diff --git a/.bazelignore b/.bazelignore new file mode 100644 index 0000000..2559413 --- /dev/null +++ b/.bazelignore @@ -0,0 +1 @@ +e2e/ \ No newline at end of file diff --git a/.bazelrc b/.bazelrc new file mode 100644 index 0000000..8eb97f0 --- /dev/null +++ b/.bazelrc @@ -0,0 +1,20 @@ +# Bazel settings that apply to this repository. +# Take care to document any settings that you expect users to apply. +# Settings that apply only to CI are in .github/workflows/ci.bazelrc + +# Required until this is the default; expected in Bazel 7 +common --enable_bzlmod + +# Don’t want to push a rules author to update their deps if not needed. +# https://bazel.build/reference/command-line-reference#flag--check_direct_dependencies +# https://bazelbuild.slack.com/archives/C014RARENH0/p1691158021917459?thread_ts=1691156601.420349&cid=C014RARENH0 +common --check_direct_dependencies=off + +# Load any settings specific to the current user. +# .bazelrc.user should appear in .gitignore so that settings are not shared with team members +# This needs to be last statement in this +# config, as the user configuration should be able to overwrite flags from this file. +# See https://docs.bazel.build/versions/master/best-practices.html#bazelrc +# (Note that we use .bazelrc.user so the file appears next to .bazelrc in directory listing, +# rather than user.bazelrc as suggested in the Bazel docs) +try-import %workspace%/.bazelrc.user diff --git a/.bazelversion b/.bazelversion new file mode 100644 index 0000000..252d869 --- /dev/null +++ b/.bazelversion @@ -0,0 +1,7 @@ +6.2.1 +# The first line of this file is used by Bazelisk and Bazel to be sure +# the right version of Bazel is used to build and test this repo. +# This also defines which version is used on CI. +# +# Note that you should also run integration_tests against other Bazel +# versions you support. diff --git a/.bcr/README.md b/.bcr/README.md new file mode 100644 index 0000000..44ae7fe --- /dev/null +++ b/.bcr/README.md @@ -0,0 +1,9 @@ +# Bazel Central Registry + +When the ruleset is released, we want it to be published to the +Bazel Central Registry automatically: + + +This folder contains configuration files to automate the publish step. +See +for authoritative documentation about these files. diff --git a/.bcr/config.yml b/.bcr/config.yml new file mode 100644 index 0000000..6466426 --- /dev/null +++ b/.bcr/config.yml @@ -0,0 +1,6 @@ +# See https://github.com/bazel-contrib/publish-to-bcr#a-note-on-release-automation +# for guidance about whether to uncomment this section: +# +fixedReleaser: + login: loosebazooka + email: appu@google.com diff --git a/.bcr/metadata.template.json b/.bcr/metadata.template.json new file mode 100644 index 0000000..4633d6a --- /dev/null +++ b/.bcr/metadata.template.json @@ -0,0 +1,7 @@ +{ + "homepage": "https://github.com/GoogleContainerTools/rules_distroless", + "maintainers": [], + "repository": ["github:GoogleContainerTools/rules_distroless"], + "versions": [], + "yanked_versions": {} +} diff --git a/.bcr/presubmit.yml b/.bcr/presubmit.yml new file mode 100644 index 0000000..34333e3 --- /dev/null +++ b/.bcr/presubmit.yml @@ -0,0 +1,10 @@ +bcr_test_module: + module_path: "e2e/smoke" + matrix: + platform: ["debian10", "macos", "ubuntu2004", "windows"] + tasks: + run_tests: + name: "Run test module" + platform: ${{ platform }} + test_targets: + - "//..." diff --git a/.bcr/source.template.json b/.bcr/source.template.json new file mode 100644 index 0000000..394f0d9 --- /dev/null +++ b/.bcr/source.template.json @@ -0,0 +1,5 @@ +{ + "integrity": "**leave this alone**", + "strip_prefix": "{REPO}-{VERSION}", + "url": "https://github.com/{OWNER}/{REPO}/releases/download/{TAG}/rules_distroless-{TAG}.tar.gz" +} diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..6f9c4d4 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,13 @@ +# In code review, collapse generated files +docs/*.md linguist-generated=true + +################################# +# Configuration for 'git archive' +# See https://git-scm.com/docs/git-archive#ATTRIBUTES + +# Don't include examples in the distribution artifact, to reduce size. +# You may want to add additional exclusions for folders or files that users don't need. +examples export-ignore + +# Occasionally there's a need to "stamp" the release version into a file +distroless/version.bzl export-subst diff --git a/.github/workflows/BUILD.bazel