From 9b9a9063638cc96ee627c14e9c972b2229048c2b Mon Sep 17 00:00:00 2001
From: Alex Palaistras <alex@deuill.org>
Date: Tue, 2 Jan 2024 15:55:37 +0000
Subject: [PATCH] grafana: Move to multi-stage build

This improves cacheability and lowers total container image size by only
copying artefacts that are useful for deployment.
---
 service/grafana/Containerfile | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/service/grafana/Containerfile b/service/grafana/Containerfile
index 5978e5b..aa33514 100644
--- a/service/grafana/Containerfile
+++ b/service/grafana/Containerfile
@@ -1,16 +1,21 @@
-FROM docker.io/debian:bookworm-slim@sha256:f80c45482c8d147da87613cb6878a7238b8642bcc24fc11bad78c7bec726f340
+FROM docker.io/debian:bookworm-slim@sha256:f80c45482c8d147da87613cb6878a7238b8642bcc24fc11bad78c7bec726f340 AS builder
 ARG VERSION=10.2.3 # renovate: datasource=github-releases depName=grafana/grafana extractVersion=^v(?<version>.*)$
+WORKDIR /src
 
-RUN apt-get update -y && apt-get upgrade -y && \
-    apt-get install -y --no-install-recommends curl ca-certificates
+ADD https://dl.grafana.com/oss/release/grafana-${VERSION}.linux-amd64.tar.gz /src.tar.gz
+RUN tar --no-same-owner -xvzf /src.tar.gz && \
+    install -D --mode 0755 /src/grafana-v${VERSION}/bin/grafana /build/usr/bin/grafana && \
+    mkdir -p /build/usr/share/grafana && cp -R /src/grafana-v${VERSION}/public /build/usr/share/grafana/public
 
-RUN addgroup --system --gid 10000 grafana
-RUN adduser --system --uid 10000 --ingroup grafana --home /var/lib/grafana grafana
+FROM docker.io/debian:bookworm-slim@sha256:f80c45482c8d147da87613cb6878a7238b8642bcc24fc11bad78c7bec726f340
+RUN apt-get update -y && apt-get upgrade -y && apt-get install -y --no-install-recommends \
+    ca-certificates gettext gosu
 
-RUN curl -fsSL https://dl.grafana.com/oss/release/grafana-${VERSION}.linux-amd64.tar.gz | \
-    tar -C /opt --no-same-owner -xvzf - && mv /opt/grafana-v${VERSION} /opt/grafana
+RUN apt-get update -y && apt-get install -y --no-install-recommends curl
+RUN adduser --system --group --uid 10000 --home /var/lib/grafana grafana
 
+COPY --from=builder /build /
 COPY container/config /etc/grafana
-USER grafana
 
-ENTRYPOINT ["/opt/grafana/bin/grafana", "server", "--config", "/etc/grafana/grafana.ini", "--homepath", "/opt/grafana", "web"]
+USER grafana
+ENTRYPOINT ["/usr/bin/grafana", "server", "--config", "/etc/grafana/grafana.ini", "--homepath", "/usr/share/grafana", "web"]