C1: alloy v1.16.0 — migrate Dockerfile to container.py

Bump alloy v1.14.0 → v1.16.0 across both build paths: - containers/alloy/Dockerfile replaced with native container.py (3-stage Node UI → make alloy Go build → Alpine runtime). - containers/alloy/default.nix bumped: src hash + npmDepsHash refreshed. goModules outputHash still TODO — will be updated after a build attempt on the ringtail nix runner reveals the new hash. The container.py uses the upstream Makefile via `make alloy` (not plain `go build`) so version stamping, release flags, and the netgo+embedalloyui tags match upstream releases. promtail_journal_enabled is omitted as before — k8s deployments read pod logs from the filesystem, not journald. Per [[review-services]] for the four stale Alloy entries (alloy-k8s, alloy-ringtail, alloy-tracing-ringtail, alloy ansible — all reviewed 2026-03-13). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-30 20:32:20 -07:00 · 2026-04-30 20:32:20 -07:00 · b8d16c822d
commit b8d16c822d
parent 7fed166c18
3 changed files with 98 additions and 72 deletions
--- a/containers/alloy/Dockerfile
+++ b/containers/alloy/Dockerfile
@ -1,68 +0,0 @@
-# Grafana Alloy telemetry collector
-# Three-stage build: Web UI (Node), server (Go), runtime (Alpine)
-
-ARG CONTAINER_APP_VERSION=1.14.0
-ARG ALLOY_VERSION=v${CONTAINER_APP_VERSION}
-ARG ALLOY_COMMIT=626a738319812d58ebc25ca6d71651f4925b8b18
-
-FROM node:22-alpine AS ui-build
-
-ARG ALLOY_COMMIT
-RUN apk add --no-cache git
-
-RUN mkdir /app && cd /app \
-    && git init \
-    && git remote add origin https://forge.ops.eblu.me/mirrors/alloy.git \
-    && git fetch --depth 1 origin ${ALLOY_COMMIT} \
-    && git checkout FETCH_HEAD
-
-WORKDIR /app/internal/web/ui
-RUN npm ci
-RUN npx tsc -b && npx vite build
-
-FROM golang:1.25-alpine3.22 AS build
-
-ARG ALLOY_VERSION
-ARG ALLOY_COMMIT
-RUN apk add --no-cache build-base git
-
-RUN mkdir /app && cd /app \
-    && git init \
-    && git remote add origin https://forge.ops.eblu.me/mirrors/alloy.git \
-    && git fetch --depth 1 origin ${ALLOY_COMMIT} \
-    && git checkout FETCH_HEAD
-
-WORKDIR /app
-
-# Copy pre-built web UI assets
-COPY --from=ui-build /app/internal/web/ui/dist /app/internal/web/ui/dist
-
-ENV CGO_ENABLED=1
-
-# promtail_journal_enabled omitted: requires systemd headers (libsystemd-dev)
-# and our k8s deployments read pod logs from the filesystem, not journald
-RUN RELEASE_BUILD=1 VERSION=${ALLOY_VERSION} \
-    GO_TAGS="netgo embedalloyui" \
-    SKIP_UI_BUILD=1 \
-    make alloy
-
-FROM alpine:3.22
-
-ARG CONTAINER_APP_VERSION
-LABEL org.opencontainers.image.title="Alloy"
-LABEL org.opencontainers.image.description="Grafana Alloy is an OpenTelemetry Collector distribution"
-LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
-LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
-LABEL org.opencontainers.image.vendor="blumeops"
-
-RUN apk --no-cache add ca-certificates tzdata \
-    && addgroup -g 473 alloy \
-    && adduser -D -u 473 -G alloy alloy \
-    && mkdir -p /var/lib/alloy/data \
-    && chown -R alloy:alloy /var/lib/alloy
-
-COPY --from=build --chown=473:473 /app/build/alloy /bin/alloy
-
-ENTRYPOINT ["/bin/alloy"]
-ENV ALLOY_DEPLOY_MODE=docker
-CMD ["run", "/etc/alloy/config.alloy", "--storage.path=/var/lib/alloy/data"]
--- a/containers/alloy/container.py
+++ b/containers/alloy/container.py
@ -0,0 +1,94 @@
+"""Grafana Alloy — telemetry collector, native Dagger build.
+
+Three-stage build: Node (UI), Go (server via upstream Makefile with embedded
+UI assets), Alpine (runtime). Source cloned from forge mirror.
+
+Notes:
+  - Builds via `make alloy` rather than plain `go build` so version stamping,
+    release flags, and the netgo+embedalloyui tags match upstream releases.