b/.github/workflows/BUILD.bazel new file mode 100644 index 0000000..adecb14 --- /dev/null +++ b/.github/workflows/BUILD.bazel @@ -0,0 +1,8 @@ +load("@buildifier_prebuilt//:rules.bzl", "buildifier") + +buildifier( + name = "buildifier.check", + exclude_patterns = ["./.git/*"], + lint_mode = "warn", + mode = "diff", +) diff --git a/.github/workflows/buildifier.yaml b/.github/workflows/buildifier.yaml new file mode 100644 index 0000000..0860b29 --- /dev/null +++ b/.github/workflows/buildifier.yaml @@ -0,0 +1,19 @@ +name: Buildifier + +# Controls when the action will run. +on: + # Triggers the workflow on push or pull request events but only for the main branch + push: + branches: [main] + pull_request: + branches: [main] + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +jobs: + check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: buildifier + run: bazel run --enable_bzlmod //.github/workflows:buildifier.check diff --git a/.github/workflows/ci.bazelrc b/.github/workflows/ci.bazelrc new file mode 100644 index 0000000..3b4aad2 --- /dev/null +++ b/.github/workflows/ci.bazelrc @@ -0,0 +1,15 @@ +# This file contains Bazel settings to apply on CI only. +# It is referenced with a --bazelrc option in the call to bazel in ci.yaml + +# Debug where options came from +build --announce_rc +# This directory is configured in GitHub actions to be persisted between runs. +# We do not enable the repository cache to cache downloaded external artifacts +# as these are generally faster to download again than to fetch them from the +# GitHub actions cache. +build --disk_cache=~/.cache/bazel +# Don't rely on test logs being easily accessible from the test runner, +# though it makes the log noisier. +test --test_output=errors +# Allows tests to run bazelisk-in-bazel, since this is the cache folder used +test --test_env=XDG_CACHE_HOME diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..9c792ee --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,33 @@ +name: CI + +# Controls when the action will run. +on: + # Triggers the workflow on push or pull request events but only for the main branch + push: + branches: [main] + pull_request: + branches: [main] + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +concurrency: + # Cancel previous actions from the same PR: https://stackoverflow.com/a/72408109 + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + test: + uses: bazel-contrib/.github/.github/workflows/bazel.yaml@b134b73fcae522bc77dcc03533d3de20b45714bf + with: + folders: | + [ + ".", + "e2e/smoke" + ] + exclude: | + [ + {"folder": ".", "bzlmodEnabled": false}, + {"bazelversion": "5.4.0", "bzlmodEnabled": true}, + {"bazelversion": "5.4.0", "os": "macos-latest"}, + {"bazelversion": "5.4.0", "os": "windows-latest"}, + ] diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..aa1a79f --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,15 @@ +# Cut a release whenever a new tag is pushed to the repo. +# You should use an annotated tag, like `git tag -a v1.2.3` +# and put the release notes into the commit message for the tag. +name: Release + +on: + push: + tags: + - "v*.*.*" + +jobs: + release: + uses: bazel-contrib/.github/.github/workflows/release_ruleset.yaml@v4 + with: + release_files: rules_distroless-*.tar.gz diff --git a/.github/workflows/release_prep.sh b/.github/workflows/release_prep.sh new file mode 100755 index 0000000..58f3deb --- /dev/null +++ b/.github/workflows/release_prep.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env bash + +set -o errexit -o nounset -o pipefail + +# Set by GH actions, see +# https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables +TAG=${GITHUB_REF_NAME} +# The prefix is chosen to match what GitHub generates for source archives +# This guarantees that users can easily switch from a released artifact to a source archive +# with minimal differences in their code (e.g. strip_prefix remains the same) +PREFIX="rules_distroless-${TAG:1}" +ARCHIVE="rules_distroless-$TAG.tar.gz" + +# NB: configuration for 'git archive' is in /.gitattributes +git archive --format=tar --prefix=${PREFIX}/ ${TAG} | gzip > $ARCHIVE +SHA=$(shasum -a 256 $ARCHIVE | awk '{print $1}') + +cat << EOF +## Using Bzlmod with Bazel 6 + +1. Enable with \`common --enable_bzlmod\` in \`.bazelrc\`. +2. Add to your \`MODULE.bazel\` file: + +\`\`\`starlark +bazel_dep(name = "rules_distroless", version = "${TAG:1}") +\`\`\` + +## Using