prysm-pulse/tools/BUILD.bazel

load("@rules_pkg//pkg:pkg.bzl", "pkg_tar")
load("@io_bazel_rules_docker//contrib:passwd.bzl", "passwd_entry", "passwd_file")
load("@io_bazel_rules_docker//container:container.bzl", "container_image")
load("//tools:build_settings.bzl", "base_image")

################################################################################
##                      Docker images as non-root user                        ##
################################################################################

# Create a passwd file with a root and nonroot user and uid.
passwd_entry(
    name = "root_user",
    gid = 0,
    tags = ["manual"],
    uid = 0,
    username = "root",
)

passwd_entry(
    name = "nonroot_user",
    info = "nonroot",
    tags = ["manual"],
    uid = 1001,
    username = "nonroot",
)

passwd_file(
    name = "passwd",
    entries = [
        ":root_user",
        ":nonroot_user",
    ],
    tags = ["manual"],
)

# Create a tar file containing the created passwd file
pkg_tar(
    name = "passwd_tar",
    srcs = [":passwd"],
    mode = "0o644",
    package_dir = "etc",
    tags = ["manual"],
    visibility = ["//visibility:public"],
)

CC_DEFAULT_BASE = select({
    "@io_bazel_rules_docker//:debug": "@cc_debug_image_base_amd64//image",
    "@io_bazel_rules_docker//:fastbuild": "@cc_image_base_amd64//image",
    "@io_bazel_rules_docker//:optimized": "@cc_image_base_amd64//image",
    "//conditions:default": "@cc_image_base_amd64//image",
})

GO_DEFAULT_BASE = select({
    "@io_bazel_rules_docker//:debug": "@go_debug_image_base_amd64//image",
    "@io_bazel_rules_docker//:fastbuild": "@go_image_base_amd64//image",
    "@io_bazel_rules_docker//:optimized": "@go_image_base_amd64//image",
    "//conditions:default": "@go_image_base_amd64//image",
})

# Include it in our base image as a tar.
container_image(
    name = "cc_image",
    base = CC_DEFAULT_BASE,
    tags = ["manual"],
    tars = [":passwd_tar"],
    user = "root",
    visibility = ["//visibility:public"],
)

container_image(
    name = "go_image",
    base = GO_DEFAULT_BASE,
    tags = ["manual"],
    tars = [":passwd_tar"],
    user = "root",
    visibility = ["//visibility:public"],
)

base_image(
    name = "base_image",
    build_setting_default = "cc_image",
    tags = ["manual"],
)

config_setting(
    name = "base_image_alpine",
    flag_values = {"//tools:base_image": "alpine"},
)

config_setting(
    name = "base_image_cc",
    flag_values = {"//tools:base_image": "cc_image"},
)

container_image(
    name = "alpine_cc_image",
    base = "@alpine_cc_linux_amd64//image",
    tags = ["manual"],
    tars = [":passwd_tar"],
    user = "root",
    visibility = ["//visibility:public"],
)

# Create a bash tar layer for docker images. This allows docker images to have access to the "bash"
# command and improves debugging abilities on the image.
genrule(
    name = "bash_tar",
    srcs = select({
        "@platforms//cpu:x86_64": ["@bash_amd64//file"],
        "@platforms//cpu:arm64": ["@bash_arm64//file"],
    }),
    outs = ["bash.tar"],
    cmd = "ar x $< && xz -d data.tar.xz -c >> $@",
    visibility = ["//visibility:public"],
)

# libtinfo6 is required for terminal activity and contains terminfo library.
genrule(
    name = "libtinfo6_tar",
    srcs = select({
        "@platforms//cpu:x86_64": ["@libtinfo6_amd64//file"],
        "@platforms//cpu:arm64": ["@libtinfo6_arm64//file"],
    }),
    outs = ["libtinfo6.tar"],
    cmd = "ar x $< && xz -d data.tar.xz -c >> $@",
    visibility = ["//visibility:public"],
)