bazel-contrib / rules_oci Goto Github PK
View Code? Open in Web Editor NEWBazel rules for building OCI containers
License: Apache License 2.0
Bazel rules for building OCI containers
License: Apache License 2.0
Needed to flatten multiple layers into one;
Features
I'm testing rules_oci
with rules_js
(and specifically js_image
).
The build currently fails with:
[4,897 / 4,899] [Prepa] JsImageLayer //:layers
[4,897 / 4,899] JsImageLayer //:layers; 11s linux-sandbox, remote-cache
ERROR: /home/runner/work/noderosso/noderosso/BUILD.bazel:38:10: OCI Image //:server failed: (Exit 1): image_server.sh failed: error executing command bazel-out/k8-fastbuild/bin/image_server.sh mutate oci:layout/bazel-out/k8-fastbuild/bin/external/nodejs_base_image/layout --tag oci:registry/server '--append=bazel-out/k8-fastbuild/bin/layers_app.tar.gz' ... (remaining 6 arguments skipped)
Use --sandbox_debug to see verbose messages from the sandbox and retain the sandbox build root for debugging
HTTP port 0
{"level":"info","params":{"distSpecVersion":"1.0.1-dev","GoVersion":"go1.19.1","Commit":"v1.4.3-rc3-0-gfd87a22","ReleaseTag":"v1.4.3-rc3","BinaryType":"-sync-search-scrub-metrics-lint","AccessControl":null,"Storage":{"Dedupe":true,"GC":true,"Commit":false,"GCDelay":3600000000000,"GCInterval":0,"RootDirectory":"bazel-out/k8-fastbuild/bin//storage_server","StorageDriver":null,"SubPaths":null},"HTTP":{"Address":"127.0.0.1","Port":"0","AllowOrigin":"","TLS":null,"Auth":{"FailDelay":0,"HTPasswd":{"Path":""},"LDAP":null,"Bearer":null},"RawAccessControl":null,"Realm":"","Ratelimit":null},"Log":{"Level":"info","Output":"","Audit":""},"Extensions":null},"goroutine":1,"caller":"zotregistry.io/zot/pkg/api/controller.go:116","time":"2023-03-02T11:53:30.758333746Z","message":"configuration settings"}
{"level":"info","cpus":2,"max. open files":65536,"listen backlog":"4096","max. inotify watches":"2147483647","goroutine":1,"caller":"zotregistry.io/zot/pkg/api/controller.go:107","time":"2023-03-02T11:53:30.758474147Z","message":"runtime params"}
{"level":"warn","goroutine":1,"caller":"zotregistry.io/zot/pkg/debug/swagger/swagger_disabled.go:21","time":"2023-03-02T11:53:30.789056104Z","message":"skipping enabling swagger because given zot binarydoesn't include this feature, please build a binary that does so"}
{"level":"info","port":36345,"address":"127.0.0.1","goroutine":1,"caller":"zotregistry.io/zot/pkg/api/controller.go:193","time":"2023-03-02T11:53:30.789251407Z","message":"port is unspecified, listening on kernel chosen port"}
{"level":"info","module":"http","clientIP":"127.0.0.1:57384","method":"GET","path":"/v2/","statusCode":200,"latency":"13.1µs","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["crane/0.12.0 go-containerregistry/0.12.0"]},"goroutine":37,"caller":"zotregistry.io/zot/pkg/api/session.go:132","time":"2023-03-02T11:53:30.799068421Z","message":"HTTP API"}
{"level":"error","error":"stat bazel-out/k8-fastbuild/bin/storage_server/oci/layout/blobs/sha256/aa2b1da47449b03ef99af1db40df44102754f419d4f72581df468ffcd360bc70: no such file or directory","blob":"bazel-out/k8-fastbuild/bin/storage_server/oci/layout/blobs/sha256/aa2b1da47449b03ef99af1db40df44102754f419d4f72581df468ffcd360bc70","goroutine":37,"caller":"zotregistry.io/zot/pkg/storage/local/local.go:1070","time":"2023-03-02T11:53:30.799758829Z","caller":"zotregistry.io/zot/pkg/storage/local/local.go:1070","message":"failed to stat blob"}
{"level":"error","error":"cache: miss","digest":"sha256:aa2b1da47449b03ef99af1db40df44102754f419d4f72581df468ffcd360bc70","goroutine":37,"caller":"zotregistry.io/zot/pkg/storage/local/local.go:1075","time":"2023-03-02T11:53:30.79981543Z","caller":"zotregistry.io/zot/pkg/storage/local/local.go:1075","message":"cache: not found"}
{"level":"info","module":"http","clientIP":"127.0.0.1:57384","method":"HEAD","path":"/v2/oci/layout/blobs/sha256:aa2b1da47449b03ef99af1db40df44102754f419d4f72581df468ffcd360bc70","statusCode":404,"latency":"367.005µs","bodySize":407,"headers":{"User-Agent":["crane/0.12.0 go-containerregistry/0.12.0"]},"goroutine":37,"caller":"zotregistry.io/zot/pkg/api/session.go:132","time":"2023-03-02T11:53:30.800063033Z","message":"HTTP API"}
{"level":"error","error":"stat bazel-out/k8-fastbuild/bin/storage_server/oci/layout/blobs/sha256/7dcffaf987694bb0a0863ae2c3b582125b1c20d3148f0412f901b918b9a8e22d: no such file or directory","blob":"bazel-out/k8-fastbuild/bin/storage_server/oci/layout/blobs/sha256/7dcffaf987694bb0a0863ae2c3b582125b1c20d3148f0412f901b918b9a8e22d","goroutine":42,"caller":"zotregistry.io/zot/pkg/storage/local/local.go:1070","time":"2023-03-02T11:53:30.800282636Z","caller":"zotregistry.io/zot/pkg/storage/local/local.go:1070","message":"failed to stat blob"}
{"level":"error","error":"cache: miss","digest":"sha256:7dcffaf987694bb0a0863ae2c3b582125b1c20d3148f0412f901b918b9a8e22d","goroutine":42,"caller":"zotregistry.io/zot/pkg/storage/local/local.go:1075","time":"2023-03-02T11:53:30.800323536Z","caller":"zotregistry.io/zot/pkg/storage/local/local.go:1075","message":"cache: not found"}
{"level":"info","module":"http","clientIP":"127.0.0.1:57420","method":"HEAD","path":"/v2/oci/layout/blobs/sha256:7dcffaf987694bb0a0863ae2c3b582125b1c20d3148f0412f901b918b9a8e22d","statusCode":404,"latency":"122.401µs","bodySize":407,"headers":{"User-Agent":["crane/0.12.0 go-containerregistry/0.12.0"]},"goroutine":42,"caller":"zotregistry.io/zot/pkg/api/session.go:132","time":"2023-03-02T11:53:30.800383337Z","message":"HTTP API"}
