feat: Add docker image as a build target (#34)

### Description OB-XXX Please explain the changes you made here. ### Checklist - [ ] Created tests which fail without the change (if possible) - [ ] Extended the README / documentation, if necessary
observeinc · Jun 13, 2024 · 5bb573c · 5bb573c
1 parent e958185
commit 5bb573c
Show file tree

Hide file tree

Showing 10 changed files with 429 additions and 0 deletions.
diff --git a/.github/workflows/release-build.yaml b/.github/workflows/release-build.yaml
@@ -22,6 +22,7 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          ref: ${{ github.event.inputs.branch }}
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
@@ -30,6 +31,8 @@ jobs:
         run: sudo apt-get install -y wixl
       # More assembly might be required: Docker logins, GPG, etc.
       # It all depends on your needs.
+      - name: Install qemu
+        uses: docker/setup-qemu-action@v3
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v6
         with:

diff --git a/.github/workflows/release-nightly.yaml b/.github/workflows/release-nightly.yaml
@@ -0,0 +1,52 @@
+name: Release Nightly Version
+
+on:
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: "The branch to create nightly release based on"
+        required: true
+        default: "main"
+
+permissions:
+  contents: write
+  # packages: write
+  # issues: write
+
+jobs:
+  goreleaser:
+    if: contains('["obs-gh-alexlew"]', github.actor)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.inputs.branch }}
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: stable
+      - name: Install msitools
+        run: sudo apt-get install -y wixl
+      # More assembly might be required: Docker logins, GPG, etc.
+      # It all depends on your needs.
+      - name: Install qemu
+        uses: docker/setup-qemu-action@v3
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          # either 'goreleaser' (default) or 'goreleaser-pro'
+          distribution: goreleaser-pro
+          # 'latest', 'nightly', or a semver
+          version: latest
+          args: release --clean --skip=validate --verbose --nightly
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
+          FURY_TOKEN: ${{ secrets.FURY_TOKEN }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -27,6 +27,13 @@ jobs:
         run: sudo apt-get install -y wixl
       # More assembly might be required: Docker logins, GPG, etc.
       # It all depends on your needs.
+      - name: Install qemu
+        uses: docker/setup-qemu-action@v3
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v6
         with:

diff --git a/.github/workflows/tests-unit.yaml b/.github/workflows/tests-unit.yaml
@@ -28,5 +28,8 @@ jobs:
         go-version: ${{ matrix.go }}
     - name: Checkout code
       uses: actions/checkout@v4
+      with:
+        fetch_depth: 0
+        ref: ${{ github.event.inputs.branch }}
     - name: Test
       run: make go-test
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -17,6 +17,7 @@ before:
 
 builds:
   - id: default
+    binary: observe-agent
     env:
       - CGO_ENABLED=0
     goos:
@@ -25,6 +26,7 @@ builds:
     ldflags: -s -w -X observe/agent/build.Version={{.Version}}
 
   - id: windows_build
+    binary: observe-agent
     env:
       - CGO_ENABLED=0
     goos:
@@ -530,6 +532,38 @@ nfpms:
     #   # with the maintainer, which is the person who maintains the software.
     #   packager: GoReleaser <staff@goreleaser.com>
 
+dockers:
+  - image_templates:
+      - &amd64_image "docker.io/observeinc/observe-agent:{{ .Version }}-amd64"
+    dockerfile: packaging/docker/Dockerfile
+    use: buildx
+    goos: linux
+    goarch: amd64
+    build_flag_templates:
+      - "--platform=linux/amd64"
+    extra_files:
+      - packaging/docker
+  - image_templates:
+      - &arm64v8_image "docker.io/observeinc/observe-agent:{{ .Version }}-arm64v8"
+    dockerfile: packaging/docker/Dockerfile
+    use: buildx
+    goos: linux
+    goarch: arm64
+    build_flag_templates:
+      - "--platform=linux/arm64/v8"
+    extra_files:
+      - packaging/docker
+
+docker_manifests:
+  - name_template: "docker.io/observeinc/observe-agent:{{ .Version }}"
+    image_templates:
+      - *amd64_image
+      - *arm64v8_image
+  - name_template: "docker.io/observeinc/observe-agent:latest"
+    image_templates:
+      - *amd64_image
+      - *arm64v8_image
+
 # winget:
 #   - # Name of the recipe
 #     #

