grafana: 10.2.3 -> 10.3.1, build frontend from source #283330
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Up until now, the frontend was taken from `srcStatic`, i.e. prebuilt from upstream. I recall at least three cases[1][2][3] where we got a hash mismatch eventually. Rather than spending time finding out whether or not it's a supply-chain attack or just a build issue, I decided to implement a source-build now with the following benefits: * It's now actually possible to apply patches for Grafana's frontend. * We rely a little less on third-party build systems. Of course, patching potential vulnerabilities in transitive frontend dependencies is still hard (let alone discovering that this package is affected!), but that's a fundamental issue we have in nixpkgs and I won't invent a half-baked solution just for this package, I still consider this a step into the right direction. The build itself mainly orients on the `yarn` commands used in the upstream Makefile[4]. However, we can't use `fetchYarnDeps` here because yarn v2 (a.k.a. `berry`) is in use which is why the same was done as in `hedgedoc`, writing a custom FoD that downloads all dependencies and writes the offline cache into `$out`[5]. Additionally there are two more notable differences to upstream: * We patch out every dependency to `@grafana/e2e` and `cypress`. The first is a dependency on the latter in another version and the latter downloads random blobs from the Internet in postInstall. Since it's a testing framework (and the `e2e` package apparently a testing library), I decided it's not worth the effort and patched it out everywhere. * There was a `zoneinfo.zip` in `$out/share/grafana/tools` that was installed from `srcStatic`. This only seems to be used on Windows[6] and that's not supported by this package, so I decided to drop it. [1] NixOS#251479 [2] NixOS#130201 [3] NixOS#104794 [4] https://github.com/grafana/grafana/blob/v10.3.1/Makefile [5] NixOS#245170 [6] https://github.com/grafana/grafana/blob/v10.3.1/pkg/setting/setting.go#L1012-L1014
This saves 350M of runtime closure size. Also move the patching part of the offline cache into the patch phase.
ofborg
bot
added
11.by: package-maintainer
fpletz
approved these changes
Jan 24, 2024
delroth
added
12.approvals: 1
|
Fails on aarch64-linux :( https://github.com/NixOS/nixpkgs/runs/20794794354 |
|
Fix: #284505 |
13 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes
ChangeLog: https://github.com/grafana/grafana/releases/tag/v10.3.0
ChangeLog: https://github.com/grafana/grafana/releases/tag/v10.3.1
Also builds the frontend from source as well. See 608db26 & 4787b13 for more details.
Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.