diff --git a/WORKSPACE b/WORKSPACE index 46aef3ae..c9ce410c 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -7,14 +7,16 @@ load(":internal_deps.bzl", "rules_oci_internal_deps") # Fetch deps needed only locally for development rules_oci_internal_deps() -load("//oci:repositories.bzl", "oci_register_toolchains", "rules_oci_dependencies") +load("//oci:dependencies.bzl", "rules_oci_dependencies") # Fetch our "runtime" dependencies which users need as well rules_oci_dependencies() +load("//oci:repositories.bzl", "LATEST_CRANE_VERSION", "oci_register_toolchains") + oci_register_toolchains( name = "container", - crane_version = "v0.7.1-thesayyn", + crane_version = LATEST_CRANE_VERSION, ) # For running our own unit tests diff --git a/oci/BUILD.bazel b/oci/BUILD.bazel index e81baa2f..73f622f1 100644 --- a/oci/BUILD.bazel +++ b/oci/BUILD.bazel @@ -7,7 +7,7 @@ exports_files(["container.bzl"]) # attribute in order to get a runtime for the correct platform. # See https://docs.bazel.build/versions/main/toolchains.html#writing-rules-that-use-toolchains toolchain_type( - name = "toolchain_type", + name = "crane_toolchain_type", visibility = ["//visibility:public"], ) diff --git a/oci/dependencies.bzl b/oci/dependencies.bzl new file mode 100644 index 00000000..8c8b87c9 --- /dev/null +++ b/oci/dependencies.bzl @@ -0,0 +1,37 @@ +"""Declare runtime dependencies + +These are needed for local dev, and users must install them as well. +See https://docs.bazel.build/versions/main/skylark/deploying.html#dependencies +""" + +load("@bazel_tools//tools/build_defs/repo:http.bzl", _http_archive = "http_archive") +load("@bazel_tools//tools/build_defs/repo:utils.bzl", "maybe") + +def http_archive(name, **kwargs): + maybe(_http_archive, name = name, **kwargs) + +# WARNING: any changes in this function may be BREAKING CHANGES for users +# because we'll fetch a dependency which may be different from one that +# they were previously fetching later in their WORKSPACE setup, and now +# ours took precedence. Such breakages are challenging for users, so any +# changes in this function should be marked as BREAKING in the commit message +# and released only in semver majors. +def rules_oci_dependencies(): + # The minimal version of bazel_skylib we require + http_archive( + name = "bazel_skylib", + sha256 = "c6966ec828da198c5d9adbaa94c05e3a1c7f21bd012a0b29ba8ddbccb2c93b0d", + urls = [ + "https://github.com/bazelbuild/bazel-skylib/releases/download/1.1.1/bazel-skylib-1.1.1.tar.gz", + "https://mirror.bazel.build/github.com/bazelbuild/bazel-skylib/releases/download/1.1.1/bazel-skylib-1.1.1.tar.gz", + ], + ) + + http_archive( + name = "rules_pkg", + urls = [ + "https://mirror.bazel.build/github.com/bazelbuild/rules_pkg/releases/download/0.5.1/rules_pkg-0.5.1.tar.gz", + "https://github.com/bazelbuild/rules_pkg/releases/download/0.5.1/rules_pkg-0.5.1.tar.gz", + ], + sha256 = "a89e203d3cf264e564fcb96b6e06dd70bc0557356eb48400ce4b5d97c2c3720d", + ) diff --git a/oci/private/container.bzl b/oci/private/container.bzl index 640f749d..fbc8861e 100644 --- a/oci/private/container.bzl +++ b/oci/private/container.bzl @@ -16,7 +16,7 @@ def _strip_external(path): return path[len("external/"):] if path.startswith("external/") else path def _impl(ctx): - toolchain = ctx.toolchains["@aspect_rules_oci//oci:toolchain_type"] + toolchain = ctx.toolchains["@aspect_rules_oci//oci:crane_toolchain_type"] launcher = ctx.actions.declare_file("crane.sh") @@ -26,7 +26,7 @@ def _impl(ctx): """#!