2023-03-13 20:17:12 +00:00
|
|
|
load("@rules_pkg//pkg:pkg.bzl", "pkg_tar")
|
2019-12-18 20:52:26 +00:00
|
|
|
load("@io_bazel_rules_docker//contrib:passwd.bzl", "passwd_entry", "passwd_file")
|
|
|
|
load("@io_bazel_rules_docker//container:container.bzl", "container_image")
|
2020-03-26 00:36:28 +00:00
|
|
|
load("//tools:build_settings.bzl", "base_image")
|
2018-11-30 02:16:18 +00:00
|
|
|
|
2019-12-18 20:52:26 +00:00
|
|
|
################################################################################
|
|
|
|
## Docker images as non-root user ##
|
|
|
|
################################################################################
|
|
|
|
|
|
|
|
# Create a passwd file with a root and nonroot user and uid.
|
|
|
|
passwd_entry(
|
|
|
|
name = "root_user",
|
|
|
|
gid = 0,
|
2021-07-23 18:26:49 +00:00
|
|
|
tags = ["manual"],
|
2019-12-18 20:52:26 +00:00
|
|
|
uid = 0,
|
|
|
|
username = "root",
|
|
|
|
)
|
|
|
|
|
|
|
|
passwd_entry(
|
|
|
|
name = "nonroot_user",
|
|
|
|
info = "nonroot",
|
2021-07-23 18:26:49 +00:00
|
|
|
tags = ["manual"],
|
2019-12-18 20:52:26 +00:00
|
|
|
uid = 1001,
|
|
|
|
username = "nonroot",
|
|
|
|
)
|
|
|
|
|
|
|
|
passwd_file(
|
|
|
|
name = "passwd",
|
|
|
|
entries = [
|
|
|
|
":root_user",
|
|
|
|
":nonroot_user",
|
|
|
|
],
|
2021-07-23 18:26:49 +00:00
|
|
|
tags = ["manual"],
|
2019-12-18 20:52:26 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
# Create a tar file containing the created passwd file
|
|
|
|
pkg_tar(
|
|
|
|
name = "passwd_tar",
|
|
|
|
srcs = [":passwd"],
|
|
|
|
mode = "0o644",
|
|
|
|
package_dir = "etc",
|
2021-07-23 18:26:49 +00:00
|
|
|
tags = ["manual"],
|
2019-12-18 20:52:26 +00:00
|
|
|
)
|
|
|
|
|
2021-10-04 18:55:56 +00:00
|
|
|
CC_DEFAULT_BASE = select({
|
2023-02-28 22:50:37 +00:00
|
|
|
"@io_bazel_rules_docker//:debug": "@cc_debug_image_base_amd64//image",
|
|
|
|
"@io_bazel_rules_docker//:fastbuild": "@cc_image_base_amd64//image",
|
|
|
|
"@io_bazel_rules_docker//:optimized": "@cc_image_base_amd64//image",
|
|
|
|
"//conditions:default": "@cc_image_base_amd64//image",
|
2021-10-04 18:55:56 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
GO_DEFAULT_BASE = select({
|
2023-02-28 22:50:37 +00:00
|
|
|
"@io_bazel_rules_docker//:debug": "@go_debug_image_base_amd64//image",
|
|
|
|
"@io_bazel_rules_docker//:fastbuild": "@go_image_base_amd64//image",
|
|
|
|
"@io_bazel_rules_docker//:optimized": "@go_image_base_amd64//image",
|
|
|
|
"//conditions:default": "@go_image_base_amd64//image",
|
2021-10-04 18:55:56 +00:00
|
|
|
})
|
|
|
|
|
2019-12-18 20:52:26 +00:00
|
|
|
# Include it in our base image as a tar.
|
|
|
|
container_image(
|
|
|
|
name = "cc_image",
|
2020-02-17 22:13:34 +00:00
|
|
|
base = CC_DEFAULT_BASE,
|
2021-07-23 18:26:49 +00:00
|
|
|
tags = ["manual"],
|
2019-12-18 20:52:26 +00:00
|
|
|
tars = [":passwd_tar"],
|
2020-01-08 19:52:59 +00:00
|
|
|
user = "root",
|
2019-12-18 20:52:26 +00:00
|
|
|
visibility = ["//visibility:public"],
|
|
|
|
)
|
|
|
|
|
|
|
|
container_image(
|
|
|
|
name = "go_image",
|
2020-02-17 22:13:34 +00:00
|
|
|
base = GO_DEFAULT_BASE,
|
2021-07-23 18:26:49 +00:00
|
|
|
tags = ["manual"],
|
2019-12-18 20:52:26 +00:00
|
|
|
tars = [":passwd_tar"],
|
2020-01-08 19:52:59 +00:00
|
|
|
user = "root",
|
2019-12-18 20:52:26 +00:00
|
|
|
visibility = ["//visibility:public"],
|
2018-11-30 02:16:18 +00:00
|
|
|
)
|
2020-03-26 00:36:28 +00:00
|
|
|
|
|
|
|
base_image(
|
|
|
|
name = "base_image",
|
|
|
|
build_setting_default = "cc_image",
|
2021-07-23 18:26:49 +00:00
|
|
|
tags = ["manual"],
|
2020-03-26 00:36:28 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
config_setting(
|
|
|
|
name = "base_image_alpine",
|
|
|
|
flag_values = {"//tools:base_image": "alpine"},
|
|
|
|
)
|
|
|
|
|
|
|
|
config_setting(
|
|
|
|
name = "base_image_cc",
|
|
|
|
flag_values = {"//tools:base_image": "cc_image"},
|
|
|
|
)
|
|
|
|
|
|
|
|
container_image(
|
|
|
|
name = "alpine_cc_image",
|
|
|
|
base = "@alpine_cc_linux_amd64//image",
|
2021-07-23 18:26:49 +00:00
|
|
|
tags = ["manual"],
|
2020-03-26 00:36:28 +00:00
|
|
|
tars = [":passwd_tar"],
|
|
|
|
user = "root",
|
|
|
|
visibility = ["//visibility:public"],
|
|
|
|
)
|