[bazel] Switch from rules_docker to rules_oci

Author: shs96c

WORKSPACE

@@ -241,51 +241,48 @@ load("@rules_pkg//:deps.bzl", "rules_pkg_dependencies")
 rules_pkg_dependencies()
 
 http_archive(
-    name = "io_bazel_rules_docker",
-    sha256 = "b1e80761a8a8243d03ebca8845e9cc1ba6c82ce7c5179ce2b295cd36f7e394bf",
-    urls = ["https://github.com/bazelbuild/rules_docker/releases/download/v0.25.0/rules_docker-v0.25.0.tar.gz"],
+    name = "rules_oci",
+    sha256 = "db57efd706f01eb3ce771468366baa1614b5b25f4cce99757e2b8d942155b8ec",
+    strip_prefix = "rules_oci-1.0.0",
+    url = "https://github.com/bazel-contrib/rules_oci/releases/download/v1.0.0/rules_oci-v1.0.0.tar.gz",
 )
 
-load(
-    "@io_bazel_rules_docker//repositories:repositories.bzl",
-    container_repositories = "repositories",
-)
-
-container_repositories()
+load("@rules_oci//oci:dependencies.bzl", "rules_oci_dependencies")
 
-load("@io_bazel_rules_docker//repositories:deps.bzl", container_deps = "deps")
+rules_oci_dependencies()
 
-container_deps()
+load("@rules_oci//oci:repositories.bzl", "LATEST_CRANE_VERSION", "LATEST_ZOT_VERSION", "oci_register_toolchains")
 
-load(
-    "@io_bazel_rules_docker//container:container.bzl",
-    "container_pull",
+oci_register_toolchains(
+    name = "oci",
+    crane_version = LATEST_CRANE_VERSION,
+    # Uncommenting the zot toolchain will cause it to be used instead of crane for some tasks.
+    # Note that it does not support docker-format images.
+    # zot_version = LATEST_ZOT_VERSION,
 )
 
+load("@rules_oci//oci:pull.bzl", "oci_pull")
+
 # Examine https://console.cloud.google.com/gcr/images/distroless/GLOBAL/java?gcrImageListsize=30 to find
 # the latest version when updating
-container_pull(
+oci_pull(
     name = "java_image_base",
-    # This pulls the java 11 version of the java base image
-    digest = "sha256:97c7eae86c65819664fcb7f36e8dee54bbbbc09c2cb6b448cbee06e1b42df81b",
-    registry = "gcr.io",
-    repository = "distroless/java",
+    digest = "sha256:161a1d97d592b3f1919801578c3a47c8e932071168a96267698f4b669c24c76d",
+    image = "gcr.io/distroless/java17",
 )
 
-container_pull(
+oci_pull(
     name = "firefox_standalone",
-    # selenium/standalone-firefox-debug:3.141.59
-    digest = "sha256:ecc9861eafb3c2f999126fa4cc0434e9fbe6658ba1241998457bb088c99dd0d0",
+    digest = "sha256:b6d8279268b3183d0d33e667e82fec1824298902f77718764076de763673124f",
     registry = "index.docker.io",
-    repository = "selenium/standalone-firefox-debug",
+    repository = "selenium/standalone-firefox",
 )
 
-container_pull(
+oci_pull(
     name = "chrome_standalone",
-    # selenium/standalone-chrome-debug:3.141.59
-    digest = "sha256:c3a2174ac31b3918ae9d93c43ed8165fc2346b8c9e16d38ebac691fbb242667f",
+    digest = "sha256:1b809a961a0a77787a7cccac74ddc5570b7e89747f925b8469ddb9a6624d4ece",
     registry = "index.docker.io",
-    repository = "selenium/standalone-chrome-debug",
+    repository = "selenium/standalone-chrome",
 )
 
 load("//common:repositories.bzl", "pin_browsers")

