prysm-pulse/tools/BUILD.bazel
Preston Van Loon 91fee5db17
Update distroless base images (#12061)
Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com>
2023-02-28 22:50:37 +00:00

102 lines
2.6 KiB
Python

load("@bazel_tools//tools/build_defs/pkg:pkg.bzl", "pkg_tar")
load("@io_bazel_rules_docker//contrib:passwd.bzl", "passwd_entry", "passwd_file")
load("@io_bazel_rules_docker//container:container.bzl", "container_image")
load("//tools:build_settings.bzl", "base_image")
################################################################################
## Docker images as non-root user ##
################################################################################
# Create a passwd file with a root and nonroot user and uid.
passwd_entry(
name = "root_user",
gid = 0,
tags = ["manual"],
uid = 0,
username = "root",
)
passwd_entry(
name = "nonroot_user",
info = "nonroot",
tags = ["manual"],
uid = 1001,
username = "nonroot",
)
passwd_file(
name = "passwd",
entries = [
":root_user",
":nonroot_user",
],
tags = ["manual"],
)
# Create a tar file containing the created passwd file
pkg_tar(
name = "passwd_tar",
srcs = [":passwd"],
mode = "0o644",
package_dir = "etc",
tags = ["manual"],
)
CC_DEFAULT_BASE = select({
"@io_bazel_rules_docker//:debug": "@cc_debug_image_base_amd64//image",
"@io_bazel_rules_docker//:fastbuild": "@cc_image_base_amd64//image",
"@io_bazel_rules_docker//:optimized": "@cc_image_base_amd64//image",
"//conditions:default": "@cc_image_base_amd64//image",
})
GO_DEFAULT_BASE = select({
"@io_bazel_rules_docker//:debug": "@go_debug_image_base_amd64//image",
"@io_bazel_rules_docker//:fastbuild": "@go_image_base_amd64//image",
"@io_bazel_rules_docker//:optimized": "@go_image_base_amd64//image",
"//conditions:default": "@go_image_base_amd64//image",
})
# Include it in our base image as a tar.
container_image(
name = "cc_image",
base = CC_DEFAULT_BASE,
tags = ["manual"],
tars = [":passwd_tar"],
user = "root",
visibility = ["//visibility:public"],
)
container_image(
name = "go_image",
base = GO_DEFAULT_BASE,
tags = ["manual"],
tars = [":passwd_tar"],
user = "root",
visibility = ["//visibility:public"],
)
base_image(
name = "base_image",
build_setting_default = "cc_image",
tags = ["manual"],
)
config_setting(
name = "base_image_alpine",
flag_values = {"//tools:base_image": "alpine"},
)
config_setting(
name = "base_image_cc",
flag_values = {"//tools:base_image": "cc_image"},
)
container_image(
name = "alpine_cc_image",
base = "@alpine_cc_linux_amd64//image",
tags = ["manual"],
tars = [":passwd_tar"],
user = "root",
visibility = ["//visibility:public"],
)