Skip to content

WIP switch to oci lib from docker #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
kcking wants to merge 2 commits into from
Closed

WIP switch to oci lib from docker #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4d36582
WIP switch to oci lib from docker
kcking Nov 30, 2024
1d01b04
add file
kcking Nov 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion .bazelrc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1 @@
build --symlink_prefix=target/
build --incompatible_enable_cc_toolchain_resolution=1
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@
/dist
node_modules
buck-out
bazel-*
18 changes: 18 additions & 0 deletions MODULE.bazel
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,21 @@
#
# For more details, please check https://github.com/bazelbuild/bazel/issues/18958
###############################################################################
bazel_dep(name = "rules_oci", version = "2.0.1")
oci = use_extension("@rules_oci//oci:extensions.bzl", "oci")
oci.pull(
name = "distroless_base",
image = "gcr.io/distroless/base",
platforms = [
"linux/amd64",
"linux/arm64/v8",
],
# 'latest' is not reproducible, but it's convenient.
# During the build we print a WARNING message that includes recommended 'digest' and 'platforms'
# values which you can use here in place of 'tag' to pin for reproducibility.
tag = "latest",
)
use_repo(oci, "distroless_base", "distroless_base_linux_amd64", "distroless_base_linux_arm64_v8")

# for jq
bazel_dep(name = "aspect_bazel_lib", version = "2.9.4")
976 changes: 967 additions & 9 deletions MODULE.bazel.lock
View file
Open in desktop

Large diffs are not rendered by default.