{"level":"error","error":"stat bazel-out/k8-fastbuild/bin/storage_server/oci/layout/blobs/sha256/8fa73d8e9b247843c662dbf1f1e26a211ca0f8121d4fd858868ed10adc921b1e: no such file or directory","blob":"bazel-out/k8-fastbuild/bin/storage_server/oci/layout/blobs/sha256/8fa73d8e9b247843c662dbf1f1e26a211ca0f8121d4fd858868ed10adc921b1e","goroutine":39,"caller":"zotregistry.io/zot/pkg/storage/local/local.go:1070","time":"2023-03-02T11:53:30.800542039Z","caller":"zotregistry.io/zot/pkg/storage/local/local.go:1070","message":"failed to stat blob"}
{"level":"error","error":"cache: miss","digest":"sha256:8fa73d8e9b247843c662dbf1f1e26a211ca0f8121d4fd858868ed10adc921b1e","goroutine":39,"caller":"zotregistry.io/zot/pkg/storage/local/local.go:1075","time":"2023-03-02T11:53:30.800581239Z","caller":"zotregistry.io/zot/pkg/storage/local/local.go:1075","message":"cache: not found"}
{"level":"info","module":"http","clientIP":"127.0.0.1:57400","method":"HEAD","path":"/v2/oci/layout/blobs/sha256:8fa73d8e9b247843c662dbf1f1e26a211ca0f8121d4fd858868ed10adc921b1e","statusCode":404,"latency":"106.201µs","bodySize":407,"headers":{"User-Agent":["crane/0.12.0 go-containerregistry/0.12.0"]},"goroutine":39,"caller":"zotregistry.io/zot/pkg/api/session.go:132","time":"2023-03-02T11:53:30.80062624Z","message":"HTTP API"}
{"level":"error","error":"stat bazel-out/k8-fastbuild/bin/storage_server/oci/layout/blobs/sha256/383e1c5dd0c1830143b1230e90292ebd4219911e0512b70d250c8907c4899110: no such file or directory","blob":"bazel-out/k8-fastbuild/bin/storage_server/oci/layout/blobs/sha256/383e1c5dd0c1830143b1230e90292ebd4219911e0512b70d250c8907c4899110","goroutine":40,"caller":"zotregistry.io/zot/pkg/storage/local/local.go:1070","time":"2023-03-02T11:53:30.800749741Z","caller":"zotregistry.io/zot/pkg/storage/local/local.go:1070","message":"failed to stat blob"}
{"level":"error","error":"cache: miss","digest":"sha256:383e1c5dd0c1830143b1230e90292ebd4219911e0512b70d250c8907c4899110","goroutine":40,"caller":"zotregistry.io/zot/pkg/storage/local/local.go:1075","time":"2023-03-02T11:53:30.800786141Z","caller":"zotregistry.io/zot/pkg/storage/local/local.go:1075","message":"cache: not found"}
{"level":"info","module":"http","clientIP":"127.0.0.1:57404","method":"HEAD","path":"/v2/oci/layout/blobs/sha256:383e1c5dd0c1830143b1230e90292ebd4219911e0512b70d250c8907c4899110","statusCode":404,"latency":"93.701µs","bodySize":407,"headers":{"User-Agent":["crane/0.12.0 go-containerregistry/0.12.0"]},"goroutine":40,"caller":"zotregistry.io/zot/pkg/api/session.go:132","time":"2023-03-02T11:53:30.800827142Z","message":"HTTP API"}
{"level":"error","error":"stat bazel-out/k8-fastbuild/bin/storage_server/oci/layout/blobs/sha256/c59673e9fae3f9d588110a25acdf7240f3a5d97c40fb86ccc71c23bf7abbea53: no such file or directory","blob":"bazel-out/k8-fastbuild/bin/storage_server/oci/layout/blobs/sha256/c59673e9fae3f9d588110a25acdf7240f3a5d97c40fb86ccc71c23bf7abbea53","goroutine":41,"caller":"zotregistry.io/zot/pkg/storage/local/local.go:1070","time":"2023-03-02T11:53:30.800945043Z","caller":"zotregistry.io/zot/pkg/storage/local/local.go:1070","message":"failed to stat blob"}
{"level":"error","error":"cache: miss","digest":"sha256:c59673e9fae3f9d588110a25acdf7240f3a5d97c40fb86ccc71c23bf7abbea53","goroutine":41,"caller":"zotregistry.io/zot/pkg/storage/local/local.go:1075","time":"2023-03-02T11:53:30.800981544Z","caller":"zotregistry.io/zot/pkg/storage/local/local.go:1075","message":"cache: not found"}
{"level":"info","module":"http","clientIP":"127.0.0.1:57410","method":"HEAD","path":"/v2/oci/layout/blobs/sha256:c59673e9fae3f9d588110a25acdf7240f3a5d97c40fb86ccc71c23bf7abbea53","statusCode":404,"latency":"103.801µs","bodySize":407,"headers":{"User-Agent":["crane/0.12.0 go-containerregistry/0.12.0"]},"goroutine":41,"caller":"zotregistry.io/zot/pkg/api/session.go:132","time":"2023-03-02T11:53:30.801030444Z","message":"HTTP API"}
{"level":"info","module":"http","clientIP":"127.0.0.1:57384","method":"POST","path":"/v2/oci/layout/blobs/uploads/","statusCode":202,"latency":"281.804µs","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Content-Type":["application/json"],"User-Agent":["crane/0.12.0 go-containerregistry/0.12.0"]},"goroutine":37,"caller":"zotregistry.io/zot/pkg/api/session.go:132","time":"2023-03-02T11:53:30.801444749Z","message":"HTTP API"}
{"level":"info","module":"http","clientIP":"127.0.0.1:57410","method":"POST","path":"/v2/oci/layout/blobs/uploads/","statusCode":202,"latency":"57.7µs","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Content-Type":["application/json"],"User-Agent":["crane/0.12.0 go-containerregistry/0.12.0"]},"goroutine":41,"caller":"zotregistry.io/zot/pkg/api/session.go:132","time":"2023-03-02T11:53:30.801859054Z","message":"HTTP API"}
{"level":"info","module":"http","clientIP":"127.0.0.1:57420","method":"POST","path":"/v2/oci/layout/blobs/uploads/","statusCode":202,"latency":"38.501µs","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Content-Type":["application/json"],"User-Agent":["crane/0.12.0 go-containerregistry/0.12.0"]},"goroutine":42,"caller":"zotregistry.io/zot/pkg/api/session.go:132","time":"2023-03-02T11:53:30.802028756Z","message":"HTTP API"}
