From 2ba5d8a8aa1593d95715a27ebbf1180cad139b5c Mon Sep 17 00:00:00 2001
From: Erich Blume <blume.erich@gmail.com>
Date: Tue, 24 Feb 2026 09:15:57 -0800
Subject: [PATCH] Port Prometheus to local container build (#262)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

## Summary
- Add three-stage Dockerfile for Prometheus v3.9.1 (Node UI → Go binaries → Alpine runtime)
- Produces `prometheus` and `promtool` binaries with embedded web UI assets
- Follows navidrome/ntfy pattern for supply chain control via Zot registry

## Deployment and Testing
- [ ] `dagger call build --src=. --container-name=prometheus` succeeds
- [ ] Container reports correct version via `prometheus --version`
- [ ] `promtool --version` works
- [ ] Update statefulset image reference after successful build
- [ ] Deploy from branch: `argocd app set prometheus --revision <branch> && argocd app sync prometheus`
- [ ] Health probes pass (`/-/healthy`, `/-/ready`)
- [ ] Web UI loads, scrape targets work, remote write functions

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/262
---
 argocd/manifests/prometheus/statefulset.yaml  |  2 +-
 containers/prometheus/Dockerfile              | 76 +++++++++++++++++++
 ...eature-prometheus-local-container.infra.md |  1 +
 3 files changed, 78 insertions(+), 1 deletion(-)
 create mode 100644 containers/prometheus/Dockerfile
 create mode 100644 docs/changelog.d/feature-prometheus-local-container.infra.md

diff --git a/argocd/manifests/prometheus/statefulset.yaml b/argocd/manifests/prometheus/statefulset.yaml
index 9cad55d..99d2463 100644
--- a/argocd/manifests/prometheus/statefulset.yaml
+++ b/argocd/manifests/prometheus/statefulset.yaml
@@ -20,7 +20,7 @@ spec:
         runAsUser: 65534
       containers:
         - name: prometheus
-          image: prom/prometheus:v3.9.1
+          image: registry.ops.eblu.me/blumeops/prometheus:v3.9.1-74029e1
           args:
             - --config.file=/etc/prometheus/prometheus.yml
             - --storage.tsdb.path=/prometheus
diff --git a/containers/prometheus/Dockerfile b/containers/prometheus/Dockerfile
new file mode 100644
index 0000000..d0a02af
--- /dev/null
+++ b/containers/prometheus/Dockerfile
@@ -0,0 +1,76 @@
+# Prometheus monitoring system
+# Three-stage build: Web UI (Node), binaries (Go), runtime (Alpine)
+
+ARG CONTAINER_APP_VERSION=v3.9.1
+ARG PROMETHEUS_VERSION=${CONTAINER_APP_VERSION}
+
+FROM node:22-alpine AS ui-build
+
+ARG PROMETHEUS_VERSION
+RUN apk add --no-cache git bash
+
+RUN git clone --depth 1 --branch ${PROMETHEUS_VERSION} \
+    https://github.com/prometheus/prometheus.git /app
+
+WORKDIR /app/web/ui
+
+# Install workspace dependencies (mantine-ui, modules)
+RUN npm ci
+
+# Install legacy React app dependencies (separated from workspaces upstream)
+RUN cd react-app && npm ci
+
+# Build all UI components: modules, react-app, mantine-ui → static/
+RUN npm run build
+
+FROM golang:alpine3.22 AS build
+
+ARG PROMETHEUS_VERSION
+RUN apk add --no-cache build-base git bash
+
+RUN git clone --depth 1 --branch ${PROMETHEUS_VERSION} \
+    https://github.com/prometheus/prometheus.git /app
+
+WORKDIR /app
+
+# Copy pre-built UI assets
+COPY --from=ui-build /app/web/ui/static /app/web/ui/static
+
+# Generate embed.go with //go:embed directives for gzipped assets
+RUN scripts/compress_assets.sh
+
+ENV CGO_ENABLED=0
+
+RUN go build -tags netgo,builtinassets \
+    -ldflags="-w -s -X github.com/prometheus/common/version.Version=${PROMETHEUS_VERSION} \
+    -X github.com/prometheus/common/version.Branch=HEAD \
+    -X github.com/prometheus/common/version.BuildUser=blumeops \
+    -X github.com/prometheus/common/version.Revision=blumeops-build" \
+    -o /bin/prometheus ./cmd/prometheus
+
+RUN go build -tags netgo,builtinassets \
+    -ldflags="-w -s -X github.com/prometheus/common/version.Version=${PROMETHEUS_VERSION}" \
+    -o /bin/promtool ./cmd/promtool
+
+FROM alpine:3.22
+
+LABEL org.opencontainers.image.title=Prometheus
+LABEL org.opencontainers.image.description="Prometheus monitoring system and time series database"
+LABEL org.opencontainers.image.source=https://github.com/prometheus/prometheus
+
+RUN apk add --no-cache ca-certificates tzdata
+
+RUN mkdir -p /prometheus /etc/prometheus \
+ && chown -R 65534:65534 /prometheus /etc/prometheus
+
+COPY --from=build /bin/prometheus /usr/bin/prometheus
+COPY --from=build /bin/promtool /usr/bin/promtool
+COPY --from=build /app/documentation/examples/prometheus.yml /etc/prometheus/prometheus.yml
+
+EXPOSE 9090
+VOLUME ["/prometheus"]
+
+USER 65534
+ENTRYPOINT ["/usr/bin/prometheus"]
+CMD ["--config.file=/etc/prometheus/prometheus.yml", \
+     "--storage.tsdb.path=/prometheus"]
diff --git a/docs/changelog.d/feature-prometheus-local-container.infra.md b/docs/changelog.d/feature-prometheus-local-container.infra.md
new file mode 100644
index 0000000..56431f0
--- /dev/null
+++ b/docs/changelog.d/feature-prometheus-local-container.infra.md
@@ -0,0 +1 @@
+Port Prometheus to local container build (3-stage: Node UI, Go binaries, Alpine runtime) for supply chain control via Zot registry.