From 9b3a0b7d4a79bb0258fceda36038708188b88c02 Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Tue, 10 Jun 2025 14:51:05 +0000 Subject: [PATCH 1/7] Add demo_apps/go_https Dockerfile to ease deprecating Go versions and for offsetgen testing Signed-off-by: Dom Del Nano --- .../demo_apps/go_https/server/BUILD.bazel | 3 +- .../demo_apps/go_https/server/Dockerfile | 52 +++++++++++++++++++ .../demo_apps/go_https/server/README.md | 9 ++++ .../demo_apps/go_https/server/https_server.go | 18 ++++--- .../demo_apps/go_https/server/update_ghcr.sh | 46 ++++++++++++++++ 5 files changed, 118 insertions(+), 10 deletions(-) create mode 100644 src/stirling/testing/demo_apps/go_https/server/Dockerfile create mode 100644 src/stirling/testing/demo_apps/go_https/server/README.md create mode 100755 src/stirling/testing/demo_apps/go_https/server/update_ghcr.sh diff --git a/src/stirling/testing/demo_apps/go_https/server/BUILD.bazel b/src/stirling/testing/demo_apps/go_https/server/BUILD.bazel index ef80da551b8..b7950ec5070 100644 --- a/src/stirling/testing/demo_apps/go_https/server/BUILD.bazel +++ b/src/stirling/testing/demo_apps/go_https/server/BUILD.bazel @@ -25,8 +25,7 @@ go_library( srcs = ["https_server.go"], importpath = "px.dev/pixie/src/stirling/testing/demo_apps/go_https/server", deps = [ - "@com_github_spf13_pflag//:pflag", - "@com_github_spf13_viper//:viper", + "@org_golang_x_net//http2", ], ) diff --git a/src/stirling/testing/demo_apps/go_https/server/Dockerfile b/src/stirling/testing/demo_apps/go_https/server/Dockerfile new file mode 100644 index 00000000000..c251c87e01b --- /dev/null +++ b/src/stirling/testing/demo_apps/go_https/server/Dockerfile @@ -0,0 +1,52 @@ +# Copyright 2018- The Pixie Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +ARG GO_VERSION +FROM alpine:3.20 AS certs + +RUN apk add --no-cache openssl + +WORKDIR /tmp/certs + +# Generate private key +RUN openssl ecparam -genkey -name secp384r1 -out server.key && \ + openssl req -new -x509 -sha256 \ + -key server.key \ + -subj "/C=US/ST=California/L=San Francisco/O=Pixie Labs Inc./CN=127.0.0.1:50101" \ + -out server.crt \ + -days 365 + +# Stage 2: Build Go app and include certs +FROM golang:${GO_VERSION}-alpine as build + +ARG GOLANG_X_NET + +WORKDIR /app + +# Copy source and build +COPY https_server.go . +RUN go mod init https_server && \ + go get golang.org/x/net@${GOLANG_X_NET} && \ + go mod tidy +RUN CGO_ENABLED=0 go build -o https_server . + +FROM scratch +COPY --from=build /app /app +COPY --from=certs /tmp/certs/server.crt /etc/ssl/server.crt +COPY --from=certs /tmp/certs/server.key /etc/ssl/server.key + +ENTRYPOINT ["/app/https_server"] +CMD ["--cert", "/etc/ssl/server.crt", "--key", "/etc/ssl/server.key"] diff --git a/src/stirling/testing/demo_apps/go_https/server/README.md b/src/stirling/testing/demo_apps/go_https/server/README.md new file mode 100644 index 00000000000..37fd271a12d --- /dev/null +++ b/src/stirling/testing/demo_apps/go_https/server/README.md @@ -0,0 +1,9 @@ +# Go HTTPS server for testing Go TLS tracing + +This directory contains a Go HTTPS server for testing Pixie's Go TLS tracing capabilities. This application is built through bazel and by the `update_ghcr.sh` script contained in this directory. The reason for this is that as Go versions fall out