From 2f3f3ca7e9432bcc19304e82b9c0eb9d538a8358 Mon Sep 17 00:00:00 2001 From: thesayyn Date: Mon, 6 May 2024 11:31:23 -0700 Subject: [PATCH 1/4] test: new rules_oci --- WORKSPACE | 42 +++++++++++++++++--------------------- experimental/python3/BUILD | 17 +++++++++++++-- 2 files changed, 34 insertions(+), 25 deletions(-) diff --git a/WORKSPACE b/WORKSPACE index efffdb95e..d5e08685b 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -2,6 +2,22 @@ workspace(name = "distroless") load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") +# rules_oci setup +http_archive( + name = "rules_oci", + # ssha256 = "d8d3e64a814ff76f59b29467a8760112cbfe18e6b3d864e97011b072c805b7b0", + strip_prefix = "rules_oci-42be2648051e78a76cc400490150368a58fbec28", + url = "https://github.com/bazel-contrib/rules_oci/archive/42be2648051e78a76cc400490150368a58fbec28.tar.gz", +) + +load("@rules_oci//oci:dependencies.bzl", "rules_oci_dependencies") + +rules_oci_dependencies() + +load("@rules_oci//oci:repositories.bzl", "oci_register_toolchains") + +oci_register_toolchains(name = "oci") + # rules_distroless setup http_archive( name = "rules_distroless", @@ -18,26 +34,6 @@ load("@rules_distroless//distroless:toolchains.bzl", "distroless_register_toolch distroless_register_toolchains() -# rules_oci setup -http_archive( - name = "rules_oci", - sha256 = "56d5499025d67a6b86b2e6ebae5232c72104ae682b5a21287770bd3bf0661abf", - strip_prefix = "rules_oci-1.7.5", - url = "https://github.com/bazel-contrib/rules_oci/releases/download/v1.7.5/rules_oci-v1.7.5.tar.gz", -) - -load("@rules_oci//oci:dependencies.bzl", "rules_oci_dependencies") - -rules_oci_dependencies() - -load("@rules_oci//oci:repositories.bzl", "LATEST_CRANE_VERSION", "LATEST_ZOT_VERSION", "oci_register_toolchains") - -oci_register_toolchains( - name = "oci", - crane_version = LATEST_CRANE_VERSION, - zot_version = LATEST_ZOT_VERSION, -) - load("@rules_oci//cosign:repositories.bzl", "cosign_register_toolchains") cosign_register_toolchains(name = "oci_cosign") @@ -45,9 +41,9 @@ cosign_register_toolchains(name = "oci_cosign") # setup container_structure_test http_archive( name = "container_structure_test", - sha256 = "2da13da4c4fec9d4627d4084b122be0f4d118bd02dfa52857ff118fde88e4faa", - strip_prefix = "container-structure-test-1.16.0", - urls = ["https://github.com/GoogleContainerTools/container-structure-test/archive/v1.16.0.zip"], + sha256 = "4fd1e0d4974fb95e06d0e94e6ceaae126382bf958524062db4e582232590b863", + strip_prefix = "container-structure-test-1.16.1", + urls = ["https://github.com/GoogleContainerTools/container-structure-test/archive/v1.16.1.zip"], ) load("@container_structure_test//:repositories.bzl", "container_structure_test_register_toolchain") diff --git a/experimental/python3/BUILD b/experimental/python3/BUILD index 9d2b70abe..4ae8eaf1d 100644 --- a/experimental/python3/BUILD +++ b/experimental/python3/BUILD @@ -145,16 +145,29 @@ DISTRO_VERSION = { for arch in ARCHITECTURES ] +[ + filegroup( + name = "python3_root_" + arch + "_debian11_tarball_tar", + srcs = ["python3_root_" + arch + "_debian11_tarball"], + output_group = "tarball", + tags = [ + "manual", + arch, + ], + ) + for arch in ARCHITECTURES +] + [ genrule( name = "ld_so_cache_" + arch + "_new", - srcs = [":python3_root_" + arch + "_debian11_tarball"], + srcs = [":python3_root_" + arch + "_debian11_tarball_tar"], outs = ["ld.so.cache." + arch + ".new"], cmd = """ #!/usr/bin/env bash set -o errexit -TARBALL="$(location :python3_root_{arch}_debian11_tarball)" +TARBALL="$(location :python3_root_{arch}_debian11_tarball_tar)" TAG="distroless/gen/python3_root_{arch}_debian11_tarball:gen" DOCKER="docker" From dde1258c6d695a2000fd22b5bfcf52222669bef6 Mon Sep 17 00:00:00 2001 From: thesayyn Date: Mon, 6 May 2024 13:43:30 -0700 Subject: [PATCH 2/4] don't freak out i am debugging we are safe --- .github/workflows/ci.yaml | 2 +- WORKSPACE | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 1158ca30e..58c06a124 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -51,7 +51,7 @@ jobs: ci-images: name: CI image tests - runs-on: ubuntu-20.04 # most compatible with debian 11 + runs-on: distroless-ci-large-ubuntu-20.04 # most compatible with debian 11 steps: - uses: actions/checkout@v4 - name: Mount bazel caches diff --git a/WORKSPACE b/WORKSPACE index d5e08685b..b570a4916 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -6,8 +6,8 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") http_archive( name = "rules_oci", # ssha256 = "d8d3e64a814ff76f59b29467a8760112cbfe18e6b3d864e97011b072c805b7b0", - strip_prefix = "rules_oci-42be2648051e78a76cc400490150368a58fbec28", - url = "https://github.com/bazel-contrib/rules_oci/archive/42be2648051e78a76cc400490150368a58fbec28.tar.gz", + strip_prefix = "rules_oci-1f93e493dc5b620f7ebcaedf1c5766cd7f39a9b8", + url = "https://github.com/bazel-contrib/rules_oci/archive/1f93e493dc5b620f7ebcaedf1c5766cd7f39a9b8.tar.gz", ) load("@rules_oci//oci:dependencies.bzl", "rules_oci_dependencies") From 62336b7ec09af63addacd30a388fcc1722194e9e Mon Sep 17 00:00:00 2001 From: thesayyn Date: Mon, 12 Aug 2024 13:45:17 -0700 Subject: [PATCH 3/4] beta-2 --- WORKSPACE | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/WORKSPACE b/WORKSPACE index b570a4916..0309fb653 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -5,9 +5,9 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") # rules_oci setup http_archive( name = "rules_oci", - # ssha256 = "d8d3e64a814ff76f59b29467a8760112cbfe18e6b3d864e97011b072c805b7b0", - strip_prefix = "rules_oci-1f93e493dc5b620f7ebcaedf1c5766cd7f39a9b8", - url = "https://github.com/bazel-contrib/rules_oci/archive/1f93e493dc5b620f7ebcaedf1c5766cd7f39a9b8.tar.gz", + sha256 = "311e78803a4161688cc79679c0fb95c56445a893868320a3caf174ff6e2c383b", + strip_prefix = "rules_oci-2.0.0-beta2", + url = "https://github.com/bazel-contrib/rules_oci/releases/download/v2.0.0-beta2/rules_oci-v2.0.0-beta2.tar.gz", ) load("@rules_oci//oci:dependencies.bzl", "rules_oci_dependencies") From 4322974202e7a36a38262a2ca971b534927b3b79 Mon Sep 17 00:00:00 2001 From: thesayyn Date: Mon, 12 Aug 2024 13:59:31 -0700 Subject: [PATCH 4/4] fix tarball --- CONTRIBUTING.md | 4 ++-- examples/go/BUILD | 7 +++---- examples/python3/BUILD | 6 +++--- experimental/python3/BUILD | 4 ++-- 4 files changed, 10 insertions(+), 11 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d6a442142..a8548a427 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -20,9 +20,9 @@ Follow either of the two links above to access the appropriate CLA and instructi 3. For building and loading images to your local Docker engine, you need to add a new rule for that image to the BUILD: ```starlark -load("@rules_oci//oci:defs.bzl", "oci_tarball") +load("@rules_oci//oci:defs.bzl", "oci_load") -oci_tarball( +oci_load( name = "local_build", image = "//base:static_root_amd64_debian17", repo_tags = [], diff --git a/examples/go/BUILD b/examples/go/BUILD index c180a2ade..1ef0c1d6a 100644 --- a/examples/go/BUILD +++ b/examples/go/BUILD @@ -1,7 +1,7 @@ # Public notice: this file is for internal documentation, testing, and # reference only. Note that repo maintainers can freely change any part of the # repository code at any time. -load("@rules_oci//oci:defs.bzl", "oci_tarball") +load("@rules_oci//oci:defs.bzl", "oci_load") load("//private/oci:defs.bzl", "go_image") package(default_visibility = ["//visibility:public"]) @@ -13,10 +13,9 @@ go_image( ) # Run -# bazel build //examples/go:tarball -# podman load -i bazel-bin/examples/go/tarball/tarball.tar +# bazel run //examples/go:tarball # podman run localhost/distroless/examples/go:latest -oci_tarball( +oci_load( name = "tarball", image = ":go_example", repo_tags = ["distroless/examples/go:latest"], diff --git a/examples/python3/BUILD b/examples/python3/BUILD index 40b97e0ff..1b7cd5bbd 100644 --- a/examples/python3/BUILD +++ b/examples/python3/BUILD @@ -1,7 +1,7 @@ # Public notice: this file is for internal documentation, testing, and # reference only. Note that repo maintainers can freely change any part of the # repository code at any time. -load("@rules_oci//oci:defs.bzl", "oci_image", "oci_tarball") +load("@rules_oci//oci:defs.bzl", "oci_image", "oci_load") load("@rules_pkg//:pkg.bzl", "pkg_tar") load("//base:distro.bzl", "DISTROS") @@ -36,10 +36,10 @@ oci_image( ) # Run -# podman load -i bazel-bin/examples/python3/tarball/tarball.tar +# bazel run //examples/python3/tarball # podman run localhost/distroless/examples/py:latest [ - oci_tarball( + oci_load( name = "tarball_" + distro, image = ":hello_" + distro, repo_tags = ["distroless/examples/py:latest"], diff --git a/experimental/python3/BUILD b/experimental/python3/BUILD index 4ae8eaf1d..e749b987b 100644 --- a/experimental/python3/BUILD +++ b/experimental/python3/BUILD @@ -1,5 +1,5 @@ load("@container_structure_test//:defs.bzl", "container_structure_test") -load("@rules_oci//oci:defs.bzl", "oci_image", "oci_image_index", "oci_tarball") +load("@rules_oci//oci:defs.bzl", "oci_image", "oci_image_index", "oci_load") load("@rules_pkg//:pkg.bzl", "pkg_tar") load("//:checksums.bzl", ARCHITECTURES = "BASE_ARCHITECTURES") load("//base:distro.bzl", DISTROS = "LANGUAGE_DISTROS") @@ -133,7 +133,7 @@ DISTRO_VERSION = { ] [ - oci_tarball( + oci_load( name = "python3_root_" + arch + "_debian11_tarball", image = ":python3_root_" + arch + "_debian11", repo_tags = ["distroless/gen/python3_root_%s_debian11_tarball:gen" % arch],