diff --git a/packaging/docker/Dockerfile b/packaging/docker/Dockerfile
@@ -0,0 +1,39 @@
+# For FIPS binary, there are some debian runtime dependencies
+FROM debian:12.5 as agent
+COPY observe-agent /
+# This shouldn't be necessary but sometimes we end up with execution bit not set.
+# ref: https://github.com/open-telemetry/opentelemetry-collector/issues/1317
+RUN chmod 755 /observe-agent
+# The base executable includes symlinks to libraries. In order to break those, 
+# we tar with the h flag to dereference symlinks. 
+RUN tar czhf observe-agent.tar.gz /observe-agent $(ldd /observe-agent | grep -oP "\/.*? ")
+# extract package to /output so it can be taken as base for scratch image
+# we do not copy archive into scratch image, as it doesn't have tar executable
+# however, we can copy full directory as root (/) to be base file structure for scratch image
+RUN mkdir /output && tar xf /observe-agent.tar.gz --directory /output
+
+FROM alpine:3.20.0 as directories
+RUN mkdir -p /var/lib/observe-agent/filestorage
+
+FROM alpine:3.20.0 as certs
+RUN apk --update add ca-certificates
+
+FROM debian:12.5 as systemd
+RUN apt update && apt install -y systemd
+# prepare package with journald and it's dependencies keeping original paths
+# h stands for dereference of symbolic links
+RUN tar czhf journalctl.tar.gz /bin/journalctl $(ldd /bin/journalctl | grep -oP "\/.*? ")
+# extract package to /output so it can be taken as base for scratch image
+# we do not copy archive into scratch image, as it doesn't have tar executable
+# however, we can copy full directory as root (/) to be base file structure for scratch image
+RUN mkdir /output && tar xf /journalctl.tar.gz --directory /output
+
+FROM scratch
+ADD packaging/docker/observe-agent /etc/observe-agent
+COPY --from=systemd /output/ /
+COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=agent /output/ /
+COPY --from=directories /var/lib/observe-agent/filestorage /var/lib/observe-agent/filestorage
+
+ENTRYPOINT ["/observe-agent"]
+CMD ["start"]
diff --git a/packaging/docker/compose-linux-host.yaml b/packaging/docker/compose-linux-host.yaml
@@ -0,0 +1,35 @@
+services:
+  agent:
+    image: "observeinc/observe-agent:latest"
+    pid: host
+    volumes:
+      # Used for hostmetrics
+      - type: bind
+        source: /proc
+        target: /hostfs/proc
+        read_only: true
+      - type: bind
+        source: /snap
+        target: /hostfs/snap
+        read_only: true
+      - type: bind
+        source: /var/lib
+        target: /hostfs/var/lib
+        read_only: true
+      # Used for filelog
+      - type: bind
+        source: /var/log
+        target: /hostfs/var/log
+        read_only: true
+      # Symlinks dont work by default on docker containers so we need to add each of the 
+      # directories containing symlink targets individually for docker to be able to follow them
+      - type: bind
+        source: /var/log/pods
+        target: /var/log/pods
+      - type: bind
+        source: /var/lib/docker/containers
+        target: /var/lib/docker/containers
+      # Load agent from current directory
+      - type: bind
+        source: ${PWD}/observe-agent.yaml
+        target: /etc/observe-agent/observe-agent.yaml
diff --git a/packaging/docker/observe-agent/connections/host_monitoring/logs.yaml b/packaging/docker/observe-agent/connections/host_monitoring/logs.yaml
@@ -0,0 +1,36 @@
+receivers:
+  filelog/host_monitoring:
+    include: [/hostfs/var/log/**/*.log, /hostfs/var/log/syslog]
+    include_file_path: true
+    storage: file_storage
+    retry_on_failure:
+      enabled: true
+    max_log_size: 4MiB
+    operators:
+      - type: filter
+        expr: 'body matches "otel-contrib"'
+
+  journald/host_monitoring:
+    units:
+      - cron
+      - ssh
+      - systemd-networkd
+      - systemd-resolved
+      - systemd-login
+      - multipathd
+      - systemd-user-sessions
+      - ufw
+      - observe-agent
+    priority: info
+
+service:
+  pipelines:
+    logs/host_monitoring-file:
+      receivers: [filelog/host_monitoring]
+      processors: [memory_limiter, transform/truncate, resourcedetection, resourcedetection/cloud, batch]
+      exporters: [otlphttp/observe, count]
+
+    logs/host_monitoring-journald:
+      receivers: [journald/host_monitoring]
+      processors: [memory_limiter, transform/truncate, resourcedetection, resourcedetection/cloud, batch]
+      exporters: [otlphttp/observe, count]
diff --git a/packaging/docker/observe-agent/connections/host_monitoring/metrics.yaml b/packaging/docker/observe-agent/connections/host_monitoring/metrics.yaml
@@ -0,0 +1,62 @@
+receivers:
+  hostmetrics/host-monitoring:
+    collection_interval: 20s
+    root_path: /hostfs
+    scrapers:
+      cpu:
+        metrics:
+          system.cpu.utilization:
+            enabled: true
+          system.cpu.frequency:
+            enabled: true
+          system.cpu.logical.count:
+            enabled: true
+          system.cpu.physical.count:
+            enabled: true
+      load:
+      memory:
+        metrics:
+          system.memory.utilization:
+            enabled: true
+          system.linux.memory.available:
+            enabled: true
+      disk:
+      filesystem:
+        metrics:
+          system.filesystem.utilization:
+            enabled: true
+      network:
+      paging:
+        metrics:
+          system.paging.utilization:
+            enabled: true
+      processes:
+      process:
+        metrics:
+          process.context_switches:
+            enabled: true
+          process.cpu.utilization:
+            enabled: true
+          process.disk.operations:
+            enabled: true      
+          process.memory.utilization:
+            enabled: true      
+          process.open_file_descriptors:
+            enabled: true      
+          process.paging.faults:
+            enabled: true      
+          process.signals_pending:
+            enabled: true      
+          process.threads:
+            enabled: true
+        mute_process_name_error: true
+        mute_process_exe_error: true
+        mute_process_io_error: true
+        mute_process_user_error: true
+
+service:
+  pipelines:
+    metrics/host_monitoring:
+      receivers: [hostmetrics/host-monitoring]
+      processors: [memory_limiter, resourcedetection, resourcedetection/cloud, batch]
+      exporters: [otlphttp/observe]