{"level":"info","module":"http","clientIP":"127.0.0.1:57400","method":"POST","path":"/v2/oci/layout/blobs/uploads/","statusCode":202,"latency":"34.5µs","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Content-Type":["application/json"],"User-Agent":["crane/0.12.0 go-containerregistry/0.12.0"]},"goroutine":39,"caller":"zotregistry.io/zot/pkg/api/session.go:132","time":"2023-03-02T11:53:30.802168258Z","message":"HTTP API"}
{"level":"info","module":"http","clientIP":"127.0.0.1:57384","method":"PATCH","path":"/v2/oci/layout/blobs/uploads/d433157d-3c5f-404f-9db7-b7095e44ecbf","statusCode":202,"latency":"75.601µs","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Type":["application/octet-stream"],"User-Agent":["crane/0.12.0 go-containerregistry/0.12.0"]},"goroutine":37,"caller":"zotregistry.io/zot/pkg/api/session.go:132","time":"2023-03-02T11:53:30.802423961Z","message":"HTTP API"}
{"level":"info","module":"http","clientIP":"127.0.0.1:57420","method":"PATCH","path":"/v2/oci/layout/blobs/uploads/a5dc1a29-3a2c-4e69-827b-542b0f0ee9be","statusCode":202,"latency":"928.31µs","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Type":["application/octet-stream"],"User-Agent":["crane/0.12.0 go-containerregistry/0.12.0"]},"goroutine":42,"caller":"zotregistry.io/zot/pkg/api/session.go:132","time":"2023-03-02T11:53:30.807849924Z","message":"HTTP API"}
{"level":"info","module":"http","clientIP":"127.0.0.1:57404","method":"POST","path":"/v2/oci/layout/blobs/uploads/","statusCode":202,"latency":"101.401µs","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Content-Type":["application/json"],"User-Agent":["crane/0.12.0 go-containerregistry/0.12.0"]},"goroutine":40,"caller":"zotregistry.io/zot/pkg/api/session.go:132","time":"2023-03-02T11:53:30.808785335Z","message":"HTTP API"}
{"level":"info","r.ContentLength":0,"goroutine":42,"caller":"zotregistry.io/zot/pkg/api/routes.go:1143","time":"2023-03-02T11:53:30.80923554Z","message":"DEBUG"}
{"level":"info","r.ContentLength":0,"goroutine":37,"caller":"zotregistry.io/zot/pkg/api/routes.go:1143","time":"2023-03-02T11:53:30.813884094Z","message":"DEBUG"}
{"level":"info","module":"http","clientIP":"127.0.0.1:57420","method":"PUT","path":"/v2/oci/layout/blobs/uploads/a5dc1a29-3a2c-4e69-827b-542b0f0ee9be?digest=sha256%3A7dcffaf987694bb0a0863ae2c3b582125b1c20d3148f0412f901b918b9a8e22d","statusCode":201,"latency":"12.83735ms","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Content-Type":["application/octet-stream"],"User-Agent":["crane/0.12.0 go-containerregistry/0.12.0"]},"goroutine":42,"caller":"zotregistry.io/zot/pkg/api/session.go:132","time":"2023-03-02T11:53:30.822146191Z","message":"HTTP API"}
{"level":"info","module":"http","clientIP":"127.0.0.1:57384","method":"PUT","path":"/v2/oci/layout/blobs/uploads/d433157d-3c5f-404f-9db7-b7095e44ecbf?digest=sha256%3Aaa2b1da47449b03ef99af1db40df44102754f419d4f72581df468ffcd360bc70","statusCode":201,"latency":"12.80045ms","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Content-Type":["application/octet-stream"],"User-Agent":["crane/0.12.0 go-containerregistry/0.12.0"]},"goroutine":37,"caller":"zotregistry.io/zot/pkg/api/session.go:132","time":"2023-03-02T11:53:30.822192792Z","message":"HTTP API"}
{"level":"info","module":"http","clientIP":"127.0.0.1:57404","method":"PATCH","path":"/v2/oci/layout/blobs/uploads/5921f2e1-1125-4e06-93ad-a76f851a97b2","statusCode":202,"latency":"9.034806ms","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Type":["application/octet-stream"],"User-Agent":["crane/0.12.0 go-containerregistry/0.12.0"]},"goroutine":40,"caller":"zotregistry.io/zot/pkg/api/session.go:132","time":"2023-03-02T11:53:30.82381451Z","message":"HTTP API"}
2023/03/02 11:53:30 pushed blob: sha256:7dcffaf987694bb0a0863ae2c3b582125b1c20d3148f0412f901b918b9a8e22d
{"level":"info","r.ContentLength":0,"goroutine":40,"caller":"zotregistry.io/zot/pkg/api/routes.go:1143","time":"2023-03-02T11:53:30.826243939Z","message":"DEBUG"}
2023/03/02 11:53:30 pushed blob: sha256:aa2b1da47449b03ef99af1db40df44102754f419d4f72581df468ffcd360bc70
{"level":"info","module":"http","clientIP":"127.0.0.1:57410","method":"PATCH","path":"/v2/oci/layout/blobs/uploads/68e7678d-79e2-4715-92d3-eb55a47b2c66","statusCode":202,"latency":"27.284918ms","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Type":["application/octet-stream"],"User-Agent":["crane/0.12.0 go-containerregistry/0.12.0"]},"goroutine":41,"caller":"zotregistry.io/zot/pkg/api/session.go:132","time":"2023-03-02T11:53:30.829949082Z","message":"HTTP API"}
{"level":"info","r.ContentLength":0,"goroutine":37,"caller":"zotregistry.io/zot/pkg/api/routes.go:1143","time":"2023-03-02T11:53:30.831828904Z","message":"DEBUG"}
{"level":"info","module":"http","clientIP":"127.0.0.1:57404","method":"PUT","path":"/v2/oci/layout/blobs/uploads/5921f2e1-1125-4e06-93ad-a76f851a97b2?digest=sha256%3A383e1c5dd0c1830143b1230e90292ebd4219911e0512b70d250c8907c4899110","statusCode":201,"latency":"12.252043ms","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Content-Type":["application/octet-stream"],"User-Agent":["crane/0.12.0 go-containerregistry/0.12.0"]},"goroutine":40,"caller":"zotregistry.io/zot/pkg/api/session.go:132","time":"2023-03-02T11:53:30.838499082Z","message":"HTTP API"}