/usr/bin/env bash set -euo pipefail {crane} $@""".format( - crane = toolchain.oci_info.crane_path, + crane = toolchain.crane_info.crane_path, ), is_executable = True, ) @@ -48,7 +48,7 @@ set -euo pipefail inputs = list() - inputs.extend(toolchain.oci_info.crane_files) + inputs.extend(toolchain.crane_info.crane_files) if ctx.attr.layers: pull.add("--new_layer") @@ -84,7 +84,7 @@ set -euo pipefail mutate.add_joined("--cmd", ctx.attr.cmd, join_with = ",") ctx.actions.run( - inputs = [tar] + toolchain.oci_info.crane_files, + inputs = [tar] + toolchain.crane_info.crane_files, arguments = [mutate], outputs = [result_tar], executable = launcher, @@ -100,5 +100,5 @@ set -euo pipefail container = struct( implementation = _impl, attrs = _attrs, - toolchains = ["@aspect_rules_oci//oci:toolchain_type"], + toolchains = ["@aspect_rules_oci//oci:crane_toolchain_type"], ) diff --git a/oci/private/toolchains_repo.bzl b/oci/private/toolchains_repo.bzl index fbcaa852..1e966da0 100644 --- a/oci/private/toolchains_repo.bzl +++ b/oci/private/toolchains_repo.bzl @@ -76,68 +76,73 @@ PLATFORMS = { ), } -def _toolchains_repo_impl(repository_ctx): - # Expose a concrete toolchain which is the result of Bazel resolving the toolchain - # for the execution or target platform. - # Workaround for https://github.com/bazelbuild/bazel/issues/14009 - starlark_content = """# Generated by toolchains_repo.bzl +DEFS_TMPL = """\ +# Generated by toolchains_repo.bzl for {toolchain_type} +load("@bazel_skylib//lib:structs.bzl", "structs") # Forward all the providers def _resolved_toolchain_impl(ctx): - toolchain_info = ctx.toolchains["@aspect_rules_oci//oci:toolchain_type"] - return [ - toolchain_info, - toolchain_info.default, - toolchain_info.oci_info, - toolchain_info.template_variables, - ] + toolchain_info = ctx.toolchains["{toolchain_type}"] + return [toolchain_info] + structs.to_dict(toolchain_info).values() # Copied from java_toolchain_alias # https://cs.opensource.google/bazel/bazel/+/master:tools/jdk/java_toolchain_alias.bzl resolved_toolchain = rule( implementation = _resolved_toolchain_impl, - toolchains = ["@aspect_rules_oci//oci:toolchain_type"], + toolchains = ["{toolchain_type}"], incompatible_use_toolchain_transition = True, ) """ - repository_ctx.file("defs.bzl", starlark_content) - build_content = """# Generated by toolchains_repo.bzl +TOOLCHAIN_TMPL = """\ +toolchain( + name = "{platform}_toolchain", + exec_compatible_with = {compatible_with}, + target_compatible_with = {compatible_with}, + toolchain = "{toolchain}", + toolchain_type = "{toolchain_type}", +) +""" + +BUILD_HEADER_TMPL = """\ +# Generated by toolchains_repo.bzl # # These can be registered in the workspace file or passed to --extra_toolchains flag. -# By default all these toolchains are registered by the oci_register_toolchains macro +# By default all of these toolchains are registered by the oci_register_toolchains macro # so you don't normally need to interact with these targets. load(":defs.bzl", "resolved_toolchain") resolved_toolchain(name = "resolved_toolchain", visibility = ["//visibility:public"]) - """ +def _toolchains_repo_impl(repository_ctx): + # Expose a concrete toolchain which is the result of Bazel resolving the toolchain + # for the execution or target platform. + # Workaround for https://github.com/bazelbuild/bazel/issues/14009 + defs_content = DEFS_TMPL.format( + toolchain_type = repository_ctx.attr.toolchain_type, + ) + repository_ctx.file("defs.bzl", defs_content) + + build_content = BUILD_HEADER_TMPL + for [platform, meta] in PLATFORMS.items(): - build_content += """ -toolchain( - name = "{platform}_toolchain", - exec_compatible_with = {compatible_with}, - target_compatible_with = {compatible_with}, - toolchain = "@{user_repository_name}_{platform}//:oci_toolchain", - toolchain_type = "@aspect_rules_oci//oci:toolchain_type", -) -""".format( + build_content += TOOLCHAIN_TMPL.format( platform = platform, name = repository_ctx.attr.name, - user_repository_name = repository_ctx.attr.user_repository_name, compatible_with = meta.compatible_with, + toolchain_type = repository_ctx.attr.toolchain_type, + toolchain = repository_ctx.attr.toolchain.format(platform = platform), ) - # Base BUILD file for this repository repository_ctx.file("BUILD.bazel", build_content) toolchains_repo = repository_rule( _toolchains_repo_impl, - doc = """Creates a repository with toolchain definitions for all known platforms - which can be registered or selected.""", + doc = "Creates a repository with toolchain definitions for all known platforms which can be registered or selected.", attrs = { - "user_repository_name": attr.string(doc = "what the user chose for the base name"), + "toolchain": attr.string(doc = "Label of the toolchain with {platform} left as placeholder. example; @container_crane_{platform}//:crane_toolchain"), + "toolchain_type": attr.string(doc = "Label of the toolchain_type. example; //oci:crane_toolchain_type"), }, ) diff --git a/oci/private/versions.bzl b/oci/private/versions.bzl index 80d6989d..25695910 100644 --- a/oci/private/versions.bzl +++ b/oci/private/versions.bzl @@ -1,14 +1,163 @@ "Mirror of release info" -TOOL_VERSIONS = { - "v0.7.1-thesayyn": { - "darwin_arm64": "sha256-Hv4xtW7Uc69mGjGb/+6Se0Ygk9Pyzd93dI5grPXTdyY=", - "darwin_x86_64": "sha256-slPkZNL2ILeMeOw1x/Kakfwj0fjJKkbQCs7If6BwKe0=", - "linux_arm64": "sha256-DfQNF3Y+1zNtKDUGCKyAYfdk+PK8VsCphjN4KB27KsM=", - "linux_armv6": "sha256-oN3uT5ehoKVPaiyQBo7aMzuKt1Wu/XPDhmLSUtFxpK0=", - "linux_i386": "sha256-5x33V3R7DJHzOuzO7SRaVHivCjEOrbs+DD8hCnG957w=", - "linux_s390x": "sha256-uM0IZLqAL+hJKmX0umRs2hE5tgfCeMZzhoX8tZrlK40=", - "linux_x86_64": "sha256-TfjdNXk8DzaUKuEgh1ryZix+yL8+YcbH8g0W6JjlfcA=", - "windows_armv6": "sha256-rSpw+s+CDmUkp/86ORyVnbG16AE3a1J/8y6nU39P61Q=", - "windows_x86_64": "sha256-kUJ5r3ZlgqQE6KeX/3NqzXbaktU8ZySotVcYAjZbUXU=", + +CRANE_VERSIONS = { + "v0.11.0": { + "darwin_arm64": "sha256-N/Pl0IlluAbLn74BW1Ye4hKJ9BFsBLnqTLaTJTSUejQ=", + "darwin_x86_64": "sha256-x7LWGfRlpKh35DFkHMwckFWDzyEvWWubzmgWkWN7PvY=", + "linux_arm64": "sha256-hGU+yClzid7ZJ/Eg6lvCcDQjBG9kxWtTgZeHX4G6TNY=", + "linux_armv6": "sha256-qoK8T2sgz8HRTnJLcbGSldJy5vZBkHoTjv+TzrURc98=", + "linux_i386": "sha256-ompKskCXdUqMunjZRJdb/UWI9QreRgsXoC4NdQQX9N4=", + "linux_s390x": "sha256-5JJzSvXFfljak+4dzdIJ1GDF6E5M1JI1OpAsjhjuQ9c=", + "linux_x86_64": "sha256-POxA6w+sLm7Utx3mgq5WLRWBmrkhReT2abV7rwR5ets=", + "windows_arm64": "sha256-g/omJDYcAnAQ+NDbf9mPiFhGaP1biy8Vaw0DeuckE8M=", + "windows_armv6": "sha256-HEjk/NF672oezIf9cQXBA/3eYZXfzIX2S/qduj79jWA=", + "windows_x86_64": "sha256-BQ2SjjeHLpdpJhQoehw8IUejARwfqg97n4FepjNhD9c=", + }, + "v0.10.0": { + "darwin_arm64": "sha256-uTQlami7UeN3Shhq/lO4jJjXkixtAbLSyhM4sfJvwgg=", + "darwin_x86_64": "sha256-QCNLHypJ1Ktm2hUudoc8nUw9I6BBLTUKn5SiXpfvTCc=", + "linux_arm64": "sha256-9XhRhqvalzRLkGMaISdpnPg1Dq+s1xmsDe1+qMchd88=", + "linux_armv6": "sha256-0ashoSuvQPys9AAr7+IvsxaGUnMqLmU8UgH+f9XDQ0w=", + "linux_i386": "sha256-Yk3Em/HgyIYQhZKoSenZ9/XkOo5nSZjn24ZM8MoCfkQ=", + "linux_s390x": "sha256-V5IokOTXiXH+JPeUfwVbCtJKq0DZaYhBB91tvF+onoc=", + "linux_x86_64": "sha256-/CHxs6wMlQOIloOlGJL5e/AkldXSAVTx+Pjeb7ixitA=", + "windows_arm64": "sha256-I3jGKPWaD2CZzSjSn9XWNSCiiDgcssE2La6K/srHJCE=", + "windows_armv6": "sha256-oX0Vfxaa2/dpiYRrCMfJxy6DeEsL5DrKwvH7rRmShHA=", + "windows_x86_64": "sha256-KBgGIzkXKxfqjJlszBTvKX7j/es8HLzXe4+nFft4qUQ=", + }, + "v0.9.0": { + "darwin_arm64": "sha256-bjrRaLvGMKUbXyehm0mZLMLMMnyf3ksZIuoPY6MO4