Build container with rules_oci
First run a local registry
crane registry serve --address :4000to build and push an oci image, i used docker
docker run -e USER="$(id -u)" -v `pwd`:/src/workspace -v /tmp/build_output:/tmp/build_output -v /var/run/docker.sock:/var/run/docker.sock -w /src/workspace gcr.io/cloud-builders/bazel@sha256:7c34604572d4f001928b98f2b04e2feaebce67b7933e4182b817dcbfe9904bcd --output_base=/tmp/build_output build :app-image
docker run --net=host -e USER="$(id -u)" -v `pwd`:/src/workspace -v /tmp/build_output:/tmp/build_output -v /var/run/docker.sock:/var/run/docker.sock -w /src/workspace gcr.io/cloud-builders/bazel@sha256:7c34604572d4f001928b98f2b04e2feaebce67b7933e4182b817dcbfe9904bcd --output_base=/tmp/build_output run :push-image
crane config localhost:4000/test:server | jq '.'
skopeo inspect --tls-verify=false docker://localhost:4000/test:server
skopeo list-tags --tls-verify=false docker://localhost:4000/test
$ crane manifest localhost:4000/test@sha256:e0b59e0d87c5d7f4a438992196cdfa37c7bdc5e935b33381aaf740a9df73b3aa | jq '.'
{
"schemaVersion": 2,
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"config": {
"mediaType": "application/vnd.oci.image.config.v1+json",
"size": 1871,
"digest": "sha256:6d3bfe58d9ada0f0ae274db86d110732133856952658f936372c323697860294"
},
"layers": [
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 103742,
"digest": "sha256:07a64a71e01156f8f99039bc246149925c6d1480d3957de78510bbec6ec68f7a"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 21202,
"digest": "sha256:fe5ca62666f04366c8e7f605aa82997d71320183e99962fa76b3209fdfbb8b58"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 716491,
"digest": "sha256:b02a7525f878e61fc1ef8a7405a2cc17f866e8de222c1c98fd6681aff6e509db"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 317,
"digest": "sha256:fcb6f6d2c9986d9cd6a2ea3cc2936e5fc613e09f1af9042329011e43057f3265"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 198,
"digest": "sha256:e8c73c638ae9ec5ad70c49df7e484040d889cca6b4a9af056579c3d058ea93f0"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 113,
"digest": "sha256:1e3d9b7d145208fa8fa3ee1c9612d0adaac7255f1bbc9ddea7e461e0b317805c"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 385,
"digest": "sha256:4aa0ea1413d37a58615488592a0b827ea4b2e48fa5a77cf707d0e35f025e613f"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 355,
"digest": "sha256:7c881f9ab25e0d86562a123b5fb56aebf8aa0ddd7d48ef602faf8d1e7cf43d8c"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 130562,
"digest": "sha256:5627a970d25e752d971a501ec7e35d0d6fdcd4a3ce9e958715a686853024794a"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 5845784,
"digest": "sha256:19cf2287de7f0374c1fc438c9bbef13540caa0ba62ce875901082959a4181fed"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 2063413,
"digest": "sha256:ebba9ccde3efe3177f5a74772e6e85446e7cbad9528c1c169e403a1981429d14"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 968574,
"digest": "sha256:1933f300df8c747385bc1e9a261b9fc7ec89b0c02b51439a3759344a643a4bb9"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 2408317,
"digest": "sha256:408daab5e706e2e654cae7f60f77ba757cbc2229947a23e073b9a4c8e0697b2d"
}
]
}
to build an image with an oci_index
docker run --net=host -e USER="$(id -u)" -v `pwd`:/src/workspace -v /tmp/build_output:/tmp/build_output -v /var/run/docker.sock:/var/run/docker.sock -w /src/workspace gcr.io/cloud-builders/bazel@sha256:7c34604572d4f001928b98f2b04e2feaebce67b7933e4182b817dcbfe9904bcd --output_base=/tmp/build_output build :tar-oci-index
## crane only pushes oci index images in exploded form
rm -rf /tmp/image_dir && mkdir -p /tmp/image_dir && tar xvf bazel-out/k8-fastbuild/bin/tar-oci-index/tarball.tar --directory /tmp/image_dir
crane push /tmp/image_dir localhost:4000/test:server --image-refs=/tmp/ref.txt
skopeo copy --dest-tls-verify=false --all -f oci --preserve-digests oci-archive:bazel-out/k8-fastbuild/bin/tar-oci-index/tarball.tar docker://localhost:4000/test:server$ crane manifest localhost:4000/test@sha256:a6dbb2e49dcbe7da55b23777f58715dc61744187f206707f115b6cbd27ec4ad4 | jq '.'