WORKSPACE + +Paste this snippet into your `WORKSPACE.bazel` file: + +\`\`\`starlark +load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") +http_archive( + name = "rules_distroless", + sha256 = "${SHA}", + strip_prefix = "${PREFIX}", + url = "https://github.com/GoogleContainerTools/rules_distroless/releases/download/${TAG}/${ARCHIVE}", +) +EOF + +awk 'f;/--SNIP--/{f=1}' e2e/smoke/WORKSPACE.bazel +echo "\`\`\`" diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..52646d3 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +bazel-* +.bazelrc.user +.idea/ +.ijwb/ diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..e6cfa8b --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,31 @@ +# See CONTRIBUTING.md for instructions. +# See https://pre-commit.com for more information +# See https://pre-commit.com/hooks.html for more hooks + +# Commitizen runs in commit-msg stage +# but we don't want to run the other hooks on commit messages +default_stages: [commit] + +# Use a slightly older version of node by default +# as the default uses a very new version of GLIBC +default_language_version: + node: 16.18.0 + +repos: + # Check formatting and lint for starlark code + - repo: https://github.com/keith/pre-commit-buildifier + rev: 6.1.0.1 + hooks: + - id: buildifier + - id: buildifier-lint + # Enforce that commit messages allow for later changelog generation + - repo: https://github.com/commitizen-tools/commitizen + rev: v2.18.0 + hooks: + # Requires that commitizen is already installed + - id: commitizen + stages: [commit-msg] + - repo: https://github.com/pre-commit/mirrors-prettier + rev: "v2.4.0" + hooks: + - id: prettier diff --git a/.prettierignore b/.prettierignore new file mode 100644 index 0000000..2e117bf --- /dev/null +++ b/.prettierignore @@ -0,0 +1 @@ +docs/*.md diff --git a/BUILD.bazel b/BUILD.bazel new file mode 100644 index 0000000..bdbc789 --- /dev/null +++ b/BUILD.bazel @@ -0,0 +1,11 @@ +load("@bazel_gazelle//:def.bzl", "gazelle", "gazelle_binary") + +gazelle_binary( + name = "gazelle_bin", + languages = ["@bazel_skylib_gazelle_plugin//bzl"], +) + +gazelle( + name = "gazelle", + gazelle = "gazelle_bin", +) diff --git a/MODULE.bazel b/MODULE.bazel new file mode 100644 index 0000000..2d207d3 --- /dev/null +++ b/MODULE.bazel @@ -0,0 +1,15 @@ +"Bazel dependencies" + +module( + name = "rules_distroless", + version = "0.0.0", + compatibility_level = 1, +) + +bazel_dep(name = "bazel_skylib", version = "1.4.1") +bazel_dep(name = "aspect_bazel_lib", version = "1.32.1") + +bazel_dep(name = "gazelle", version = "0.29.0", dev_dependency = True, repo_name = "bazel_gazelle") +bazel_dep(name = "bazel_skylib_gazelle_plugin", version = "1.4.1", dev_dependency = True) +bazel_dep(name = "buildifier_prebuilt", version = "6.1.2", dev_dependency = True) + diff --git a/WORKSPACE.bazel b/WORKSPACE.bazel new file mode 100644 index 0000000..53b52af --- /dev/null +++ b/WORKSPACE.bazel @@ -0,0 +1 @@ +# Marker that this is the root of a Bazel workspace. diff --git a/distroless/BUILD.bazel b/distroless/BUILD.bazel new file mode 100644 index 0000000..e2806c5 --- /dev/null +++ b/distroless/BUILD.bazel @@ -0,0 +1,20 @@ +load("@bazel_skylib//:bzl_library.bzl", "bzl_library") + +# For stardoc to reference the files +exports_files(["defs.bzl"]) + +bzl_library( + name = "repositories", + srcs = ["repositories.bzl"], + visibility = ["//visibility:public"], + deps = [ + "@bazel_tools//tools/build_defs/repo:http.bzl", + "@bazel_tools//tools/build_defs/repo:utils.bzl", + ], +) + +bzl_library( + name = "defs", + srcs = ["defs.bzl"], + visibility = ["//visibility:public"], +) diff --git a/distroless/defs.bzl b/distroless/defs.bzl new file mode 100644 index 0000000..d0ca616 --- /dev/null +++ b/distroless/defs.bzl @@ -0,0 +1,2 @@ +"Public API re-exports" + diff --git a/distroless/private/BUILD.bazel b/distroless/private/BUILD.bazel new file mode 100644 index 0000000..e69de29 diff --git a/distroless/repositories.bzl b/distroless/repositories.bzl new file mode 100644 index 0000000..d044e8e --- /dev/null +++ b/distroless/repositories.bzl @@ -0,0 +1,32 @@ +"""Declare runtime dependencies + +These are needed for local dev, and users must install them as well. +See https://docs.bazel.build/versions/main/skylark/deploying.html#dependencies +""" + +load("@bazel_tools//tools/build_defs/repo:http.bzl", _http_archive = "http_archive") +load("@bazel_tools//tools/build_defs/repo:utils.bzl", "maybe") + +def http_archive(name, **kwargs): + maybe(_http_archive, name = name, **kwargs) + +# WARNING: any changes in this function may be BREAKING CHANGES for users +# because we'll fetch a dependency which may be different from one that +# they were previously fetching later in their WORKSPACE setup, and now +# ours took precedence. Such breakages are challenging for users, so any +# changes in this function should be marked as BREAKING in the commit message +# and released only in semver majors. +# This is all fixed by bzlmod, so we just tolerate it for now. +def rules_distroless_dependencies(): + # The minimal version of bazel_skylib we require + http_archive( + name = "bazel_skylib", + sha256 = "74d544d96f4a5bb630d465ca8bbcfe231e3594e5aae57e1edbf17a6eb3ca2506", + urls = [ + "https://github.com/bazelbuild/bazel-skylib/releases/download/1.3.0/bazel-skylib-1.3.0.tar.gz", + "https://mirror.bazel.build/github.com/bazelbuild/bazel-skylib/releases/download/1.3.0/bazel-skylib-1.3.0.tar.gz", + ], + ) + +def distroless_register_toolchains(name): + pass \ No newline at end of file diff --git a/docs/BUILD.bazel b/docs/BUILD.bazel new file mode 100644 index 0000000..c15da0b --- /dev/null +++ b/docs/BUILD.bazel @@ -0,0 +1,10 @@ +# This load statement must be in the docs/ package rather than anything users depend on +# so that the dependency on stardoc doesn't leak to them. +load("@aspect_bazel_lib//lib:docs.bzl", "stardoc_with_diff_test", "update_docs") + +stardoc_with_diff_test( + name = "rules", + bzl_library_target = "//distroless:defs", +) + +update_docs(name = "update") diff --git a/docs/rules.md b/docs/rules.md new file mode 100644 index 0000000..cfc972b --- /dev/null +++ b/docs/rules.md @@ -0,0 +1,4 @@ + + + + diff --git a/e2e/smoke/.bazelrc b/e2e/smoke/.bazelrc new file mode 100644 index 0000000..e69de29 diff --git a/e2e/smoke/BUILD b/e2e/smoke/BUILD new file mode 100644 index 0000000..cf28a47 --- /dev/null +++ b/e2e/smoke/BUILD @@ -0,0 +1,17 @@ +"""Provides a simple way to test your rules as an external workspace. +Add a basic smoke-test target below. +""" + +load("@bazel_skylib//rules:build_test.bzl", "build_test") +# load("rules_distroless//distroless:defs.bzl", "...") + +# Replace with a usage of your rule/macro +filegroup(name = "empty") + +build_test( + name = "smoke_test", + targets = [ + # targets you add above + ":empty", + ], +) diff --git a/e2e/smoke/MODULE.bazel b/e2e/smoke/MODULE.bazel new file mode 100644 index 0000000..271b2ee --- /dev/null +++ b/e2e/smoke/MODULE.bazel @@ -0,0 +1,7 @@ +bazel_dep(name = "rules_distroless", version = "0.0.0", dev_dependency = True) +bazel_dep(name = "bazel_skylib", version = "1.3.0", dev_dependency = True) + +local_path_override( + module_name = "rules_distroless", + path = "../..", +) diff --git a/e2e/smoke/README.md b/e2e/smoke/README.md new file mode 100644 index 0000000..2356a8f --- /dev/null +++ b/e2e/smoke/README.md @@ -0,0 +1,5 @@ +# smoke test + +This e2e exercises the repo from an end-users perpective. +It catches mistakes in our install instructions, or usages that fail when called from an "external" repository to rules_distroless. +It is also used by the presubmit check for the Bazel Central Registry. diff --git a/e2e/smoke/WORKSPACE.bazel b/e2e/smoke/WORKSPACE.bazel new file mode 100644 index 0000000..46972b2 --- /dev/null +++ b/e2e/smoke/WORKSPACE.bazel @@ -0,0 +1,19 @@ +# Override http_archive for local testing +local_repository( + name = "rules_distroless", + path = "../..", +) + +#---SNIP--- Below here is re-used in the workspace snippet published on releases + +###################### +# rules_distroless setup # +###################### +# Fetches the rules_distroless dependencies. +# If you want to have a different version of some dependency, +# you should fetch it *before* calling this. +# Alternatively, you can skip calling this function, so long as you've +# already fetched all the dependencies. +load("@rules_distroless//distroless:repositories.bzl", "rules_distroless_dependencies") + +rules_distroless_dependencies() diff --git a/e2e/smoke/WORKSPACE.bzlmod b/e2e/smoke/WORKSPACE.bzlmod new file mode 100644 index 0000000..7784218 --- /dev/null +++ b/e2e/smoke/WORKSPACE.bzlmod @@ -0,0 +1,2 @@ +# When --enable_bzlmod is set, this file replaces WORKSPACE.bazel. +# Dependencies then come from MODULE.bazel instead.