of support, maintaining these in our bazel build hinders our ability to upgrade our go deps and to upgrade Pixie's Go version. + +In addition to this, Pixie's upcoming opentelemetry-go-instrumentation offsetgen based tracing requires building binaries with Go's toolchain until https://github.com/bazel-contrib/rules_go/issues/3090 is resolved. + +As new Go versions are released, the out of support versions should be removed from bazel and added to the `update_ghcr.sh` script in this directory. This will allow our builds to maintain test coverage for older Go versions without complicating our ability to upgrade Pixie's Go version and dependencies. + +Run `update_ghcr.sh` in this directory to push the images for each Go version to the ghcr.io repo. diff --git a/src/stirling/testing/demo_apps/go_https/server/https_server.go b/src/stirling/testing/demo_apps/go_https/server/https_server.go index 05f610edb3f..2cb8564d327 100644 --- a/src/stirling/testing/demo_apps/go_https/server/https_server.go +++ b/src/stirling/testing/demo_apps/go_https/server/https_server.go @@ -19,13 +19,13 @@ package main import ( + "flag" "fmt" "io" "log" "net/http" - "github.com/spf13/pflag" - "github.com/spf13/viper" + "golang.org/x/net/http2" ) const ( @@ -33,6 +33,10 @@ const ( httpsPort = 50101 ) +// Import the http2 package to ensure golang.org/x/net exists within the binary's +// buildinfo. +var s http2.Server //nolint:unused + func basicHandler(w http.ResponseWriter, r *http.Request) { w.Header().Add("Content-Type", "application/json") _, err := io.WriteString(w, `{"status":"ok"}`) @@ -58,14 +62,12 @@ func listenAndServe(port int) { } func main() { - pflag.String("cert", "", "Path to the .crt file.") - pflag.String("key", "", "Path to the .key file.") - pflag.Parse() - - viper.BindPFlags(pflag.CommandLine) + certPath := flag.String("cert", "", "Path to the .crt file.") + keyPath := flag.String("key", "", "Path to the .key file.") + flag.Parse() http.HandleFunc("/", basicHandler) - go listenAndServeTLS(httpsPort, viper.GetString("cert"), viper.GetString("key")) + go listenAndServeTLS(httpsPort, *certPath, *keyPath) listenAndServe(httpPort) } diff --git a/src/stirling/testing/demo_apps/go_https/server/update_ghcr.sh b/src/stirling/testing/demo_apps/go_https/server/update_ghcr.sh new file mode 100755 index 00000000000..8c1f82a1267 --- /dev/null +++ b/src/stirling/testing/demo_apps/go_https/server/update_ghcr.sh @@ -0,0 +1,46 @@ +#!/bin/bash -e + +# Copyright 2018- The Pixie Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +declare -A GO_VERSIONS=( + ["1.18"]="v0.35.0" + ["1.19"]="v0.35.0" + ["1.20"]="v0.35.0" + ["1.21"]="v0.35.0" + ["1.22"]="v0.35.0" +) +version=1.0 + +IMAGES=() + +for go_version in "${!GO_VERSIONS[@]}"; do + tag="ghcr.io/pixie-io/golang_${go_version//./_}_https_server_with_buildinfo:$version" + x_net_version=${GO_VERSIONS[$go_version]} + echo "Building and pushing image: $tag" + docker build . --build-arg GO_VERSION="${go_version}" --build-arg GOLANG_X_NET="${x_net_version}" -t "${tag}" + docker push "${tag}" + sha=$(docker inspect --format='{{index .RepoDigests 0}}' "${tag}" | cut -f2 -d'@') + IMAGES+=("${tag}@${sha}") +done + +echo "" +echo "Images pushed!" +echo "IMPORTANT: Now update //bazel/container_images.bzl with the following digest: $sha" +echo "Images:" +for image in "${IMAGES[@]}"; do + echo " - $image" +done From f7355b649e167ba418dd961d9dbce3d2cad8efea Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Tue, 10 Jun 2025 15:29:49 +0000 Subject: [PATCH 2/7] Add demo_apps/go_grpc_tls_pl Dockerfile to ease deprecating Go versions and for offsetgen testing Signed-off-by: Dom Del Nano --- .../go_grpc_tls_pl/server/BUILD.bazel | 3 - .../go_grpc_tls_pl/server/Dockerfile | 70 +++++++++++++++++++ .../demo_apps/go_grpc_tls_pl/server/README.md | 9 +++ .../demo_apps/go_grpc_tls_pl/server/server.go | 24 +++---- .../go_grpc_tls_pl/server/update_ghcr.sh | 46 ++++++++++++ 5 files changed, 136 insertions(+), 16 deletions(-) create mode 100644 src/stirling/testing/demo_apps/go_grpc_tls_pl/server/Dockerfile create mode 100644 src/stirling/testing/demo_apps/go_grpc_tls_pl/server/README.md create mode 100755 src/stirling/testing/demo_apps/go_grpc_tls_pl/server/update_ghcr.sh diff --git a/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/BUILD.bazel b/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/BUILD.bazel index f9dc54b792c..e94f9fea0da 100644 --- a/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/BUILD.bazel +++ b/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/BUILD.bazel @@ -32,9 +32,6 @@ go_library( importpath = "px.dev/pixie/src/stirling/testing/demo_apps/go_grpc_tls_pl/server", deps = [ "//src/stirling/testing/demo_apps/go_grpc_tls_pl/server/greetpb:service_pl_go_proto", - "@com_github_sirupsen_logrus//:logrus", - "@com_github_spf13_pflag//:pflag", - "@com_github_spf13_viper//:viper", "@org_golang_google_grpc//:grpc", "@org_golang_x_net//http2", "@org_golang_x_net//http2/h2c", diff --git a/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/Dockerfile b/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/Dockerfile new file mode 100644 index 00000000000..e71b22113e4 --- /dev/null +++ b/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/Dockerfile @@ -0,0 +1,70 @@ +# Copyright 2018- The Pixie Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +ARG GO_VERSION +FROM alpine:3.20 AS certs + +RUN apk add --no-cache openssl + +WORKDIR /tmp/certs + +# Generate CA key and cert +RUN openssl ecparam -genkey -name secp384r1 -out ca.key && \ + openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 \ + -subj "/C=US/ST=California/L=San Francisco/O=Pixie Labs Inc./CN=Pixie CA" \ + -out ca.crt + +# Generate server key +RUN openssl ecparam -genkey -name secp384r1 -out server.key + +# Generate server CSR +RUN openssl req -new -key server.key \ + -subj "/C=US/ST=California/L=San Francisco/O=Pixie Labs Inc./CN=127.0.0.1" \ + -out server.csr + +# Create server cert config with SAN and extensions +RUN echo "subjectAltName=IP:127.0.0.1" > server.ext && \ + echo "basicConstraints=CA:FALSE" >> server.ext && \ + echo "keyUsage = digitalSignature, keyEncipherment" >> server.ext && \ + echo "extendedKeyUsage = serverAuth" >> server.ext + +# Sign server CSR with CA +RUN openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial \ + -out server.crt -days 365 -sha256 -extfile server.ext + +FROM golang:${GO_VERSION}-alpine as build + +ARG GOOGLE_GOLANG_GRPC + +WORKDIR /app + +# Copy source and build +COPY server.go . +COPY greetpb greetpb +RUN go mod init px.dev/pixie/src/stirling/testing/demo_apps/go_grpc_tls_pl/server && \ + go get google.golang.org/grpc@${GOOGLE_GOLANG_GRPC} && \ + go get github.com/gogo/protobuf/proto && \ + go mod tidy +RUN CGO_ENABLED=0 go build -o server . + +FROM scratch +COPY --from=certs /tmp/certs/ca.crt /etc/ssl/ca.crt +COPY --from=certs /tmp/certs/server.crt /etc/ssl/server.crt +COPY --from=certs /tmp/certs/server.key /etc/ssl/server.key +COPY --from=build /app/server /app/server + +ENTRYPOINT ["/app/server"] +CMD ["--server_tls_cert", "/etc/ssl/server.crt", "--server_tls_key", "/etc/ssl/server.key", "--tls_ca_cert", "/etc/ssl/ca.crt"] diff --git a/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/README.md b/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/README.md new file mode 100644 index 00000000000..aad9f80d0ea --- /dev/null +++ b/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/README.md @@ -0,0 +1,9 @@ +# Go GRPC and HTTP2 server for testing HTTP2/GRPC traicing + +This directory contains a Go grpc and http2 server for testing Pixie's Go http2 and grpc tracing. This application is built through bazel and by the `update_ghcr.sh` script contained in this directory. The reason for this is that as Go versions fall out of support, maintaining these in our bazel build hinders our ability to upgrade our go deps and to upgrade Pixie's Go version. + +In addition to this, Pixie's upcoming opentelemetry-go-instrumentation offsetgen based tracing requires building binaries with Go's toolchain until https://github.com/bazel-contrib/rules_go/issues/3090 is resolved. + +As new Go versions are released, the out of support versions should be removed from bazel and added to the `update_ghcr.sh` script in this directory. This will allow our builds to maintain test coverage for older Go versions without complicating our ability to upgrade Pixie's Go version and dependencies. + +Run `update_ghcr.sh` in this directory to push the images for each Go version to the ghcr.io repo. diff --git a/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/server.go b/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/server.go index b24d95f77d8..2a42c7b980f 100644 --- a/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/server.go +++ b/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/server.go @@ -22,6 +22,8 @@ import ( "context" "crypto/tls" "crypto/x509" + "flag" + "log" "net" "net/http" "os" @@ -29,9 +31,6 @@ import ( "syscall" "time" - log "github.com/sirupsen/logrus" - "github.com/spf13/pflag" - "github.com/spf13/viper" "golang.org/x/net/http2" "golang.org/x/net/http2/h2c" "google.golang.org/grpc" @@ -52,21 +51,20 @@ func (s *Server) SayHello(ctx context.Context, in *greetpb.HelloRequest) (*greet } func main() { - pflag.String("server_tls_cert", "", "Path to server.crt") - pflag.String("server_tls_key", "", "Path to server.key") - pflag.String("tls_ca_cert", "", "Path to ca.crt") - pflag.Parse() - viper.BindPFlags(pflag.CommandLine) + serverCert := flag.String("server_tls_cert", "", "Path to server.crt") + serverKey := flag.String("server_tls_key", "", "Path to server.key") + caCert := flag.String("tls_ca_cert", "", "Path to ca.crt") + flag.Parse() - pair, err := tls.LoadX509KeyPair(viper.GetString("server_tls_cert"), viper.GetString("server_tls_key")) + pair, err := tls.LoadX509KeyPair(*serverCert, *serverKey) if err != nil { - log.WithError(err).Fatal("failed to load keys") + log.Fatalf("failed to load keys: %v", err) } certPool := x509.NewCertPool() - ca, err := os.ReadFile(viper.GetString("tls_ca_cert")) + ca, err := os.ReadFile(*caCert) if err != nil { - log.WithError(err).Fatal("failed to read CA cert") + log.Fatalf("failed to read CA cert: %v", err) } if ok := certPool.AppendCertsFromPEM(ca); !ok { @@ -114,6 +112,6 @@ func main() { defer cancel() err = httpServer.Shutdown(ctx) if err != nil { - log.WithError(err).Error("http2 server Shutdown() failed") + log.Fatal("http2 server Shutdown() failed") } } diff --git a/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/update_ghcr.sh b/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/update_ghcr.sh new file mode 100755 index 00000000000..31b811f8eb0 --- /dev/null +++ b/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/update_ghcr.sh @@ -0,0 +1,46 @@ +#!/bin/bash -e + +# Copyright 2018- The Pixie Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +declare -A GO_VERSIONS=( + ["1.18"]="v1.57.2" + ["1.19"]="v1.58.3" + ["1.20"]="v1.58.3" + ["1.21"]="v1.58.3" + ["1.22"]="v1.58.3" +) +version=1.0 + +IMAGES=() + +for go_version in "${!GO_VERSIONS[@]}"; do + tag="ghcr.io/pixie-io/golang_${go_version//./_}_grpc_server_with_buildinfo:$version" + google_golang_grpc=${GO_VERSIONS[$go_version]} + echo "Building and pushing image: $tag" + docker build . --build-arg GO_VERSION="${go_version}" --build-arg GOOGLE_GOLANG_GRPC="${google_golang_grpc}" -t "${tag}" + docker push "${tag}" + sha=$(docker inspect --format='{{index .RepoDigests 0}}' "${tag}" | cut -f2 -d'@') + IMAGES+=("${tag}@${sha}") +done + +echo "" +echo "Images pushed!" +echo "IMPORTANT: Now update //bazel/container_images.bzl with the following digest: $sha" +echo "Images:" +for image in "${IMAGES[@]}"; do + echo " - $image" +done From 5bef8fa45112d82803a93b5c152b4d84d5d74455 Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Mon, 16 Jun 2025 13:37:06 +0000 Subject: [PATCH 3/7] Pin the alpine image's sha Signed-off-by: Dom Del Nano --- src/stirling/testing/demo_apps/go_grpc_tls_pl/server/Dockerfile | 2 +- src/stirling/testing/demo_apps/go_https/server/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/Dockerfile b/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/Dockerfile index e71b22113e4..87f934fbefd 100644 --- a/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/Dockerfile +++ b/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/Dockerfile @@ -15,7 +15,7 @@ # SPDX-License-Identifier: Apache-2.0 ARG GO_VERSION -FROM alpine:3.20 AS certs +FROM alpine:3.20@sha256:de4fe7064d8f98419ea6b49190df1abbf43450c1702eeb864fe9ced453c1cc5f AS certs RUN apk add --no-cache openssl diff --git a/src/stirling/testing/demo_apps/go_https/server/Dockerfile b/src/stirling/testing/demo_apps/go_https/server/Dockerfile index c251c87e01b..e95cabcae45 100644 --- a/src/stirling/testing/demo_apps/go_https/server/Dockerfile +++ b/src/stirling/testing/demo_apps/go_https/server/Dockerfile @@ -15,7 +15,7 @@ # SPDX-License-Identifier: Apache-2.0 ARG GO_VERSION -FROM alpine:3.20 AS certs +FROM alpine:3.20@sha256:de4fe7064d8f98419ea6b49190df1abbf43450c1702eeb864fe9ced453c1cc5f AS certs RUN apk add --no-cache openssl From e57243c2318d344675fbd920ce2cf7896be37f90 Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Mon, 16 Jun 2025 13:49:01 +0000 Subject: [PATCH 4/7] Pin Golang build image shas Signed-off-by: Dom Del Nano --- .../go_grpc_tls_pl/server/Dockerfile | 4 ++-- .../go_grpc_tls_pl/server/update_ghcr.sh | 20 +++++++++---------- .../demo_apps/go_https/server/Dockerfile | 4 ++-- .../demo_apps/go_https/server/update_ghcr.sh | 20 +++++++++---------- 4 files changed, 24 insertions(+), 24 deletions(-) diff --git a/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/Dockerfile b/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/Dockerfile index 87f934fbefd..1cf04a32b19 100644 --- a/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/Dockerfile +++ b/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/Dockerfile @@ -14,7 +14,7 @@ # # SPDX-License-Identifier: Apache-2.0 -ARG GO_VERSION +ARG GO_IMAGE_DIGEST FROM alpine:3.20@sha256:de4fe7064d8f98419ea6b49190df1abbf43450c1702eeb864fe9ced453c1cc5f AS certs RUN apk add --no-cache openssl @@ -45,7 +45,7 @@ RUN echo "subjectAltName=IP:127.0.0.1" > server.ext && \ RUN openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial \ -out server.crt -days 365 -sha256 -extfile server.ext -FROM golang:${GO_VERSION}-alpine as build +FROM golang:${GO_IMAGE_DIGEST} as build ARG GOOGLE_GOLANG_GRPC diff --git a/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/update_ghcr.sh b/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/update_ghcr.sh index 31b811f8eb0..7db0818bc12 100755 --- a/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/update_ghcr.sh +++ b/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/update_ghcr.sh @@ -16,22 +16,22 @@ # # SPDX-License-Identifier: Apache-2.0 -declare -A GO_VERSIONS=( - ["1.18"]="v1.57.2" - ["1.19"]="v1.58.3" - ["1.20"]="v1.58.3" - ["1.21"]="v1.58.3" - ["1.22"]="v1.58.3" +declare -A GO_IMAGE_DIGEST_MAP=( + ["1.18-alpine@sha256:77f25981bd57e60a510165f3be89c901aec90453fd0f1c5a45691f6cb1528807"]="v1.57.2" + ["1.19-alpine@sha256:0ec0646e208ea58e5d29e558e39f2e59fccf39b7bda306cb53bbaff91919eca5"]="v1.58.3" + ["1.20-alpine@sha256:e47f121850f4e276b2b210c56df3fda9191278dd84a3a442bfe0b09934462a8f"]="v1.58.3" + ["1.21-alpine@sha256:2414035b086e3c42b99654c8b26e6f5b1b1598080d65fd03c7f499552ff4dc94"]="v1.58.3" + ["1.22-alpine@sha256:1699c10032ca2582ec89a24a1312d986a3f094aed3d5c1147b19880afe40e052"]="v1.58.3" ) version=1.0 IMAGES=() -for go_version in "${!GO_VERSIONS[@]}"; do - tag="ghcr.io/pixie-io/golang_${go_version//./_}_grpc_server_with_buildinfo:$version" - google_golang_grpc=${GO_VERSIONS[$go_version]} +for go_image_digest in "${!GO_IMAGE_DIGEST_MAP[@]}"; do + tag="ghcr.io/pixie-io/golang_${go_image_digest//./_}_grpc_server_with_buildinfo:$version" + google_golang_grpc=${GO_IMAGE_DIGEST_MAP[$go_image_digest]} echo "Building and pushing image: $tag" - docker build . --build-arg GO_VERSION="${go_version}" --build-arg GOOGLE_GOLANG_GRPC="${google_golang_grpc}" -t "${tag}" + docker build . --build-arg GO_IMAGE_DIGEST="${go_image_digest}" --build-arg GOOGLE_GOLANG_GRPC="${google_golang_grpc}" -t "${tag}" docker push "${tag}" sha=$(docker inspect --format='{{index .RepoDigests 0}}' "${tag}" | cut -f2 -d'@') IMAGES+=("${tag}@${sha}") diff --git a/src/stirling/testing/demo_apps/go_https/server/Dockerfile b/src/stirling/testing/demo_apps/go_https/server/Dockerfile index e95cabcae45..4c65de9a813 100644 --- a/src/stirling/testing/demo_apps/go_https/server/Dockerfile +++ b/src/stirling/testing/demo_apps/go_https/server/Dockerfile @@ -14,7 +14,7 @@ # # SPDX-License-Identifier: Apache-2.0 -ARG GO_VERSION +ARG GO_IMAGE_DIGEST FROM alpine:3.20@sha256:de4fe7064d8f98419ea6b49190df1abbf43450c1702eeb864fe9ced453c1cc5f AS certs RUN apk add --no-cache openssl @@ -30,7 +30,7 @@ RUN openssl ecparam -genkey -name secp384r1 -out server.key && \ -days 365 # Stage 2: Build Go app and include certs -FROM golang:${GO_VERSION}-alpine as build +FROM golang:${GO_IMAGE_DIGEST} as build ARG GOLANG_X_NET diff --git a/src/stirling/testing/demo_apps/go_https/server/update_ghcr.sh b/src/stirling/testing/demo_apps/go_https/server/update_ghcr.sh index 8c1f82a1267..a8289fd8921 100755 --- a/src/stirling/testing/demo_apps/go_https/server/update_ghcr.sh +++ b/src/stirling/testing/demo_apps/go_https/server/update_ghcr.sh @@ -16,22 +16,22 @@ # # SPDX-License-Identifier: Apache-2.0 -declare -A GO_VERSIONS=( - ["1.18"]="v0.35.0" - ["1.19"]="v0.35.0" - ["1.20"]="v0.35.0" - ["1.21"]="v0.35.0" - ["1.22"]="v0.35.0" +declare -A GO_IMAGE_DIGEST_MAP=( + ["1.18-alpine@sha256:77f25981bd57e60a510165f3be89c901aec90453fd0f1c5a45691f6cb1528807"]="v0.35.0" + ["1.19-alpine@sha256:0ec0646e208ea58e5d29e558e39f2e59fccf39b7bda306cb53bbaff91919eca5"]="v0.35.0" + ["1.20-alpine@sha256:e47f121850f4e276b2b210c56df3fda9191278dd84a3a442bfe0b09934462a8f"]="v0.35.0" + ["1.21-alpine@sha256:2414035b086e3c42b99654c8b26e6f5b1b1598080d65fd03c7f499552ff4dc94"]="v0.35.0" + ["1.22-alpine@sha256:1699c10032ca2582ec89a24a1312d986a3f094aed3d5c1147b19880afe40e052"]="v0.35.0" ) version=1.0 IMAGES=() -for go_version in "${!GO_VERSIONS[@]}"; do - tag="ghcr.io/pixie-io/golang_${go_version//./_}_https_server_with_buildinfo:$version" - x_net_version=${GO_VERSIONS[$go_version]} +for go_image_digest in "${!GO_IMAGE_DIGEST_MAP[@]}"; do + tag="ghcr.io/pixie-io/golang_${go_image_digest//./_}_https_server_with_buildinfo:$version" + x_net_version=${GO_IMAGE_DIGEST_MAP[$go_image_digest]} echo "Building and pushing image: $tag" - docker build . --build-arg GO_VERSION="${go_version}" --build-arg GOLANG_X_NET="${x_net_version}" -t "${tag}" + docker build . --build-arg GO_IMAGE_DIGEST="${go_image_digest}" --build-arg GOLANG_X_NET="${x_net_version}" -t "${tag}" docker push "${tag}" sha=$(docker inspect --format='{{index .RepoDigests 0}}' "${tag}" | cut -f2 -d'@') IMAGES+=("${tag}@${sha}") From caafc3102806549da4eebfd84060818bb868d33b Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Mon, 23 Jun 2025 17:28:03 +0000 Subject: [PATCH 5/7] Remove forced golang.org/x/net import as it's unnecessary Signed-off-by: Dom Del Nano --- .../testing/demo_apps/go_https/server/https_server.go | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/stirling/testing/demo_apps/go_https/server/https_server.go b/src/stirling/testing/demo_apps/go_https/server/https_server.go index 2cb8564d327..12b523a0280 100644 --- a/src/stirling/testing/demo_apps/go_https/server/https_server.go +++ b/src/stirling/testing/demo_apps/go_https/server/https_server.go @@ -24,8 +24,6 @@ import ( "io" "log" "net/http" - - "golang.org/x/net/http2" ) const ( @@ -33,10 +31,6 @@ const ( httpsPort = 50101 ) -// Import the http2 package to ensure golang.org/x/net exists within the binary's -// buildinfo. -var s http2.Server //nolint:unused - func basicHandler(w http.ResponseWriter, r *http.Request) { w.Header().Add("Content-Type", "application/json") _, err := io.WriteString(w, `{"status":"ok"}`) From 108608237dc7331958b0503c5e36d08cb800fa1c Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Mon, 23 Jun 2025 17:49:07 +0000 Subject: [PATCH 6/7] Fix minor issue from update_ghcr.sh refactoring Signed-off-by: Dom Del Nano --- .../testing/demo_apps/go_grpc_tls_pl/server/update_ghcr.sh | 3 ++- src/stirling/testing/demo_apps/go_https/server/update_ghcr.sh | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/update_ghcr.sh b/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/update_ghcr.sh index 7db0818bc12..22226079b59 100755 --- a/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/update_ghcr.sh +++ b/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/update_ghcr.sh @@ -28,7 +28,8 @@ version=1.0 IMAGES=() for go_image_digest in "${!GO_IMAGE_DIGEST_MAP[@]}"; do - tag="ghcr.io/pixie-io/golang_${go_image_digest//./_}_grpc_server_with_buildinfo:$version" + go_version=${go_image_digest%%-*} + tag="ghcr.io/pixie-io/golang_${go_version//./_}_grpc_server_with_buildinfo:$version" google_golang_grpc=${GO_IMAGE_DIGEST_MAP[$go_image_digest]} echo "Building and pushing image: $tag" docker build . --build-arg GO_IMAGE_DIGEST="${go_image_digest}" --build-arg GOOGLE_GOLANG_GRPC="${google_golang_grpc}" -t "${tag}" diff --git a/src/stirling/testing/demo_apps/go_https/server/update_ghcr.sh b/src/stirling/testing/demo_apps/go_https/server/update_ghcr.sh index a8289fd8921..1e7ed5385d7 100755 --- a/src/stirling/testing/demo_apps/go_https/server/update_ghcr.sh +++ b/src/stirling/testing/demo_apps/go_https/server/update_ghcr.sh @@ -28,7 +28,8 @@ version=1.0 IMAGES=() for go_image_digest in "${!GO_IMAGE_DIGEST_MAP[@]}"; do - tag="ghcr.io/pixie-io/golang_${go_image_digest//./_}_https_server_with_buildinfo:$version" + go_version=${go_image_digest%%-*} + tag="ghcr.io/pixie-io/golang_${go_version//./_}_https_server_with_buildinfo:$version" x_net_version=${GO_IMAGE_DIGEST_MAP[$go_image_digest]} echo "Building and pushing image: $tag" docker build . --build-arg GO_IMAGE_DIGEST="${go_image_digest}" --build-arg GOLANG_X_NET="${x_net_version}" -t "${tag}" From e40a0f1c391ceed2c37bdc899cd96dd188373681 Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Mon, 23 Jun 2025 19:24:18 +0000 Subject: [PATCH 7/7] Fix linting Signed-off-by: Dom Del Nano --- src/stirling/testing/demo_apps/go_https/server/BUILD.bazel | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/stirling/testing/demo_apps/go_https/server/BUILD.bazel b/src/stirling/testing/demo_apps/go_https/server/BUILD.bazel index b7950ec5070..87a11207ca1 100644 --- a/src/stirling/testing/demo_apps/go_https/server/BUILD.bazel +++ b/src/stirling/testing/demo_apps/go_https/server/BUILD.bazel @@ -24,9 +24,6 @@ go_library( name = "server_lib", srcs = ["https_server.go"], importpath = "px.dev/pixie/src/stirling/testing/demo_apps/go_https/server", - deps = [ - "@org_golang_x_net//http2", - ], ) genrule(