common/private/passwd.bzl

@@ -0,0 +1,156 @@
+# Copyright 2017 The Bazel Authors. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Rules for creating password files and entries."""
+
+load("@bazel_skylib//lib:paths.bzl", "paths")
+
+_join_path = paths.join
+
+PasswdFileContentProviderInfo = provider(
+    fields = [
+        "username",
+        "uid",
+        "gid",
+        "info",
+        "home",
+        "create_home",
+        "shell",
+        "name",
+    ],
+)
+
+def _passwd_entry_impl(ctx):
+    """Creates a passwd_file_content_provider containing a single entry."""
+    return [PasswdFileContentProviderInfo(
+        username = ctx.attr.username,
+        uid = ctx.attr.uid,
+        gid = ctx.attr.gid,
+        info = ctx.attr.info,
+        home = ctx.attr.home,
+        create_home = ctx.attr.create_home,
+        shell = ctx.attr.shell,
+        name = ctx.attr.name,
+    )]
+
+def _passwd_file_impl(ctx):
+    """Core implementation of passwd_file."""
+    f = "".join(["%s:x:%s:%s:%s:%s:%s\n" % (
+        entry[PasswdFileContentProviderInfo].username,
+        entry[PasswdFileContentProviderInfo].uid,
+        entry[PasswdFileContentProviderInfo].gid,
+        entry[PasswdFileContentProviderInfo].info,
+        entry[PasswdFileContentProviderInfo].home,
+        entry[PasswdFileContentProviderInfo].shell,
+    ) for entry in ctx.attr.entries])
+    passwd_file = ctx.actions.declare_file(ctx.label.name)
+    ctx.actions.write(output = passwd_file, content = f)
+    return DefaultInfo(files = depset([passwd_file]))
+
+def _format_onwer(t):
+    return ("--owners=%s=%s" % (t[0], t[1]))
+
+def _build_homedirs_tar(ctx, passwd_file):
+    homedirs = []
+    owners_map = {}
+    for entry in ctx.attr.entries:
+        if entry[PasswdFileContentProviderInfo].create_home:
+            homedir = entry[PasswdFileContentProviderInfo].home
+            owners_map[homedir] = "{uid}.{gid}".format(
+                uid = entry[PasswdFileContentProviderInfo].uid,
+                gid = entry[PasswdFileContentProviderInfo].gid,
+            )
+            homedirs.append(homedir)
+    dest_file = _join_path(
+        ctx.attr.passwd_file_pkg_dir,
+        ctx.label.name,
+    )
+    args = ctx.actions.args()
+    args.add(ctx.outputs.passwd_tar, format = "--output=%s")
+    args.add("--mode=0o700")
+    args.add(passwd_file, format = "--file=%s=" + dest_file)
+    args.add(dest_file, format = "--modes=%s=" + ctx.attr.passwd_file_mode)
+
+    args.add_all(homedirs, format_each = "--empty_dir=%s")
+    args.add_all(owners_map.items(), map_each = _format_onwer)
+    ctx.actions.run(
+        executable = ctx.executable.build_tar,
+        inputs = [passwd_file],
+        outputs = [ctx.outputs.passwd_tar],
+        mnemonic = "PasswdTar",
+        arguments = [args],
+    )
+
+def _passwd_tar_impl(ctx):
+    """Core implementation of passwd_tar."""
+    f = "".join(["%s:x:%s:%s:%s:%s:%s\n" % (
+        entry[PasswdFileContentProviderInfo].username,
+        entry[PasswdFileContentProviderInfo].uid,
+        entry[PasswdFileContentProviderInfo].gid,
+        entry[PasswdFileContentProviderInfo].info,
+        entry[PasswdFileContentProviderInfo].home,
+        entry[PasswdFileContentProviderInfo].shell,
+    ) for entry in ctx.attr.entries])
+
+    passwd_file = ctx.actions.declare_file(ctx.label.name)
+    ctx.actions.write(output = passwd_file, content = f)
+
+    _build_homedirs_tar(ctx, passwd_file)
+
+    return DefaultInfo(files = depset([ctx.outputs.passwd_tar]))
+
+passwd_entry = rule(
+    attrs = {
+        "create_home": attr.bool(default = True),
+        "gid": attr.int(default = 1000),
+        "home": attr.string(default = "/home"),
+        "info": attr.string(default = "user"),
+        "shell": attr.string(default = "/bin/bash"),
+        "uid": attr.int(default = 1000),
+        "username": attr.string(mandatory = True),
+    },
+    implementation = _passwd_entry_impl,
+)
+
+passwd_file = rule(
+    attrs = {
+        "entries": attr.label_list(
+            allow_empty = False,
+            providers = [PasswdFileContentProviderInfo],
+        ),
+    },
+    executable = False,
+    implementation = _passwd_file_impl,
+)
+
+passwd_tar = rule(
+    attrs = {
+        "build_tar": attr.label(
+            default = Label("//container:build_tar"),
+            cfg = "exec",
+            executable = True,
+            allow_files = True,
+        ),
+        "entries": attr.label_list(
+            allow_empty = False,
+            providers = [PasswdFileContentProviderInfo],
+        ),
+        "passwd_file_mode": attr.string(default = "0o644"),
+        "passwd_file_pkg_dir": attr.string(mandatory = True),
+    },
+    executable = False,
+    outputs = {
+        "passwd_tar": "%{name}.tar",
+    },
+    implementation = _passwd_tar_impl,
+)