github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-27 10:40:07 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/x-pack/build_chromium
History
Exact
Eyo O. Eyo 2fd65fba64
[On-Week] Automate chromium linux builds for reporting in Kibana (#212674) 
## Summary

Closes https://github.com/elastic/kibana/issues/38277

This PR ~attempts to take a stab at automating~ automates the process
for building the linux headless chromium used for reporting within
Kibana.

The Idea here is that one would simply only need create an issue within
the Kibana project that will then trigger the build for chromium, we'll
be leveraging GitHub actions for this, the Github workflow defined only
kicks in when an issue is created with the label
`trigger-chromium-build`, when such an issue is created, the body of the
issue is analysed; there's an expectation that the body would contain a
fenced codeblock of type json that specifies the property
`puppeteer_version`, if this is found this value is read and, we then
trigger a build on buildkite passing along this value, in the case where
there are multiple fenced code blocks specifying the expected property
`puppeteer_version` we leave a message that the issue body be modified,
also if the expected label was added but the expected property is not
found we also leave a message prompting that the expected property be
provided.

Once the build has commenced a message containing the link to the build
would be provided as initial feedback to the user, also on completion
another message is provided to the user, that provides a link to the PR
containing all the required changes to update puppeteer to the version
specified.

~It's also worth pointing out that this PR also, modifies the source for
`win`, `mac` chromium binaries to leverage the [JSON API
endpoint](https://github.com/GoogleChromeLabs/chrome-for-testing#json-api-endpoints)
provided by Google to get the required binaries for chromium headless in
a deterministic way, which in turns is part of what makes this
automation possible.~

## How to test this

- If you'd love to test the Github action too without the PR being
merging in just yet, you should consider setting up
[act](https://github.com/nektos/act), alongside it's companion [vscode
extension](https://sanjulaganepola.github.io/github-local-actions-docs/)
, we'll then want to create a payload file providing similar data that
github would return for our workflow trigger, more info about setting
this up
[here](https://sanjulaganepola.github.io/github-local-actions-docs/usage/settings/#payloads).
The payload file we'd want would be something along the following lines;

```json
{
    "action": "labeled",
    "label":{
        "name": "trigger-chromium-build"
    },
    "issue": {
        "number": 1,
        "title": "Issue 1",
        "author_association": "MEMBER",
        "labels": [
            {
                "name": "trigger-chromium-build"
            }
        ],
        "body": "\n## Random text \n\n ~~~json\n{\n  \"puppeteer_version\": \"24.6.1\" \n}\n~~~\n~~~json\n{\n  \"some_random_value\": \"23.0.1\" \n}\n~~~"
    }
}
```

- To test the actual build process it can be initiated through this
specific pipeline
https://buildkite.com/elastic/kibana-migration-pipeline-staging by
creating a custom build on `pull/212674/head` (this pull request) with
the env variable similar to this

```
TESTED_PIPELINE_PATH=.buildkite/pipelines/chromium_linux_build/build_chromium.yml
PUPPETEER_VERSION=24.6.1
GITHUB_ISSUE_NUMBER=212732
GITHUB_ISSUE_BASE_OWNER=elastic
GITHUB_ISSUE_BASE_REPO=kibana
GITHUB_ISSUE_TRIGGER_USER=eokoneyo
```

PS: Issue #212732 is an issue that's been created to test providing
feedback to the user about the build process, re-triggering a build on
an existing issue updates the comments in place.

<!-- ### Where to go from here?

- Ideas and thoughts welcome
-->
<!--
### Checklist

Check the PR satisfies following conditions. 

Reviewers should verify this PR satisfies this list as well.

- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [ ] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

### Identify risks

Does this PR introduce any risks? For example, consider risks like hard
to test bugs, performance regression, potential of data loss.

Describe the risk, its severity, and mitigation for each identified
risk. Invite stakeholders and evaluate how to proceed before merging.

- [ ] [See some risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)
- [ ] ...


-->

---------

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2025-05-06 22:04:08 +02:00
..
linux [Reporting] update puppeteer to version 23.3.1 (#192345) 2024-09-18 22:26:44 +02:00
.gitignore
build.py [On-Week] Automate chromium linux builds for reporting in Kibana (#212674) 2025-05-06 22:04:08 +02:00
build_util.py Puppeteer update v21.5.2 (#172332) 2023-12-05 16:45:51 +01:00
init.py Puppeteer v18.1 (#143485) 2022-10-19 13:52:33 -07:00
README.md Sustainable Kibana Architecture: Move plugins owned by @elastic/appex-sharedux (#204959) 2025-01-03 05:38:57 -06:00

README.md

Chromium build

We ship our own headless build of Chromium which is significantly smaller than the standard binaries shipped by Google. The scripts in this folder can be used to accept a commit hash from the Chromium repository, and initialize the build on Ubuntu Linux.

Why do we do this

By default, Puppeteer will download a zip file containing the Chromium browser for any OS. This creates problems on Linux, because Chromium has a dependency on X11, which is often not installed for a server environment. We don't want to make a requirement for Linux that you need X11 to run Kibana. To work around this, we create our own Chromium build, using the headless_shell build target. There are no (trustworthy) sources of these builds available elsewhere.

Fortunately, creating the custom builds is only necessary for Linux. When you have a build of Kibana for Linux, or if you use a Linux desktop to develop Kibana, you have a copy of headless_shell bundled inside. When you have a Windows or Mac build of Kibana, or use either of those for development, you have a copy of the full build of Chromium, which was downloaded from the main Chromium download location.

