diff --git a/.github/settings.yml b/.github/settings.yml
index f980fff..95f2b97 100644
--- a/.github/settings.yml
+++ b/.github/settings.yml
@@ -1,6 +1,6 @@
# https://developer.github.com/v3/repos/#edit
repository:
- name: docker-$$IMAGE_NAME$$
+ name: docker-grafana
description: ""
homepage: https://homecentr.github.io/
private: false
@@ -21,7 +21,7 @@ branches:
protection:
required_status_checks:
strict: true
- contexts: [ ".github/workflows/ci.yml" ]
+ contexts: [ "build" ]
required_pull_request_reviews: null
enforce_admins: false
restrictions:
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 25d8109..36ec5de 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,7 +6,7 @@ on:
pull_request:
env:
- IMAGE_NAME: "homecentr/$$IMAGE_NAME$$"
+ IMAGE_NAME: "homecentr/grafana"
jobs:
build:
@@ -30,7 +30,7 @@ jobs:
run: docker build . -t ${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.docker_tag }}
- name: Test Docker image
- run: cd tests && sudo gradle test --info -Dimage_tag=${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.docker_tag }}
+ run: cd tests && sudo gradle test --info -Ddocker_image_tag=${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.docker_tag }}
- name: Scan with Phonito Security
uses: phonito/phonito-scanner-action@master
diff --git a/.github/workflows/ci_cd.yml b/.github/workflows/ci_cd.yml
index f85445f..14b9181 100644
--- a/.github/workflows/ci_cd.yml
+++ b/.github/workflows/ci_cd.yml
@@ -5,7 +5,7 @@ on:
- master
env:
- IMAGE_NAME: "homecentr/$$IMAGE_NAME$$"
+ IMAGE_NAME: "homecentr/grafana"
jobs:
build:
@@ -40,7 +40,7 @@ jobs:
- name: Test Docker image
if: env.RELEASE_VERSION != ''
- run: cd tests && sudo gradle test -Dimage_tag=${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}
+ run: cd tests && sudo gradle test -Ddocker_image_tag=${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}
- name: Scan with Phonito Security
if: env.RELEASE_VERSION != ''
diff --git a/.github/workflows/regular_scan.yml b/.github/workflows/regular_scan.yml
index b4ca6d5..a233cfd 100644
--- a/.github/workflows/regular_scan.yml
+++ b/.github/workflows/regular_scan.yml
@@ -4,7 +4,7 @@ on:
- cron: '0 6 * * *'
env:
- IMAGE_NAME: "homecentr/$$IMAGE_NAME$$"
+ IMAGE_NAME: "homecentr/grafana"
jobs:
build:
diff --git a/Dockerfile b/Dockerfile
index c3c78df..d6d1d73 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1 +1,44 @@
-FROM alpine
\ No newline at end of file
+FROM grafana/grafana:7.0.3 as original
+
+FROM homecentr/base:2.4.0-alpine
+
+ENV PATH="/usr/share/grafana/bin:$PATH"
+ENV GF_PATHS_CONFIG="/config/grafana.ini"
+ENV GF_PATHS_PROVISIONING="/config/provisioning"
+ENV GF_PATHS_DATA="/grafana"
+ENV GF_PATHS_PLUGINS="/grafana/plugins"
+ENV GF_PATHS_LOGS="/logs"
+ENV GF_PATHS_HOME="/usr/share/grafana"
+ENV HEALTHCHECK_ENDPOINT="/metrics"
+
+COPY --from=original /usr/share/grafana /usr/share/grafana
+COPY --from=original /run.sh /run.sh
+
+COPY ./fs/ /
+
+RUN apk add --no-cache curl=7.67.0-r0
+
+RUN mkdir -p "$GF_PATHS_PROVISIONING/datasources" \
