From 3dcec993b4e7b978d5fced4ac2531df71041257c Mon Sep 17 00:00:00 2001 From: Alex Eagle Date: Thu, 31 Aug 2023 13:57:05 -0700 Subject: [PATCH] feat: provide the sha256 digest as an oci_image target (#346) --- WORKSPACE | 5 +++++ docs/image.md | 3 +++ oci/BUILD.bazel | 3 +++ oci/defs.bzl | 29 +++++++++++++++++++++++++++++ 4 files changed, 40 insertions(+) diff --git a/WORKSPACE b/WORKSPACE index 0774b57c..aaf57198 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -64,6 +64,11 @@ load("@aspect_rules_js//js:repositories.bzl", "rules_js_dependencies") rules_js_dependencies() +load("@aspect_bazel_lib//lib:repositories.bzl", "aspect_bazel_lib_dependencies") + +# Workaround for Bazel 5 support +aspect_bazel_lib_dependencies(override_local_config_platform = True) + load("@rules_nodejs//nodejs:repositories.bzl", "DEFAULT_NODE_VERSION", "nodejs_register_toolchains") nodejs_register_toolchains( diff --git a/docs/image.md b/docs/image.md index cf95948a..1605c65a 100644 --- a/docs/image.md +++ b/docs/image.md @@ -103,6 +103,9 @@ Label/annotation/env can by configured using either dict(key->value) or a file t deterministic) information when running with `--stamp` flag. See the example in [/examples/labels/BUILD.bazel](https://github.com/bazel-contrib/rules_oci/blob/main/examples/labels/BUILD.bazel). +Produces a target `[name].digest`, whose default output is a file containing the sha256 digest of the resulting image. +This is similar to the same-named target created by rules_docker's `container_image` macro. + **PARAMETERS** diff --git a/oci/BUILD.bazel b/oci/BUILD.bazel index 2cc08a4b..14a3550d 100644 --- a/oci/BUILD.bazel +++ b/oci/BUILD.bazel @@ -50,6 +50,9 @@ bzl_library( "//oci/private:image_index", "//oci/private:push", "//oci/private:tarball", + "@aspect_bazel_lib//lib:copy_file", + "@aspect_bazel_lib//lib:directory_path", + "@aspect_bazel_lib//lib:jq", "@bazel_skylib//lib:types", "@bazel_skylib//rules:write_file", ], diff --git a/oci/defs.bzl b/oci/defs.bzl index a5bd517f..b84a44d6 100644 --- a/oci/defs.bzl +++ b/oci/defs.bzl @@ -10,6 +10,9 @@ load("//oci/private:tarball.bzl", _oci_tarball = "oci_tarball") load("//oci/private:image.bzl", _oci_image = "oci_image") load("//oci/private:image_index.bzl", _oci_image_index = "oci_image_index") load("//oci/private:push.bzl", _oci_push = "oci_push") +load("@aspect_bazel_lib//lib:copy_file.bzl", "copy_file") +load("@aspect_bazel_lib//lib:directory_path.bzl", "directory_path") +load("@aspect_bazel_lib//lib:jq.bzl", "jq") load("@bazel_skylib//lib:types.bzl", "types") load("@bazel_skylib//rules:write_file.bzl", "write_file") @@ -29,6 +32,9 @@ def oci_image(name, labels = None, annotations = None, env = None, **kwargs): deterministic) information when running with `--stamp` flag. See the example in [/examples/labels/BUILD.bazel](https://github.com/bazel-contrib/rules_oci/blob/main/examples/labels/BUILD.bazel). + Produces a target `[name].digest`, whose default output is a file containing the sha256 digest of the resulting image. + This is similar to the same-named target created by rules_docker's `container_image` macro. + Args: name: name of resulting oci_image_rule labels: Labels for the image config. See documentation above. @@ -71,6 +77,29 @@ def oci_image(name, labels = None, annotations = None, env = None, **kwargs): **kwargs ) + # `oci_image_rule` produces a directory as default output. + # Label for the [name]/index.json file + directory_path( + name = "_{}_index_json".format(name), + directory = name, + path = "index.json", + ) + + copy_file( + name = "_{}_index_json_cp".format(name), + src = "_{}_index_json".format(name), + out = "_{}_index.json".format(name), + ) + + # Matches the [name].digest target produced by rules_docker container_image + jq( + name = name + ".digest", + args = ["--raw-output"], + srcs = ["_{}_index.json".format(name)], + filter = """.manifests[0].digest | sub("^sha256:"; "")""", + out = name + ".json.sha256", # path chosen to match rules_docker for easy migration + ) + def oci_push(name, remote_tags = None, **kwargs): """Macro wrapper around [oci_push_rule](#oci_push_rule).