QI=", + "darwin_x86_64": "sha256-mur6wMY3nRnpVqFS4q64bCsn3pAuU6DmBU3/QufI+CE=", + "linux_arm64": "sha256-MzO7Xu7L4c9Y8y9S0l6XQweqHnjEiPVw7bp3/ABNvGU=", + "linux_armv6": "sha256-t+MjWBc5XpPB+GmdHDdgSOnS5kgEqTKLVk7iyUQLbZQ=", + "linux_i386": "sha256-e76SeqRMWKR4ln79uv/PphtjwGEJIn3R0TDCvSjE5D0=", + "linux_s390x": "sha256-Jwb6ljfYQypk3FAggfEYbs0GoIXQopaQzNGI+RqW2Wc=", + "linux_x86_64": "sha256-HSzz+sCDDdjl+24oKf38MEo9Sg9I9+Hfnrt+KSHyiAM=", + "windows_arm64": "sha256-W7HwobJzclPHGyMjzqrHlCoL4e0sVDrSM9U4KM7Nxds=", + "windows_armv6": "sha256-ZPbqVqWl0EXLFut8W2ELN1KeGjK1AGrdYD9n9XTX+qY=", + "windows_x86_64": "sha256-brMWycCZU9DC6LDMNsIVZRi8aUhOCaVoO0S/25RAwCs=", + }, + "v0.8.0": { + "darwin_arm64": "sha256-Ux663Si2Nnuczosp7ja8E6NXACzBDL5eHPW/QQC1q6w=", + "darwin_x86_64": "sha256-r7/lgzn/eupXM6Hk+hK8oCPef6uBJ2nKKUVZP7j+2oA=", + "linux_arm64": "sha256-f+kmq3AppFRSEOmW5sa0hV1v5DAtKsNCYtdA0bP1G6s=", + "linux_armv6": "sha256-2t27RhO9S3tw9XxngsL4592Q2SkCXwEq/NDXNuYjoCs=", + "linux_i386": "sha256-kCHUWGj1yAc01ESJA8ityos2Qs3Qw0impM71Jy3G+6I=", + "linux_s390x": "sha256-uw1c+cND5w1r7301z+VMCUtxcH48ZEV63G/00lD40H0=", + "linux_x86_64": "sha256-4/IRbSvdocLyJH7i8TJZ1BmGVg0KBqFoMeNwltjs7A4=", + "windows_armv6": "sha256-6b2Qqfq/4zW1vynYMTF72rB7bYHg0OSLlWBjJWPAdck=", + "windows_x86_64": "sha256-GFGU1K1lez8hdREAa4GhSNfgKoGN8N8KSQMn9rvvSCM=", + }, + "v0.6.1": { + "darwin_arm64": "sha256-AFCpfdaWdCfKXPQ1zp50gbM8fs8qbelSJDQ74wKmDBc=", + "darwin_x86_64": "sha256-Pv99eYGQ1mat2rAzTGfKV6+x2Y+s25nH0MZ3qnRinLc=", + "linux_arm64": "sha256-B6iyz46LEZOCdPPzNOWdYTLHaQB+r1ccnb1sD7lUJF8=", + "linux_armv6": "sha256-Q8kVMPmdZwQW81Yv5oksCRzsnrlPC5YpogLE4+ODgEU=", + "linux_i386": "sha256-fSujHPpmFMTCVrLvRIsoIxjocWM4ZNc/YFBitjEhc9w=", + "linux_x86_64": "sha256-ZOz50fyLPV+4s/NttTdWRo/ERsGviI9phiYlxPghLOw=", + "windows_armv6": "sha256-UlqfD2YHxmjI7n2atOYODc3k+N64PaM29xMZMznW85s=", + "windows_x86_64": "sha256-I6wID4MP1gK+SsG+E0zdVSmJ79+LjcHu73vNqFjiHm4=", + }, + "v0.7.0": { + "darwin_arm64": "sha256-SH7fMG+bzwRHI41m0eSgeaUllJZ0ErElyXeMj2yq8U4=", + "darwin_x86_64": "sha256-gz+Ci/COPd3K9Sduwn98bQKbIBKKhsIhu+DVwtNNqqI=", + "linux_arm64": "sha256-OXmzJ1UOq5fiJ43MlGUylj/9+srsjqKZTcpACc3J97A=", + "linux_armv6": "sha256-Quoxswg/xHdZzvEi+dK40WkYvw6R72nQZGuCcutgj2o=", + "linux_i386": "sha256-0IpjlcDX7HM1nm9Lzbhcf8ZD+GxLfxIcJ/InSyJgF4Q=", + "linux_s390x": "sha256-+ly560uETHE8QhAMyFKnNrCWfxUg2V5MvNYeilo4FsE=", + "linux_x86_64": "sha256-FAkv08XWVm+L1Th13Hy9wYfZ6T8o2rHGd9HuWVnLcDw=", + "windows_armv6": "sha256-VEqcwnY6YaHSk4Gsuk2BbCOkVPubRCeCujhNGwjsuME=", + "windows_x86_64": "sha256-JNz02/4YOfmt0mlObJqRe+Mlby/6i0gt2wqKRqawWag=", + }, + "v0.6.0": { + "darwin_arm64": "sha256-K1RYFUOkphVtR1V+vbDJv0y1hccjoi8pHyWB5v0Fs0U=", + "darwin_x86_64": "sha256-p20mF0KgquhDWnKLeQ1e4p+YQjl1jgm2nHDSe5NmsyI=", + "linux_arm64": "sha256-tPVSFw+BdoDiaaSEWX2wMOmhHqoWuOzZ//Y5ikdjboQ=", + "linux_armv6": "sha256-073Twz7jsyp1L7QqqKO3tu5pfJOjB6mHPWcX5qS/x2c=", + "linux_i386": "sha256-kRhd7fQrguRV6wIMLn9vUGK3LvgDO5sVVS4cvE4akuE=", + "linux_x86_64": "sha256-txx8oWq/8HeHUW774MBsEp0nPzRJDWqF+BXOyYD//oU=", + "windows_armv6": "sha256-4X4Fuvm4imytlB1ErcNElufkXMnZl8KFSwTIMZqKC20=", + "windows_x86_64": "sha256-t8f5Pk7bvVyrT+GnDoQ+7UhGtHBDO1+63Zu0u9LdGvI=", + }, + "v0.5.1": { + "darwin_arm64": "sha256-F/kbKoWm48X4a6Qg9+90hYkKeFou87CyGkbhwU9DemA=", + "darwin_x86_64": "sha256-teUO+v3ldq/8s2RYKsOT7HOjJUe2Pz8jWN7VvQMviFg=", + "linux_arm64": "sha256-D0lXSvg8Cq+mZtOAQaQmgOblYtjV21n2FBRXmam5Rak=", + "linux_armv6": "sha256-ocH46dInM+dA2WmQyX+gEAfSOfzhe1upFtJvCEDciGI=", + "linux_i386": "sha256-/+uVMs5S5UCiyls95iTMEr/s5sN+hQmgh5YPi0vvkQE=", + "linux_x86_64": "sha256-JPak1jCG+yA0iffOkmELmO/