load("@aspect_bazel_lib//lib:tar.bzl", "tar") load("@container_structure_test//:defs.bzl", "container_structure_test") load("@rules_distroless//apt:defs.bzl", "dpkg_status") load("@rules_distroless//distroless:defs.bzl", "cacerts", "flatten", "home", "passwd") load("@rules_oci//oci:defs.bzl", "oci_image", "oci_load") load("@rules_pkg//:pkg.bzl", "pkg_tar") load("//hack/build/rules/container:index.bzl", "container_push") package(default_visibility = ["//visibility:public"]) ################################################################################ # USERS & GROUPS ################################################################################ BUILD = 21700 NOBODY = 65534 passwd( name = "passwd", entries = [ { "gecos": ["root"], "gid": 0, "home": "/root", "shell": "/sbin/nologin", "uid": 0, "username": "root", }, { "gecos": ["nobody_user"], "gid": NOBODY, "home": "/nonexistent", "shell": "/sbin/nologin", "uid": NOBODY, "username": "nobody_user", }, { "gecos": ["build"], "gid": BUILD, "home": "/home/build", "shell": "/bin/bash", "uid": BUILD, "username": "build", }, ], ) home( name = "home", dirs = [ { "home": "root", "uid": 0, "gid": 0, }, { "home": "/nonexistent", "uid": NOBODY, "gid": NOBODY, }, { "home": "/home/build", "uid": BUILD, "gid": BUILD, }, ], ) flatten( name = "flat_passwd", tars = [ ":passwd", ":home", ], ) ################################################################################ # K8s BUILD IMAGE ################################################################################ pkg_tar( name = "repo_tools_k8s", extension = "tgz", files = { "//cmd/tools/bzl-cache-rc-gen:bzl-cache-rc-gen_linux": "bzl-cache-rc-gen", "@bazelisk_linux//file": "bazel", "//cmd/tools/art:art_linux": "art", "//test/rosa:rosa_linux": "rosa", }, mode = "755", package_dir = "/usr/local/bin", tags = ["manual"], ) # CI/build scripts pkg_tar( name = "scripts_k8s", extension = "tgz", files = { "//hack/build/ci:collect-bazel-test-reports.sh": "collect-bazel-test-reports.sh", # TODO: make this a sh_binary that is ran via bazel in CI "//hack/build/ci:coverage-rpt.sh": "coverage-rpt", # TODO: same, see above }, mode = "755", package_dir = "/usr/local/bin", strip_prefix = "/hack/build/ci/", tags = ["manual"], ) # pkg_tar( # name = "g-gpg", # srcs = ["//hack/build/build-image:cloud.google.gpg"], # package_dir = "/usr/share/keyrings", # ) tar( name = "sh", mtree = [ # needed as dpkg assumes sh is installed in a typical debian installation. "./bin/sh type=link link=/bin/bash", ], ) cacerts( name = "cacerts", package = select({ "@platforms//cpu:x86_64": "@bullseye//ca-certificates/amd64:data", "@platforms//cpu:arm64": "@bullseye//ca-certificates/arm64:data", }), ) PACKAGES = [ "@bullseye//build-essential", "@bullseye//ca-certificates", "@bullseye//git", "@bullseye//python3", "@bullseye//rsync", "@bullseye//dpkg", "@bullseye//apt", ] # Creates /var/lib/dpkg/status with installed package information. dpkg_status( name = "dpkg_status", controls = select({ "@platforms//cpu:x86_64": [ "%s/amd64:control" % package for package in PACKAGES ], "@platforms//cpu:arm64": [ "%s/arm64:control" % package for package in PACKAGES ], }), ) pkg_tar( name = "deb_tars", extension = "tgz", deps = select({ "@platforms//cpu:x86_64": [ "%s/amd64" % package for package in PACKAGES ], "@platforms//cpu:arm64": [ "%s/arm64" % package for package in PACKAGES ], }), ) oci_image( name = "build_image", # architecture = select({ # "@platforms//cpu:x86_64": "amd64", # }), base = "@gcloud_oci", env = { "PATH": "/usr/local/go/bin:$$PATH", "GOBIN": "/usr/local/go/bin", }, # os = "linux", tags = ["manual"], tars = [ ":sh", ":flat_passwd", "@just_linux//:tar", "@docker//:tar", ":scripts_k8s", ":repo_tools_k8s", ":bazelrc", # ":g-gpg", ":dpkg_status", ":deb_tars", ], user = "build", ) genrule( name = "gen-setup-bazelrc", outs = ["bazel.bazelrc"], cmd = """ $(location //cmd/tools/bzl-cache-rc-gen:bzl-cache-rc-gen_linux) -enable-cache=true -upload-results=true > $@ # $(location //cmd/tools/bzl-cache-rc-gen:bzl-cache-rc-gen) -enable-cache=true -upload-results=true > $@ # uncomment this to run on arm machines """, tags = ["manual"], tools = [ "//cmd/tools/bzl-cache-rc-gen", "//cmd/tools/bzl-cache-rc-gen:bzl-cache-rc-gen_linux", ], ) pkg_tar( name = "bazelrc", srcs = [":bazel.bazelrc"], extension = "tgz", package_dir = "etc", ) container_push( name = "workflows_push", image = ":build_image", image_name = "build-workflows", repository_file = "//hack/build/rules/container:workloads-repo", ) oci_load( name = "container_test_load", testonly = True, image = ":build_image", repo_tags = ["argo-build:latest"], tags = ["manual"], ) filegroup( name = "container_test.tar", testonly = True, srcs = [":container_test_load"], output_group = "tarball", ) container_structure_test( name = "container_test", testonly = True, configs = [":test-workflows.yaml"], driver = "docker", image = ":build_image", tags = ["manual"], ) # container_structure_test( # name = "test", # configs = select({ # "@platforms//cpu:x86_64": [":test_linux_amd64.yaml"], # }), # image = ":build_image", # )