+ "$GF_PATHS_PROVISIONING/dashboards" \
+ "$GF_PATHS_PROVISIONING/notifiers" \
+ "$GF_PATHS_LOGS" \
+ "$GF_PATHS_PLUGINS" \
+ "$GF_PATHS_DATA" && \
+ cp "$GF_PATHS_HOME/conf/sample.ini" "$GF_PATHS_CONFIG" && \
+ cp "$GF_PATHS_HOME/conf/ldap.toml" /config/ldap.toml && \
+ chmod -R 777 "$GF_PATHS_DATA" "$GF_PATHS_HOME/.aws" "$GF_PATHS_LOGS" "$GF_PATHS_PLUGINS" "$GF_PATHS_PROVISIONING"
+
+# Configuration
+VOLUME "/config"
+
+# Service state
+VOLUME "/grafana"
+
+# Log files
+VOLUME "/logs"
+
+# Ping the metrics endpoint
+HEALTHCHECK --interval=15s --timeout=10s --start-period=20s --retries=3 CMD curl -k --fail http://127.0.0.1:3000/$HEALTHCHECK_ENDPOINT || exit 1
+
+# HTTP User interface and API
+EXPOSE 3000
diff --git a/README.md b/README.md
index 80482d2..e4063ef 100644
--- a/README.md
+++ b/README.md
@@ -1,47 +1,55 @@
-[![Project status](https://badgen.net/badge/project%20status/stable%20%26%20actively%20maintaned?color=green)](https://github.com/homecentr/docker-$$IMAGE_NAME$$/graphs/commit-activity) [![](https://badgen.net/github/label-issues/homecentr/docker-$$IMAGE_NAME$$/bug?label=open%20bugs&color=green)](https://github.com/homecentr/docker-$$IMAGE_NAME$$/labels/bug) [![](https://badgen.net/github/release/homecentr/docker-$$IMAGE_NAME$$)](https://hub.docker.com/repository/docker/homecentr/$$IMAGE_NAME$$)
-[![](https://badgen.net/docker/pulls/homecentr/$$IMAGE_NAME$$)](https://hub.docker.com/repository/docker/homecentr/$$IMAGE_NAME$$)
-[![](https://badgen.net/docker/size/homecentr/$$IMAGE_NAME$$)](https://hub.docker.com/repository/docker/homecentr/$$IMAGE_NAME$$)
+[![Project status](https://badgen.net/badge/project%20status/stable%20%26%20actively%20maintaned?color=green)](https://github.com/homecentr/docker-grafana/graphs/commit-activity) [![](https://badgen.net/github/label-issues/homecentr/docker-grafana/bug?label=open%20bugs&color=green)](https://github.com/homecentr/docker-grafana/labels/bug) [![](https://badgen.net/github/release/homecentr/docker-grafana)](https://hub.docker.com/repository/docker/homecentr/grafana)
+[![](https://badgen.net/docker/pulls/homecentr/grafana)](https://hub.docker.com/repository/docker/homecentr/grafana)
+[![](https://badgen.net/docker/size/homecentr/grafana)](https://hub.docker.com/repository/docker/homecentr/grafana)
-![CI/CD on master](https://github.com/homecentr/docker-$$IMAGE_NAME$$/workflows/CI/CD%20on%20master/badge.svg)
-![Regular Docker image vulnerability scan](https://github.com/homecentr/docker-$$IMAGE_NAME$$/workflows/Regular%20Docker%20image%20vulnerability%20scan/badge.svg)
+![CI/CD on master](https://github.com/homecentr/docker-grafana/workflows/CI/CD%20on%20master/badge.svg)
+![Regular Docker image vulnerability scan](https://github.com/homecentr/docker-grafana/workflows/Regular%20Docker%20image%20vulnerability%20scan/badge.svg)
-# HomeCentr - $$IMAGE_NAME$$
+# HomeCentr - grafana
+Repack of [Grafana](https://grafana.com/) with the usual Homecentr bells and whistles.
## Usage
```yml
version: "3.7"
services:
- $$IMAGE_NAME$$:
+ grafana:
build: .
