v2.0.0
BREAKING CHANGES
- Uncompressed archives in the tars attribute is no longer compressed when creating the image, this might make images bigger compared to 1.x. Use pkg_tar#extension or tar#compress attribute to compress the layers beforehand.
# For pkg_tar
pkg_tar(
extension = "tar.gz"
)
# For tar
tar(
compress = "gzip"
)
- Digests of images created 1.x rules_oci will not match 2.x rules_oci, as we are no longer using crane to create the images. However, images should stay the same semantically. You can use diffoci to make sure they are the same semantically!
- Default output of
oci_tarball
is no longer a tarball, use afilegroup
target to get the tarball. See #548 oci_tarball
is renamed tooci_load
to better reflect it's purpose.- Bazel 5 is no longer supported, and tested by the CI, we will not be accepting fixes for it.
- Delimiter for
cmd
andentrypoint
changed from,
to\n
. See: #663
SIGNIFICANT CHANGES
- OCIImage action no longer spins an ephemeral registry instance to mutate images locally, making it slightly faster. See design document
- oci_image now supports
zstd
compression - Now oci_pull fetches blobs in parallel on
Bazel >= 7.1
API Removals
- oci_pull no longer has a
config_path
attribute, useconfig
attribute instead. It was deprecated in 1.x.
Using bzlmod with Bazel 6 or later:
-
Add
common --enable_bzlmod
to.bazelrc
. -
Add to your
MODULE.bazel
file:
bazel_dep(name = "rules_oci", version = "2.0.0")
# For testing, we also recommend https://registry.bazel.build/modules/container_structure_test
oci = use_extension("@rules_oci//oci:extensions.bzl", "oci")
# Declare external images you need to pull, for example:
oci.pull(
name = "distroless_base",
# 'latest' is not reproducible, but it's convenient.
# During the build we print a WARNING message that includes recommended 'digest' and 'platforms'
# values which you can use here in place of 'tag' to pin for reproducibility.
tag = "latest",
image = "gcr.io/distroless/base",
platforms = ["linux/amd64"],
)
# For each oci.pull call, repeat the "name" here to expose them as dependencies.
use_repo(oci, "distroless_base")
Using WORKSPACE:
load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
http_archive(
name = "rules_oci",
sha256 = "d007e6c96eb62c88397b68f329e4ca56e0cfe31204a2c54b0cb17819f89f83c8",
strip_prefix = "rules_oci-2.0.0",
url = "https://github.com/bazel-contrib/rules_oci/releases/download/v2.0.0/rules_oci-v2.0.0.tar.gz",
)
load("@rules_oci//oci:dependencies.bzl", "rules_oci_dependencies")
rules_oci_dependencies()
load("@rules_oci//oci:repositories.bzl", "oci_register_toolchains")
oci_register_toolchains(name = "oci")
# You can pull your base images using oci_pull like this:
load("@rules_oci//oci:pull.bzl", "oci_pull")
oci_pull(
name = "distroless_base",
digest = "sha256:ccaef5ee2f1850270d453fdf700a5392534f8d1a8ca2acda391fbb6a06b81c86",
image = "gcr.io/distroless/base",
platforms = [
"linux/amd64",
"linux/arm64",
],
)
What's Changed
- docs: simplify use of expand_template by @alexeagle in #534
- chore: upgrade rules_go and gazelle by @thesayyn in #541
- ci: only test with bazel 6, 7 by @thesayyn in #533
- Add a minimal c++ example in doc by @rygx in #516
- [docs] Add missing name to push examples by @ptxmac in #513
- feat: add nvcr.io to _WWW_AUTH by @nobu-k in #511
- fix: Add quay back to authn config by @ankit-agarwal1999 in #543
- docs: recommend rules_distroless by @thesayyn in #546
- refactor: remove yq dependency by @thesayyn in #386
- refactor: use hermetic tar by @alexeagle in #385
- Add
toolchain
param to the affected actions by @kotlaja in #341 - Pass headers to Bazel downloader where available by @mortenmj in #528
- feat: don't produce big tar file as default output of oci_tarball by @alexeagle in #548
- refactor: remove registry references by @thesayyn in #551
