diff --git a/BUILD.bazel b/BUILD.bazel index 49e0e2743..e0ba4a1fa 100644 --- a/BUILD.bazel +++ b/BUILD.bazel @@ -14,12 +14,16 @@ alias( alias( name = "poetry", actual = "@python_deps_poetry//:rules_python_wheel_entry_point_poetry", + tags = ["no-cache"], ) py_binary( name = "mkdocs", - deps = ["@python_deps_mkdocs_material//:pkg"], srcs = ["@python_deps_mkdocs//:rules_python_wheel_entry_point_mkdocs"], - data = ["mkdocs.yml", "docs"], + data = [ + "docs", + "mkdocs.yml", + ], main = "rules_python_wheel_entry_point_mkdocs.py", + deps = ["@python_deps_mkdocs_material//:pkg"], ) diff --git a/WORKSPACE.bazel b/WORKSPACE.bazel index 9d492ff94..2cc4a6841 100644 --- a/WORKSPACE.bazel +++ b/WORKSPACE.bazel @@ -157,7 +157,7 @@ load("@rules_oci//oci:dependencies.bzl", "rules_oci_dependencies") rules_oci_dependencies() -load("@rules_oci//oci:repositories.bzl", "LATEST_CRANE_VERSION", "LATEST_ZOT_VERSION", "oci_register_toolchains") +load("@rules_oci//oci:repositories.bzl", "LATEST_CRANE_VERSION", "oci_register_toolchains") oci_register_toolchains( name = "oci", @@ -167,9 +167,13 @@ oci_register_toolchains( load("@rules_oci//oci:pull.bzl", "oci_pull") oci_pull( - name = "distroless_cc", - digest = "sha256:8aad707f96620ee89e27febef51b01c6ff244277a3560fcfcfbe68633ef09193", - image = "gcr.io/distroless/cc", + # Debian 12 image has a new glibc. + # https://console.cloud.google.com/gcr/images/distroless/global/cc-debian12 + name = "distroless_cc_debian12", + # Note: this is a "debug" image, which means that it has busybox, so also a shell at /busybox/sh + # https://github.com/GoogleContainerTools/distroless/tree/9dc924b9fe812eec2fa0061824dcad39eb09d0d6?tab=readme-ov-file#debug-images + digest = "sha256:53895c8e3a37652d075d22dde58f40b310daa4a7a59d078b8a7f604d11b1adc6", + image = "gcr.io/distroless/cc-debian12", platforms = [ "linux/amd64", "linux/arm64", diff --git a/docs/bazel/tips-and-tricks.md b/docs/bazel/tips-and-tricks.md index 1d5cace39..af751d242 100644 --- a/docs/bazel/tips-and-tricks.md +++ b/docs/bazel/tips-and-tricks.md @@ -2,6 +2,76 @@ ??? tip "Refresh Python dependencies in Bazel" Steps: + 1. `poetry add ` 2. Run `./bin/poetry-export.sh` 3. Use regular bazel operations, the new dependency should now be available + +??? tip "Local development and troubleshooting with OCI images" + + Steps: + ``` + # find available bazel build targets + bazel query ... | grep image + + # build the image (target) of interest + bazel build //rs/slack-notifications:slack-notifications-image + + # import the docker image generated by bazel into podman + IMAGE=$(find bazel-out/ -name slack-notifications-image) + podman load --input $IMAGE + + # run and test: + podman run [] localhost/bazel-out/k8-opt/bin/rs/slack-notifications/slack-notifications-image + ``` + +??? tip "Add a deb package to an Ubuntu OCI image" + + Example code to be added to WORKSPACE.bazel (adjustments are necessary for your package!): + ``` + oci_pull( + # tag = 22.04 + # https://hub.docker.com/layers/library/ubuntu/22.04/images/sha256-cb2af41f42b9c9bc9bcdc7cf1735e3c4b3d95b2137be86fd940373471a34c8b0 + name = "ubuntu_22_04", + digest = "sha256:cb2af41f42b9c9bc9bcdc7cf1735e3c4b3d95b2137be86fd940373471a34c8b0", + image = "index.docker.io/library/ubuntu", + ) + + _DEB_TO_LAYER = """\ + genrule( + name = "layer_tar", + srcs = ["@ubuntu22_ca_certificates//:data.tar.zst"], + outs = ["ca_certificates.tar"], + cmd = "cat $< | zstd -d - -c >| $@", + visibility = ["//visibility:public"], + ) + + alias( + name = "layer", + actual = ":data.tar.zst", + visibility = ["//visibility:public"], + ) + """ + + http_archive( + name = "ubuntu22_ca_certificates", + build_file_content = _DEB_TO_LAYER, + sha256 = "8ddd3b5d72fa144e53974d6a5782d25a0a9e1eec006118ecf2b76d53a7530f6a", + urls = [ + "http://mirrors.kernel.org/ubuntu/pool/main/c/ca-certificates/ca-certificates_20230311ubuntu0.22.04.1_all.deb", + "http://de.archive.ubuntu.com/ubuntu/pool/main/c/ca-certificates/ca-certificates_20230311ubuntu0.22.04.1_all.deb", + "http://ftp.osuosl.org/pub/ubuntu/pool/main/c/ca-certificates/ca-certificates_20230311ubuntu0.22.04.1_all.deb", + ], + ) + ``` + + After that, once could add the additional layer to an image with something like: + + ``` + rust_binary_oci_image_rules( + name = "oci_image", + src = ":slack-notifications", + base_image = "@distroless_cc_debian12", + other_layers = ["@ubuntu22_ca_certificates//:layer_tar"], + ) + ``` diff --git a/rs/ic-management-backend/BUILD.bazel b/rs/ic-management-backend/BUILD.bazel index d97f663a6..82bda938d 100644 --- a/rs/ic-management-backend/BUILD.bazel +++ b/rs/ic-management-backend/BUILD.bazel @@ -59,5 +59,5 @@ rust_test( rust_binary_oci_image_rules( name = "oci_image", src = ":ic-management-backend", - base_image = "@bitnami_git_docker_img" + base_image = "@distroless_cc_debian12", ) diff --git a/rs/oci_images.bzl b/rs/oci_images.bzl index edeae4a4b..40fbb42da 100644 --- a/rs/oci_images.bzl +++ b/rs/oci_images.bzl @@ -5,13 +5,14 @@ rules for creating oci images from rust binaries load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push") load("@rules_pkg//:pkg.bzl", "pkg_tar") -def rust_binary_oci_image_rules(name, src, base_image = "@debian-slim"): +def rust_binary_oci_image_rules(name, src, base_image = "@distroless_cc_debian12", other_layers = []): """macro for creating oci image from rust binary Args: name: not used src: label of rust binary to be put in the OCI image base_image: base image for building rust binaries + other_layers: optional of other layers to be added, e.g. deb packages """ binary = native.package_relative_label(src) tar_rule_name = "{}_layer".format(binary.name) @@ -26,7 +27,7 @@ def rust_binary_oci_image_rules(name, src, base_image = "@debian-slim"): # Consider using even more minimalistic docker image since we're using static compile base = base_image, entrypoint = ["/{}".format(binary.name)], - tars = [tar_rule_name], + tars = [tar_rule_name] + other_layers, ) oci_push( diff --git a/rs/slack-notifications/BUILD.bazel b/rs/slack-notifications/BUILD.bazel index b690f4682..5d72be245 100644 --- a/rs/slack-notifications/BUILD.bazel +++ b/rs/slack-notifications/BUILD.bazel @@ -37,4 +37,5 @@ rust_test( rust_binary_oci_image_rules( name = "oci_image", src = ":slack-notifications", + base_image = "@distroless_cc_debian12", )