1MMMK+hnc6xgrURBF3C4=", + "windows_armv6": "sha256-7cUPJB7LeVIjk7ncDcs5xvSL1b/WL4Xku/8bPHyQ0XE=", + "windows_x86_64": "sha256-SExmJoJbYDRauQ2mgrfpHXpGhAWaugluR2FpY+9YhYI=", + }, + "v0.5.0": { + "darwin_x86_64": "sha256-8wks6jsnO7GCE6f+brTHMp9HcnrI+z/ticMMyAsW3mw=", + "linux_arm": "sha256-IRgUo5UOeEvr+v0dpdWSSZdT56XPEvrsXwAv4CY+4NI=", + "linux_arm64": "sha256-hOK2hNtN4B/2Lcm5vCWSEw94yLlogpj7yGWrmrlZ6s4=", + "linux_i386": "sha256-bm3elN4O0D/gSgURrnykgm7AH/WHvWbKeUmKh9MRAIo=", + "linux_x86_64": "sha256-+IOQ7qgSPofHBmdvPJx/MTPctRKfoP1V4WCx6UuQetQ=", + "windows_arm": "sha256-bXp/s9pjnbCNA8vfPmC4gLLmcIY9/pMZXOkmiW3Q6nc=", + "windows_x86_64": "sha256-IQIhYjSAJorxwqdzbmQn5+JA9DmJMHukadUXMou6YPI=", + }, + "v0.4.1": { + "darwin_x86_64": "sha256-TaS8HVhiDen57g0UV2FGdCkE//PXqd1pftVEFeRVEMA=", + "linux_arm": "sha256-vCUGoPXxgH8RPGDnlXffOpUE4U/b/tcyzjs0Ke0gKSw=", + "linux_arm64": "sha256-bOWuBUEiVeq25QTJ/rVFRRiRBveFrAZMaAlbUdj5r0o=", + "linux_i386": "sha256-K9vgwxS7A4+/Te0nHMuwBda5kUtCR/6+219uZBxamMw=", + "linux_x86_64": "sha256-3vE2T5SD0TPMxrHEh29ZplPQJMiGbZbs2gJlYdOMNJs=", + "windows_x86_64": "sha256-WUkiNNWDJapY0Iwrt0XG+IhjgoUTZv7YqIw9CU3cRxE=", + }, + "v0.4.0": { + "darwin_x86_64": "sha256-fkGLN3VuF+uZGatFCpHdgd/WtXFKOL9jwnQEeNusVZ4=", + "linux_arm": "sha256-FSjQXWD7iUCc/Yzyutgl8w8GWH2Vjpzo5BSS7EAHcBw=", + "linux_arm64": "sha256-zN11IEF/x5/zfzqmCc9iuDQu9V2q+JwAv1vquihpJQ8=", + "linux_i386": "sha256-OIpcJTWqXgTwi6wg3IG0/C3S03oSFkFyB9kYtKYFhHM=", + "linux_x86_64": "sha256-9LqZadf5mRiMRef4p+xOWDsc8R9HnJrIBFmEFCluMBI=", + "windows_x86_64": "sha256-s25nQCGbmE1/JZ6ym0ZP54RiVI4GwYuyZ+Z7BfTu6qY=", + }, + "v0.3.0": { + "darwin_x86_64": "sha256-+2KYkl/C+1yRG77SE29KaVn4qF00HBz1W7Zrxlm4xlI=", + "linux_arm": "sha256-e3UP5+6zo3IGM+ul/ev5EW7YevWzi7epErnH8/PIblQ=", + "linux_arm64": "sha256-PYQYMcTj5o0N8Hi3LIS6Vuyxoyfti4UR/hM+26OSBHY=", + "linux_i386": "sha256-PvGCXDdLMKDJwRDbiaw3+Ju1pINwIz5Yu7yC2FALRWs=", + "linux_x86_64": "sha256-KIAqfNQHxaSNNcRwue/aplVZWrf3DbciOEOSpPSwN38=", + "windows_x86_64": "sha256-BUMStVAV+8rLkOcNQihcKmh8FtiFw9YvGAUapH9AqUs=", + }, + "v0.2.1": { + "darwin_x86_64": "sha256-AcyyNBeC+ehBieg9VokHbnKs8OxpRwdYj4yTlbiNPp8=", + "linux_arm": "sha256-4jZRHEylpKdDpWEzXPUYAsAYm5IR2SH8HdrWpnzONgQ=", + "linux_arm64": "sha256-m1wKFNy3TLHBdrY8LznKQRyGC/+p4XH1XEfzdnzVgJ0=", + "linux_i386": "sha256-Azl0K6gHxInfIJIbA8ePiGhZF1XJ33LbRrUywxxq/PA=", + "linux_x86_64": "sha256-sFpmBt2DdqvmkUAWkD9X+x/58aLLU9bPJejjYcEFG00=", + "windows_x86_64": "sha256-MuqImw41+kv/C8sw/4u49vJMfyge61fp4BFPBCtY5uk=", + }, + "v0.2.0": { + "darwin_x86_64": "sha256-+Xri0Iiqhw2+IT3T3KQezPZjw3cfWrDwhiFloZ8p6HM=", + "linux_arm": "sha256-8rNIrS+/zkxLefHZlaOlJtrzCwxfaryg0LHiDOWJqb8=", + "linux_arm64": "sha256-CCDbFphv8RlRo873DHPkMfGtw4mWHcnMnNKzGnjtdQA=", + "linux_i386": "sha256-iITFRlNNvssZJ0rBgPKLE3QQQr0xOk3RTH7d7B4ODV4=", + "linux_x86_64": "sha256-mAlb+LUKbqUhc02gX+S8zc5gMesAQBlUiBf0eHIunt4=", + "windows_x86_64": "sha256-TUfhrBJdf0d1wJYsH/+UjP08SnKJREa5VfDgnBhx3L0=", + }, + "v0.1.4": { + "darwin_x86_64": "sha256-43A0BONp7NssyOP/TCQRB2GKUpewJurPO/JRl1K/ZR0=", + "linux_i386": "sha256-bQ/Q0z9Op6zhng7p/UwSMOVXt7qsaUAiHqiH/i15bZE=", + "linux_x86_64": "sha256-0U81IVmWBXXCVRf7t6XmXF4ljUGJ8/vEq2mkigL5fv0=", + }, + "v0.1.3": { + "darwin_x86_64": "sha256-8n4ZIIKmSXPkOhANbqe3OL1K+q+yAc5iRwGWPxcMIQI=", + "linux_i386": "sha256-ywrzfBkeW5Hy+UU08ebZH0s58+ZJlD5E0W5i8vZFXVk=", + "linux_x86_64": "sha256-BZ/Tl5VpLDMX2qk3i1fMaSF17Ky0Z6x7uUZXRbwrxvE=", + }, + "v0.1.2": { + "darwin_i386": "sha256-UAndzfmBlw0KQ/ICat/R3nLDg1Pg8vyZB5V+8Jp0mBc=", + "darwin_x86_64": "sha256-aC9g1aXvjp1qx4iFp3Cl51qhkLL5qIlxufe/cP2clco=", + "linux_i386": "sha256-xfKuIyJLHEhk6uuv2rrDRyWBfT6LbWRS/upUyRXYqmE=", + "linux_x86_64": "sha256-dJ8j836a21s6HSVPJsMnMLKbbGwFkSoaZog4g67f/ks=", + }, + "v0.1.1": { + "darwin_i386": "sha256-TPQtBirScb4qb3Y5+jSax8ynrcCcZRuWsxINsL6nf/c=", + "darwin_x86_64": "sha256-3GAnQ1LitQRSDpE1yv5LfvQMUsFWgWObtgEBFeuUqNQ=", + "linux_i386": "sha256-jEGfa0yYmGcYMLQAqjggrxslTHTOfLI6yRGKNm8Qfx8=", + "linux_x86_64": "sha256-ggpPUxrfME0wz3qFXy/eMg+9ADpxJf0zJUH4le9a4rU=", }, } diff --git a/oci/repositories.bzl b/oci/repositories.bzl index 99ee9a2e..d8929ed0 100644 --- a/oci/repositories.bzl +++ b/oci/repositories.bzl @@ -1,65 +1,15 @@ -"""Declare runtime dependencies +"""Repository rules for fetching external tools""" -These are needed for local dev, and users must install them as well. -See https://docs.bazel.build/versions/main/skylark/deploying.html#dependencies -""" - -load("@bazel_tools//tools/build_defs/repo:http.bzl", _http_archive = "http_archive") -load("@bazel_tools//tools/build_defs/repo:utils.bzl", "maybe") load("//oci/private:toolchains_repo.bzl", "PLATFORMS", "toolchains_repo") -load("//oci/private:versions.bzl", "TOOL_VERSIONS") +load("//oci/private:versions.bzl", "CRANE_VERSIONS") -def http_archive(name, **kwargs): - maybe(_http_archive, name = name, **kwargs) +LATEST_CRANE_VERSION = CRANE_VERSIONS.keys()[0] -# WARNING: any changes in this function may be BREAKING CHANGES for users -# because we'll fetch a dependency which may be different from one that -# they were previously fetching later in their WORKSPACE setup, and now -# ours took precedence. Such breakages are challenging for users, so any -# changes in this function should be marked as BREAKING in the commit message -# and released only in semver majors. -def rules_oci_dependencies(): - # The minimal version of bazel_skylib we require - http_archive( - name = "bazel_skylib", - sha256 = "c6966ec828da198c5d9adbaa94c05e3a1c7f21bd012a0b29ba8ddbccb2c93b0d", - urls = [ - "https://github.com/bazelbuild/bazel-skylib/releases/download/1.1.1/bazel-skylib-1.1.1.tar.gz", - "https://mirror.bazel.build/github.com/bazelbuild/bazel-skylib/releases/download/1.1.1/bazel-skylib-1.1.1.tar.gz", - ], - ) - - http_archive( - name = "rules_pkg", - urls = [ - "https://mirror.bazel.build/github.com/bazelbuild/rules_pkg/releases/download/0.5.1/rules_pkg-0.5.1.tar.gz", - "https://github.com/bazelbuild/rules_pkg/releases/download/0.5.1/rules_pkg-0.5.1.tar.gz", - ], - sha256 = "a89e203d3cf264e564fcb96b6e06dd70bc0557356eb48400ce4b5d97c2c3720d", - ) - -######## -# Remaining content of the file is only used to support toolchains. -######## -_DOC = "Fetch external tools needed for oci toolchain" -_ATTRS = { - "crane_version": attr.string(mandatory = True, values = TOOL_VERSIONS.keys()), - "platform": attr.string(mandatory = True, values = PLATFORMS.keys()), -} - -def _oci_repo_impl(repository_ctx): - url = "https://github.com/thesayyn/go-containerregistry/releases/download/{0}/go-containerregistry_{1}.tar.gz".format( - repository_ctx.attr.crane_version, - repository_ctx.attr.platform[:1].upper() + repository_ctx.attr.platform[1:], - ) - repository_ctx.download_and_extract( - url = url, - integrity = TOOL_VERSIONS[repository_ctx.attr.crane_version][repository_ctx.attr.platform], - ) - build_content = """#Generated by container/repositories.bzl -load("@aspect_rules_oci//oci:toolchain.bzl", "oci_toolchain") -oci_toolchain( - name = "oci_toolchain", +CRANE_BUILD_TMPL = """\ +# Generated by container/repositories.bzl +load("@aspect_rules_oci//oci:toolchain.bzl", "crane_toolchain") +crane_toolchain( + name = "crane_toolchain", crane = select({ "@bazel_tools//src/conditions:host_windows": "crane.exe", "//conditions:default": "crane", @@ -67,38 +17,53 @@ oci_toolchain( ) """ - # Base BUILD file for this repository - repository_ctx.file("BUILD.bazel", build_content) +def _crane_repo_impl(repository_ctx): + url = "https://github.com/google/go-containerregistry/releases/download/{version}/go-containerregistry_{platform}.tar.gz".format( + version = repository_ctx.attr.crane_version, + platform = repository_ctx.attr.platform[:1].upper() + repository_ctx.attr.platform[1:], + ) + repository_ctx.download_and_extract( + url = url, + integrity = CRANE_VERSIONS[repository_ctx.attr.crane_version][repository_ctx.attr.platform], + ) + repository_ctx.file("BUILD.bazel", CRANE_BUILD_TMPL) -oci_repositories = repository_rule( - _oci_repo_impl, - doc = _DOC, - attrs = _ATTRS, +crane_repositories = repository_rule( + _crane_repo_impl, + doc = "Fetch external tools needed for crane toolchain", + attrs = { + "crane_version": attr.string(mandatory = True, values = CRANE_VERSIONS.keys()), + "platform": attr.string(mandatory = True, values = PLATFORMS.keys()), + }, ) # Wrapper macro around everything above, this is the primary API -def oci_register_toolchains(name, **kwargs): +def oci_register_toolchains(name, crane_version): """Convenience macro for users which does typical setup. - create a repository for each built-in platform like "container_linux_amd64" - this repository is lazily fetched when node is needed for that platform. - - TODO: create a convenience repository for the host platform like "container_host" - create a repository exposing toolchains for each platform like "container_platforms" - register a toolchain pointing at each platform Users can avoid this macro and do these steps themselves, if they want more control. Args: name: base name for all created repos, like "container7" - **kwargs: passed to each node_repositories call + crane_version: passed to each crane_repositories call """ + + toolchain_name = "{name}_crane_toolchains".format(name = name) + for platform in PLATFORMS.keys(): - oci_repositories( - name = name + "_" + platform, + crane_repositories( + name = "{name}_crane_{platform}".format(name = name, platform = platform), platform = platform, - **kwargs + crane_version = crane_version, ) - native.register_toolchains("@%s_toolchains//:%s_toolchain" % (name, platform)) + native.register_toolchains("@%s//:%s_toolchain" % (toolchain_name, platform)) toolchains_repo( - name = name + "_toolchains", - user_repository_name = name, + name = toolchain_name, + toolchain_type = "@aspect_rules_oci//oci:crane_toolchain_type", + # avoiding use of .format since {platform} is formatted by toolchains_repo for each platform. + toolchain = "@%s_crane_{platform}//:crane_toolchain" % name, ) diff --git a/oci/tests/versions_test.bzl b/oci/tests/versions_test.bzl index db87a763..b691c869 100644 --- a/oci/tests/versions_test.bzl +++ b/oci/tests/versions_test.bzl @@ -3,11 +3,11 @@ See https://docs.bazel.build/versions/main/skylark/testing.html#for-testing-star """ load("@bazel_skylib//lib:unittest.bzl", "asserts", "unittest") -load("//oci/private:versions.bzl", "TOOL_VERSIONS") +load("//oci/private:versions.bzl", "CRANE_VERSIONS") def _smoke_test_impl(ctx): env = unittest.begin(ctx) - asserts.equals(env, "v0.7.1-thesayyn", TOOL_VERSIONS.keys()[0]) + asserts.equals(env, "v0.11.0", CRANE_VERSIONS.keys()[0]) return unittest.end(env) # The unittest library requires that we export the test cases as named test rules, diff --git a/oci/toolchain.bzl b/oci/toolchain.bzl index 2c765e4c..3fdaeee3 100644 --- a/oci/toolchain.bzl +++ b/oci/toolchain.bzl @@ -1,24 +1,23 @@ -"""This module implements the language-specific