Add demo_apps/go_grpc_tls_pl Dockerfile to ease deprecating Go versions and for offsetgen testing

ddelnano · ddelnano · commit 2117bfaadfb8 · 2025-06-10T16:20:10.000Z
Signed-off-by: Dom Del Nano &lt;ddelnano@gmail.com&gt;
diff --git a/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/BUILD.bazel b/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/BUILD.bazel
@@ -32,9 +32,6 @@ go_library(
     importpath = "px.dev/pixie/src/stirling/testing/demo_apps/go_grpc_tls_pl/server",
     deps = [
         "//src/stirling/testing/demo_apps/go_grpc_tls_pl/server/greetpb:service_pl_go_proto",
-        "@com_github_sirupsen_logrus//:logrus",
-        "@com_github_spf13_pflag//:pflag",
-        "@com_github_spf13_viper//:viper",
         "@org_golang_google_grpc//:grpc",
         "@org_golang_x_net//http2",
         "@org_golang_x_net//http2/h2c",
diff --git a/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/Dockerfile b/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/Dockerfile
@@ -0,0 +1,70 @@
+# Copyright 2018- The Pixie Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+ARG GO_VERSION
+FROM alpine:3.20 AS certs
+
+RUN apk add --no-cache openssl
+
+WORKDIR /tmp/certs
+
+# Generate CA key and cert
+RUN openssl ecparam -genkey -name secp384r1 -out ca.key && \
+    openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 \
+        -subj "/C=US/ST=California/L=San Francisco/O=Pixie Labs Inc./CN=Pixie CA" \
+        -out ca.crt
+
+# Generate server key
+RUN openssl ecparam -genkey -name secp384r1 -out server.key
+
+# Generate server CSR
+RUN openssl req -new -key server.key \
+        -subj "/C=US/ST=California/L=San Francisco/O=Pixie Labs Inc./CN=127.0.0.1" \
+        -out server.csr
+
+# Create server cert config with SAN and extensions
+RUN echo "subjectAltName=IP:127.0.0.1" > server.ext && \
+    echo "basicConstraints=CA:FALSE" >> server.ext && \
+    echo "keyUsage = digitalSignature, keyEncipherment" >> server.ext && \
+    echo "extendedKeyUsage = serverAuth" >> server.ext
+
+# Sign server CSR with CA
+RUN openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial \
+        -out server.crt -days 365 -sha256 -extfile server.ext
+
+FROM golang:${GO_VERSION}-alpine as build
+
+ARG GOOGLE_GOLANG_GRPC
+
+WORKDIR /app
+
+# Copy source and build
+COPY server.go .
+COPY greetpb greetpb
+RUN go mod init px.dev/pixie/src/stirling/testing/demo_apps/go_grpc_tls_pl/server && \
+    go get google.golang.org/grpc@${GOOGLE_GOLANG_GRPC} && \
+    go get github.com/gogo/protobuf/proto && \
+    go mod tidy
+RUN CGO_ENABLED=0 go build -o server .
+
+FROM scratch
+COPY --from=certs /tmp/certs/ca.crt /etc/ssl/ca.crt
+COPY --from=certs /tmp/certs/server.crt /etc/ssl/server.crt
+COPY --from=certs /tmp/certs/server.key /etc/ssl/server.key
+COPY --from=build /app/server /app/server
+
+ENTRYPOINT ["/app/server"]
+CMD ["--server_tls_cert", "/etc/ssl/server.crt", "--server_tls_key", "/etc/ssl/server.key", "--tls_ca_cert", "/etc/ssl/ca.crt"]
diff --git a/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/README.md b/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/README.md
diff --git a/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/server.go b/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/server.go
@@ -22,16 +22,15 @@ import (
 	"context"
 	"crypto/tls"
 	"crypto/x509"
+	"flag"
+	"log"
 	"net"
 	"net/http"
 	"os"
 	"os/signal"
 	"syscall"
 	"time"
 
-	log "github.com/sirupsen/logrus"
-	"github.com/spf13/pflag"
-	"github.com/spf13/viper"
 	"golang.org/x/net/http2"
 	"golang.org/x/net/http2/h2c"
 	"google.golang.org/grpc"
@@ -52,21 +51,20 @@ func (s *Server) SayHello(ctx context.Context, in *greetpb.HelloRequest) (*greet
 }
 
 func main() {
-	pflag.String("server_tls_cert", "", "Path to server.crt")
-	pflag.String("server_tls_key", "", "Path to server.key")
-	pflag.String("tls_ca_cert", "", "Path to ca.crt")
-	pflag.Parse()
-	viper.BindPFlags(pflag.CommandLine)
+	serverCert := flag.String("server_tls_cert", "", "Path to server.crt")
+	serverKey := flag.String("server_tls_key", "", "Path to server.key")
+	caCert := flag.String("tls_ca_cert", "", "Path to ca.crt")
+	flag.Parse()
 
-	pair, err := tls.LoadX509KeyPair(viper.GetString("server_tls_cert"), viper.GetString("server_tls_key"))
+	pair, err := tls.LoadX509KeyPair(*serverCert, *serverKey)
 	if err != nil {
-		log.WithError(err).Fatal("failed to load keys")
+		log.Fatalf("failed to load keys: %v", err)
 	}
 
 	certPool := x509.NewCertPool()
-	ca, err := os.ReadFile(viper.GetString("tls_ca_cert"))
+	ca, err := os.ReadFile(*caCert)
 	if err != nil {
-		log.WithError(err).Fatal("failed to read CA cert")
+		log.Fatalf("failed to read CA cert: %v", err)
 	}
 
 	if ok := certPool.AppendCertsFromPEM(ca); !ok {
@@ -114,6 +112,6 @@ func main() {
 	defer cancel()
 	err = httpServer.Shutdown(ctx)
 	if err != nil {
-		log.WithError(err).Error("http2 server Shutdown() failed")
+		log.Fatal("http2 server Shutdown() failed")
 	}
 }
diff --git a/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/update_ghcr.sh b/src/stirling/testing/demo_apps/go_grpc_tls_pl/server/update_ghcr.sh
@@ -0,0 +1,46 @@
+#!/bin/bash -e
+
+# Copyright 2018- The Pixie Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+declare -A GO_VERSIONS=(
+  ["1.18"]="v1.57.2"
+  ["1.19"]="v1.58.3"
+  ["1.20"]="v1.58.3"
+  ["1.21"]="v1.58.3"
+  ["1.22"]="v1.58.3"
+)
+version=1.0
+
+IMAGES=()
+
+for go_version in "${!GO_VERSIONS[@]}"; do
+  tag="ghcr.io/pixie-io/golang_${go_version//./_}_grpc_server_with_buildinfo:$version"
+  google_golang_grpc=${GO_VERSIONS[$go_version]}
+  echo "Building and pushing image: $tag"
+  docker build . --build-arg GO_VERSION="${go_version}" --build-arg GOOGLE_GOLANG_GRPC="${google_golang_grpc}" -t "${tag}"
+  docker push "${tag}"
+  sha=$(docker inspect --format='{{index .RepoDigests 0}}' "${tag}" | cut -f2 -d'@')
+  IMAGES+=("${tag}@${sha}")
+done
+
+echo ""
+echo "Images pushed!"
+echo "IMPORTANT: Now update //bazel/container_images.bzl with the following digest: $sha"
+echo "Images:"
+for image in "${IMAGES[@]}"; do
+  echo "  - $image"
+done