2023/03/02 11:53:30 pushed blob: sha256:383e1c5dd0c1830143b1230e90292ebd4219911e0512b70d250c8907c4899110
{"level":"info","module":"http","clientIP":"127.0.0.1:57384","method":"PUT","path":"/v2/oci/layout/blobs/uploads/68e7678d-79e2-4715-92d3-eb55a47b2c66?digest=sha256%3Ac59673e9fae3f9d588110a25acdf7240f3a5d97c40fb86ccc71c23bf7abbea53","statusCode":201,"latency":"31.128664ms","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Content-Type":["application/octet-stream"],"User-Agent":["crane/0.12.0 go-containerregistry/0.12.0"]},"goroutine":37,"caller":"zotregistry.io/zot/pkg/api/session.go:132","time":"2023-03-02T11:53:30.862984668Z","message":"HTTP API"}
2023/03/02 11:53:30 pushed blob: sha256:c59673e9fae3f9d588110a25acdf7240f3a5d97c40fb86ccc71c23bf7abbea53
{"level":"info","module":"http","clientIP":"127.0.0.1:57400","method":"PATCH","path":"/v2/oci/layout/blobs/uploads/e12a21c6-9b9e-43ca-8171-8d39846e6d3a","statusCode":202,"latency":"84.450287ms","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Type":["application/octet-stream"],"User-Agent":["crane/0.12.0 go-containerregistry/0.12.0"]},"goroutine":39,"caller":"zotregistry.io/zot/pkg/api/session.go:132","time":"2023-03-02T11:53:30.892583614Z","message":"HTTP API"}
{"level":"info","r.ContentLength":0,"goroutine":40,"caller":"zotregistry.io/zot/pkg/api/routes.go:1143","time":"2023-03-02T11:53:30.893216921Z","message":"DEBUG"}
{"level":"info","module":"http","clientIP":"127.0.0.1:57404","method":"PUT","path":"/v2/oci/layout/blobs/uploads/e12a21c6-9b9e-43ca-8171-8d39846e6d3a?digest=sha256%3A8fa73d8e9b247843c662dbf1f1e26a211ca0f8121d4fd858868ed10adc921b1e","statusCode":201,"latency":"135.351381ms","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Content-Type":["application/octet-stream"],"User-Agent":["crane/0.12.0 go-containerregistry/0.12.0"]},"goroutine":40,"caller":"zotregistry.io/zot/pkg/api/session.go:132","time":"2023-03-02T11:53:31.028598802Z","message":"HTTP API"}
2023/03/02 11:53:31 pushed blob: sha256:8fa73d8e9b247843c662dbf1f1e26a211ca0f8121d4fd858868ed10adc921b1e
{"level":"info","module":"http","clientIP":"127.0.0.1:57404","method":"PUT","path":"/v2/oci/layout/manifests/latest","statusCode":415,"latency":"39.201µs","bodySize":404,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["918"],"Content-Type":["application/vnd.docker.distribution.manifest.v2+json"],"User-Agent":["crane/0.12.0 go-containerregistry/0.12.0"]},"goroutine":40,"caller":"zotregistry.io/zot/pkg/api/session.go:132","time":"2023-03-02T11:53:31.029201909Z","message":"HTTP API"}
Error: PUT http://127.0.0.1:36345/v2/oci/layout/manifests/latest: MANIFEST_INVALID: manifest invalid; [map[mediaType:application/vnd.docker.distribution.manifest.v2+json]]
Error: pulling : parsing reference "": could not parse reference:
Target //:upload failed to build
Use --verbose_failures to see the command lines of failed build steps.
INFO: Elapsed time: 103.871s, Critical Path: 50.65s
Workspace
oci_pull(
name = "nodejs_base_image",
digest = "sha256:07027462f9f8235d7ef89f79a5f36be8345a17cccf32903fb2bdcb88e879fce9", # sha for tag 'latest-amd64'
image = "gcr.io/distroless/nodejs18-debian11",
)
BUILD.bazel
js_image_layer(
name = "layers",
binary = "//packages/main",
root = "/app",
visibility = ["//visibility:__pkg__"],
)
oci_image(
name = "server",
architecture = "amd64",
base = "@nodejs_base_image",
cmd = ["/app/packages/main/main"],
entrypoint = ["bash"],
tars = [
":layers",
],
)
oci_push(
name = "upload",
image = ":server",
repository = "myregistry.azurecr.io/myimage",
)
I tried to run the action with:
bazel run //:upload -- -tag 1
.default_tags = "1"
in the oci_push
and run bazel run //:upload
.I get the same error. I'm not sure if this is my fault or the issue is the manifest (MANIFEST_INVALID: manifest invalid; [map[mediaType:application/vnd.docker.distribution.manifest.v2+json]]
)
I use:
We need to introduce toolchains that provide umoci
and skopeo
. Right now users have to vendor these tools.
For more context see: containers/skopeo#1545 and opencontainers/umoci#332
arm64
amd64
arm64
amd64
, optionally other archs
not sure about this, it might take a while but there is nothing that stops us from landing the support for it.
amd64
amd64
arm64
One of the important goals of rules_container is to be reproducible. the final image should be canonical as long as the compilation target is the same. we should assert this with our CI pipeline.
A few examples of this would be
darwin/arm64
cross-compiling to linux/arm64
darwin/amd64
cross-compiling to linux/arm64
linux/armel
cross-compiling to linux/arm64
linux/arm64
compiling to linux/arm64
windows/amd64
cross-compiling to linux/arm64
with all of the cases above, the resulting image should be canonical and have the same digest. this is a realistic goal as long as the upstream *_binary
rules are deterministic and spit the same runfiles
regardless of the host platform.
there are a few things to be careful about in order to ensure reproducibility.
history
property in image config--mtime
embedded in tar layers.--sort=name
file ordering in tar layers.--owner=0 --group=0 --numeric-owner
in tar layers.Currently, oci_image_index
depends on wc
and shasum
installed on host machine. These dependencies are undeclared and may lead oci_image_index
to fail if any of these tools are absent on the host.