13 changes: 13 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,16 @@ In order to push to ECR, make sure `~/.docker/config.json` contains:
"credsStore": "ecr-login"
}
```

To authenticate with podman, use
```bash
aws ecr get-login-password --region us-west-1 | podman login --username AWS --password-stdin 689191389309.dkr.ecr.us-west-1.amazonaws.com
```
with config
```json
{
"auths": {},
"credsStore": "ecr-login",
"currentContext": "desktop-linux"
}
```
73 changes: 17 additions & 56 deletions WORKSPACE
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,29 +126,37 @@ git_repository(
)

# in-bazel rules_pkg is deprecated, this is the new repo

load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
http_archive(
name = "rules_pkg",
sha256 = "8a298e832762eda1830597d64fe7db58178aa84cd5926d76d5b744d6558941c2",
urls = [
"https://mirror.bazel.build/github.com/bazelbuild/rules_pkg/releases/download/0.7.0/rules_pkg-0.7.0.tar.gz",
"https://github.com/bazelbuild/rules_pkg/releases/download/0.7.0/rules_pkg-0.7.0.tar.gz",
"https://mirror.bazel.build/github.com/bazelbuild/rules_pkg/releases/download/0.9.1/rules_pkg-0.9.1.tar.gz",
"https://github.com/bazelbuild/rules_pkg/releases/download/0.9.1/rules_pkg-0.9.1.tar.gz",
],
sha256 = "8f9ee2dc10c1ae514ee599a8b42ed99fa262b757058f65ad3c384289ff70c4b8",
)

load("@rules_pkg//:deps.bzl", "rules_pkg_dependencies")

rules_pkg_dependencies()

# go required for docker-less container operations

load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

http_archive(
name = "io_bazel_rules_go",
sha256 = "16e9fca53ed6bd4ff4ad76facc9b7b651a89db1689a2877d6fd7b82aa824e366",
sha256 = "f4a9314518ca6acfa16cc4ab43b0b8ce1e4ea64b81c38d8a3772883f153346b8",
urls = [
"https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.34.0/rules_go-v0.34.0.zip",
"https://github.com/bazelbuild/rules_go/releases/download/v0.34.0/rules_go-v0.34.0.zip",
"https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.50.1/rules_go-v0.50.1.zip",
"https://github.com/bazelbuild/rules_go/releases/download/v0.50.1/rules_go-v0.50.1.zip",
],
)

load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")

go_rules_dependencies()

go_register_toolchains(version = "1.23.0")

# gazelle needed for container_push rule
http_archive(
name = "bazel_gazelle",
Expand All @@ -159,53 +167,6 @@ http_archive(
],
)

load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies")

go_rules_dependencies()

go_register_toolchains(version = "1.18.3")

gazelle_dependencies()

# docker
http_archive(
name = "io_bazel_rules_docker",
sha256 = "b1e80761a8a8243d03ebca8845e9cc1ba6c82ce7c5179ce2b295cd36f7e394bf",
urls = ["https://github.com/bazelbuild/rules_docker/releases/download/v0.25.0/rules_docker-v0.25.0.tar.gz"],
)

load(
"@io_bazel_rules_docker//repositories:repositories.bzl",
container_repositories = "repositories",
)

container_repositories()

load("@io_bazel_rules_docker//repositories:deps.bzl", container_deps = "deps")

container_deps()

load(
"@io_bazel_rules_docker//container:container.bzl",
"container_pull",
)

container_pull(
name = "cc_base",
# architecture = "arm64",
# digest = "sha256:85e93527f62963332bf6ca0157d8ebd09ef72e34eff087b6f5ea05020da1dbdc",
registry = "gcr.io",
# rust is c-like https://github.com/GoogleContainerTools/distroless/tree/main/cc
repository = "distroless/cc",
)

container_pull(
name = "cc_base_amd64",
architecture = "amd64",
registry = "gcr.io",
repository = "distroless/cc",
)

load("//emsdk:emsdk.bzl", register_wasmopt_toolchains = "register_toolchains")

Expand Down
4 changes: 3 additions & 1 deletion deploy.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,7 @@ set -ex

export AWS_PAGER=""

OUTPUT_PATH=$(bazel cquery -c opt //server:image-amd64 --output=starlark --starlark:expr='target.files.to_list()[0].path')
bazel run -c opt //server:push-amd64 --stamp
aws lambda update-function-code --function-name=implfuture --image-uri=689191389309.dkr.ecr.us-west-1.amazonaws.com/implfuture@$(cat target/bin/server/push-amd64.digest)
DIGEST=$(cat $OUTPUT_PATH/index.json | jq -r '.manifests[0].digest')
aws lambda update-function-code --function-name=implfuture --image-uri="689191389309.dkr.ecr.us-west-1.amazonaws.com/implfuture@${DIGEST}"
63 changes: 36 additions & 27 deletions server/BUILD
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
load("@crate_index//:defs.bzl", "aliases", "all_crate_deps")
load("@rules_rust//rust:defs.bzl", "rust_binary")
load(
"@io_bazel_rules_docker//container:container.bzl",
"container_image",
"container_push",
)
load("@rules_pkg//pkg:tar.bzl", "pkg_tar")
load("@rules_rust//rust:defs.bzl", "rust_binary")
load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push", "oci_image_index")
load("transition.bzl", "multi_arch")
load("@aspect_bazel_lib//lib:jq.bzl", "jq")


rust_binary(
name = "server",
Expand Down Expand Up @@ -81,40 +80,50 @@ pkg_tar(
strip_prefix = "/server",
)

container_image(
multi_arch(
name = "image-arm64",
architecture = "arm64",
# References container_pull from WORKSPACE (above)
base = "@cc_base//image",
cmd = ["/app/opt"],
enable_mtime_preservation = True,
env = {
"HTTP_LISTEN_ADDR": "0.0.0.0:8080",
},
tars = [":opt_tar"],
workdir = "/app",
image = ":image",
platforms = [":linux_arm64"]
)

container_image(
multi_arch(
name = "image-amd64",
architecture = "amd64",
# References container_pull from WORKSPACE (above)
base = "@cc_base//image",
image = ":image",
platforms = [":linux_amd64"]
)

oci_image(
name = "image",

base = "@distroless_base",
cmd = ["/app/opt"],
enable_mtime_preservation = True,
env = {
"HTTP_LISTEN_ADDR": "0.0.0.0:8080",
},
tars = [":opt_tar"],
workdir = "/app",
)


oci_image_index(
name = "index",
images = [
":image-arm64",
":image-amd64",
],
)

# uses https://github.com/awslabs/amazon-ecr-credential-helper
container_push(
oci_push(
name = "push-amd64",
format = "Docker",
image = ":image-amd64",
registry = "689191389309.dkr.ecr.us-west-1.amazonaws.com",
repository = "implfuture",
tag = "latest",
repository = "689191389309.dkr.ecr.us-west-1.amazonaws.com/implfuture",
remote_tags = ["latest"],
)

jq(
name="amd64-digest",
srcs=["index/index.json"],
out="image-amd64-digest.txt",
filter=".manifests[] | select( .platform.architecture == \"amd64\") .digest"
)
27 changes: 27 additions & 0 deletions server/transition.bzl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
"a rule transitioning an oci_image to multiple platforms"

def _multiarch_transition(settings, attr):
return [
{"//command_line_option:platforms": str(platform)}
for platform in attr.platforms
]

multiarch_transition = transition(
implementation = _multiarch_transition,
inputs = [],
outputs = ["//command_line_option:platforms"],
)

def _impl(ctx):
return DefaultInfo(files = depset(ctx.files.image))

multi_arch = rule(
implementation = _impl,
attrs = {
"image": attr.label(cfg = multiarch_transition),
"platforms": attr.label_list(),
"_allowlist_function_transition": attr.label(
default = "@bazel_tools//tools/allowlists/function_transition_allowlist",
),
},
)