1load("@aspect_bazel_lib//lib:tar.bzl", "tar")
2load("@container_structure_test//:defs.bzl", "container_structure_test")
3load("@rules_distroless//apt:defs.bzl", "dpkg_status")
4load("@rules_distroless//distroless:defs.bzl", "cacerts", "flatten", "home", "passwd")
5load("@rules_oci//oci:defs.bzl", "oci_image", "oci_load")
6load("@rules_pkg//:pkg.bzl", "pkg_tar")
7load("//hack/build/rules/container:index.bzl", "container_push")
8
9package(default_visibility = ["//visibility:public"])
10
11################################################################################
12# USERS & GROUPS
13################################################################################
14
15BUILD = 21700
16
17NOBODY = 65534
18
19passwd(
20 name = "passwd",
21 entries = [
22 {
23 "gecos": ["root"],
24 "gid": 0,
25 "home": "/root",
26 "shell": "/sbin/nologin",
27 "uid": 0,
28 "username": "root",
29 },
30 {
31 "gecos": ["nobody_user"],
32 "gid": NOBODY,
33 "home": "/nonexistent",
34 "shell": "/sbin/nologin",
35 "uid": NOBODY,
36 "username": "nobody_user",
37 },
38 {
39 "gecos": ["build"],
40 "gid": BUILD,
41 "home": "/home/build",
42 "shell": "/bin/bash",
43 "uid": BUILD,
44 "username": "build",
45 },
46 ],
47)
48
49home(
50 name = "home",
51 dirs = [
52 {
53 "home": "root",
54 "uid": 0,
55 "gid": 0,
56 },
57 {
58 "home": "/nonexistent",
59 "uid": NOBODY,
60 "gid": NOBODY,
61 },
62 {
63 "home": "/home/build",
64 "uid": BUILD,
65 "gid": BUILD,
66 },
67 ],
68)
69
70flatten(
71 name = "flat_passwd",
72 tars = [
73 ":passwd",
74 ":home",
75 ],
76)
77
78################################################################################
79# K8s BUILD IMAGE
80################################################################################
81
82pkg_tar(
83 name = "repo_tools_k8s",
84 extension = "tgz",
85 files = {
86 "//cmd/tools/bzl-cache-rc-gen:bzl-cache-rc-gen_linux": "bzl-cache-rc-gen",
87 "@bazelisk_linux//file": "bazel",
88 "//cmd/tools/art:art_linux": "art",
89 "//test/rosa:rosa_linux": "rosa",
90 },
91 mode = "755",
92 package_dir = "/usr/local/bin",
93 tags = ["manual"],
94)
95
96# CI/build scripts
97pkg_tar(
98 name = "scripts_k8s",
99 extension = "tgz",
100 files = {
101 "//hack/build/ci:collect-bazel-test-reports.sh": "collect-bazel-test-reports.sh", # TODO: make this a sh_binary that is ran via bazel in CI
102 "//hack/build/ci:coverage-rpt.sh": "coverage-rpt", # TODO: same, see above
103 },
104 mode = "755",
105 package_dir = "/usr/local/bin",
106 strip_prefix = "/hack/build/ci/",
107 tags = ["manual"],
108)
109
110# pkg_tar(
111# name = "g-gpg",
112# srcs = ["//hack/build/build-image:cloud.google.gpg"],
113# package_dir = "/usr/share/keyrings",
114# )
115
116tar(
117 name = "sh",
118 mtree = [
119 # needed as dpkg assumes sh is installed in a typical debian installation.
120 "./bin/sh type=link link=/bin/bash",
121 ],
122)
123
124cacerts(
125 name = "cacerts",
126 package = select({
127 "@platforms//cpu:x86_64": "@bullseye//ca-certificates/amd64:data",
128 "@platforms//cpu:arm64": "@bullseye//ca-certificates/arm64:data",
129 }),
130)
131
132PACKAGES = [
133 "@bullseye//build-essential",
134 "@bullseye//ca-certificates",
135 "@bullseye//git",
136 "@bullseye//python3",
137 "@bullseye//rsync",
138 "@bullseye//dpkg",
139 "@bullseye//apt",
140]
141
142# Creates /var/lib/dpkg/status with installed package information.
143dpkg_status(
144 name = "dpkg_status",
145 controls = select({
146 "@platforms//cpu:x86_64": [
147 "%s/amd64:control" % package
148 for package in PACKAGES
149 ],
150 "@platforms//cpu:arm64": [
151 "%s/arm64:control" % package
152 for package in PACKAGES
153 ],
154 }),
155)
156
157pkg_tar(
158 name = "deb_tars",
159 extension = "tgz",
160 deps = select({
161 "@platforms//cpu:x86_64": [
162 "%s/amd64" % package
163 for package in PACKAGES
164 ],
165 "@platforms//cpu:arm64": [
166 "%s/arm64" % package
167 for package in PACKAGES
168 ],
169 }),
170)
171
172oci_image(
173 name = "build_image",
174 # architecture = select({
175 # "@platforms//cpu:x86_64": "amd64",
176 # }),
177 base = "@gcloud_oci",
178 env = {
179 "PATH": "/usr/local/go/bin:$$PATH",
180 "GOBIN": "/usr/local/go/bin",
181 },
182 # os = "linux",
183 tags = ["manual"],
184 tars = [
185 ":sh",
186 ":flat_passwd",
187 "@just_linux//:tar",
188 "@docker//:tar",
189 ":scripts_k8s",
190 ":repo_tools_k8s",
191 ":bazelrc",
192 # ":g-gpg",
193 ":dpkg_status",
194 ":deb_tars",
195 ],
196 user = "build",
197)
198
199genrule(
200 name = "gen-setup-bazelrc",
201 outs = ["bazel.bazelrc"],
202 cmd = """
203 $(location //cmd/tools/bzl-cache-rc-gen:bzl-cache-rc-gen_linux) -enable-cache=true -upload-results=true > $@
204 # $(location //cmd/tools/bzl-cache-rc-gen:bzl-cache-rc-gen) -enable-cache=true -upload-results=true > $@ # uncomment this to run on arm machines
205 """,
206 tags = ["manual"],
207 tools = [
208 "//cmd/tools/bzl-cache-rc-gen",
209 "//cmd/tools/bzl-cache-rc-gen:bzl-cache-rc-gen_linux",
210 ],
211)
212
213pkg_tar(
214 name = "bazelrc",
215 srcs = [":bazel.bazelrc"],
216 extension = "tgz",
217 package_dir = "etc",
218)
219
220container_push(
221 name = "workflows_push",
222 image = ":build_image",
223 image_name = "build-workflows",
224 repository_file = "//hack/build/rules/container:workloads-repo",
225)
226
227oci_load(
228 name = "container_test_load",
229 testonly = True,
230 image = ":build_image",
231 repo_tags = ["argo-build:latest"],
232 tags = ["manual"],
233)
234
235filegroup(
236 name = "container_test.tar",
237 testonly = True,
238 srcs = [":container_test_load"],
239 output_group = "tarball",
240)
241
242container_structure_test(
243 name = "container_test",
244 testonly = True,
245 configs = [":test-workflows.yaml"],
246 driver = "docker",
247 image = ":build_image",
248 tags = ["manual"],
249)
250
251# container_structure_test(
252# name = "test",
253# configs = select({
254# "@platforms//cpu:x86_64": [":test_linux_amd64.yaml"],
255# }),
256# image = ":build_image",
257# )
View as plain text