Alternatives considered;
https://github.com/jonelo/jacksum - requires dependency on java_binary
.
https://github.com/bazelbuild/bazel/blob/master/tools/build_defs/hash/hash.bzl - requires dependency on py_binary
We don't want to write our own rules/macros for these in our public API, but we do need to show users what to do.
Answer might be:
go_binary
Here is the list from https://github.com/bazelbuild/rules_docker#language-rules
I was wondering if it possible to run a container_image
(using the Bazel configured toolchain) inside of an sh_binary
or sh_test
? This would be a powerful feature, for example to test code that only works inside of a particular container.
If it is possible, is there an example of this?
Docker V2 images are slightly different than their OCI counterparts. Major differences are mediaType
and properties that their Configs
can have. Converting an Docker V2 image to OCI is fairly simple using newly added append --empty-base-oci
command of crane. However, this causes image digests to change breaking the provenance.
currently, the creation time of the images is set to a fixed date for reproducibility. this should be overridable with stamping.
In order to do this cosign needs to be introduced as a toolchain/
Features
-r
option (for multi-platform images)Feature request:
Allow Bazel to build Dockerfile images in a way that takes advantage of incremental build caching. The dockerfile_image
rule in rules_docker contrib allows building such images, but it's incredibly slow because of the lack of build cache.
We need to make sure that images built with rules_oci work with common runtimes out there. This will give us confidence that our rules such as oci_tarball
oci_image
can built artifacts that are loadable and usable.
We should have a CI set up for
Trying to build an oci_image
target fails with
ERROR: /home/alexeagle/Projects/a/engineering/projects/hello_world/BUILD.bazel:27:10: OCI Image //a/engineering/projects/hello_world:image failed: (Exit 1): image_image.sh failed: error executing command bazel-out/k8-fastbuild/bin/a/engineering/projects/hello_world/image_image.sh mutate oci:layout/bazel-out/k8-fastbuild/bin/external/distroless_static_debian11_amd64/layout --tag ... (remaining 5 arguments skipped)
Use --sandbox_debug to see verbose messages from the sandbox and retain the sandbox build root for debugging
2023/02/14 08:43:07 pushed blob: sha256:e5e2a36b2d933eda4e380755c7ed535a46f1a42233234490c40d49c0c326b0fa
2023/02/14 08:43:07 pushed blob: sha256:fc251a6e798157dc3b46fd265da72f39cd848e3f9f4a0b28587d1713b878deb9
Error: PUT http://127.0.0.1:35905/v2/oci/layout/manifests/latest: MANIFEST_INVALID: manifest invalid; [map[mediaType:application/vnd.docker.distribution.manifest.v2+json]]
Error: pulling : parsing reference "": could not parse reference:
HTTP":{"Address":"127.0.0.1","Port":"0","AllowOrigin":"","TLS":null,"Auth":{"FailDelay":0,"HTPasswd":{"Path":""},"LDAP":null,"Bearer":null},"RawAccessControl":null,"Realm":"","Ratelimit":null},"Log":{"Level":"info","Output":"","Audit":""},"Extensions":null},"goroutine":1,"caller":"zotregistry.io/zot/pkg/api/controller.go:116","time":"2023-02-14T08:43:07.739974539-08:00","message":"configuration settings"}
We should detect the invalid manifest and give the user some idea what this means and how to repair it.
Right now, users can implement one, like in https://github.com/aspect-build/rules_js/blob/main/e2e/js_image_oci/pull.bzl
But it would be better to have something upstream.
When I build //example:base
and other targets that depend on it, Bazel warns the output of //example:base
is a directory as follows:
$ bazel build //example:base
...
WARNING: /Volumes/work/github/rules_oci/example/BUILD.bazel:25:8: output 'example/layout' of //example:base is a directory; dependency checking of directories is unsound
Build itself succeeds, but it would be nice to fix the warning or work around the underlying issue.
I see the similar warning when I ran bazel build //src:image
in e2e/js_image_oci
of rules_js (Probably, the root cause of the warning is same):
WARNING: /private/var/tmp/_bazel_t/ce0e746d0a64bfce50fc270eb1254184/external/debian_amd64/BUILD.bazel:2:8: output 'external/debian_amd64/layout' of @debian_amd64//:image is a directory; dependency checking of directories is unsound
I should be able to push a specific tag with something like bazel run --stamp --embed_label=1.2.3 //path/to:my_oci_push
Will use https://github.com/aspect-build/bazel-lib/blob/main/docs/stamping.md
Hello,
I've wanted to set up rules_oci for my companys repo, and I see that it's just launched on BCR now, which is great!
So I tried to add it, and it seems to cause a conflict with the protobuf
package:
Error computing the main repository mapping: [email protected] depends on [email protected] with compatibility level 1, but [email protected] depends on [email protected] with compatibility level 0 which is different
Wasn't this one of the things bzlmod was gonna solve for Bazel? Incompatibilities between dependencies for different rule projects.
I use bzlmod for almost all of my rules, I don't have rules_kotlin
in bzlmod yet, nor rules_jvm_contrib
, those are the two that are missing.
My MODULE.bazel contains:
bazel_dep(name = "rules_java", version = "5.4.1")
bazel_dep(name = "rules_jvm_external", version = "5.1")
bazel_dep(name = "rules_python", version = "0.19.0")
bazel_dep(name = "rules_go", version = "0.38.1", repo_name="io_bazel_rules_go")
bazel_dep(name = "gazelle", version = "0.29.0", repo_name="bazel_gazelle")
bazel_dep(name = "aspect_bazel_lib", version = "1.28.0")
bazel_dep(name = "rules_oci", version = "0.3.5")
I've for now just added rules_oci
as a local_path_override and changed the rules_pkg version down to 0.7.0 and that has enabled me to continue. Don't know yet what possible issues I'll encounter though.
An example build file looks like below
# this image will have 4 layers in total
oci_image(
name = "debian10",
layers = [
":debian10_fs",
":debian10_passwd",
":libs"
]
)
platforms = {
# 1:2+ transitions
"@platforms//linux": [
"@platforms//cpu:x86_64",
"@platforms//cpu:arm64",
"@platforms//cpu:armel",
"@platforms//cpu:ppc",
]
}
# will yield multi-platform image
oci_index(
name = "debian_multi",
image = ":debian10",
platforms = platforms
)
I would like to be able to create container image locally and then use the container image hash during a later build step (to embed the container image hash in a binary).
Is this already supported or do you have a pointer to how I could contribute this functionality?
Kind regards
It's a test runner asserting the layout of the image.
need to bring a container runtime #20
Features
fileExistenceTests
commandTests
fileContentTests
Once we are 1.0, https://github.com/GoogleContainerTools/container-structure-test#running-structure-tests-through-bazel shouldn't recommend rules_docker anymore, probably.
Hey,
I try to create a simple image that includes althttpd
web server and some static files to be served. So far everything works as expected, but when I load and run the tarball (created with oci_tarball
) with e.g. docker
, it tells me
exec /bin/althttpd: no such file or directory
To inspect, what's inside each layer I use dive
and that tool clearly shows, that all files are includes correctly:
To understand my problem I put together a reproducible example. There is a small script run.sh
that builds the image, loads and runs it.
I know that this is not a problem with rules_oci
but can somebody help me understand what I'm missing here?
Thanks for any help or feedback
Similar in nature to #74, but when using rules_oci-v0.3.7
, oci_tarball
does not seem to work with oci_image_index
even though that and the oci_image
rules both say they produce an image. The tarball.sh.tpl
script fails because there is no .config.digest
member in the manifest generated from a oci_image_index
rule. Just wasn't implemented yet? Or is my issue user error? See hello_world_linux_image_tar
target vs the individual hello_world_{}_image_tar
ones that work in the example below. I did not see an option to have oci_image_index
use a Docker Manfiest List
format.
{
"schemaVersion": 2,
"mediaType": "application/vnd.oci.image.index.v1+json",
"manifests": [
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"size": 1080,
"digest": "sha256:b82d8a82f2b419203fd22883acd9cd64423596746381a662e40554063b1ac194",
"platform": {
"os": "linux",
"architecture": "amd64"
}
},
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"size": 1080,
"digest": "sha256:0355d5bbc1c6d6392d796ccc240811ad4656bf04b54021641a692069b5ee250a",
"platform": {
"os": "linux",
"architecture": "amd64"
}
}
]
}
load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
load("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository")
http_archive(
name = "rules_license",
sha256 = "6157e1e68378532d0241ecd15d3c45f6e5cfd98fc10846045509fb2a7cc9e381",
urls = [
"https://github.com/bazelbuild/rules_license/releases/download/0.0.4/rules_license-0.0.4.tar.gz",
"https://mirror.bazel.build/github.com/bazelbuild/rules_license/releases/download/0.0.4/rules_license-0.0.4.tar.gz",
],
)
http_archive(
name = "platforms",
sha256 = "5308fc1d8865406a49427ba24a9ab53087f17f5266a7aabbfc28823f3916e1ca",
urls = [
"https://mirror.bazel.build/github.com/bazelbuild/platforms/releases/download/0.0.6/platforms-0.0.6.tar.gz",
"https://github.com/bazelbuild/platforms/releases/download/0.0.6/platforms-0.0.6.tar.gz",
],
)
http_archive(
name = "bazel_skylib",
sha256 = "b8a1527901774180afc798aeb28c4634bdccf19c4d98e7bdd1ce79d1fe9aaad7",
urls = [
"https://mirror.bazel.build/github.com/bazelbuild/bazel-skylib/releases/download/1.4.1/bazel-skylib-1.4.1.tar.gz",
"https://github.com/bazelbuild/bazel-skylib/releases/download/1.4.1/bazel-skylib-1.4.1.tar.gz",
],
)
load("@bazel_skylib//:workspace.bzl", "bazel_skylib_workspace")
bazel_skylib_workspace()
http_archive(
name = "aspect_bazel_lib",
sha256 = "ee95bbc80f9ca219b93a8cc49fa19a2d4aa8649ddc9024f46abcdd33935753ca",
strip_prefix = "bazel-lib-1.29.2",
url = "https://github.com/aspect-build/bazel-lib/releases/download/v1.29.2/bazel-lib-v1.29.2.tar.gz",
)
load("@aspect_bazel_lib//lib:repositories.bzl", "aspect_bazel_lib_dependencies", "register_jq_toolchains", "register_yq_toolchains")
aspect_bazel_lib_dependencies()
register_jq_toolchains()
register_yq_toolchains()
http_archive(
name = "rules_cc",
sha256 = "3d9e271e2876ba42e114c9b9bc51454e379cbf0ec9ef9d40e2ae4cec61a31b40",
strip_prefix = "rules_cc-0.0.6",
urls = ["https://github.com/bazelbuild/rules_cc/releases/download/0.0.6/rules_cc-0.0.6.tar.gz"],
)
http_archive(
name = "rules_pkg",
sha256 = "8c20f74bca25d2d442b327ae26768c02cf3c99e93fad0381f32be9aab1967675",
urls = [
"https://mirror.bazel.build/github.com/bazelbuild/rules_pkg/releases/download/0.8.1/rules_pkg-0.8.1.tar.gz",
"https://github.com/bazelbuild/rules_pkg/releases/download/0.8.1/rules_pkg-0.8.1.tar.gz",
],
)
load("@rules_pkg//:deps.bzl", "rules_pkg_dependencies")
rules_pkg_dependencies()
git_repository(
name = "aspect_gcc_toolchain",
commit = "4bd1f94536ee92b7c49673931773038d923ee86e",
remote = "https://github.com/aspect-build/gcc-toolchain",
)
load("@aspect_gcc_toolchain//toolchain:repositories.bzl", "gcc_toolchain_dependencies")
gcc_toolchain_dependencies()
load("@aspect_gcc_toolchain//toolchain:defs.bzl", "ARCHS", "gcc_register_toolchain")
gcc_register_toolchain(
name = "gcc_toolchain_aarch64",
target_arch = ARCHS.aarch64,
)
gcc_register_toolchain(
name = "gcc_toolchain_armv7",
target_arch = ARCHS.armv7,
)
gcc_register_toolchain(
name = "gcc_toolchain_x86_64",
sysroot_variant = "x86_64-X11",
target_arch = ARCHS.x86_64,
)
http_archive(
name = "rules_oci",
sha256 = "48642588e91e992772b94de06234da6601854fda0ee32a91ce8ef303cf5e5837",
strip_prefix = "rules_oci-0.3.7",
url = "https://github.com/bazel-contrib/rules_oci/releases/download/v0.3.7/rules_oci-v0.3.7.tar.gz",
)
load("@rules_oci//oci:dependencies.bzl", "rules_oci_dependencies")
rules_oci_dependencies()
load("@rules_oci//oci:repositories.bzl", "LATEST_CRANE_VERSION", "oci_register_toolchains")
oci_register_toolchains(
name = "oci",
crane_version = LATEST_CRANE_VERSION,
)
load("@rules_oci//oci:pull.bzl", "oci_pull")
oci_pull(
name = "distroless_static",
digest = "sha256:c3c3d0230d487c0ad3a0d87ad03ee02ea2ff0b3dcce91ca06a1019e07de05f12",
image = "gcr.io/distroless/static",
platforms = [
"linux/amd64",
"linux/arm64",
],
)
oci_pull(
name = "distroless_cc",
digest = "sha256:f252d3ca44b7f2c718c67c2020feee7b7fd4ee6bff8a192dfea6e599b7d820ad",
# TODO(https://github.com/bazel-contrib/rules_oci/issues/74) Use latest images
# digest = "sha256:fb402c45f3ef485ccd56ca2af2a58615fc47c4978bb3004e8663a83456791f48",
image = "gcr.io/distroless/cc",
platforms = [
"linux/amd64",
"linux/arm64",
],
)
load("@aspect_bazel_lib//lib:transitions.bzl", "platform_transition_filegroup")
load("@rules_pkg//pkg:tar.bzl", "pkg_tar")
load("@rules_oci//oci:defs.bzl", "oci_image", "oci_image_index", "oci_tarball")
cc_library(
name = "greeting",
srcs = ["greeting.cc"],
hdrs = ["greeting.h"],
)
cc_binary(
name = "hello_world",
srcs = ["hello_world.cpp"],
features = ["static_libstdcxx"],
deps = [
":greeting",
],
)
ARCHS = [
"linux_x86_64",
"linux_aarch64",
]
[platform_transition_filegroup(
name = "hello_world_{}".format(platform),
srcs = [":hello_world"],
target_platform = "//platforms:{}".format(platform),
) for platform in ARCHS]
[pkg_tar(
name = "hello_world_{}_tar".format(platform),
srcs = [":hello_world_{}".format(platform)],
include_runfiles = True,
strip_prefix = "/",
) for platform in ARCHS]
[oci_image(
name = "hello_world_{}_image".format(platform),
base = "@distroless_cc",
entrypoint = ["/examples/cpp/hello_world/hello_world"],
tars = [
":hello_world_{}_tar".format(platform),
],
) for platform in ARCHS]
[oci_tarball(
name = "hello_world_{}_image_tar".format(platform),
image = ":hello_world_{}_image".format(platform),
repotags = ["examples/cpp/hello_world_{}:latest".format(platform)],
) for platform in ARCHS]
oci_image_index(
name = "hello_world_linux_image",
images = [
":hello_world_{}_image".format(platform)
for platform in ARCHS
],
)
oci_tarball(
name = "hello_world_linux_image_tar",
image = ":hello_world_linux_image",
repotags = ["examples/cpp/hello_world_linux:latest"],
)
vscode ➜ /workspaces/mycode (main ✗) $ bazel build //examples/cpp/hello_world:hello_world_linux_x86_64_image_tar
INFO: Analyzed target //examples/cpp/hello_world:hello_world_linux_x86_64_image_tar (0 packages loaded, 0 targets configured).
INFO: Found 1 target...
Target //examples/cpp/hello_world:hello_world_linux_x86_64_image_tar up-to-date:
bazel-bin/examples/cpp/hello_world/hello_world_linux_x86_64_image_tar/tarball.tar
INFO: Elapsed time: 0.196s, Critical Path: 0.00s
INFO: 1 process: 1 internal.
INFO: Build completed successfully, 1 total action
vscode ➜ /workspaces/mycode (main ✗) $ docker load <bazel-bin/examples/cpp/hello_world/hello_world_linux_x86_64_image_tar/tarball.tar
Loaded image: examples/cpp/hello_world_linux_x86_64:latest
vscode ➜ /workspaces/mycode (main ✗) $ docker run --rm examples/cpp/hello_world_linux_x86_64:latest
Hello, world!
vscode ➜ /workspaces/mycode (main ✗) $ bazel build //examples/cpp/hello_world:hello_world_linux_image_tar
INFO: Analyzed target //examples/cpp/hello_world:hello_world_linux_image_tar (3 packages loaded, 6183 targets configured).
INFO: Found 1 target...
ERROR: /workspaces/mycode/examples/cpp/hello_world/BUILD.bazel:61:12: OCI Tarball //examples/cpp/hello_world:hello_world_linux_image_tar failed: (Exit 1): tarball.sh failed: error executing command (from target //examples/cpp/hello_world:hello_world_linux_image_tar) bazel-out/k8-fastbuild/bin/examples/cpp/hello_world/hello_world_linux_image_tar/tarball.sh
Use --sandbox_debug to see verbose messages from the sandbox and retain the sandbox build root for debugging
Error: cannot substitute with !!null, can only substitute strings. Hint: Most often you'll want to use '|=' over '=' for this operation
Target //examples/cpp/hello_world:hello_world_linux_image_tar failed to build
Use --verbose_failures to see the command lines of failed build steps.
INFO: Elapsed time: 0.803s, Critical Path: 0.08s
INFO: 3 processes: 3 internal.
FAILED: Build did NOT complete successfully
Order of ENV variables are not preserved, and looks like random between builds.
Example of the build from the same source:
{"architecture":"amd64","created":"0001-01-01T00:00:00Z","history":[{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:8a3362647f3af2336d5643ebd5f185e33578636e60848c9f20bdb951cb7c2026","sha256:6b4258ba2cef84355e5d89d3a4873286edee1bee7df4ae126c72e35ef8d7e127","sha256:fb227ea45821540bd6c3e0bb2314c46fedf4baa3943a3eb9d899d750be3b2a6f","sha256:556ed1bd80e38109ce7017c0270e2cffcda68e6f707eb2977ba33e25f2de8f17","sha256:035a874c9ef9c89003c65b79569337e8c1edc1b44801776d57cd60f65e6b68cb","sha256:168960c54027796006fcf594a7ddba1904d51be842b10f051d64ddb880e6bedc"]},"config":{"Entrypoint":["/app/node/node","--unhandled-rejections=strict","/app/index.js","-c","/app/configs-runtime/current.json"],"Env":["NODE_PATH=/node_modules","LD_LIBRARY_PATH=/app/lib"]}}
{"architecture":"amd64","created":"0001-01-01T00:00:00Z","history":[{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:8a3362647f3af2336d5643ebd5f185e33578636e60848c9f20bdb951cb7c2026","sha256:6b4258ba2cef84355e5d89d3a4873286edee1bee7df4ae126c72e35ef8d7e127","sha256:fb227ea45821540bd6c3e0bb2314c46fedf4baa3943a3eb9d899d750be3b2a6f","sha256:556ed1bd80e38109ce7017c0270e2cffcda68e6f707eb2977ba33e25f2de8f17","sha256:035a874c9ef9c89003c65b79569337e8c1edc1b44801776d57cd60f65e6b68cb","sha256:168960c54027796006fcf594a7ddba1904d51be842b10f051d64ddb880e6bedc"]},"config":{"Entrypoint":["/app/node/node","--unhandled-rejections=strict","/app/index.js","-c","/app/configs-runtime/current.json"],"Env":["LD_LIBRARY_PATH=/app/lib","NODE_PATH=/node_modules"]}}
All files and layers the same, but the final image digest is different, this makes build non-hermetic from the digest point of view.
Rules version 0.2.0
Bazel version 5.4.0
Candidate runtimes
I don't see any examples for how to use oci_pull with bzlmod. Is this not supported?
Typically it's an extension function (e.g. with rules_jvm_external there's a "maven" function with a maven.install
method), but I couldn't see that being supported in rules_oci.
In the oci_pull
PR #67 I'm leaving some TODOs for this.
We intend to never support using a container runtime as an input to a Bazel action, because
exec
platform (we'd need to bulid a Bazel toolchain to supply the container runtime for the right platform) and also ensure the container is built for that architecture.Possibilities for users migrating from run_and_commit_layer
and related rules:
run_binary
rule) - we just don't want to commit to supporting that use case.When using the WORKSPACE file documented below I get an unexpected error when running bazel query @node_image//...
oci_demo % bazel query @node_image//...
DEBUG: /private/var/tmp/_bazel_user/ba478bafcfc1207449b383e8560b89d0/external/contrib_rules_oci/oci/pull.bzl:71:14:
WARNING: fetching from https://docker.io/v2/library/node/manifests/18 without an integrity hash. The result will not be cached.
INFO: Repository node_image instantiated at:
/Users/oci_demo/WORKSPACE.bazel:19:9: in <toplevel>
/private/var/tmp/_bazel_user/ba478bafcfc1207449b383e8560b89d0/external/contrib_rules_oci/oci/pull.bzl:398:22: in oci_pull
Repository rule oci_pull_rule defined at:
/private/var/tmp/_bazel_user/ba478bafcfc1207449b383e8560b89d0/external/contrib_rules_oci/oci/pull.bzl:220:32: in <toplevel>
ERROR: An error occurred during the fetch of repository 'node_image':
Traceback (most recent call last):
File "/private/var/tmp/_bazel_user/ba478bafcfc1207449b383e8560b89d0/external/contrib_rules_oci/oci/pull.bzl", line 149, column 27, in _oci_pull_impl
mf, mf_len = _download(rctx, rctx.attr.identifier, mf_file, resource = "manifests")
File "/private/var/tmp/_bazel_user/ba478bafcfc1207449b383e8560b89d0/external/contrib_rules_oci/oci/pull.bzl", line 80, column 27, in _download
return json.decode(bytes), len(bytes)
Error in decode: at offset 0, unexpected character "<"
ERROR: /Users/oci_demo/WORKSPACE.bazel:19:9: fetching oci_pull_rule rule //external:node_image: Traceback (most recent call last):
File "/private/var/tmp/_bazel_user/ba478bafcfc1207449b383e8560b89d0/external/contrib_rules_oci/oci/pull.bzl", line 149, column 27, in _oci_pull_impl
mf, mf_len = _download(rctx, rctx.attr.identifier, mf_file, resource = "manifests")
File "/private/var/tmp/_bazel_user/ba478bafcfc1207449b383e8560b89d0/external/contrib_rules_oci/oci/pull.bzl", line 80, column 27, in _download
return json.decode(bytes), len(bytes)
Error in decode: at offset 0, unexpected character "<"
ERROR: Target parsing failed due to unexpected exception: at offset 0, unexpected character "<"
Loading: 0 packages loaded
WORKSPACE.bazel
workspace(name = "oci_demo")
load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
http_archive(
name = "contrib_rules_oci",
sha256 = "929da1362e27dc38206a116783d2b3efb95bcb165bdbc62a8190013e612a9b51",
strip_prefix = "rules_oci-0.3.1",
url = "https://github.com/bazel-contrib/rules_oci/releases/download/v0.3.1/rules_oci-v0.3.1.tar.gz",
)
load("@contrib_rules_oci//oci:dependencies.bzl", "rules_oci_dependencies")
rules_oci_dependencies()
load("@contrib_rules_oci//oci:pull.bzl", "oci_pull")
# A single-arch base image
oci_pull(
name = "node_image",
image = "docker.io/library/node",
# Unpinning is undesired but is used to figure out how to initially pin.
reproducible = False,
tag = "18",
)
Should be possible as long as we don't hard-code dependency on bash.
https://learn.microsoft.com/en-us/virtualization/windowscontainers/about/
e.g. Document tradeoffs between crane/umoji vs skopeo
Figure out where to place our bets based on:
Fill in to https://docs.google.com/document/d/1xhOOENrjmHacitifcUsZu8vhHc3akXeV6M-bEAgFTYg/edit?usp=sharing
Also, update js example to use latest version of rules_js and js_image_layer
Our initial intent was to add serve
command to crane
but we've got an even better option here.
Introducing https://github.com/project-zot/zot as the registry. also uses go-containerregistry under the hood. https://github.com/project-zot/zot/blob/0c70ae8a4ef77e3cc45a80b82f8c135abe6989cb/go.mod#L24
In order to build multi-platform images, https://github.com/estesp/manifest-tool needs to be introduced as a toolchain.
Features
bazel run //image:push -- --registry index.docker.io --tag latest --tag 1.x.x
.Currently, we register multiple registry toolchains with a common boilerplate.
this can be optimized in terms of
Useful for stamping, for example
We should be able to pull an image that's published in OCI format, for example crane manifest quay.io/buildah/stable
Also it means we should handle more Media Types:
application/vnd.oci.image.index.v1+json
application/vnd.oci.image.manifest.v1+json
Now that crane has index
command, we could use that instead of using our hacky jq implementation. google/go-containerregistry#1561
I don't know why this is happening but two of the tests are failing due to changes in the upstream images
Features
base
attribute to have base imagesbase
imageenv
entrypoint
cmd
An example build file looks like;
oci_image(
name = "node_14",
base = ":debian11",
entrypoint = ["/nodejs/bin/node"],
layers = [
"@nodejs14_amd64//:tar"
]
)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.