From d5101dfd583ee8174ef2ce72e9d0a15a179ee834 Mon Sep 17 00:00:00 2001
From: Anant Sharma <anant.sharma@grafana.com>
Date: Mon, 19 Aug 2024 05:51:22 -0400
Subject: [PATCH] Add Drone stages to build *-with-browser images.

Updates the Dockerfile into a multi-stage build. The new final stage is based off of Alpine to enable
simple access to chromium-swiftshader as the choice of headless browser. The Drone CI config is
updated with additional stages to tag and push alternate Docker images corresponding to this stage.
---
 .drone.yml                         | 53 +++++++++++++++++++++++++++++-
 Dockerfile                         | 17 +++++++++-
 scripts/configs/drone/main.jsonnet | 43 +++++++++++++++++++++---
 3 files changed, 107 insertions(+), 6 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index 79a7ab45..f9d830c4 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -53,6 +53,7 @@ steps:
     - TARGETARCH=amd64
     dry_run: "true"
     repo: grafana/synthetic-monitoring-agent
+    target: release
 - commands: []
   depends_on:
   - build
@@ -68,10 +69,28 @@ steps:
     - TARGETVARIANT=v8
     dry_run: "true"
     repo: grafana/synthetic-monitoring-agent
+    target: release
+- commands: []
+  depends_on:
+  - build
+  environment:
+    DOCKER_BUILDKIT: "1"
+  image: plugins/docker
+  name: docker build (with browser) (linux/amd64)
+  settings:
+    build_args:
+    - TARGETPLATFORM=linux/amd64
+    - TARGETOS=linux
+    - TARGETARCH=amd64
+    - WITH_BROWSER=true
+    dry_run: "true"
+    repo: grafana/synthetic-monitoring-agent
+    target: with-browser
 - commands:
   - "true"
   depends_on:
   - docker build (linux/amd64)
+  - docker build (with browser) (linux/amd64)
   - docker build (linux/arm64/v8)
   image: alpine
   name: docker build
@@ -130,6 +149,38 @@ steps:
   when:
     ref:
     - refs/tags/v*.*.*
+- commands:
+  - '{ echo latest-with-browser,$(eval ./scripts/version)-with-browser ; } > .tags'
+  depends_on:
+  - docker publish (release)
+  image: ghcr.io/grafana/grafana-build-tools:v0.15.0
+  name: docker publish (with browser) tags
+- commands: []
+  depends_on:
+  - docker publish (with browser) tags
+  environment:
+    DOCKER_BUILDKIT: "1"
+  image: plugins/docker
+  name: docker publish (with browser) to docker (linux/amd64)
+  settings:
+    dry_run: "false"
+    password:
+      from_secret: docker_password
+    repo: grafana/synthetic-monitoring-agent
+    username:
+      from_secret: docker_username
+  when:
+    ref:
+    - refs/tags/v*.*.*
+- commands:
+  - "true"
+  depends_on:
+  - docker publish (with browser) to docker (linux/amd64)
+  image: alpine
+  name: docker publish (with browser) (release)
+  when:
+    ref:
+    - refs/tags/v*.*.*
 - commands: []
   depends_on:
   - docker publish (dev)
@@ -300,6 +351,6 @@ kind: secret
 name: gpg_private_key
 ---
 kind: signature
-hmac: e5f7f3bb1215ddcf5fb91804cfd080bc90a59cb6b7ee49f74391cc7b54e8155c
+hmac: 9cd8c41b50e2cd240237e8ac0a6a98918ca51ca579cf79bc8fa3687c4220db58
 
 ...
diff --git a/Dockerfile b/Dockerfile
index 31aa0555..70715459 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,7 +7,7 @@ RUN apt-get update && apt-get -y install ca-certificates
 