{
"schemaVersion": 2,
"mediaType": "application/vnd.oci.image.index.v1+json",
"manifests": [
{
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"size": 2276,
"digest": "sha256:e0b59e0d87c5d7f4a438992196cdfa37c7bdc5e935b33381aaf740a9df73b3aa",
"platform": {
"os": "linux",
"architecture": "amd64"
}
}
]
}
$ crane manifest localhost:4000/test@sha256:e0b59e0d87c5d7f4a438992196cdfa37c7bdc5e935b33381aaf740a9df73b3aa | jq '.'
{
"schemaVersion": 2,
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"config": {
"mediaType": "application/vnd.oci.image.config.v1+json",
"size": 1871,
"digest": "sha256:6d3bfe58d9ada0f0ae274db86d110732133856952658f936372c323697860294"
},
"layers": [
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 103742,
"digest": "sha256:07a64a71e01156f8f99039bc246149925c6d1480d3957de78510bbec6ec68f7a"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 21202,
"digest": "sha256:fe5ca62666f04366c8e7f605aa82997d71320183e99962fa76b3209fdfbb8b58"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 716491,
"digest": "sha256:b02a7525f878e61fc1ef8a7405a2cc17f866e8de222c1c98fd6681aff6e509db"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 317,
"digest": "sha256:fcb6f6d2c9986d9cd6a2ea3cc2936e5fc613e09f1af9042329011e43057f3265"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 198,
"digest": "sha256:e8c73c638ae9ec5ad70c49df7e484040d889cca6b4a9af056579c3d058ea93f0"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 113,
"digest": "sha256:1e3d9b7d145208fa8fa3ee1c9612d0adaac7255f1bbc9ddea7e461e0b317805c"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 385,
"digest": "sha256:4aa0ea1413d37a58615488592a0b827ea4b2e48fa5a77cf707d0e35f025e613f"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 355,
"digest": "sha256:7c881f9ab25e0d86562a123b5fb56aebf8aa0ddd7d48ef602faf8d1e7cf43d8c"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 130562,
"digest": "sha256:5627a970d25e752d971a501ec7e35d0d6fdcd4a3ce9e958715a686853024794a"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 5845784,
"digest": "sha256:19cf2287de7f0374c1fc438c9bbef13540caa0ba62ce875901082959a4181fed"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 2063413,
"digest": "sha256:ebba9ccde3efe3177f5a74772e6e85446e7cbad9528c1c169e403a1981429d14"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 968574,
"digest": "sha256:1933f300df8c747385bc1e9a261b9fc7ec89b0c02b51439a3759344a643a4bb9"
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"size": 2408317,
"digest": "sha256:408daab5e706e2e654cae7f60f77ba757cbc2229947a23e073b9a4c8e0697b2d"
}
]
}
WORKSPACE
load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
http_archive(
name = "io_bazel_rules_go",
sha256 = "91585017debb61982f7054c9688857a2ad1fd823fc3f9cb05048b0025c47d023",
urls = [
"https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.42.0/rules_go-v0.42.0.zip",
"https://github.com/bazelbuild/rules_go/releases/download/v0.42.0/rules_go-v0.42.0.zip",
],
)
http_archive(
name = "bazel_gazelle",
sha256 = "d3fa66a39028e97d76f9e2db8f1b0c11c099e8e01bf363a923074784e451f809",
urls = [
"https://mirror.bazel.build/github.com/bazelbuild/bazel-gazelle/releases/download/v0.33.0/bazel-gazelle-v0.33.0.tar.gz",
"https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.33.0/bazel-gazelle-v0.33.0.tar.gz",
],
)
# ==================================
load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies")
# ==================================
load("//:repositories.bzl", "go_repositories")
# gazelle:repository_macro repositories.bzl%go_repositories
go_repositories()
go_rules_dependencies()
go_register_toolchains(version = "1.19.8")
gazelle_dependencies()
# ==================================
# rules_pkg
http_archive(
name = "rules_pkg",
urls = [
"https://mirror.bazel.build/github.com/bazelbuild/rules_pkg/releases/download/0.9.1/rules_pkg-0.9.1.tar.gz",
"https://github.com/bazelbuild/rules_pkg/releases/download/0.9.1/rules_pkg-0.9.1.tar.gz",
],
sha256 = "8f9ee2dc10c1ae514ee599a8b42ed99fa262b757058f65ad3c384289ff70c4b8",
)
load("@rules_pkg//:deps.bzl", "rules_pkg_dependencies")
rules_pkg_dependencies()
# ========================
# rules_oci
http_archive(
name = "rules_oci",
sha256 = "31d52a30f862591de01de829e653231ef68966411c2c5938b51a9f3d1f019251",
strip_prefix = "rules_oci-1.5.0",
