From 1f39b08428275537a81a5db9ec3d3e4eb0f00568 Mon Sep 17 00:00:00 2001 From: Alex Eagle Date: Fri, 15 Mar 2024 11:00:50 -0700 Subject: [PATCH 01/11] feat: publish multi-arch images Allows bb-storage users to deploy on arm64 architecture, e.g. AWS Graviton. Fixes #198 --- WORKSPACE | 52 +++++++++++++------ cmd/bb_copy/BUILD.bazel | 50 +++++++++++++----- cmd/bb_replicator/BUILD.bazel | 50 +++++++++++++----- cmd/bb_storage/BUILD.bazel | 50 +++++++++++++----- tools/BUILD.bazel | 12 +++++ tools/container.bzl | 10 ++-- .../workflows_template.libsonnet | 1 + 7 files changed, 168 insertions(+), 57 deletions(-) diff --git a/WORKSPACE b/WORKSPACE index df4f9891..ec479f14 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -12,9 +12,21 @@ http_archive( ) http_archive( - name = "io_bazel_rules_docker", - sha256 = "b1e80761a8a8243d03ebca8845e9cc1ba6c82ce7c5179ce2b295cd36f7e394bf", - urls = ["https://github.com/bazelbuild/rules_docker/releases/download/v0.25.0/rules_docker-v0.25.0.tar.gz"], + name = "aspect_bazel_lib", + sha256 = "6c25c59581041ede31e117693047f972cc4700c89acf913658dc89d04c338f8d", + strip_prefix = "bazel-lib-2.5.3", + url = "https://github.com/aspect-build/bazel-lib/releases/download/v2.5.3/bazel-lib-v2.5.3.tar.gz", +) + +load("@aspect_bazel_lib//lib:repositories.bzl", "register_expand_template_toolchains") + +register_expand_template_toolchains() + +http_archive( + name = "rules_oci", + sha256 = "4a276e9566c03491649eef63f27c2816cc222f41ccdebd97d2c5159e84917c3b", + strip_prefix = "rules_oci-1.7.4", + url = "https://github.com/bazel-contrib/rules_oci/releases/download/v1.7.4/rules_oci-v1.7.4.tar.gz", ) http_archive( @@ -36,7 +48,7 @@ http_archive( ], ) -load("@bazel_gazelle//:deps.bzl", "go_repository") +load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies", "go_repository") # Override the version of gomock to one that includes support for # generating mocks for function types. We can't do this through go.mod, @@ -61,22 +73,32 @@ go_rules_dependencies() go_register_toolchains(version = "1.21.5") -load("@io_bazel_rules_docker//repositories:repositories.bzl", container_repositories = "repositories") - -container_repositories() +load("@rules_oci//oci:pull.bzl", "oci_pull") +load("@rules_oci//oci:repositories.bzl", "LATEST_CRANE_VERSION", "oci_register_toolchains") -load("@io_bazel_rules_docker//repositories:deps.bzl", container_deps = "deps") - -container_deps() +oci_register_toolchains( + name = "oci", + crane_version = LATEST_CRANE_VERSION, +) -load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies") +# NB: this base image is chosen to exactly match what we had when using rules_docker +# prior to March 2024: +# $ bazel query --output=build @go_image_static//image:image +# container_import( +# name = "image", +# base_image_digest = "sha256:fac888659ca3eb59f7d5dcb0d62540cc5c53615e2671062b36c815d000da8ef4", +# base_image_registry = "gcr.io", +# base_image_repository = "distroless/static", +# ) +oci_pull( + name = "distroless_static", + digest = "sha256:fac888659ca3eb59f7d5dcb0d62540cc5c53615e2671062b36c815d000da8ef4", + image = "gcr.io/distroless/static", + platforms = ["linux/amd64","linux/arm64"], +) gazelle_dependencies() -load("@io_bazel_rules_docker//go:image.bzl", _go_image_repos = "repositories") - -_go_image_repos() - http_archive( name = "com_github_bazelbuild_buildtools", sha256 = "09a94213ea0d4a844e991374511fb0d44650e9c321799ec5d5dd28b250d82ca3", diff --git a/cmd/bb_copy/BUILD.bazel b/cmd/bb_copy/BUILD.bazel index 79205db3..557518d7 100644 --- a/cmd/bb_copy/BUILD.bazel +++ b/cmd/bb_copy/BUILD.bazel @@ -1,6 +1,7 @@ -load("//tools:container.bzl", "container_push_official") -load("@io_bazel_rules_docker//go:image.bzl", "go_image") load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") +load("@rules_oci//oci:defs.bzl", "oci_image", "oci_image_index") +load("@rules_pkg//pkg:tar.bzl", "pkg_tar") +load("//tools:container.bzl", "container_push_official") go_library( name = "bb_copy_lib", @@ -20,18 +21,43 @@ go_library( ], ) -go_binary( - name = "bb_copy", - embed = [":bb_copy_lib"], - pure = "on", - visibility = ["//visibility:public"], -) +[ + go_binary( + name = "bb_copy-{}".format(goarch), + embed = [":bb_copy_lib"], + pure = "on", + goarch = goarch, + goos = "linux", + visibility = ["//visibility:public"], + ) + for goarch in ["amd64", "arm64"] +] -go_image( +[ + pkg_tar( + name = "tar-{}".format(goarch), + srcs = ["bb_copy-{}".format(goarch)], + package_dir = "/app/cmd/bb_storage", + ) + for goarch in ["amd64", "arm64"] +] + +[ + oci_image( + name = "image-{}".format(goarch), + base = "@distroless_static", + entrypoint = ["/app/cmd/bb_storage/bb_copy-{}".format(goarch)], + tars = ["tar-{}".format(goarch)], + ) + for goarch in ["amd64", "arm64"] +] + +oci_image_index( name = "bb_copy_container", - embed = [":bb_copy_lib"], - pure = "on", - visibility = ["//visibility:public"], + images = [ + ":image-arm64", + ":image-amd64", + ], ) container_push_official( diff --git a/cmd/bb_replicator/BUILD.bazel b/cmd/bb_replicator/BUILD.bazel index b6bf71dc..cdd85973 100644 --- a/cmd/bb_replicator/BUILD.bazel +++ b/cmd/bb_replicator/BUILD.bazel @@ -1,6 +1,7 @@ -load("//tools:container.bzl", "container_push_official") -load("@io_bazel_rules_docker//go:image.bzl", "go_image") load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") +load("@rules_oci//oci:defs.bzl", "oci_image", "oci_image_index") +load("@rules_pkg//pkg:tar.bzl", "pkg_tar") +load("//tools:container.bzl", "container_push_official") go_library( name = "bb_replicator_lib", @@ -22,18 +23,43 @@ go_library( ], ) -go_binary( - name = "bb_replicator", - embed = [":bb_replicator_lib"], - pure = "on", - visibility = ["//visibility:public"], -) +[ + go_binary( + name = "bb_replicator-{}".format(goarch), + embed = [":bb_replicator_lib"], + pure = "on", + goarch = goarch, + goos = "linux", + visibility = ["//visibility:public"], + ) + for goarch in ["amd64", "arm64"] +] -go_image( +[ + pkg_tar( + name = "tar-{}".format(goarch), + srcs = ["bb_replicator-{}".format(goarch)], + package_dir = "/app/cmd/bb_storage", + ) + for goarch in ["amd64", "arm64"] +] + +[ + oci_image( + name = "image-{}".format(goarch), + base = "@distroless_static", + entrypoint = ["/app/cmd/bb_storage/bb_replicator-{}".format(goarch)], + tars = ["tar-{}".format(goarch)], + ) + for goarch in ["amd64", "arm64"] +] + +oci_image_index( name = "bb_replicator_container", - embed = [":bb_replicator_lib"], - pure = "on", - visibility = ["//visibility:public"], + images = [ + ":image-arm64", + ":image-amd64", + ], ) container_push_official( diff --git a/cmd/bb_storage/BUILD.bazel b/cmd/bb_storage/BUILD.bazel index 189057f8..8ec43334 100644 --- a/cmd/bb_storage/BUILD.bazel +++ b/cmd/bb_storage/BUILD.bazel @@ -1,6 +1,7 @@ -load("//tools:container.bzl", "container_push_official") -load("@io_bazel_rules_docker//go:image.bzl", "go_image") load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") +load("@rules_oci//oci:defs.bzl", "oci_image", "oci_image_index") +load("@rules_pkg//pkg:tar.bzl", "pkg_tar") +load("//tools:container.bzl", "container_push_official") go_library( name = "bb_storage_lib", @@ -30,18 +31,43 @@ go_library( ], ) -go_binary( - name = "bb_storage", - embed = [":bb_storage_lib"], - pure = "on", - visibility = ["//visibility:public"], -) +[ + go_binary( + name = "bb_storage-{}".format(goarch), + embed = [":bb_storage_lib"], + pure = "on", + goarch = goarch, + goos = "linux", + visibility = ["//visibility:public"], + ) + for goarch in ["amd64", "arm64"] +] -go_image( +[ + pkg_tar( + name = "tar-{}".format(goarch), + srcs = ["bb_storage-{}".format(goarch)], + package_dir = "/app/cmd/bb_storage", + ) + for goarch in ["amd64", "arm64"] +] + +[ + oci_image( + name = "image-{}".format(goarch), + base = "@distroless_static", + entrypoint = ["/app/cmd/bb_storage/bb_storage-{}".format(goarch)], + tars = ["tar-{}".format(goarch)], + ) + for goarch in ["amd64", "arm64"] +] + +oci_image_index( name = "bb_storage_container", - embed = [":bb_storage_lib"], - pure = "on", - visibility = ["//visibility:public"], + images = [ + ":image-arm64", + ":image-amd64", + ], ) container_push_official( diff --git a/tools/BUILD.bazel b/tools/BUILD.bazel index 4f5694e5..f3177c5f 100644 --- a/tools/BUILD.bazel +++ b/tools/BUILD.bazel @@ -1,3 +1,4 @@ +load("@aspect_bazel_lib//lib:expand_template.bzl", "expand_template") load("@io_bazel_rules_go//go:def.bzl", "go_library") go_library( @@ -11,3 +12,14 @@ go_library( "@org_golang_x_lint//:lint", ], ) + +# When built with --stamp, creates a non-deterministic output file for pushing images to a remote registry. +# With --nostamp, produces a deterministic output so dependents get cache hits. +expand_template( + name = "stamped_tags", + out = "_stamped.tags.txt", + stamp_substitutions = {"_TAG_": "{BUILD_SCM_TIMESTAMP}-{BUILD_SCM_REVISION}"}, + substitutions = {"_TAG_": "0.0.0"}, + template = ["_TAG_"], + visibility = ["//visibility:public"], +) diff --git a/tools/container.bzl b/tools/container.bzl index f50880b7..c37d8b24 100644 --- a/tools/container.bzl +++ b/tools/container.bzl @@ -1,11 +1,9 @@ -load("@io_bazel_rules_docker//container:container.bzl", "container_push") +load("@rules_oci//oci:defs.bzl", "oci_push") def container_push_official(name, image, component): - container_push( + oci_push( name = name, - format = "Docker", image = image, - registry = "ghcr.io", - repository = "buildbarn/" + component, - tag = "{BUILD_SCM_TIMESTAMP}-{BUILD_SCM_REVISION}", + repository = "ghcr.io/buildbarn/" + component, + remote_tags = "//tools:stamped_tags", ) diff --git a/tools/github_workflows/workflows_template.libsonnet b/tools/github_workflows/workflows_template.libsonnet index ab43c505..e0aff86e 100644 --- a/tools/github_workflows/workflows_template.libsonnet +++ b/tools/github_workflows/workflows_template.libsonnet @@ -41,6 +41,7 @@ buildAndTestCommand: 'build', // Building '//...' is broken for FreeBSD, because rules_docker // doesn't want to initialize properly. + // TODO(who?): now that rules_docker is removed, this could be revisited buildJustBinaries: true, extension: '', }, From 3c949b412c0ca3ee117aa24309be017698960c94 Mon Sep 17 00:00:00 2001 From: Alex Eagle Date: Fri, 15 Mar 2024 15:06:25 -0700 Subject: [PATCH 02/11] refactor: use transitions instead --- WORKSPACE | 11 +++++--- cmd/bb_copy/BUILD.bazel | 47 +++++++---------------------------- cmd/bb_replicator/BUILD.bazel | 47 +++++++---------------------------- cmd/bb_storage/BUILD.bazel | 47 +++++++---------------------------- tools/container.bzl | 43 ++++++++++++++++++++++++++++++-- 5 files changed, 75 insertions(+), 120 deletions(-) diff --git a/WORKSPACE b/WORKSPACE index ec479f14..aeef0078 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -91,10 +91,13 @@ oci_register_toolchains( # base_image_repository = "distroless/static", # ) oci_pull( - name = "distroless_static", - digest = "sha256:fac888659ca3eb59f7d5dcb0d62540cc5c53615e2671062b36c815d000da8ef4", - image = "gcr.io/distroless/static", - platforms = ["linux/amd64","linux/arm64"], + name = "distroless_base", + digest = "sha256:ccaef5ee2f1850270d453fdf700a5392534f8d1a8ca2acda391fbb6a06b81c86", + image = "gcr.io/distroless/base", + platforms = [ + "linux/amd64", + "linux/arm64", + ], ) gazelle_dependencies() diff --git a/cmd/bb_copy/BUILD.bazel b/cmd/bb_copy/BUILD.bazel index 557518d7..a91d0226 100644 --- a/cmd/bb_copy/BUILD.bazel +++ b/cmd/bb_copy/BUILD.bazel @@ -1,7 +1,5 @@ load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") -load("@rules_oci//oci:defs.bzl", "oci_image", "oci_image_index") -load("@rules_pkg//pkg:tar.bzl", "pkg_tar") -load("//tools:container.bzl", "container_push_official") +load("//tools:container.bzl", "container_push_official", "multiarch_go_image") go_library( name = "bb_copy_lib", @@ -21,43 +19,16 @@ go_library( ], ) -[ - go_binary( - name = "bb_copy-{}".format(goarch), - embed = [":bb_copy_lib"], - pure = "on", - goarch = goarch, - goos = "linux", - visibility = ["//visibility:public"], - ) - for goarch in ["amd64", "arm64"] -] - -[ - pkg_tar( - name = "tar-{}".format(goarch), - srcs = ["bb_copy-{}".format(goarch)], - package_dir = "/app/cmd/bb_storage", - ) - for goarch in ["amd64", "arm64"] -] - -[ - oci_image( - name = "image-{}".format(goarch), - base = "@distroless_static", - entrypoint = ["/app/cmd/bb_storage/bb_copy-{}".format(goarch)], - tars = ["tar-{}".format(goarch)], - ) - for goarch in ["amd64", "arm64"] -] +go_binary( + name = "bb_copy", + embed = [":bb_copy_lib"], + pure = "on", + visibility = ["//visibility:public"], +) -oci_image_index( +multiarch_go_image( name = "bb_copy_container", - images = [ - ":image-arm64", - ":image-amd64", - ], + binary = ":bb_copy", ) container_push_official( diff --git a/cmd/bb_replicator/BUILD.bazel b/cmd/bb_replicator/BUILD.bazel index cdd85973..0149cd3a 100644 --- a/cmd/bb_replicator/BUILD.bazel +++ b/cmd/bb_replicator/BUILD.bazel @@ -1,7 +1,5 @@ load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") -load("@rules_oci//oci:defs.bzl", "oci_image", "oci_image_index") -load("@rules_pkg//pkg:tar.bzl", "pkg_tar") -load("//tools:container.bzl", "container_push_official") +load("//tools:container.bzl", "container_push_official", "multiarch_go_image") go_library( name = "bb_replicator_lib", @@ -23,43 +21,16 @@ go_library( ], ) -[ - go_binary( - name = "bb_replicator-{}".format(goarch), - embed = [":bb_replicator_lib"], - pure = "on", - goarch = goarch, - goos = "linux", - visibility = ["//visibility:public"], - ) - for goarch in ["amd64", "arm64"] -] - -[ - pkg_tar( - name = "tar-{}".format(goarch), - srcs = ["bb_replicator-{}".format(goarch)], - package_dir = "/app/cmd/bb_storage", - ) - for goarch in ["amd64", "arm64"] -] - -[ - oci_image( - name = "image-{}".format(goarch), - base = "@distroless_static", - entrypoint = ["/app/cmd/bb_storage/bb_replicator-{}".format(goarch)], - tars = ["tar-{}".format(goarch)], - ) - for goarch in ["amd64", "arm64"] -] +go_binary( + name = "bb_replicator", + embed = [":bb_replicator_lib"], + pure = "on", + visibility = ["//visibility:public"], +) -oci_image_index( +multiarch_go_image( name = "bb_replicator_container", - images = [ - ":image-arm64", - ":image-amd64", - ], + binary = ":bb_replicator", ) container_push_official( diff --git a/cmd/bb_storage/BUILD.bazel b/cmd/bb_storage/BUILD.bazel index 8ec43334..a4a12daf 100644 --- a/cmd/bb_storage/BUILD.bazel +++ b/cmd/bb_storage/BUILD.bazel @@ -1,7 +1,5 @@ load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") -load("@rules_oci//oci:defs.bzl", "oci_image", "oci_image_index") -load("@rules_pkg//pkg:tar.bzl", "pkg_tar") -load("//tools:container.bzl", "container_push_official") +load("//tools:container.bzl", "container_push_official", "multiarch_go_image") go_library( name = "bb_storage_lib", @@ -31,43 +29,16 @@ go_library( ], ) -[ - go_binary( - name = "bb_storage-{}".format(goarch), - embed = [":bb_storage_lib"], - pure = "on", - goarch = goarch, - goos = "linux", - visibility = ["//visibility:public"], - ) - for goarch in ["amd64", "arm64"] -] - -[ - pkg_tar( - name = "tar-{}".format(goarch), - srcs = ["bb_storage-{}".format(goarch)], - package_dir = "/app/cmd/bb_storage", - ) - for goarch in ["amd64", "arm64"] -] - -[ - oci_image( - name = "image-{}".format(goarch), - base = "@distroless_static", - entrypoint = ["/app/cmd/bb_storage/bb_storage-{}".format(goarch)], - tars = ["tar-{}".format(goarch)], - ) - for goarch in ["amd64", "arm64"] -] +go_binary( + name = "bb_storage", + embed = [":bb_storage_lib"], + pure = "on", + visibility = ["//visibility:public"], +) -oci_image_index( +multiarch_go_image( name = "bb_storage_container", - images = [ - ":image-arm64", - ":image-amd64", - ], + binary = ":bb_storage", ) container_push_official( diff --git a/tools/container.bzl b/tools/container.bzl index c37d8b24..9c388dee 100644 --- a/tools/container.bzl +++ b/tools/container.bzl @@ -1,9 +1,48 @@ -load("@rules_oci//oci:defs.bzl", "oci_push") +load("@aspect_bazel_lib//lib:transitions.bzl", "platform_transition_filegroup") +load("@rules_oci//oci:defs.bzl", "oci_push", "oci_image", "oci_image_index") +load("@rules_pkg//pkg:tar.bzl", "pkg_tar") + +def multiarch_go_image(name, binary): + """Create a container image with two variants of the given go_binary target. + + Args: + name: resulting oci_image_index target + binary: label of a go_binary