forked from GoogleContainerTools/distroless
-
Notifications
You must be signed in to change notification settings - Fork 0
/
BUILD
61 lines (54 loc) · 1.44 KB
/
BUILD
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
load("@bazel_tools//tools/build_defs/pkg:pkg.bzl", "pkg_tar")
load("@io_bazel_rules_docker//go:image.bzl", "go_image")
load("@io_bazel_rules_docker//container:container.bzl", "container_image")
load("@io_bazel_rules_docker//contrib:test.bzl", "container_test")
load("@io_bazel_rules_docker//contrib:passwd.bzl", "passwd_entry", "passwd_file")
load("@io_bazel_rules_go//go:def.bzl", "go_binary")
# Create a passwd file with a nonroot user and uid.
passwd_entry(
name = "nonroot_user",
info = "nonroot",
uid = 1002,
username = "nonroot",
)
passwd_file(
name = "passwd",
entries = [
":nonroot_user",
],
)
pkg_tar(
name = "passwd_tar",
srcs = [":passwd"],
mode = "0644",
package_dir = "etc",
)
# Include it in our image as a tar.
container_image(
name = "passwd_image",
base = "//base:base",
tars = [":passwd_tar"],
user = "nonroot",
visibility = ["//visibility:private"],
)
# Simple go program to print out the username and uid.
go_binary(
name = "user",
srcs = ["testdata/user.go"],
# Test image is linux based
goos = "linux",
pure = "on",
)
container_image(
name = "check_user_image",
base = ":passwd_image",
files = [":user"],
visibility = ["//visibility:private"],
)
# Test to verify this works :)
container_test(
name = "check_user_test",
configs = ["testdata/user.yaml"],
image = ":check_user_image",
visibility = ["//visibility:private"],
)