url = "https://github.com/bazel-contrib/rules_oci/releases/download/v1.5.0/rules_oci-v1.5.0.tar.gz",
)
load("@rules_oci//oci:dependencies.bzl", "rules_oci_dependencies")
rules_oci_dependencies()
load("@rules_oci//oci:repositories.bzl", "LATEST_CRANE_VERSION", "oci_register_toolchains")
oci_register_toolchains(
name = "oci",
crane_version = LATEST_CRANE_VERSION,
)
load("@rules_oci//cosign:repositories.bzl", "cosign_register_toolchains")
cosign_register_toolchains(name = "oci_cosign")
load("@rules_oci//oci:pull.bzl", "oci_pull")
oci_pull(
name = "distroless_base",
digest = "sha256:b31a6e02605827e77b7ebb82a0ac9669ec51091edd62c2c076175e05556f4ab9",
image = "gcr.io/distroless/base",
platforms = [
"linux/amd64",
],
)
BUILD.bazel
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
load("@rules_pkg//:pkg.bzl", "pkg_tar")
load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push", "oci_tarball", "oci_image_index")
load("@rules_oci//cosign:defs.bzl", "cosign_sign")
load("@bazel_gazelle//:def.bzl", "gazelle")
gazelle(name = "gazelle")
go_library(
name = "go_default_library",
srcs = ["main.go"],
importpath = "github.com/salrashid123/testapp",
visibility = ["//visibility:private"],
deps = [
"@org_golang_x_net//http2:go_default_library",
"@com_github_gorilla_mux//:go_default_library",
],
)
go_binary(
name = "main",
out = "server",
embed = [":go_default_library"],
visibility = ["//visibility:public"],
goos = "linux",
goarch = "amd64",
)
pkg_tar(
name = "main-tar",
srcs = [":main"],
package_dir = "/",
)
oci_image(
name = "app-image",
base = "@distroless_base",
tars = [":main-tar"],
labels = {
"tee.launch_policy.allow_cmd_override": "false",
"tee.launch_policy.log_redirect": "always",
},
entrypoint = ["/server"],
cmd = [],
env = {
"foo": "bar",
},
exposed_ports = [
"8080/tcp",
],
)
oci_image_index(
name = "app-index",
images = [
":app-image",
]
)
oci_tarball(
name = "tar-docker",
image = "app-image",
format = "docker",
repo_tags = ["localhost:4000/test:server"],
)
oci_tarball(
name = "tar-oci-index",
image = ":app-index",
format = "oci",
repo_tags = ["localhost:4000/test:server"],
)
oci_push(
name = "push-image",
image = ":app-image",
repository = "localhost:4000/test",
remote_tags = ["server"],
)
- `repositories.bzl
load("@bazel_gazelle//:deps.bzl", "go_repository")
def go_repositories():
go_repository(
name = "com_github_gorilla_mux",
importpath = "github.com/gorilla/mux",
sum = "h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=",
version = "v1.8.1",
)
go_repository(
name = "org_golang_x_crypto",
importpath = "golang.org/x/crypto",
sum = "h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=",
version = "v0.16.0",
)
go_repository(
name = "org_golang_x_mod",
importpath = "golang.org/x/mod",
sum = "h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=",
version = "v0.8.0",
)
go_repository(
name = "org_golang_x_net",
importpath = "golang.org/x/net",
sum = "h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=",
version = "v0.19.0",
)
go_repository(
name = "org_golang_x_sys",
importpath = "golang.org/x/sys",
sum = "h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=",
version = "v0.15.0",
)
go_repository(
name = "org_golang_x_term",
importpath = "golang.org/x/term",
sum = "h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=",
version = "v0.15.0",
)
go_repository(
name = "org_golang_x_text",
importpath = "golang.org/x/text",
sum = "h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=",
version = "v0.14.0",
)
go_repository(
name = "org_golang_x_tools",
importpath = "golang.org/x/tools",
sum = "h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=",
version = "v0.6.0",
)
main.go
package main
import (
"fmt"
"log"
"net/http"
"github.com/gorilla/mux"
"golang.org/x/net/http2"
)
var ()
const ()
func gethandler(w http.ResponseWriter, r *http.Request) {
fmt.Fprint(w, "ok")
}
func main() {
router := mux.NewRouter()
router.Methods(http.MethodGet).Path("/").HandlerFunc(gethandler)
server := &http.Server{
Addr: ":8080",
Handler: router,
}
http2.ConfigureServer(server, &http2.Server{})
fmt.Println("Starting Server..")
log.Fatal(server.ListenAndServe())
}go.mod
module github.com/salrashid123/testapp
go 1.21
require (
github.com/gorilla/mux v1.8.1
golang.org/x/net v0.19.0
)
require golang.org/x/text v0.14.0 // indirect