Linux package proof of concept

.github/workflows/goreleaser.yml

@@ -0,0 +1,58 @@
+name: Goreleaser
+on:
+  pull_request:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.head_ref || github.ref_name }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out source code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Set up Go
+        uses: actions/setup-go@v5.0.0
+        with:
+          go-version: "1.21.5"
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+
+      - name: Test GoReleaser
+        uses: goreleaser/goreleaser-action@v5
+        with:
+          version: v1.22.1
+          args: release --skip=publish --snapshot
+          distribution: goreleaser
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Install Cinc (Inspec)
+        run: |
+          curl -L https://omnitruck.cinc.sh/install.sh | \
+          sudo bash -s -- -P cinc-auditor -v 4
+
+      - name: Install Deb Package
+        run: |
+          sudo apt-get install -y -f ./dist/prometheus_linux_amd64.deb
+          sudo systemctl start prometheus
+
+      - name: Test Install
+        run: sudo cinc-auditor exec package/test/install/test.rb
+
+      - name: Uninstall Deb Package
+        run: |
+          sudo apt-get remove -y prometheus
+          sudo apt-get purge -y prometheus
+
+      - name: Test Uninstall
+        run: sudo cinc-auditor exec package/test/uninstall/test.rb

.gitignore

@@ -18,6 +18,7 @@ benchmark.txt
 !/.travis.yml
 !/.promu.yml
 !/.golangci.yml
+!/.goreleaser.yml
 /documentation/examples/remote_storage/remote_storage_adapter/remote_storage_adapter
 /documentation/examples/remote_storage/example_write_adapter/example_write_adapter
 
@@ -31,3 +32,5 @@ npm_licenses.tar.bz2
 
 # Ignore parser debug
 y.output
+
+dist/

.goreleaser.yml

@@ -0,0 +1,187 @@
+before:
+  hooks:
+    # See `make build` for list build prerequisites. 
+    - make assets 
+    - make npm_licenses 
+    - make assets-compress 
+    - make plugins 
+
+builds:
+  - id: prometheus
+    binary: prometheus
+    main: ./cmd/prometheus
+    env:
+      - CGO_ENABLED=0
+    mod_timestamp: "{{ .CommitTimestamp }}"
+    goos:
+      - linux
+    goarch:
+      - amd64
+      - arm64
+    flags:
+      - -tags=netgo,builtinassets,stringlabels
+    ldflags:
+      - -s -w
+      - -X github.com/prometheus/common/version.Version={{ .Version }}
+      - -X github.com/prometheus/common/version.Revision=""
+      - -X github.com/prometheus/common/version.Branch={{ .Branch }}
+      - -X github.com/prometheus/common/version.BuildUser=observIQ
+      - -X github.com/prometheus/common/version.BuildDate={{ .Date }}
+    no_unique_dist_dir: false
+  - id: promtool
+    binary: promtool
+    main: ./cmd/promtool
+    env:
+      - CGO_ENABLED=0
+    mod_timestamp: "{{ .CommitTimestamp }}"
+    goos:
+      - linux
+    goarch:
+      - amd64
+      - arm64
+    flags:
+      - -tags=netgo,builtinassets,stringlabels
+    ldflags:
+      - -s -w
+      - -X github.com/prometheus/common/version.Version={{ .Version }}
+      - -X github.com/prometheus/common/version.Revision=""
+      - -X github.com/prometheus/common/version.Branch={{ .Branch }}
+      - -X github.com/prometheus/common/version.BuildUser=observIQ
+      - -X github.com/prometheus/common/version.BuildDate={{ .Date }}
+    no_unique_dist_dir: false
+
+nfpms:
+  - id: prometheus
+    file_name_template: "{{ .PackageName }}_{{ .Os }}_{{ .Arch }}"
+    package_name: prometheus
+    vendor: observIQ, Inc
+    maintainer: observIQ <support@observiq.com>
+    description: The Prometheus monitoring system and time series database.
+    homepage: https://github.com/prometheus/prometheus
+    license: Apache 2.0
+    builds:
+      - prometheus
+      - promtool
+    formats:
+      - rpm
+      - deb
+    bindir: /usr/bin
+    contents:
+      - dst: /var/lib/prometheus
+        type: dir
+        file_info:
+          owner: prometheus
+          group: prometheus
+          mode: 0750
+      - dst: /var/lib/prometheus/console_libraries
+        type: dir
+        file_info:
+          owner: prometheus
+          group: prometheus
+          mode: 0750
+      - dst: /var/lib/prometheus/consoles
+        type: dir
+        file_info:
+          owner: prometheus
+          group: prometheus
+          mode: 0750
+      - dst: /var/lib/prometheus/tsdb
+        type: dir
+        file_info:
+          owner: prometheus
+          group: prometheus
+          mode: 0750
+      - dst: /etc/prometheus
+        type: dir
+        file_info:
+          owner: prometheus
+          group: prometheus
+          mode: 0750
+      - dst: /usr/share/doc/prometheus
+        type: dir
+        file_info:
+          owner: root
+          group: root
+          mode: 0755
+      - src: package/service/prometheus.service
+        dst: /usr/lib/systemd/system/prometheus.service
+        type: "config"
+        file_info:
+          owner: root
+          group: root
+          mode: 0640
+      - src: package/config/prometheus.yml
+        dst: /etc/prometheus/prometheus.yml
+        type: "config"
+        file_info:
+          owner: prometheus
+          group: prometheus
+          mode: 0640
+      - src: package/config/web.yml
+        dst: /etc/prometheus/web.yml
+        type: "config"
+        file_info:
+          owner: prometheus
+          group: prometheus
+          mode: 0640
+      - src: package/config/rules.yml
+        dst: /etc/prometheus/rules.yml
+        type: "config"
+        file_info:
+          owner: prometheus
+          group: prometheus
+          mode: 0640
+      - src: console_libraries/*
+        dst: /var/lib/prometheus/console_libraries/
+        type: "config"
+        file_info:
+          owner: prometheus
+          group: prometheus
+          mode: 0640
+      - src: consoles/*
+        dst: /var/lib/prometheus/consoles/
+        type: "config"
+        file_info:
+          owner: prometheus
+          group: prometheus
+          mode: 0640
+      - src: NOTICE
+        dst: /usr/share/doc/prometheus/NOTICE
+        type: "config"
+        file_info:
+          owner: root
+          group: root
+          mode: 0644
+      - src: LICENSE
+        dst: /usr/share/doc/prometheus/LICENSE
+        type: "config"
+        file_info:
+          owner: root
+          group: root
+          mode: 0644
+      - src: npm_licenses.tar.bz2
+        dst: /usr/share/doc/prometheus/npm_licenses.tar.bz2
+        type: "config"
+        file_info:
+          owner: root
+          group: root
+          mode: 0644
+    scripts:
+      preremove: package/scripts/preremove.sh
+      postremove: package/scripts/postremove.sh
+      preinstall: package/scripts/preinstall.sh
+      postinstall: package/scripts/postinstall.sh
+
+archives:
+  - format: tar.gz
+    id: prometheus
+    name_template: prometheus-{{ .Version }}.{{ .Os }}-{{ .Arch }}
+    builds:
+      - prometheus
+
+checksum:
+  name_template: "{{ .ProjectName }}-v{{ .Version }}-SHA256SUMS"
+  algorithm: sha256
+
+release:
+  draft: false

package/config/prometheus.yml

@@ -0,0 +1,2 @@
+scrape_configs: []
+rule_files: [/etc/prometheus/rules.yml]

package/config/rules.yml

@@ -0,0 +1,6 @@
+groups:
+- name: configuration-rollups
+  interval: 1m
+  rules:
+  - record: bindplane_agent_measurements:rollup:rate:1m
+    expr: sum without (agent) (rate(bindplane_agent_measurements{}[1m] offset 10s))

package/scripts/postinstall.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+# Install handles systemd service management. This function
+# can be called more than once as it is idempotent.
+install() {
+    systemctl daemon-reload
+}
+
+# Upgrade performs the same steps as install.
+upgrade() {
+    install
+}
+
+action="$1"
+
+case "$action" in
+  "0" | "install")
+    install
+    ;;
+  "1" | "upgrade")
+    upgrade
+    ;;
+  *)
+    install
+    ;;
+esac

package/scripts/postremove.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+set -e
+
+# Remove deletes the prometheus systemd service file
+# and reloads systemd. If the file does not exist, return early.
+remove() {
+    rm -f /usr/lib/systemd/system/prometheus.service || return
+    systemctl daemon-reload
+}
+
+# Upgrade performs a no-op and is included here for future use.
+upgrade() {
+    return
+}
+
+action="$1"
+
+case "$action" in
+  "0" | "remove")
+    remove
+    ;;
+  "1" | "upgrade")
+    upgrade
+    ;;
+  *)
+    remove
+    ;;
+esac

package/scripts/preinstall.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+
+set -e
+
+# Install creates the prometheus user and group using the
+# name 'prometheus'. The prometheus user does not have a shell.
+# This function can be called more than once as it is idempotent.
+install() {
+    username="prometheus"
+
+    if getent group "$username" &>/dev/null; then
+        echo "Group ${username} already exists."
+    else
+        groupadd "$username"
+    fi
+
+    if id "$username" &>/dev/null; then
+        echo "User ${username} already exists"
+        exit 0
+    else
+        useradd --shell /sbin/nologin --system "$username" -g "$username"
+    fi
+}
+
+# Upgrade should perform the same steps as install
+upgrade() {
+    install
+}
+
+action="$1"
+
+case "$action" in
+  "0" | "install")
+    install
+    ;;
+  "1" | "upgrade")
+    upgrade
+    ;;
+  *)
+    install
+    ;;
+esac