- image: homecentr/$$IMAGE_NAME$$
+ image: homecentr/grafana
+ ports:
+ - 3000:3000
+ volumes:
+ - ./example:/config
```
## Environment variables
| Name | Default value | Description |
|------|---------------|-------------|
-| PUID | 7077 | UID of the user $$IMAGE_NAME$$ should be running as. |
-| PGID | 7077 | GID of the user $$IMAGE_NAME$$ should be running as. |
+| PUID | 7077 | UID of the user grafana should be running as. |
+| PGID | 7077 | GID of the user grafana should be running as. |
+|
## Exposed ports
| Port | Protocol | Description |
|------|------|-------------|
-| 80 | TCP | Some useful details |
+| 3000 | TCP | Web UI and API. |
## Volumes
| Container path | Description |
|------------|---------------|
-| /config | Some useful details |
+| /config | Grafana configuration. This should container the `grafana.ini` configuration file. If you want to use [provisioning](https://grafana.com/docs/grafana/latest/administration/provisioning/), put the related files to `/config/provisioning`. |
+| /grafana | Grafana state. Make sure the volume is writable for PUID/PGID. |
+| /logs | Log files produced by Grafana if configured to. Make sure the volume is writable for PUID/PGID. |
## Security
-The container is regularly scanned for vulnerabilities and updated. Further info can be found in the [Security tab](https://github.com/homecentr/docker-$$IMAGE_NAME$$/security).
+The container is regularly scanned for vulnerabilities and updated. Further info can be found in the [Security tab](https://github.com/homecentr/docker-grafana/security).
### Container user
-The container supports privilege drop. Even though the container starts as root, it will use the permissions only to perform the initial set up. The $$IMAGE_NAME$$ process runs as UID/GID provided in the PUID and PGID environment variables.
+The container supports privilege drop. Even though the container starts as root, it will use the permissions only to perform the initial set up. The grafana process runs as UID/GID provided in the PUID and PGID environment variables.
:warning: Do not change the container user directly using the `user` Docker compose property or using the `--user` argument. This would break the privilege drop logic.
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 980a102..1ba32d0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,6 +1,9 @@
version: "3.7"
services:
- $$IMAGE_NAME$$:
+ grafana:
build: .
- image: homecentr/$$IMAGE_NAME$$
- restart: unless-stopped
\ No newline at end of file
+ image: homecentr/grafana
+ ports:
+ - 3000:3000
+ volumes:
+ - ./example:/config
\ No newline at end of file
diff --git a/example/grafana.ini b/example/grafana.ini
new file mode 100644
index 0000000..a4f5be0
--- /dev/null
+++ b/example/grafana.ini
@@ -0,0 +1,756 @@
+##################### Grafana Configuration Example #####################
+#
+# Everything has defaults so you only need to uncomment things you want to
+# change
+
+# possible values : production, development
+;app_mode = production
+
+# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty
+;instance_name = ${HOSTNAME}
+
+#################################### Paths ####################################
+[paths]
+# Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used)
+;data = /var/lib/grafana
+
+# Temporary files in `data` directory older than given duration will be removed
+;temp_data_lifetime = 24h
+
+# Directory where grafana can store logs
+;logs = /var/log/grafana
+
+# Directory where grafana will automatically scan and look for plugins
+;plugins = /var/lib/grafana/plugins
+
+# folder that contains provisioning config files that grafana will apply on startup and while running.
+;provisioning = conf/provisioning
+
+#################################### Server ####################################
+[server]
+# Protocol (http, https, h2, socket)
+;protocol = http
+
+# The ip address to bind to, empty will bind to all interfaces
+;http_addr =
+
+# The http port to use
+;http_port = 3000
+
+# The public facing domain name used to access grafana from a browser
+;domain = localhost
+
+# Redirect to correct domain if host header does not match domain
+# Prevents DNS rebinding attacks
+;enforce_domain = false
+
+# The full public facing url you use in browser, used for redirects and emails
+# If you use reverse proxy and sub path specify full url (with sub path)
+;root_url = %(protocol)s://%(domain)s:%(http_port)s/
+
+# Serve Grafana from subpath specified in `root_url` setting. By default it is set to `false` for compatibility reasons.
