consider adding GPG verification or using a commit SHA instead of a branch tag to ensure the integrity and immutability of the source code being built. This is especially important for security-sensitive deployments.
|
|
||
| RUN git clone --branch ${PLUGINVERSION} --depth 1 https://github.com/grafana/grafana-infinity-datasource.git /usr/src/plugin | ||
|
|
||
| RUN go install github.com/magefile/mage@latest |
There was a problem hiding this comment.
The mage installation uses @latest which can lead to non-reproducible builds. Pin to a specific version to ensure build reproducibility and stability. For example: go install github.com/magefile/mage@v1.15.0
| RUN go install github.com/magefile/mage@latest | |
| RUN go install github.com/magefile/mage@v1.15.0 |
Use own build version for Grafana plug-in