 ARG TARGETPLATFORM
 
-FROM --platform=$TARGETPLATFORM debian:stable-slim
+FROM --platform=$TARGETPLATFORM debian:stable-slim as release
 ARG TARGETOS
 ARG TARGETARCH
 ARG HOST_DIST=$TARGETOS-$TARGETARCH
@@ -18,3 +18,18 @@ COPY scripts/pre-stop.sh /usr/local/lib/synthetic-monitoring-agent/pre-stop.sh
 COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 
 ENTRYPOINT ["/usr/local/bin/synthetic-monitoring-agent"]
+
+# third stage with alpine base for better access to chromium
+FROM alpine:3.18 as with-browser
+
+RUN apk --no-cache add chromium-swiftshader
+
+ENV SM_CHROME_BIN=/usr/bin/chromium-browser
+ENV SM_CHROME_PATH=/usr/lib/chromium/
+
+COPY --from=release /usr/local/bin/synthetic-monitoring-agent /usr/local/bin/synthetic-monitoring-agent
+COPY --from=release /usr/local/bin/sm-k6 /usr/local/bin/sm-k6
+COPY --from=release /usr/local/lib/synthetic-monitoring-agent/pre-stop.sh /usr/local/lib/synthetic-monitoring-agent/pre-stop.sh
+COPY --from=release /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+
+ENTRYPOINT ["/usr/local/bin/synthetic-monitoring-agent"]
\ No newline at end of file
diff --git a/scripts/configs/drone/main.jsonnet b/scripts/configs/drone/main.jsonnet
index 217dc53e..ac5f4003 100644
--- a/scripts/configs/drone/main.jsonnet
+++ b/scripts/configs/drone/main.jsonnet
@@ -75,7 +75,7 @@ local vault_secret(name, vault_path, key) = {
   },
 };
 
-local docker_step(tag, os, arch, version='') =
+local docker_step(tag, os, arch, version='', with_browser=false) =
   // We can't use 'make docker' without making this repo priveleged in drone
   // so we will use the native docker plugin instead for security.
   local platform = std.join('/', [ os, arch, if std.length(version) > 0 then version ]);
@@ -87,25 +87,38 @@ local docker_step(tag, os, arch, version='') =
     settings: {
       repo: docker_repo,
       dry_run: 'true',
+      target: if with_browser then 'with-browser' else 'release',
       build_args: [
         'TARGETPLATFORM=' + platform,
         'TARGETOS=' + os,
         'TARGETARCH=' + arch,
       ] + if std.length(version) > 0 then [
         'TARGETVARIANT=' + version,
+      ] else []
+       + if with_browser then [
+        'WITH_BROWSER=true',
       ] else [],
     },
   };
 
-local docker_build(os, arch, version='') =
-  docker_step('docker build', os, arch, version)
+local docker_build(os, arch, version='', with_browser=false) =
+  local tag = if with_browser then
+      'docker build (with browser)'
+        else
+      'docker build';
+  docker_step(tag, os, arch, version, with_browser)
   + dependsOn([ 'build' ]);
 
 local docker_publish(repo, auth, tag, os, arch, version='') =
-  docker_step('docker publish to ' + tag, os, arch, version)
+  docker_step('docker publish to ' + tag, os, arch, version, false)
   + { settings: { repo: repo, dry_run: 'false' } + auth }
   + dependsOn([ 'test', 'docker build' ]);
 
+  local docker_publish_with_browser(repo, auth, tag, os, arch) =
+  docker_step('docker publish (with browser) to ' + tag, os, arch, '', true)
+  + { settings: { repo: repo, dry_run: 'false' } + auth }
+  + dependsOn([ 'docker publish (with browser) tags' ]); // step to update .tags file with browser-specific image tags
+
 [
   pipeline('build', [
     step('deps', [
@@ -141,9 +154,13 @@ local docker_publish(repo, auth, tag, os, arch, version='') =
     docker_build('linux', 'amd64'),
     docker_build('linux', 'arm64', 'v8'),
 
+    // dry run build with browser
+    docker_build('linux', 'amd64', '', true),
+
     step('docker build', [ 'true' ], 'alpine')
     + dependsOn([
       'docker build (linux/amd64)',
+      'docker build (with browser) (linux/amd64)',
       'docker build (linux/arm64/v8)',
     ]),
 
@@ -174,6 +191,24 @@ local docker_publish(repo, auth, tag, os, arch, version='') =
     ])
     + releaseOnly,
 
+    step(
+      'docker publish (with browser) tags',
+      [
+        '{ echo latest-with-browser,$(eval ./scripts/version)-with-browser ; } > .tags',  // use with-browser tags for docker plugin
+      ],
+      go_tools_image,
+    )
+    + dependsOn([ 'docker publish (release)' ]),
+
+    // publish image with chromium browser available
+    docker_publish_with_browser(docker_repo, docker_auth, 'docker', 'linux', 'amd64') + releaseOnly,
+
+    step('docker publish (with browser) (release)', [ 'true' ], 'alpine')
+    + dependsOn([
+      'docker publish (with browser) to docker (linux/amd64)',
+    ])
+    + releaseOnly,
+
     step('trigger argo workflow (dev)', [])
     + {
       settings: {