From 854bb329d4274a454d0bfb3532a80316f2f48da4 Mon Sep 17 00:00:00 2001 From: Son Luong Ngoc Date: Wed, 25 Sep 2024 14:37:02 +0200 Subject: [PATCH 1/3] Init rules_oci --- MODULE.bazel | 24 +++++++++++++++ WORKSPACE | 71 ++++++++++++++++++++++++++++++++++----------- WORKSPACE.bzlmod | 34 +++++++++++----------- deployment/BUILD | 9 ++++++ tools/probers/BUILD | 35 ++++++++++++++++++++++ 5 files changed, 139 insertions(+), 34 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index bc78a622964..05ee0d20c4f 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -3,6 +3,7 @@ module(name = "buildbuddy") bazel_dep(name = "bazel_skylib", version = "1.6.1") bazel_dep(name = "platforms", version = "0.0.10") bazel_dep(name = "rules_proto", version = "6.0.0") +bazel_dep(name = "rules_pkg", version = "1.0.1") bazel_dep(name = "toolchains_musl", version = "0.1.15") bazel_dep(name = "googleapis", version = "0.0.0-20240326-1c8d509c5") single_version_override( @@ -453,3 +454,26 @@ http_archive( "https://github.com/sluongng/nogo-analyzer/archive/refs/tags/v0.0.2.tar.gz", ], ) + +bazel_dep(name = "rules_oci", version = "2.0.0") + +oci = use_extension("@rules_oci//oci:extensions.bzl", "oci") +oci.pull( + name = "buildbuddy_go_oci_image_base", + digest = "sha256:388145607c79313a1e49b783a7ee71e4ef3df31d87c45adb46bfb9b257b643d1", + image = "gcr.io/distroless/cc-debian12", + platforms = ["linux/amd64"], +) +oci.pull( + name = "bazel_oci_image_base", + digest = "sha256:8bb82ccf73085b71159ce05d2cc6030cbaa927b403c04774f0b22f37ab4fd78a", + image = "gcr.io/distroless/java17-debian12", + platforms = ["linux/amd64"], +) +use_repo( + oci, + "bazel_oci_image_base", + "bazel_oci_image_base_linux_amd64", + "buildbuddy_go_oci_image_base", + "buildbuddy_go_oci_image_base_linux_amd64", +) diff --git a/WORKSPACE b/WORKSPACE index a8e6f891fe2..c752e8b55dd 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -26,6 +26,12 @@ load("@bazel_features//:deps.bzl", "bazel_features_deps") bazel_features_deps() +http_archive( + name = "rules_pkg", + integrity = "sha256-0gyVGWDtd8t7NBwqWUiFNOSU1a0dMMSBjHNtV3cqn+8=", + url = "https://github.com/bazelbuild/rules_pkg/releases/download/1.0.1/rules_pkg-1.0.1.tar.gz", +) + # Proto rules http_archive( @@ -344,6 +350,21 @@ k8s_defaults( kind = "deployment", ) +http_archive( + name = "rules_oci", + sha256 = "d007e6c96eb62c88397b68f329e4ca56e0cfe31204a2c54b0cb17819f89f83c8", + strip_prefix = "rules_oci-2.0.0", + url = "https://github.com/bazel-contrib/rules_oci/releases/download/v2.0.0/rules_oci-v2.0.0.tar.gz", +) + +load("@rules_oci//oci:dependencies.bzl", "rules_oci_dependencies") + +rules_oci_dependencies() + +load("@rules_oci//oci:repositories.bzl", "oci_register_toolchains") + +oci_register_toolchains(name = "oci") + load("@io_bazel_rules_docker//contrib:dockerfile_build.bzl", "dockerfile_image") dockerfile_image( @@ -370,23 +391,6 @@ dockerfile_image( visibility = ["//visibility:public"], ) -load("@io_bazel_rules_docker//container:container.bzl", "container_pull") - -container_pull( - name = "buildbuddy_go_image_base", - digest = "sha256:388145607c79313a1e49b783a7ee71e4ef3df31d87c45adb46bfb9b257b643d1", - registry = "gcr.io", - repository = "distroless/cc-debian12", -) - -# Base image that can be used to build images that are capable of running the Bazel binary. -container_pull( - name = "bazel_image_base", - digest = "sha256:8bb82ccf73085b71159ce05d2cc6030cbaa927b403c04774f0b22f37ab4fd78a", - registry = "gcr.io", - repository = "distroless/java17-debian12", -) - dockerfile_image( name = "rbe-ubuntu20-04_image", dockerfile = "//dockerfiles/rbe-ubuntu20-04:Dockerfile", @@ -415,6 +419,39 @@ dockerfile_image( visibility = ["//visibility:public"], ) +load("@io_bazel_rules_docker//container:container.bzl", "container_pull") + +container_pull( + name = "buildbuddy_go_image_base", + digest = "sha256:388145607c79313a1e49b783a7ee71e4ef3df31d87c45adb46bfb9b257b643d1", + registry = "gcr.io", + repository = "distroless/cc-debian12", +) + +# Base image that can be used to build images that are capable of running the Bazel binary. +container_pull( + name = "bazel_image_base", + digest = "sha256:8bb82ccf73085b71159ce05d2cc6030cbaa927b403c04774f0b22f37ab4fd78a", + registry = "gcr.io", + repository = "distroless/java17-debian12", +) + +load("@rules_oci//oci:pull.bzl", "oci_pull") + +oci_pull( + name = "buildbuddy_go_oci_image_base", + digest = "sha256:388145607c79313a1e49b783a7ee71e4ef3df31d87c45adb46bfb9b257b643d1", + image = "gcr.io/distroless/cc-debian12", + platforms = ["linux/amd64"], +) + +oci_pull( + name = "bazel_oci_image_base", + digest = "sha256:8bb82ccf73085b71159ce05d2cc6030cbaa927b403c04774f0b22f37ab4fd78a", + image = "gcr.io/distroless/java17-debian12", + platforms = ["linux/amd64"], +) + # BuildBuddy Toolchain # Keep up-to-date with docs/rbe-setup.md and docs/rbe-github-actions.md http_archive( diff --git a/WORKSPACE.bzlmod b/WORKSPACE.bzlmod index 659a04d3e63..ccec1b77539 100644 --- a/WORKSPACE.bzlmod +++ b/WORKSPACE.bzlmod @@ -105,23 +105,6 @@ dockerfile_image( visibility = ["//visibility:public"], ) -load("@io_bazel_rules_docker//container:container.bzl", "container_pull") - -container_pull( - name = "buildbuddy_go_image_base", - digest = "sha256:3172df37ef8caa768ce74ebbc7f0e2b6a2641d3b35d18659d36f3815e30fe620", - registry = "gcr.io", - repository = "distroless/cc-debian11", -) - -# Base image that can be used to build images that are capable of running the Bazel binary. -container_pull( - name = "bazel_image_base", - digest = "sha256:ab0c5fbe16bc01c03eb081a5724ba618110cbd24940ab123a8dbee0382a4c175", - registry = "gcr.io", - repository = "distroless/java11-debian11", -) - dockerfile_image( name = "rbe-ubuntu20-04_image", dockerfile = "//dockerfiles/rbe-ubuntu20-04:Dockerfile", @@ -150,6 +133,23 @@ dockerfile_image( visibility = ["//visibility:public"], ) +load("@io_bazel_rules_docker//container:container.bzl", "container_pull") + +container_pull( + name = "buildbuddy_go_image_base", + digest = "sha256:3172df37ef8caa768ce74ebbc7f0e2b6a2641d3b35d18659d36f3815e30fe620", + registry = "gcr.io", + repository = "distroless/cc-debian11", +) + +# Base image that can be used to build images that are capable of running the Bazel binary. +container_pull( + name = "bazel_image_base", + digest = "sha256:ab0c5fbe16bc01c03eb081a5724ba618110cbd24940ab123a8dbee0382a4c175", + registry = "gcr.io", + repository = "distroless/java11-debian11", +) + # BuildBuddy Toolchain # Keep up-to-date with docs/rbe-setup.md and docs/rbe-github-actions.md http_archive( diff --git a/deployment/BUILD b/deployment/BUILD index abf522d174b..c2579e8ec9f 100644 --- a/deployment/BUILD +++ b/deployment/BUILD @@ -39,3 +39,12 @@ write_flag_to_file( flag = ":image_tag", visibility = ["//visibility:public"], ) + +# TODO: rules OCI only support tag file names with the ".txt" extension. +genrule( + name = "oci_tag_file", + srcs = [":image_tag_file"], + outs = ["oci_tag.txt"], + cmd = "cp $(location //deployment:image_tag_file) $@", + visibility = ["//visibility:public"], +) diff --git a/tools/probers/BUILD b/tools/probers/BUILD index 636c4a86d8a..0664dd6deca 100644 --- a/tools/probers/BUILD +++ b/tools/probers/BUILD @@ -1,4 +1,6 @@ load("@io_bazel_rules_docker//container:container.bzl", "container_image", "container_push") +load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push") +load("@rules_pkg//pkg:tar.bzl", "pkg_tar") container_image( name = "probers_image", @@ -29,3 +31,36 @@ container_push( tag_file = "//deployment:image_tag_file", tags = ["manual"], # Don't include this target in wildcard patterns ) + +pkg_tar( + name = "files_tar", + srcs = [ + "//tools/probers/bazelrbe", + "//tools/probers/workflow", + "@cloudprober", + ], +) + +oci_image( + name = "probers_oci_image", + base = "@bazel_oci_image_base", + entrypoint = [ + "/cloudprober", + "--logtostderr", + ], + target_compatible_with = [ + "@platforms//os:linux", + ], + tars = [ + "//server/util/bazel:bazel_binaries_tar", + ":files_tar", + ], + visibility = ["//visibility:public"], +) + +oci_push( + name = "push_probers_oci_image", + image = ":probers_oci_image", + remote_tags = "//deployment:oci_tag.txt", + repository = "gcr.io/flame-build/probers-oci", +) From 27ca19a09137a33bfaab2bdc13a79a2c84ec6666 Mon Sep 17 00:00:00 2001 From: Son Luong Ngoc Date: Fri, 27 Sep 2024 17:10:01 +0200 Subject: [PATCH 2/3] Add more images --- codesearch/cmd/server/BUILD | 24 +++++++++++++++++++++++ enterprise/server/cmd/cache_proxy/BUILD | 16 +++++++++++++++ enterprise/server/cmd/server/BUILD | 26 +++++++++++++++++++++++++ enterprise/tools/rbeperf/BUILD | 24 +++++++++++++++++++++++ tools/cacheload/BUILD | 23 ++++++++++++++++++++++ tools/smarter_device_manager/BUILD | 24 +++++++++++++++++++++++ tools/tcpproxy/BUILD | 24 +++++++++++++++++++++++ 7 files changed, 161 insertions(+) diff --git a/codesearch/cmd/server/BUILD b/codesearch/cmd/server/BUILD index 1a992bc1a09..5377696be08 100644 --- a/codesearch/cmd/server/BUILD +++ b/codesearch/cmd/server/BUILD @@ -1,6 +1,8 @@ load("@io_bazel_rules_docker//container:container.bzl", "container_push") load("@io_bazel_rules_docker//go:image.bzl", "go_image") load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") +load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push") +load("@rules_pkg//pkg:tar.bzl", "pkg_tar") go_library( name = "server_lib", @@ -51,3 +53,25 @@ container_push( tag_file = "//deployment:image_tag_file", tags = ["manual"], # Don't include this target in wildcard patterns ) + +pkg_tar( + name = "tar", + srcs = [":server"], +) + +oci_image( + name = "oci_image", + base = "@buildbuddy_go_oci_image_base", + entrypoint = ["/server"], + target_compatible_with = ["@platforms//os:linux"], + tars = [":tar"], + visibility = ["//visibility:public"], +) + +oci_push( + name = "push", + image = ":oci_image", + # Set the image tag with the bazel run flag "--//deployment:image_tag=TAG" + remote_tags = "//deployment:oci_tag_file", + repository = "gcr.io/flame-build/codesearch-oci", +) diff --git a/enterprise/server/cmd/cache_proxy/BUILD b/enterprise/server/cmd/cache_proxy/BUILD index d1241f3cfec..287ae468002 100644 --- a/enterprise/server/cmd/cache_proxy/BUILD +++ b/enterprise/server/cmd/cache_proxy/BUILD @@ -1,5 +1,7 @@ load("@io_bazel_rules_docker//container:container.bzl", "container_image") load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") +load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push") +load("@rules_pkg//pkg:tar.bzl", "pkg_tar") package(default_visibility = ["//enterprise:__subpackages__"]) @@ -49,3 +51,17 @@ container_image( tags = ["manual"], visibility = ["//visibility:public"], ) + +pkg_tar( + name = "tar", + srcs = [":cache_proxy"], +) + +oci_image( + name = "oci_image", + base = "@buildbuddy_go_oci_image_base", + entrypoint = ["/cache_proxy"], + target_compatible_with = ["@platforms//os:linux"], + tars = [":tar"], + visibility = ["//visibility:public"], +) diff --git a/enterprise/server/cmd/server/BUILD b/enterprise/server/cmd/server/BUILD index 44b3a5f359b..82cd3ace96c 100644 --- a/enterprise/server/cmd/server/BUILD +++ b/enterprise/server/cmd/server/BUILD @@ -1,6 +1,8 @@ load("@io_bazel_rules_docker//container:container.bzl", "container_image") load("@io_bazel_rules_docker//go:image.bzl", "go_image") load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") +load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push") +load("@rules_pkg//pkg:tar.bzl", "pkg_tar") # gazelle:default_visibility //enterprise:__subpackages__,@buildbuddy_internal//:__subpackages__ package(default_visibility = [ @@ -130,3 +132,27 @@ container_image( tags = ["manual"], visibility = ["//visibility:public"], ) + +# TODO(sluongng): Verify the layering of the image. +pkg_tar( + name = "tar", + srcs = [ + ":buildbuddy", + ], + remap_paths = { + "/buildbuddy": "/app/server/cmd/buildbuddy/buildbuddy", + }, + symlinks = { + "config.yaml": "app/enterprise/server/cmd/server/buildbuddy.runfiles/buildbuddy/enterprise/config/buildbuddy.release.yaml", + "buildbuddy": "tmp", + }, +) + +oci_image( + name = "oci_image", + base = "@buildbuddy_go_oci_image_base", + entrypoint = ["/app/server/cmd/buildbuddy/buildbuddy"], + target_compatible_with = ["@platforms//os:linux"], + tars = [":tar"], + visibility = ["//visibility:public"], +) diff --git a/enterprise/tools/rbeperf/BUILD b/enterprise/tools/rbeperf/BUILD index 15e195a791d..6d146eae316 100644 --- a/enterprise/tools/rbeperf/BUILD +++ b/enterprise/tools/rbeperf/BUILD @@ -1,6 +1,8 @@ load("@io_bazel_rules_docker//container:container.bzl", "container_push") load("@io_bazel_rules_docker//go:image.bzl", "go_image") load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") +load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push") +load("@rules_pkg//pkg:tar.bzl", "pkg_tar") package(default_visibility = ["//enterprise:__subpackages__"]) @@ -57,3 +59,25 @@ container_push( tag_file = "//deployment:image_tag_file", tags = ["manual"], # Don't include this target in wildcard patterns ) + +pkg_tar( + name = "tar", + srcs = [":rbeperf"], +) + +oci_image( + name = "oci_image", + base = "@buildbuddy_go_oci_image_base", + entrypoint = ["/rbeperf"], + target_compatible_with = ["@platforms//os:linux"], + tars = [":tar"], + visibility = ["//visibility:public"], +) + +oci_push( + name = "push", + image = ":oci_image", + # Set the image tag with the bazel run flag "--//deployment:image_tag=TAG" + remote_tags = "//deployment:oci_tag_file", + repository = "gcr.io/flame-build/rbeperf-oci", +) diff --git a/tools/cacheload/BUILD b/tools/cacheload/BUILD index aa22d1b8804..7c8938c08ca 100644 --- a/tools/cacheload/BUILD +++ b/tools/cacheload/BUILD @@ -1,6 +1,8 @@ load("@io_bazel_rules_docker//container:container.bzl", "container_push") load("@io_bazel_rules_docker//go:image.bzl", "go_image") load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") +load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push") +load("@rules_pkg//pkg:tar.bzl", "pkg_tar") go_library( name = "cacheload_lib", @@ -55,3 +57,24 @@ container_push( tag_file = "//deployment:image_tag_file", tags = ["manual"], # Don't include this target in wildcard patterns ) + +pkg_tar( + name = "tar", + srcs = [":cacheload"], +) + +oci_image( + name = "oci_image", + base = "@buildbuddy_go_oci_image_base", + entrypoint = ["/cacheload"], + target_compatible_with = ["@platforms//os:linux"], + tars = [":tar"], +) + +oci_push( + name = "push", + image = ":oci_image", + # Set the image tag with the bazel run flag "--//deployment:image_tag=TAG" + remote_tags = "//deployment:oci_tag_file", + repository = "gcr.io/flame-build/cacheload-oci", +) diff --git a/tools/smarter_device_manager/BUILD b/tools/smarter_device_manager/BUILD index 4b94dfcab2e..be0223e3e43 100644 --- a/tools/smarter_device_manager/BUILD +++ b/tools/smarter_device_manager/BUILD @@ -1,5 +1,7 @@ load("@io_bazel_rules_docker//container:container.bzl", "container_push") load("@io_bazel_rules_docker//go:image.bzl", "go_image") +load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push") +load("@rules_pkg//pkg:tar.bzl", "pkg_tar") # We use this internally so create an alias here to # ensure our changes don't break the internal build. @@ -27,3 +29,25 @@ container_push( "manual", ], ) + +pkg_tar( + name = "tar", + srcs = [":smarter-device-manager"], +) + +oci_image( + name = "oci_image", + base = "@buildbuddy_go_oci_image_base", + entrypoint = ["/smarter-device-manager"], + target_compatible_with = ["@platforms//os:linux"], + tars = [":tar"], + visibility = ["//visibility:public"], +) + +oci_push( + name = "push", + image = ":oci_image", + # Set the image tag with the bazel run flag "--//deployment:image_tag=TAG" + remote_tags = "//deployment:oci_tag_file", + repository = "gcr.io/flame-build/smarter-device-manager-oci", +) diff --git a/tools/tcpproxy/BUILD b/tools/tcpproxy/BUILD index 93828184a6d..c1e3ca63895 100644 --- a/tools/tcpproxy/BUILD +++ b/tools/tcpproxy/BUILD @@ -1,6 +1,8 @@ load("@io_bazel_rules_docker//container:container.bzl", "container_push") load("@io_bazel_rules_docker//go:image.bzl", "go_image") load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") +load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push") +load("@rules_pkg//pkg:tar.bzl", "pkg_tar") go_library( name = "tcpproxy_lib", @@ -35,3 +37,25 @@ container_push( tag_file = "//deployment:image_tag_file", tags = ["manual"], # Don't include this target in wildcard patterns ) + +pkg_tar( + name = "tar", + srcs = [":tcpproxy"], +) + +oci_image( + name = "oci_image", + base = "@buildbuddy_go_oci_image_base", + entrypoint = ["/tcpproxy"], + target_compatible_with = ["@platforms//os:linux"], + tars = [":tar"], + visibility = ["//visibility:public"], +) + +oci_push( + name = "push", + image = ":oci_image", + # Set the image tag with the bazel run flag "--//deployment:image_tag=TAG" + remote_tags = "//deployment:oci_tag_file", + repository = "gcr.io/flame-build/tcpproxy-oci", +) From cca46f645643791a2071f84cdae067e01df7b52c Mon Sep 17 00:00:00 2001 From: Son Luong Ngoc Date: Mon, 30 Sep 2024 11:36:20 +0200 Subject: [PATCH 3/3] use copy_file --- deployment/BUILD | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/deployment/BUILD b/deployment/BUILD index c2579e8ec9f..cab9b98134f 100644 --- a/deployment/BUILD +++ b/deployment/BUILD @@ -1,4 +1,5 @@ load("@bazel_skylib//rules:common_settings.bzl", "string_flag") +load("@bazel_skylib//rules:copy_file.bzl", "copy_file") load("@io_bazel_rules_k8s//k8s:object.bzl", "k8s_object") load("@io_bazel_rules_k8s//k8s:objects.bzl", "k8s_objects") load("//rules/flags:index.bzl", "write_flag_to_file") @@ -40,11 +41,12 @@ write_flag_to_file( visibility = ["//visibility:public"], ) -# TODO: rules OCI only support tag file names with the ".txt" extension. -genrule( +# TODO: Get rid of this. +# Currently rules OCI only support tag file names with the ".txt" extension. +copy_file( name = "oci_tag_file", - srcs = [":image_tag_file"], - outs = ["oci_tag.txt"], - cmd = "cp $(location //deployment:image_tag_file) $@", + src = ":image_tag_file", + out = "oci_tag.txt", + allow_symlink = True, visibility = ["//visibility:public"], )