+;serve_from_sub_path = false
+
+# Log web requests
+;router_logging = false
+
+# the path relative working path
+;static_root_path = public
+
+# enable gzip
+;enable_gzip = false
+
+# https certs & key file
+;cert_file =
+;cert_key =
+
+# Unix socket path
+;socket =
+
+#################################### Database ####################################
+[database]
+# You can configure the database connection by specifying type, host, name, user and password
+# as separate properties or as on string using the url properties.
+
+# Either "mysql", "postgres" or "sqlite3", it's your choice
+;type = sqlite3
+;host = 127.0.0.1:3306
+;name = grafana
+;user = root
+# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
+;password =
+
+# Use either URL or the previous fields to configure the database
+# Example: mysql://user:secret@host:port/database
+;url =
+
+# For "postgres" only, either "disable", "require" or "verify-full"
+;ssl_mode = disable
+
+;ca_cert_path =
+;client_key_path =
+;client_cert_path =
+;server_cert_name =
+
+# For "sqlite3" only, path relative to data_path setting
+;path = grafana.db
+
+# Max idle conn setting default is 2
+;max_idle_conn = 2
+
+# Max conn setting default is 0 (mean not set)
+;max_open_conn =
+
+# Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours)
+;conn_max_lifetime = 14400
+
+# Set to true to log the sql calls and execution times.
+;log_queries =
+
+# For "sqlite3" only. cache mode setting used for connecting to the database. (private, shared)
+;cache_mode = private
+
+#################################### Cache server #############################
+[remote_cache]
+# Either "redis", "memcached" or "database" default is "database"
+;type = database
+
+# cache connectionstring options
+# database: will use Grafana primary database.
+# redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=0,ssl=false`. Only addr is required. ssl may be 'true', 'false', or 'insecure'.
+# memcache: 127.0.0.1:11211
+;connstr =
+
+#################################### Data proxy ###########################
+[dataproxy]
+
+# This enables data proxy logging, default is false
+;logging = false
+
+# How long the data proxy should wait before timing out default is 30 (seconds)
+;timeout = 30
+
+# If enabled and user is not anonymous, data proxy will add X-Grafana-User header with username into the request, default is false.
+;send_user_header = false
+
+#################################### Analytics ####################################
+[analytics]
+# Server reporting, sends usage counters to stats.grafana.org every 24 hours.
+# No ip addresses are being tracked, only simple counters to track
+# running instances, dashboard and error counts. It is very helpful to us.
+# Change this option to false to disable reporting.
+;reporting_enabled = true
+
+# Set to false to disable all checks to https://grafana.net
+# for new vesions (grafana itself and plugins), check is used
+# in some UI views to notify that grafana or plugin update exists
+# This option does not cause any auto updates, nor send any information
+# only a GET request to http://grafana.com to get latest versions
+;check_for_updates = true
+
+# Google Analytics universal tracking code, only enabled if you specify an id here
+;google_analytics_ua_id =
+
+# Google Tag Manager ID, only enabled if you specify an id here
+;google_tag_manager_id =
+
+#################################### Security ####################################
+[security]
+# disable creation of admin user on first start of grafana
+;disable_initial_admin_creation = false
+
+# default admin user, created on startup
+;admin_user = admin
+
+# default admin password, can be changed before first start of grafana, or in profile settings
+;admin_password = admin
+
+# used for signing
+;secret_key = SW2YcwTIb9zpOOhoPsMm
+
+# disable gravatar profile images
+;disable_gravatar = false
+
+# data source proxy whitelist (ip_or_domain:port separated by spaces)
+;data_source_proxy_whitelist =
+
+# disable protection against brute force login attempts
+;disable_brute_force_login_protection = false
+
+# set to true if you host Grafana behind HTTPS. default is false.
+;cookie_secure = false
+
+# set cookie SameSite attribute. defaults to `lax`. can be set to "lax", "strict", "none" and "disabled"
+;cookie_samesite = lax
+
+# set to true if you want to allow browsers to render Grafana in a ,