toolchain rule. -""" +"""This module implements the language-specific toolchain rule.""" -OciInfo = provider( +CraneInfo = provider( doc = "Information about how to invoke the tool executable.", fields = { - "crane_path": "Path to the tool executable for the target platform.", - "crane_files": """Files required in runfiles to make the tool executable available. + "crane_path": "Path to the crane executable for the target platform.", + "crane_files": """Files required in runfiles to make the crane executable available. May be empty if the crane_path points to a locally installed tool binary.""", }, ) -# Avoid using non-normalized paths (workspace/../other_workspace/path) def _to_manifest_path(ctx, file): if file.short_path.startswith("../"): return "external/" + file.short_path[3:] else: return ctx.workspace_name + "/" + file.short_path -def _oci_toolchain_impl(ctx): + +def _crane_toolchain_impl(ctx): if ctx.attr.crane and ctx.attr.crane_path: fail("Can only set one of crane or crane_path but both were set.") if not ctx.attr.crane and not ctx.attr.crane_path: @@ -31,16 +30,16 @@ def _oci_toolchain_impl(ctx): crane_files = ctx.attr.crane.files.to_list() crane_path = _to_manifest_path(ctx, crane_files[0]) - # Make the $(tool_BIN) variable available in places like genrules. + # Make the $(CRANE_BIN) variable available in places like genrules. # See https://docs.bazel.build/versions/main/be/make-variables.html#custom_variables template_variables = platform_common.TemplateVariableInfo({ - "crane_bin": crane_path, + "CRANE_BIN": crane_path, }) default = DefaultInfo( files = depset(crane_files), runfiles = ctx.runfiles(files = crane_files), ) - oci_info = OciInfo( + crane_info = CraneInfo( crane_path = crane_path, crane_files = crane_files, ) @@ -48,7 +47,7 @@ def _oci_toolchain_impl(ctx): # Export all the providers inside our ToolchainInfo # so the resolved_toolchain rule can grab and re-export them. toolchain_info = platform_common.ToolchainInfo( - oci_info = oci_info, + crane_info = crane_info, template_variables = template_variables, default = default, ) @@ -58,8 +57,8 @@ def _oci_toolchain_impl(ctx): template_variables, ] -oci_toolchain = rule( - implementation = _oci_toolchain_impl, +crane_toolchain = rule( + implementation = _crane_toolchain_impl, attrs = { "crane": attr.label( doc = "A hermetically downloaded executable target for the target platform.", diff --git a/scripts/mirror_releases.sh b/scripts/mirror_releases.sh index 8412536d..002c3ac0 100755 --- a/scripts/mirror_releases.sh +++ b/scripts/mirror_releases.sh @@ -7,24 +7,20 @@ RAW=$(mktemp) ( curl --silent \ -H "Accept: application/vnd.github.v3+json" \ - https://api.github.com/repos/thesayyn/go-containerregistry/releases?per_page=20 \ + https://api.github.com/repos/google/go-containerregistry/releases?per_page=20 \ | jq -f $SCRIPT_DIR/filter.jq ) > $RAW FIXED=$(mktemp) # Replace URLs with their hash for tag in $(jq -r 'keys | .[]' < $RAW); do - - checksums=$(curl --silent -L https://github.com/thesayyn/go-containerregistry/releases/download/$tag/checksums.txt) + checksums="$(curl --silent -L https://github.com/google/go-containerregistry/releases/download/$tag/checksums.txt)" while read -r sha256 filename; do integrity="sha256-$(echo $sha256 | xxd -r -p | base64)" - #escaped=$(printf '%s\n' "$integrity" | sed -e 's/[\/&]/\\&/g') - # sed -i "s/$filename/$escaped/" $RAW jq ".[\"$tag\"] |= with_entries(.value = (if .value == \"$filename\" then \"$integrity\" else .value end))" < $RAW > $FIXED mv $FIXED $RAW done <<< "$checksums" done -echo '"Mirror of release info"' -echo -n "TOOL_VERSIONS = " +echo -n "CRANE_VERSIONS = " cat $RAW