- chore: update deps and bazel by @thesayyn in #553
- refactor: registryless oci_image by @thesayyn in #550
- feat: implement out-of-band descriptor calculation by @thesayyn in #558
- feat: implement tars symlinks by @thesayyn in #559
- feat: support symlinking blobs from base by @thesayyn in #560
- fix: make oci_image fully hermetic by @thesayyn in #569
- fix: canonicalize missing components by @thesayyn in #567
- fix: duplicate tar copying by @thesayyn in #576
- Add jq as dependency required for oci_push by @mering in #589
- example: add dockerfile build by @thesayyn in #570
- refactor: remove curl fallback by @thesayyn in #568
- Use non-blocking download to get image blobs, on Bazel >=7.1.0 by @mortenmj in #601
- fix: add tars into action inputs by @thesayyn in #599
- chore: disable dockerfile example by @thesayyn in #605
- fix: return correct extension metadata by @thesayyn in #611
- chore: add --check_direct_dependencies to .bazelrc by @gregmagolan in #615
- fix: make oci_tarball work with disjoint output root by @thesayyn in #614
- Copy files using coreutils cp by @plobsing in #595
- Fix
jq: error (at <stdin>:16): Cannot use null (null) as object key
error on empty line in labels file by @bozaro in #606 - fix: env vars containing = by @thesayyn in #616
- test: add pinning test by @thesayyn in #618
- chore: cleanup repo and remove some dev deps by @thesayyn in #620
- fix: make oci_tarball work with genrule by @thesayyn in #621
- fix: Ignore empty annotations in the jq query by @DolceTriade in #625
- test: add oci_tarball test for sh_test by @thesayyn in #624
- feat: add support for settings volumes by @gzm0 in #632
- refactor: rename oci_tarball to oci_load by @alexeagle in #636
- fix: accumulate image manifests in oci_image_index by @seh in #633
- tarball uses hermetic coreutils by @rickvanprim in #635
- fix: propagate transitive inputs by @thesayyn in #646
- fix: support external oci_image targets by @thesayyn in #622
- fix: reset cmd when entrypoint is set by @thesayyn in #656
- fix: set created property for scratch base by @thesayyn in #655
- Mention ociupdate in the README by @mark-thm in #660
- fix: add history entries for tars attribute by @thesayyn in #654
- fix typo in load.sh.tpl by @kopp in #657
- test: add test for setting entrypoint to [] by @thesayyn in #662
- fix: comma in entrypoint and cmd by @thesayyn in #663
- fix: ensures confugure_buildx rule runs when bazel server restarts by @kvet in #670
- chore: remove deprecated config_path attribute by @thesayyn in #666
- Fix for gnu xargs and send --verbose to other commands by @vinnybod in #672
- fix: include examples by @thesayyn in #682
- chore(docs): mention rules_multirun by @alexeagle in #681
- refactor: mention url rewriter in oci_pull errors by @thesayyn in #675
- Allow bazel_tags in bzlmod extension (fixes #686) by @samsternatretool in #687
- Add Blzmod example to pull.md by @jjmaestro in #671
- refactor: remove mtree as the default output by @thesayyn in #676
New Contributors
- @rygx made their first contribution in #516
- @ptxmac made their first contribution in #513
- @nobu-k made their first contribution in #511
- @ankit-agarwal1999 made their first contribution in #543
- @kotlaja made their first contribution in #341
- @mering made their first contribution in #589
- @plobsing made their first contribution in #595
- @bozaro made their first contribution in #606
- @DolceTriade made their first contribution in #625
- @seh made their first contribution in #633
- @rickvanprim made their first contribution in #635
- @kopp made their first contribution in #657
- @kvet made their first contribution in #670
- @vinnybod made their first contribution in #672
- @samsternatretool made their first contribution in #687
- @jjmaestro made their first contribution in #671
Full Changelog: v1.7.5...v2.0.0