Build Script Usage

The system OS requires a few setup steps:

  1. Required packages: bzip2, git, lsb_release, python3
  2. The python command needs to launch Python 3.
  3. Recommended: tmux, as your ssh session may get interrupted

These commands show how to set up an environment to build:

# Allow our scripts to use depot_tools commands
export PATH=$HOME/chromium/depot_tools:$PATH

# Create a dedicated working directory for this directory of Python scripts.
mkdir ~/chromium && cd ~/chromium

# Copy the scripts from the Kibana team's GCS bucket
gsutil cp -r gs://headless_shell_staging/build_chromium .

# Install the OS packages, configure the environment, download the chromium source (25GB)
python ./build_chromium/init.py

# Run the build script with the path to the chromium src directory, the git commit hash
python ./build_chromium/build.py 70f5d88ea95298a18a85c33c98ea00e02358ad75 x64

# Make sure you are using python3, you can state the path explicitly if needed
/usr/bin/python3 ./build_chromium/build.py 67649b10b92bb182fba357831ef7dd6a1baa5648 x64

# OR You can build for ARM
python ./build_chromium/build.py 70f5d88ea95298a18a85c33c98ea00e02358ad75 arm64

NOTE: The init.py script updates git config to make it more possible for the Chromium repo to be cloned successfully. If checking out the Chromium fails with "early EOF" errors, the instance could be low on memory or disk space.

Getting the Commit Hash

If you need to bump the version of Puppeteer, you need to get a new git commit hash for Chromium that corresponds to the Puppeteer version.

node scripts/chromium_version.js [PuppeteerVersion]

When bumping the Puppeteer version, make sure you also update the ChromiumArchivePaths.revision variable in x-pack/platform/plugins/private/reporting/server/browsers/chromium/paths.ts.

In some cases the revision number might not be available for the darwin or windows builds in https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html. For example, 1181205 was not available for darwin arm64 or windows. In that case, the next available revision numbers 1181286 and 1181280 were used.

Build args

A good how-to on building Chromium from source is here.

We have an linux/args.gn file that is automatically copied to the build target directory.

To get a list of the build arguments that are enabled, install depot_tools and run gn args out/headless --list from the chromium/src directory. It prints out all of the flags and their settings, including the defaults. Some build flags are documented here.

NOTE: Please, make sure you consult @elastic/kibana-security before you change, remove or add any of the build flags.

Artifacts

After the build completes, there will be a .zip file and a .md5 file in ~/chromium/chromium/src/out/headless. These are named like so: chromium-{first_7_of_SHA}-{platform}-{arch}, for example: chromium-4747cc2-linux-x64. The zip files and md5 files are copied to a staging bucket in GCP storage.

To publish the built artifacts for bunding in Kibana, copy the files from the headless_shell_staging bucket to the headless_shell bucket.

gsutil cp gs://headless_shell_staging/chromium-67649b1-linux_arm64.md5 gs://headless_shell/
gsutil cp gs://headless_shell_staging/chromium-67649b1-linux_arm64.zip gs://headless_shell/

IMPORTANT: Do not replace builds in the headless_shell bucket that are referenced in an active Kibana branch. CI tests on that branch will fail since the archive checksum no longer matches the original version.

Testing

Search the Puppeteer Github repo for known issues that could affect our use case, and make sure to test anywhere that is affected.

Here's the steps on how to test a Puppeteer upgrade, run these tests on Mac, Windows, Linux x64 and Linux arm64:

  • Make sure the Reporting plugin is fetching the correct version of the browser at start-up time, and that it can successfully unzip it and copy the files to x-pack/platform/plugins/private/reporting/chromium
  • Make sure there are no errors when using the Reporting diagnostic tool
  • All functional and API tests that generate PDF and PNG files should pass.
  • Use a VM to run Kibana in a low-memory environment and try to generate a PNG of a dashboard that outputs as a 4MB file. Document the minimum requirements in the PR.

Testing Chromium upgrades on a Windows Machine

Directions on creating a build of Kibana off an existing PR can be found here: https://www.elastic.co/guide/en/kibana/current/building-kibana.html You will need this build to install on your windows device to test the in progress PR.

The default extractor for Windows might give Path too long errors.

For an elasticsearch cluster to base the latest kibana build with, you can use a snapshot.sh bash script to generate the latest build. Create a file called snapshot.sh and put the following into the file:

runQuery() {
  curl --silent -XGET https://artifacts-api.elastic.co${1}
}
BUILD_HASH=$(runQuery /v1/versions/${VERSION}-SNAPSHOT/builds | jq -r '.builds[0]')
echo "Latest build hash :: $BUILD_HASH"
KBN_DOWNLOAD=$(runQuery /v1/versions/${VERSION}-SNAPSHOT/builds/$BUILD_HASH/projects/elasticsearch/packages/elasticsearch-${VERSION}-SNAPSHOT-windows-x86_64.zip)
echo $KBN_DOWNLOAD | jq -r '.package.url'

In the terminal once you have the snapshot.sh file written run: chmod a+x snapshot.sh to make the file executable Then set the version variable within the script to what you need by typing the following (in this example 8.8.0): VERSION=8.8.0 ./snapshot.sh

In the terminal you should see a web address that will give you a download of elasticsearch.

You may need to disable xpack security in the elasticsearch.yml xpack.security.enabled: false

Make sure nothing is set in the kibana.yml

Run .\bin\elasticsearch.bat in the elasticsearch directory first and then once it's up run .\bin\kibana.bat

Navigate to localhost:5601 and there shouldn't be any prompts to set up security etc. To test PNG reporting, you may need to upload a license. Navigate to https://wiki.elastic.co/display/PM/Internal+License+-+X-Pack+and+Endgame and download the license.json from Internal Licenses.

Navigate to Stack Management in Kibana and you can upload the license.json from internal licenses. You won't need to restart the cluster and should be able to test the Kibana feature as needed at this point.

Resources

The following links provide helpful context about how the Chromium build works, and its prerequisites: