This is an automated email from the ASF dual-hosted git repository. wu-sheng pushed a commit to branch fix/e2e-cve-fixtures in repository https://gitbox.apache.org/repos/asf/skywalking.git
commit d64ed0bacaae7081064a9e95c73472ed05db72f8 Author: Wu Sheng <[email protected]> AuthorDate: Thu Jun 18 14:05:17 2026 +0800 Modernize Go e2e fixtures to clear Go CVE alerts (grpc/x-net/x-crypto/protobuf) The go/service and profiling/ebpf/network fixtures pinned vulnerable grpc/golang.org-x/protobuf versions whose patched releases require Go >= 1.23. go/service (skywalking-go agent fixture): - go.mod: go 1.24; x/crypto 0.46, x/net 0.48, grpc 1.79.3, protobuf 1.36.10 - Dockerfile base image -go1.19 -> -go1.24 - script/env: SW_AGENT_GO_COMMIT -> 19a9fa9 (the skywalking-go commit that ships the go1.24 images; the older go1.19 images were dropped). All 5 shared go cases (go/service, profiling/trace/go, pprof/{mysql,es,banyandb}) build from this one Dockerfile, so they all move to go1.24. profiling/ebpf/network: migrate the service off the legacy go2sky SDK to the skywalking-go toolchain agent (auto-instruments net/http server+client): - service.go: drop go2sky manual tracer/exit-span; blank-import skywalking-go - go.mod: skywalking-go deps (go2sky removed); grpc 1.79.3, protobuf 1.36.10, x/net 0.48 - Dockerfile.service: golang:1.17 -> skywalking-go -go1.24 -toolexec build - service.yaml: OAP_BACKEND_ADDR -> SW_AGENT_NAME + SW_AGENT_REPORTER_GRPC_BACKEND_SERVICE - expected/skywalking-trace.yml: app exit span is now auto-instrumented (GET:/provider, GoHttpClient, layer Http, peer proxy, http tags, spanid 1/parent 0), derived from the skywalking-go net/http plugin. The eBPF sampled-record name (skywalking-<path>) is network-derived and unchanged, so the verify query and the 4xx/5xx expectations are untouched. Validated locally for compile + toolexec instrumentation; the eBPF trace assertion is validated by the kind/rover CI. --- test/e2e-v2/cases/go/service/Dockerfile | 2 +- test/e2e-v2/cases/go/service/go.mod | 20 ++++++------- .../profiling/ebpf/network/Dockerfile.service | 21 +++++++++---- .../ebpf/network/expected/skywalking-trace.yml | 28 +++++++++++++----- test/e2e-v2/cases/profiling/ebpf/network/go.mod | 26 ++++++++++------- .../e2e-v2/cases/profiling/ebpf/network/service.go | 34 ++++++++-------------- .../cases/profiling/ebpf/network/service.yaml | 4 ++- test/e2e-v2/script/env | 2 +- 8 files changed, 77 insertions(+), 60 deletions(-) diff --git a/test/e2e-v2/cases/go/service/Dockerfile b/test/e2e-v2/cases/go/service/Dockerfile index 79dc8b1a83..204518df49 100644 --- a/test/e2e-v2/cases/go/service/Dockerfile +++ b/test/e2e-v2/cases/go/service/Dockerfile @@ -14,7 +14,7 @@ # limitations under the License. ARG SW_AGENT_GO_COMMIT= -FROM ghcr.io/apache/skywalking-go/skywalking-go:${SW_AGENT_GO_COMMIT}-go1.19 as base +FROM ghcr.io/apache/skywalking-go/skywalking-go:${SW_AGENT_GO_COMMIT}-go1.24 as base ENV CGO_ENABLED=0 ENV GO111MODULE=on diff --git a/test/e2e-v2/cases/go/service/go.mod b/test/e2e-v2/cases/go/service/go.mod index 2197662dbd..dfa4071c86 100644 --- a/test/e2e-v2/cases/go/service/go.mod +++ b/test/e2e-v2/cases/go/service/go.mod @@ -17,7 +17,7 @@ module sw-e2e -go 1.19 +go 1.24.0 require ( github.com/apache/skywalking-go v0.6.1-0.20251023090254-afa75a3cc8c3 @@ -30,15 +30,15 @@ require ( github.com/bytedance/sonic/loader v0.1.1 // indirect github.com/cloudwego/base64x v0.1.4 // indirect github.com/cloudwego/iasm v0.2.0 // indirect + github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 // indirect + github.com/envoyproxy/protoc-gen-validate v1.3.0 // indirect github.com/gabriel-vasile/mimetype v1.4.3 // indirect github.com/gin-contrib/sse v0.1.0 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect github.com/go-playground/validator/v10 v10.20.0 // indirect github.com/goccy/go-json v0.10.2 // indirect - github.com/golang/protobuf v1.5.3 // indirect - github.com/google/go-cmp v0.5.9 // indirect - github.com/google/uuid v1.3.0 // indirect + github.com/google/uuid v1.6.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.15.9 // indirect github.com/klauspost/cpuid/v2 v2.2.7 // indirect @@ -53,12 +53,12 @@ require ( github.com/twitchyliquid64/golang-asm v0.15.1 // indirect github.com/ugorji/go/codec v1.2.12 // indirect golang.org/x/arch v0.8.0 // indirect - golang.org/x/crypto v0.23.0 // indirect - golang.org/x/net v0.25.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/crypto v0.46.0 // indirect + golang.org/x/net v0.48.0 // indirect + golang.org/x/sys v0.39.0 // indirect + golang.org/x/text v0.32.0 // indirect google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect - google.golang.org/grpc v1.55.0 // indirect - google.golang.org/protobuf v1.34.1 // indirect + google.golang.org/grpc v1.79.3 // indirect + google.golang.org/protobuf v1.36.10 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/test/e2e-v2/cases/profiling/ebpf/network/Dockerfile.service b/test/e2e-v2/cases/profiling/ebpf/network/Dockerfile.service index b57a491501..4138cdf6ba 100644 --- a/test/e2e-v2/cases/profiling/ebpf/network/Dockerfile.service +++ b/test/e2e-v2/cases/profiling/ebpf/network/Dockerfile.service @@ -14,13 +14,22 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.17 +# Default keeps the generic "Build test image" CI step (which passes no +# build-args) working; keep it in sync with SW_AGENT_GO_COMMIT in +# test/e2e-v2/script/env. +ARG SW_AGENT_GO_COMMIT=19a9fa9bf058329281aa611f176cf5b7e5cbda8f +FROM ghcr.io/apache/skywalking-go/skywalking-go:${SW_AGENT_GO_COMMIT}-go1.24 as base -WORKDIR / -COPY service.go /service/service.go -COPY go.mod /service/go.mod +ENV CGO_ENABLED=0 +ENV GO111MODULE=on WORKDIR /service -RUN go get test && go build -o service . +COPY service.go go.mod ./ -CMD ["/service/service"] \ No newline at end of file +RUN go mod tidy && go build -toolexec="skywalking-go-agent" -a -o service . + +FROM alpine:3.10 + +COPY --from=base /service/service /service + +CMD ["/service"] diff --git a/test/e2e-v2/cases/profiling/ebpf/network/expected/skywalking-trace.yml b/test/e2e-v2/cases/profiling/ebpf/network/expected/skywalking-trace.yml index a2ecf5e9d8..27b83a5b85 100644 --- a/test/e2e-v2/cases/profiling/ebpf/network/expected/skywalking-trace.yml +++ b/test/e2e-v2/cases/profiling/ebpf/network/expected/skywalking-trace.yml @@ -16,22 +16,34 @@ debuggingtrace: null spans: {{- contains .spans}} +# The exit span for the consumer -> proxy/provider call, auto-instrumented by +# skywalking-go's net/http client plugin. It is a child of the GET:/consumer +# entry span (spanid 0) in the same segment, and carries the eBPF rover's +# "HTTP Request Sampling" attached event. - traceid: {{ notEmpty .traceid }} segmentid: {{ notEmpty .segmentid }} - spanid: 0 - parentspanid: -1 + spanid: 1 + parentspanid: 0 refs: [] servicecode: service serviceinstancename: {{ notEmpty .serviceinstancename }} starttime: {{ gt .starttime 0 }} endtime: {{ gt .endtime 0 }} - endpointname: /provider + endpointname: GET:/provider type: Exit - peer: http://proxy/provider - component: Unknown + peer: proxy + component: GoHttpClient iserror: false - layer: Unknown - tags: [] + layer: Http + tags: + {{- contains .tags }} + - key: http.method + value: GET + - key: url + value: proxy/provider + - key: status_code + value: "200" + {{- end }} logs: [] attachedevents: {{- contains .attachedevents}} @@ -49,4 +61,4 @@ spans: value: {{ notEmpty .value }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/test/e2e-v2/cases/profiling/ebpf/network/go.mod b/test/e2e-v2/cases/profiling/ebpf/network/go.mod index 366c72f21f..9642f88084 100644 --- a/test/e2e-v2/cases/profiling/ebpf/network/go.mod +++ b/test/e2e-v2/cases/profiling/ebpf/network/go.mod @@ -17,18 +17,22 @@ module test -go 1.17 +go 1.24.0 + +require github.com/apache/skywalking-go v0.6.1-0.20251023090254-afa75a3cc8c3 require ( - github.com/SkyAPM/go2sky v1.5.0 // indirect - github.com/golang/protobuf v1.5.2 // indirect - github.com/google/uuid v1.3.0 // indirect + github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 // indirect + github.com/envoyproxy/protoc-gen-validate v1.3.0 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/klauspost/compress v1.15.9 // indirect + github.com/pierrec/lz4/v4 v4.1.15 // indirect github.com/pkg/errors v0.9.1 // indirect - golang.org/x/net v0.7.0 // indirect - golang.org/x/sys v0.5.0 // indirect - golang.org/x/text v0.7.0 // indirect - google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71 // indirect - google.golang.org/grpc v1.50.1 // indirect - google.golang.org/protobuf v1.28.1 // indirect - skywalking.apache.org/repo/goapi v0.0.0-20221019074310-53ebda305187 // indirect + github.com/segmentio/kafka-go v0.4.43 // indirect + golang.org/x/net v0.48.0 // indirect + golang.org/x/sys v0.39.0 // indirect + golang.org/x/text v0.32.0 // indirect + google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect + google.golang.org/grpc v1.79.3 // indirect + google.golang.org/protobuf v1.36.10 // indirect ) diff --git a/test/e2e-v2/cases/profiling/ebpf/network/service.go b/test/e2e-v2/cases/profiling/ebpf/network/service.go index e6d4b98999..cd2444484e 100644 --- a/test/e2e-v2/cases/profiling/ebpf/network/service.go +++ b/test/e2e-v2/cases/profiling/ebpf/network/service.go @@ -21,15 +21,14 @@ import ( "io/ioutil" "log" "net/http" - "os" "time" - "github.com/SkyAPM/go2sky" - "github.com/SkyAPM/go2sky/reporter" + // skywalking-go auto-instruments net/http server (*ServeMux.ServeHTTP) and + // client (*Transport.RoundTrip) at build time via -toolexec; trace context is + // propagated automatically, so no manual span creation is needed. + _ "github.com/apache/skywalking-go" ) -var skyWalkingTracer *go2sky.Tracer - func provider(w http.ResponseWriter, req *http.Request) { time.Sleep(time.Second * 1) if req.URL.Query().Get("error") == "true" { @@ -50,13 +49,16 @@ func consumer(w http.ResponseWriter, req *http.Request) { } request, err := http.NewRequest("GET", addr, nil) - exitSpan, err := skyWalkingTracer.CreateExitSpan(req.Context(), "/provider", addr, func(headerKey, headerValue string) error { - request.Header.Set(headerKey, headerValue) - return nil - }) + if err != nil { + log.Printf("new request error: %v", err) + w.WriteHeader(http.StatusInternalServerError) + return + } get, err := http.DefaultClient.Do(request) if err != nil { log.Printf("send request error: %v", err) + w.WriteHeader(http.StatusInternalServerError) + return } all, err := ioutil.ReadAll(get.Body) _ = get.Body.Close() @@ -66,24 +68,12 @@ func consumer(w http.ResponseWriter, req *http.Request) { w.Header().Set("Content-Type", "text/plain") _, _ = w.Write(all) - exitSpan.End() } func main() { - // init skywalking tracer - r, err := reporter.NewGRPCReporter(os.Getenv("OAP_BACKEND_ADDR")) - if err != nil { - log.Fatalf("new reporter error %v \n", err) - } - defer r.Close() - skyWalkingTracer, err = go2sky.NewTracer("service", go2sky.WithReporter(r)) - if err != nil { - log.Fatalf("init skyWalkingTracer failure: %v", err) - } - http.HandleFunc("/provider", provider) http.HandleFunc("/consumer", consumer) - err = http.ListenAndServe(":80", nil) + err := http.ListenAndServe(":80", nil) log.Fatal(err) } diff --git a/test/e2e-v2/cases/profiling/ebpf/network/service.yaml b/test/e2e-v2/cases/profiling/ebpf/network/service.yaml index 5bb0a7dd1a..c5bc33ed83 100644 --- a/test/e2e-v2/cases/profiling/ebpf/network/service.yaml +++ b/test/e2e-v2/cases/profiling/ebpf/network/service.yaml @@ -31,7 +31,9 @@ spec: - name: service image: ${IMAGE_NAME} env: - - name: OAP_BACKEND_ADDR + - name: SW_AGENT_NAME + value: "service" + - name: SW_AGENT_REPORTER_GRPC_BACKEND_SERVICE value: "skywalking-oap.istio-system:11800" --- diff --git a/test/e2e-v2/script/env b/test/e2e-v2/script/env index 8f9401faa2..ced8ba857f 100644 --- a/test/e2e-v2/script/env +++ b/test/e2e-v2/script/env @@ -17,7 +17,7 @@ SW_AGENT_JAVA_COMMIT=ac0df43d7140e726eba9e5e5b1b75cf364c71dff SW_AGENT_SATELLITE_COMMIT=ea27a3f4e126a24775fe12e2aa2695bcb23d99c3 SW_AGENT_NGINX_LUA_COMMIT=c3cee4841798a147d83b96a10914d4ac0e11d0aa SW_AGENT_NODEJS_COMMIT=4f9a91dad3dfd8cfe5ba8f7bd06b39e11eb5e65e -SW_AGENT_GO_COMMIT=afa75a3cc8c31f142102443af6164b825d63d8fc +SW_AGENT_GO_COMMIT=19a9fa9bf058329281aa611f176cf5b7e5cbda8f SW_AGENT_PYTHON_COMMIT=b91ebc46010ba6a46b251d4df54190c3b64f2db8 SW_AGENT_CLIENT_JS_COMMIT=f08776d909eb1d9bc79c600e493030651b97e491 SW_AGENT_CLIENT_JS_TEST_COMMIT=4f1eb1dcdbde3ec4a38534bf01dded4ab5d2f016