+  - promtail_journal_enabled is intentionally omitted: it requires
+    libsystemd-dev and our k8s deployments read pod logs from the filesystem,
+    not journald.
+  - Pinned to golang:1.25-alpine3.22 (matches upstream's tested Go toolchain).
+"""
+
+import dagger
+from dagger import dag
+
+from blumeops.containers import (
+    alpine_runtime,
+    clone_from_forge,
+    node_build,
+    oci_labels,
+)
+
+VERSION = "v1.16.0"
+
+
+async def build(src: dagger.Directory) -> dagger.Container:
+    source = clone_from_forge("alloy", VERSION)
+
+    # Stage 1: Build the web UI (tsc + vite, not the package.json default).
+    ui = node_build(
+        source,
+        "internal/web/ui",
+        build_cmd=["sh", "-c", "npx tsc -b && npx vite build"],
+    )
+
+    # Stage 2: Build alloy via the upstream Makefile with embedded UI assets.
+    builder = (
+        dag.container()
+        .from_("golang:1.25-alpine3.22")
+        .with_exec(["apk", "add", "--no-cache", "build-base", "git", "make"])
+        .with_directory("/app", source)
+        .with_directory(
+            "/app/internal/web/ui/dist",
+            ui.directory("/app/internal/web/ui/dist"),
+        )
+        .with_workdir("/app")
+        .with_env_variable("CGO_ENABLED", "1")
+        .with_env_variable("RELEASE_BUILD", "1")
+        .with_env_variable("VERSION", VERSION)
+        .with_env_variable("GO_TAGS", "netgo embedalloyui")
+        .with_env_variable("SKIP_UI_BUILD", "1")
+        .with_exec(["make", "alloy"])
+    )
+
+    # Stage 3: Runtime as uid/gid 473 alloy.
+    runtime = alpine_runtime(
+        extra_apk=["ca-certificates", "tzdata"],
+        uid=473,
+        gid=473,
+        username="alloy",
+    )
+    runtime = oci_labels(
+        runtime,
+        title="Alloy",
+        description="Grafana Alloy is an OpenTelemetry Collector distribution",
+        version=VERSION,
+    )
+    return (
+        runtime.with_file(
+            "/bin/alloy",
+            builder.file("/app/build/alloy"),
+            permissions=0o555,
+        )
+        .with_exec(
+            [
+                "sh",
+                "-c",
+                "mkdir -p /var/lib/alloy/data && chown -R alloy:alloy /var/lib/alloy",
+            ]
+        )
+        .with_env_variable("ALLOY_DEPLOY_MODE", "docker")
+        .with_exposed_port(12345)
+        .with_user("alloy")
+        .with_entrypoint(["/bin/alloy"])
+        .with_default_args(
+            args=[
+                "run",
+                "/etc/alloy/config.alloy",
+                "--storage.path=/var/lib/alloy/data",
+            ]
+        )
+    )
--- a/containers/alloy/default.nix
+++ b/containers/alloy/default.nix
@ -1,24 +1,24 @@
 # Nix-built Grafana Alloy telemetry collector
-# Builds v1.14.0 from forge mirror with embedded web UI
+# Builds v1.16.0 from forge mirror with embedded web UI
 # Uses stdenv + make (not buildGoModule) due to multi-module workspace
 # with local replace directives (collector/ -> ../, ../syntax, ../extension)
 # Built with dockerTools.buildLayeredImage for efficient layer caching
 { pkgs ? import <nixpkgs> { } }:

 let
-  version = "1.14.0";
+  version = "1.16.0";

  src = pkgs.fetchgit {
    url = "https://forge.ops.eblu.me/mirrors/alloy.git";
    rev = "v${version}";
-    hash = "sha256-gxNz4XDE8XSl6LsP3k8DERqDdMLcmbWKfXZGGyRULkg=";
+    hash = "sha256-q5R2noxBZ3OPyZqmB+bx3iJKWFxC2WIprcgh9RwjLzk=";
  };

  ui = pkgs.buildNpmPackage {
    inherit version;
    pname = "alloy-ui";
    src = "${src}/internal/web/ui";
-    npmDepsHash = "sha256-GT0yisPn+3FCtWL3he0i5zPMlaWNparQDefU69G4Yis=";
+    npmDepsHash = "sha256-vResNUT4auDsK9ngnJYfMUUOYr/ikPhrvakqCjGq2Q8=";

    buildPhase = ''
      runHook preBuild