Docker Build failure while replacing otelhttp/otelhttptrace

  • What Grafana version and what operating system are you using?

Building from source using the latest tag (v10.2.0 as of 11/7/23) on Docker 4.25.0 on OSX 13.6.1

  • What are you trying to achieve?

Grafana is currently built with the following:

replace => v0.42.0

which contains several CVE’s:

These are resolved in otelhttp v0.44.0 and later. I’m attempting to resolve this by updating the replace statement to use otelhttp v0.44.0 (I have also tried v0.45.0 which is the latest)

replace => v0.42.0

  • How are you trying to achieve it?

Running docker build . -t in the source root after updating the go.mod file to reference the new otelhttp

  • What happened?

Initially I received an error re: the package missing a reference in the go.sum file; adding an additional command to run:

RUN go mod tidy

prior to the

RUN go mod download

command in the Dockerfile resolves this issue but results in the following errors from the. wire gen step:

[29/31] RUN wire gen -tags oss ./pkg/server ./pkg/cmd/grafana-cli/runner:
14.17 wire: /tmp/grafana/pkg/server/module_server.go:12:2: could not import (invalid package name: “”)
14.17 wire: /tmp/grafana/pkg/server/server.go:14:2: could not import The Go Programming Language (invalid package name: “”)
14.17 wire: /tmp/grafana/pkg/server/wire.go:10:2: could not import GitHub - google/wire: Compile-time Dependency Injection for Go (invalid package name: “”)
14.17 wire: /tmp/grafana/pkg/server/wire.go:12:16: could not import (invalid package name: “”)
14.17 wire: generate failed

I’m quite new to Go and I’m afraid I’ve run into a wall trying to work around this issue to resolve the CVE’s.

Can you maybe run

which go

Might be you are using out the box go of your default docker os

Thank you for the suggestion; Go was running in the build container but you were correct that my version of Go was not what I expected. At somepoint in my efforts to get this working I had switched my build image to using golang:1.21.3-alpine3.18 vs golang:1.20.10-alpine3.18

I am working behind a corporate firewall which makes building far more complicated than it should be (modifying proxy settings, adding intermediate certificates, etc…) and this change was one of many I had done to get it to build.

I was able to get the build to progress past the go wire stage (after also setting bingo to false). Thank you very much for pointing me in the right direction!

1 Like

Interestingly enough - I was having additional YARN build failures (this time due to the firewall) at the office so I went home and tried to build and was surprised to see the error return on a clean copy. It turns out that there was another factor that was affecting the success of the go build.

I had previously tried to run “go mod tidy” in the Dockerfile before the initial “go mod download” just prior to the bingo step. That step succeeds - but the error re: invalid package name is still there even on the correct version of go in the Dockerfile.

The real trick ended up being inserting a “go mod tidy” step IMMEDIATELY before the “make build-go” step. Putting it before the go mod download step does not work.

RUN go mod tidy
1 Like