target; it may be transitioned to another architecture + """ + images = [] + tar_target = "_{}.tar".format(name) + image_target = "_{}.image".format(name) + pkg_tar( + name = tar_target, + srcs = [binary], + package_dir = "/app/cmd/bb_storage", + include_runfiles = True, + ) + oci_image( + name = image_target, + base = "@distroless_base", + entrypoint = ["/app/cmd/bb_storage/{}".format(binary)], + tars = [tar_target], + ) + for arch in ["amd64", "arm64"]: + arch_image_target = "{}_{}_image".format(name, arch) + target_platform = "@io_bazel_rules_go//go/toolchain:linux_{}".format(arch) + images.append(arch_image_target) + platform_transition_filegroup( + name = arch_image_target, + srcs = [image_target], + target_platform = target_platform, + ) + + oci_image_index( + name = name, + images = images, + ) def container_push_official(name, image, component): oci_push( name = name, image = image, repository = "ghcr.io/buildbarn/" + component, - remote_tags = "//tools:stamped_tags", + remote_tags = "@com_github_buildbarn_bb_storage//tools:stamped_tags", ) From 8108d31b58b822cb0f593bf8584d860238d1fc7e Mon Sep 17 00:00:00 2001 From: Alex Eagle Date: Fri, 15 Mar 2024 15:10:49 -0700 Subject: [PATCH 03/11] restore distroless/static rather than distroless/base --- WORKSPACE | 7 ++++--- tools/container.bzl | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/WORKSPACE b/WORKSPACE index aeef0078..8806a549 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -81,7 +81,7 @@ oci_register_toolchains( crane_version = LATEST_CRANE_VERSION, ) -# NB: this base image is chosen to exactly match what we had when using rules_docker +# NB: this base image is chosen to match what we had when using rules_docker # prior to March 2024: # $ bazel query --output=build @go_image_static//image:image # container_import( @@ -91,9 +91,10 @@ oci_register_toolchains( # base_image_repository = "distroless/static", # ) oci_pull( - name = "distroless_base", + name = "distroless_static", + # Note, we cannot use the same digest as it didn't have an arm64 entry in the index digest = "sha256:ccaef5ee2f1850270d453fdf700a5392534f8d1a8ca2acda391fbb6a06b81c86", - image = "gcr.io/distroless/base", + image = "gcr.io/distroless/static", platforms = [ "linux/amd64", "linux/arm64", diff --git a/tools/container.bzl b/tools/container.bzl index 9c388dee..34f2af82 100644 --- a/tools/container.bzl +++ b/tools/container.bzl @@ -20,7 +20,7 @@ def multiarch_go_image(name, binary): ) oci_image( name = image_target, - base = "@distroless_base", + base = "@distroless_static", entrypoint = ["/app/cmd/bb_storage/{}".format(binary)], tars = [tar_target], ) From 01b8f33e27b83a2a80fa72c5ccbad787d06063b9 Mon Sep 17 00:00:00 2001 From: Alex Eagle Date: Mon, 18 Mar 2024 12:58:05 -0700 Subject: [PATCH 04/11] chore: code review comments --- WORKSPACE | 4 ++-- tools/container.bzl | 6 ++++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/WORKSPACE b/WORKSPACE index 8806a549..97479568 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -73,6 +73,8 @@ go_rules_dependencies() go_register_toolchains(version = "1.21.5") +gazelle_dependencies() + load("@rules_oci//oci:pull.bzl", "oci_pull") load("@rules_oci//oci:repositories.bzl", "LATEST_CRANE_VERSION", "oci_register_toolchains") @@ -101,8 +103,6 @@ oci_pull( ], ) -gazelle_dependencies() - http_archive( name = "com_github_bazelbuild_buildtools", sha256 = "09a94213ea0d4a844e991374511fb0d44650e9c321799ec5d5dd28b250d82ca3", diff --git a/tools/container.bzl b/tools/container.bzl index 34f2af82..557a73cc 100644 --- a/tools/container.bzl +++ b/tools/container.bzl @@ -12,18 +12,20 @@ def multiarch_go_image(name, binary): images = [] tar_target = "_{}.tar".format(name) image_target = "_{}.image".format(name) + pkg_tar( name = tar_target, srcs = [binary], - package_dir = "/app/cmd/bb_storage", include_runfiles = True, ) + oci_image( name = image_target, base = "@distroless_static", - entrypoint = ["/app/cmd/bb_storage/{}".format(binary)], + entrypoint = ["/app/{}".format(binary)], tars = [tar_target], ) + for arch in ["amd64", "arm64"]: arch_image_target = "{}_{}_image".format(name, arch) target_platform = "@io_bazel_rules_go//go/toolchain:linux_{}".format(arch) From 69dcfa2d3b182ec18a04357ace4aa6f9efeb9982 Mon Sep 17 00:00:00 2001 From: Alex Eagle Date: Mon, 18 Mar 2024 13:01:29 -0700 Subject: [PATCH 05/11] fix: ensure the path in the tar matches entrypoint --- tools/container.bzl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/container.bzl b/tools/container.bzl index 557a73cc..ed67ba4e 100644 --- a/tools/container.bzl +++ b/tools/container.bzl @@ -17,12 +17,13 @@ def multiarch_go_image(name, binary): name = tar_target, srcs = [binary], include_runfiles = True, + package_dir = "app", ) oci_image( name = image_target, base = "@distroless_static", - entrypoint = ["/app/{}".format(binary)], + entrypoint = ["/app/{}".format(binary.removeprefix(":"))], tars = [tar_target], ) From bbe5fda9b151321cb5f6f8078647346a36aabd5f Mon Sep 17 00:00:00 2001 From: Alex Eagle Date: Mon, 18 Mar 2024 13:22:42 -0700 Subject: [PATCH 06/11] chore: fmt --- tools/container.bzl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/container.bzl b/tools/container.bzl index ed67ba4e..aeae4fbc 100644 --- a/tools/container.bzl +++ b/tools/container.bzl @@ -4,7 +4,7 @@ load("@rules_pkg//pkg:tar.bzl", "pkg_tar") def multiarch_go_image(name, binary): """Create a container image with two variants of the given go_binary target. - + Args: name: resulting oci_image_index target binary: label of a go_binary target; it may be transitioned to another architecture From b7ea05eb63d53101542cc68dbb929f89b2b850d6 Mon Sep 17 00:00:00 2001 From: Alex Eagle Date: Mon, 18 Mar 2024 13:45:51 -0700 Subject: [PATCH 07/11] chore: more robust way to get name of binary target Note this requires upgrading Bazel by one minor release to get native.package_relative_label --- tools/container.bzl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/container.bzl b/tools/container.bzl index aeae4fbc..4f63fac7 100644 --- a/tools/container.bzl +++ b/tools/container.bzl @@ -23,7 +23,7 @@ def multiarch_go_image(name, binary): oci_image( name = image_target, base = "@distroless_static", - entrypoint = ["/app/{}".format(binary.removeprefix(":"))], + entrypoint = ["/app/{}".format(native.package_relative_label(binary).name)], tars = [tar_target], ) From c85fee039c1fdf40e2e9576c02319bdb9b999881 Mon Sep 17 00:00:00 2001 From: Alex Eagle Date: Fri, 22 Mar 2024 08:32:33 -0700 Subject: [PATCH 08/11] Update container.bzl --- tools/container.bzl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/container.bzl b/tools/container.bzl index 4f63fac7..83f1e1c3 100644 --- a/tools/container.bzl +++ b/tools/container.bzl @@ -1,5 +1,5 @@ load("@aspect_bazel_lib//lib:transitions.bzl", "platform_transition_filegroup") -load("@rules_oci//oci:defs.bzl", "oci_push", "oci_image", "oci_image_index") +load("@rules_oci//oci:defs.bzl", "oci_image", "oci_image_index", "oci_push") load("@rules_pkg//pkg:tar.bzl", "pkg_tar") def multiarch_go_image(name, binary): From 5e5b30d777e6e93432f6af0eea91cea9cba1c272 Mon Sep 17 00:00:00 2001 From: Alex Eagle Date: Fri, 22 Mar 2024 11:28:58 -0700 Subject: [PATCH 09/11] fix: use digest from distroless/static not distroless/base --- WORKSPACE | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/WORKSPACE b/WORKSPACE index 97479568..f7c66bc3 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -94,12 +94,12 @@ oci_register_toolchains( # ) oci_pull( name = "distroless_static", - # Note, we cannot use the same digest as it didn't have an arm64 entry in the index - digest = "sha256:ccaef5ee2f1850270d453fdf700a5392534f8d1a8ca2acda391fbb6a06b81c86", + #NB: cannot use the same digest as above, as it predates having an arm64 entry in the index + digest = "sha256:7e5c6a2a4ae854242874d36171b31d26e0539c98fc6080f942f16b03e82851ab", image = "gcr.io/distroless/static", platforms = [ "linux/amd64", - "linux/arm64", + "linux/arm64/v8", ], ) From 23bf687d0484bd86e0819c62f0a2f0c09989bb9a Mon Sep 17 00:00:00 2001 From: Alex Eagle Date: Fri, 22 Mar 2024 11:47:28 -0700 Subject: [PATCH 10/11] Update WORKSPACE --- WORKSPACE | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/WORKSPACE b/WORKSPACE index f7c66bc3..ce21b0c1 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -83,18 +83,8 @@ oci_register_toolchains( crane_version = LATEST_CRANE_VERSION, ) -# NB: this base image is chosen to match what we had when using rules_docker -# prior to March 2024: -# $ bazel query --output=build @go_image_static//image:image -# container_import( -# name = "image", -# base_image_digest = "sha256:fac888659ca3eb59f7d5dcb0d62540cc5c53615e2671062b36c815d000da8ef4", -# base_image_registry = "gcr.io", -# base_image_repository = "distroless/static", -# ) oci_pull( name = "distroless_static", - #NB: cannot use the same digest as above, as it predates having an arm64 entry in the index digest = "sha256:7e5c6a2a4ae854242874d36171b31d26e0539c98fc6080f942f16b03e82851ab", image = "gcr.io/distroless/static", platforms = [ From 2d6cd690d8e8bac388abd875c447981f0f54ef8e Mon Sep 17 00:00:00 2001 From: Alex Eagle Date: Mon, 25 Mar 2024 09:40:50 -0700 Subject: [PATCH 11/11] chore: tag un-transitioned image as manual --- tools/container.bzl | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/container.bzl b/tools/container.bzl index 83f1e1c3..9748f747 100644 --- a/tools/container.bzl +++ b/tools/container.bzl @@ -25,6 +25,9 @@ def multiarch_go_image(name, binary): base = "@distroless_static", entrypoint = ["/app/{}".format(native.package_relative_label(binary).name)], tars = [tar_target], + # Don't build un-transitioned images, as the default target architecture might be unsupported + # For example when building on linux-i386. + tags = ["manual"], ) for arch in ["amd64", "arm64"]: