diff --git a/.github/workflows/config-diff.yaml b/.github/workflows/config-diff.yaml new file mode 100644 index 000000000..898c109b0 --- /dev/null +++ b/.github/workflows/config-diff.yaml @@ -0,0 +1,92 @@ +name: Config Check + +on: + workflow_dispatch: + pull_request: + branches: ["main"] + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +permissions: + pull-requests: write + +jobs: + diff: + runs-on: distroless-ci-large-ubuntu-22.04 + steps: + - name: Checkout PR Branch + uses: actions/checkout@v5 + with: + ref: ${{ github.event.pull_request.head.sha }} + path: pr_branch + + - name: Build :sign_and_push.query for PR + run: | + cd pr_branch + bazel build :sign_and_push.query + cp bazel-bin/sign_and_push_query ../pr_query_output.txt + cd .. + + - name: Checkout main Branch + uses: actions/checkout@v5 + with: + ref: main + path: main_branch + + - name: Build :sign_and_push.query for main + run: | + cd main_branch + bazel build :sign_and_push.query + cp bazel-bin/sign_and_push_query ../main_query_output.txt + cd .. + + - name: Diff the query outputs + id: diff + run: | + # diff may exit with non-zero + DIFF_OUTPUT=$(diff -u <(sort main_query_output.txt) <(sort pr_query_output.txt)) || true + + if [ "$DIFF_OUTPUT" ]; then + echo "$DIFF_OUTPUT" + echo "changed_build<> $GITHUB_OUTPUT + echo "$DIFF_OUTPUT" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + fi + + - uses: peter-evans/find-comment@v4 + id: fc + if: ${{ !github.event.pull_request.head.repo.fork }} + with: + issue-number: ${{ github.event.pull_request.number }} + comment-author: "github-actions[bot]" + body-includes: 🌳 🔧 Config Check + + - name: Report diff + if: ${{ !github.event.pull_request.head.repo.fork && steps.diff.outputs.changed_build }} + uses: peter-evans/create-or-update-comment@v5 + with: + comment-id: ${{ steps.fc.outputs.comment-id }} + issue-number: ${{ github.event.pull_request.number }} + body: | + 🌳 🔧 Config Check + + This pull request has modified the root BUILD + + ```diff + ${{steps.diff.outputs.changed_build}} + ``` + edit-mode: replace + + - name: Report no diff + if: ${{ !github.event.pull_request.head.repo.fork && !steps.diff.outputs.changed_build }} + uses: peter-evans/create-or-update-comment@v5 + with: + comment-id: ${{ steps.fc.outputs.comment-id }} + issue-number: ${{ github.event.pull_request.number }} + body: | + 🌳 🔧 Config Check + + This pull request has not modified the root BUILD + edit-mode: replace diff --git a/BUILD b/BUILD index d56b1fb79..24d529740 100644 --- a/BUILD +++ b/BUILD @@ -1,231 +1,207 @@ -load("//:checksums.bzl", "ARCHITECTURES", "BASE_ARCHITECTURES") -load("//:distro.bzl", "DISTROS", "PREVIEW_DISTROS") load("//private/oci:defs.bzl", "sign_and_push_all") -load("//nodejs:node_arch.bzl", "node_arch") +load("//static:config.bzl", "STATIC_ARCHITECTURES", "STATIC_DISTROS") +load("//base:config.bzl", "BASE_ARCHITECTURES", "BASE_DISTROS") +load("//cc:config.bzl", "CC_ARCHITECTURES", "CC_DISTROS") +load("//nodejs:config.bzl", "NODEJS_ARCHITECTURES", "NODEJS_DISTROS", "NODEJS_MAJOR_VERSIONS") +load("//java:config.bzl", "JAVA_ARCHITECTURES", "JAVA_DISTROS") +load("//python3:config.bzl", "PYTHON_ARCHITECTURES", "PYTHON_DISTROS") package(default_visibility = ["//visibility:public"]) DEFAULT_DISTRO = "debian12" -## STATIC -STATIC_VARIANTS = [ - ("latest", "static", "root"), - ("nonroot", "static", "nonroot"), - ("debug", "static_debug", "root"), - ("debug-nonroot", "static_debug", "nonroot"), +VARIANTS = [ + ("latest", "", "root"), + ("nonroot", "", "nonroot"), + ("debug", "_debug", "root"), + ("debug-nonroot", "_debug", "nonroot"), ] +############### +# STATIC # +############### STATIC = { - "{REGISTRY}/{PROJECT_ID}/static:" + tag_base + "-" + arch: "//static:" + label + "_" + user + "_" + arch + "_" + DEFAULT_DISTRO - for arch in ARCHITECTURES - for (tag_base, label, user) in STATIC_VARIANTS + "{REGISTRY}/{PROJECT_ID}/static:" + tag_base + "-" + arch: "//static:static" + debug_mode + "_" + user + "_" + arch + "_" + DEFAULT_DISTRO + for arch in STATIC_ARCHITECTURES[DEFAULT_DISTRO] + for (tag_base, debug_mode, user) in VARIANTS } # oci_image_index STATIC |= { - "{REGISTRY}/{PROJECT_ID}/static:" + tag_base: "//static:" + label + "_" + user + "_" + DEFAULT_DISTRO - for (tag_base, label, user) in STATIC_VARIANTS + "{REGISTRY}/{PROJECT_ID}/static:" + tag_base: "//static:static" + debug_mode + "_" + user + "_" + DEFAULT_DISTRO + for (tag_base, debug_mode, user) in VARIANTS } STATIC |= { - "{REGISTRY}/{PROJECT_ID}/static-" + distro + ":" + tag_base + "-" + arch: "//static:" + label + "_" + user + "_" + arch + "_" + distro - for arch in ARCHITECTURES - for (tag_base, label, user) in STATIC_VARIANTS - for distro in DISTROS + PREVIEW_DISTROS + "{REGISTRY}/{PROJECT_ID}/static-" + distro + ":" + tag_base + "-" + arch: "//static:static" + debug_mode + "_" + user + "_" + arch + "_" + distro + for (tag_base, debug_mode, user) in VARIANTS + for distro in STATIC_DISTROS + for arch in STATIC_ARCHITECTURES[distro] } # oci_image_index STATIC |= { - "{REGISTRY}/{PROJECT_ID}/static-" + distro + ":" + tag_base: "//static:" + label + "_" + user + "_" + distro - for (tag_base, label, user) in STATIC_VARIANTS - for distro in DISTROS + PREVIEW_DISTROS + "{REGISTRY}/{PROJECT_ID}/static-" + distro + ":" + tag_base: "//static:static" + debug_mode + "_" + user + "_" + distro + for (tag_base, debug_mode, user) in VARIANTS + for distro in STATIC_DISTROS } -## BASE -BASE_VARIANTS = [ - ("latest", "base", "root"), - ("nonroot", "base", "nonroot"), - ("debug", "base_debug", "root"), - ("debug-nonroot", "base_debug", "nonroot"), -] - +############### +# BASE # +############### BASE = { - "{REGISTRY}/{PROJECT_ID}/base:" + tag_base + "-" + arch: "//base:" + label + "_" + user + "_" + arch + "_" + DEFAULT_DISTRO - for arch in ARCHITECTURES - for (tag_base, label, user) in BASE_VARIANTS + "{REGISTRY}/{PROJECT_ID}/base:" + tag_base + "-" + arch: "//base:base" + debug_mode + "_" + user + "_" + arch + "_" + DEFAULT_DISTRO + for arch in BASE_ARCHITECTURES[DEFAULT_DISTRO] + for (tag_base, debug_mode, user) in VARIANTS } # oci_image_index BASE |= { - "{REGISTRY}/{PROJECT_ID}/base:" + tag_base: "//base:" + label + "_" + user + "_" + DEFAULT_DISTRO - for (tag_base, label, user) in BASE_VARIANTS + "{REGISTRY}/{PROJECT_ID}/base:" + tag_base: "//base:base" + debug_mode + "_" + user + "_" + DEFAULT_DISTRO + for (tag_base, debug_mode, user) in VARIANTS } BASE |= { - "{REGISTRY}/{PROJECT_ID}/base-" + distro + ":" + tag_base + "-" + arch: "//base:" + label + "_" + user + "_" + arch + "_" + distro - for arch in ARCHITECTURES - for (tag_base, label, user) in BASE_VARIANTS - for distro in DISTROS + PREVIEW_DISTROS + "{REGISTRY}/{PROJECT_ID}/base-" + distro + ":" + tag_base + "-" + arch: "//base:base" + debug_mode + "_" + user + "_" + arch + "_" + distro + for distro in BASE_DISTROS + for arch in BASE_ARCHITECTURES[distro] + for (tag_base, debug_mode, user) in VARIANTS } # oci_image_index BASE |= { - "{REGISTRY}/{PROJECT_ID}/base-" + distro + ":" + tag_base: "//base:" + label + "_" + user + "_" + distro - for (tag_base, label, user) in BASE_VARIANTS - for distro in DISTROS + PREVIEW_DISTROS + "{REGISTRY}/{PROJECT_ID}/base-" + distro + ":" + tag_base: "//base:base" + debug_mode + "_" + user + "_" + distro + for (tag_base, debug_mode, user) in VARIANTS + for distro in BASE_DISTROS } -## BASE NOSSL -BASE_NOSSL_VARIANTS = [ - ("latest", "base_nossl", "root"), - ("nonroot", "base_nossl", "nonroot"), - ("debug", "base_nossl_debug", "root"), - ("debug-nonroot", "base_nossl_debug", "nonroot"), -] - +############### +# BASE_NOSSL # +############### BASE_NOSSL = { - "{REGISTRY}/{PROJECT_ID}/base-nossl:" + tag_base + "-" + arch: "//base:" + label + "_" + user + "_" + arch + "_" + DEFAULT_DISTRO - for arch in ARCHITECTURES - for (tag_base, label, user) in BASE_NOSSL_VARIANTS + "{REGISTRY}/{PROJECT_ID}/base-nossl:" + tag_base + "-" + arch: "//base:base_nossl" + debug_mode + "_" + user + "_" + arch + "_" + DEFAULT_DISTRO + for arch in BASE_ARCHITECTURES[DEFAULT_DISTRO] + for (tag_base, debug_mode, user) in VARIANTS } # oci_image_index BASE_NOSSL |= { - "{REGISTRY}/{PROJECT_ID}/base-nossl:" + tag_base: "//base:" + label + "_" + user + "_" + DEFAULT_DISTRO - for (tag_base, label, user) in BASE_NOSSL_VARIANTS + "{REGISTRY}/{PROJECT_ID}/base-nossl:" + tag_base: "//base:base_nossl" + debug_mode + "_" + user + "_" + DEFAULT_DISTRO + for (tag_base, debug_mode, user) in VARIANTS } BASE_NOSSL |= { - "{REGISTRY}/{PROJECT_ID}/base-nossl-" + distro + ":" + tag_base + "-" + arch: "//base:" + label + "_" + user + "_" + arch + "_" + distro - for arch in ARCHITECTURES - for (tag_base, label, user) in BASE_NOSSL_VARIANTS - for distro in DISTROS + PREVIEW_DISTROS + "{REGISTRY}/{PROJECT_ID}/base-nossl-" + distro + ":" + tag_base + "-" + arch: "//base:base_nossl" + debug_mode + "_" + user + "_" + arch + "_" + distro + for (tag_base, debug_mode, user) in VARIANTS + for distro in BASE_DISTROS + for arch in BASE_ARCHITECTURES[distro] } # oci_image_index BASE_NOSSL |= { - "{REGISTRY}/{PROJECT_ID}/base-nossl-" + distro + ":" + tag_base: "//base:" + label + "_" + user + "_" + distro - for (tag_base, label, user) in BASE_NOSSL_VARIANTS - for distro in DISTROS + PREVIEW_DISTROS + "{REGISTRY}/{PROJECT_ID}/base-nossl-" + distro + ":" + tag_base: "//base:base_nossl" + debug_mode + "_" + user + "_" + distro + for (tag_base, debug_mode, user) in VARIANTS + for distro in BASE_DISTROS } -## CC -CC_VARIANTS = [ - ("latest", "cc", "root"), - ("nonroot", "cc", "nonroot"), - ("debug", "cc_debug", "root"), - ("debug-nonroot", "cc_debug", "nonroot"), -] - +############### +# CC # +############### CC = { - "{REGISTRY}/{PROJECT_ID}/cc:" + tag_base + "-" + arch: "//cc:" + label + "_" + user + "_" + arch + "_" + DEFAULT_DISTRO - for arch in ARCHITECTURES - for (tag_base, label, user) in CC_VARIANTS + "{REGISTRY}/{PROJECT_ID}/cc:" + tag_base + "-" + arch: "//cc:cc" + debug_mode + "_" + user + "_" + arch + "_" + DEFAULT_DISTRO + for arch in CC_ARCHITECTURES[DEFAULT_DISTRO] + for (tag_base, debug_mode, user) in VARIANTS } # oci_image_index CC |= { - "{REGISTRY}/{PROJECT_ID}/cc:" + tag_base: "//cc:" + label + "_" + user + "_" + DEFAULT_DISTRO - for (tag_base, label, user) in CC_VARIANTS + "{REGISTRY}/{PROJECT_ID}/cc:" + tag_base: "//cc:cc" + debug_mode + "_" + user + "_" + DEFAULT_DISTRO + for (tag_base, debug_mode, user) in VARIANTS } CC |= { - "{REGISTRY}/{PROJECT_ID}/cc-" + distro + ":" + tag_base + "-" + arch: "//cc:" + label + "_" + user + "_" + arch + "_" + distro - for arch in ARCHITECTURES - for (tag_base, label, user) in CC_VARIANTS - for distro in DISTROS + PREVIEW_DISTROS + "{REGISTRY}/{PROJECT_ID}/cc-" + distro + ":" + tag_base + "-" + arch: "//cc:cc" + debug_mode + "_" + user + "_" + arch + "_" + distro + for (tag_base, debug_mode, user) in VARIANTS + for distro in CC_DISTROS + for arch in CC_ARCHITECTURES[distro] } # oci_image_index CC |= { - "{REGISTRY}/{PROJECT_ID}/cc-" + distro + ":" + tag_base: "//cc:" + label + "_" + user + "_" + distro - for (tag_base, label, user) in CC_VARIANTS - for distro in DISTROS + PREVIEW_DISTROS + "{REGISTRY}/{PROJECT_ID}/cc-" + distro + ":" + tag_base: "//cc:cc" + debug_mode + "_" + user + "_" + distro + for (tag_base, debug_mode, user) in VARIANTS + for distro in CC_DISTROS } -## PYTHON3 -PYTHON3_VARIATIONS = [ - ("latest", "python3", "root"), - ("nonroot", "python3", "nonroot"), - ("debug", "python3_debug", "root"), - ("debug-nonroot", "python3_debug", "nonroot"), -] - +############### +# PYTHON 3 # +############### PYTHON3 = { - "{REGISTRY}/{PROJECT_ID}/python3:" + tag_base + "-" + arch: "//python3:" + label + "_" + user + "_" + arch + "_" + DEFAULT_DISTRO - for arch in BASE_ARCHITECTURES - for (tag_base, label, user) in PYTHON3_VARIATIONS + "{REGISTRY}/{PROJECT_ID}/python3:" + tag_base + "-" + arch: "//python3:python3" + debug_mode + "_" + user + "_" + arch + "_" + DEFAULT_DISTRO + for arch in PYTHON_ARCHITECTURES[DEFAULT_DISTRO] + for (tag_base, debug_mode, user) in VARIANTS } # oci_image_index PYTHON3 |= { - "{REGISTRY}/{PROJECT_ID}/python3:" + tag_base: "//python3:" + label + "_" + user + "_" + DEFAULT_DISTRO - for (tag_base, label, user) in PYTHON3_VARIATIONS + "{REGISTRY}/{PROJECT_ID}/python3:" + tag_base: "//python3:python3" + debug_mode + "_" + user + "_" + DEFAULT_DISTRO + for (tag_base, debug_mode, user) in VARIANTS } # python on debian12 has moved out of experimental PYTHON3 |= { - "{REGISTRY}/{PROJECT_ID}/python3-debian12:" + tag_base + "-" + arch: "//python3:" + label + "_" + user + "_" + arch + "_debian12" - for arch in BASE_ARCHITECTURES - for (tag_base, label, user) in PYTHON3_VARIATIONS + "{REGISTRY}/{PROJECT_ID}/python3-debian12:" + tag_base + "-" + arch: "//python3:python3" + debug_mode + "_" + user + "_" + arch + "_" + distro + for distro in PYTHON_DISTROS + for arch in PYTHON_ARCHITECTURES[distro] + for (tag_base, debug_mode, user) in VARIANTS } # oci_image_index PYTHON3 |= { - "{REGISTRY}/{PROJECT_ID}/python3-debian12:" + tag_base: "//python3:" + label + "_" + user + "_debian12" - for (tag_base, label, user) in PYTHON3_VARIATIONS + "{REGISTRY}/{PROJECT_ID}/python3-debian12:" + tag_base: "//python3:python3" + debug_mode + "_" + user + "_" + distro + for distro in PYTHON_DISTROS + for (tag_base, debug_mode, user) in VARIANTS } -## NODEJS -NODEJS_VERSIONS = [ - "20", - "22", - "24", -] - -NODEJS_VARIATIONS = [ - ("latest", "", "root"), - ("nonroot", "", "nonroot"), - ("debug", "_debug", "root"), - ("debug-nonroot", "_debug", "nonroot"), -] - +############### +# NODEJS # +############### NODEJS = { - "{REGISTRY}/{PROJECT_ID}/nodejs" + version + "-" + distro + ":" + tag_base + "-" + arch: "//nodejs:nodejs" + version + label + "_" + user + "_" + arch + "_" + distro - for version in NODEJS_VERSIONS - for arch in node_arch(version) - for distro in DISTROS + PREVIEW_DISTROS - for (tag_base, label, user) in NODEJS_VARIATIONS + "{REGISTRY}/{PROJECT_ID}/nodejs" + version + "-" + distro + ":" + tag_base + "-" + arch: "//nodejs:nodejs" + version + debug_mode + "_" + user + "_" + arch + "_" + distro + for version in NODEJS_MAJOR_VERSIONS + for distro in NODEJS_DISTROS + for arch in NODEJS_ARCHITECTURES[distro][version] + for (tag_base, debug_mode, user) in VARIANTS } # oci_image_index NODEJS |= { - "{REGISTRY}/{PROJECT_ID}/nodejs" + version + "-" + distro + ":" + tag_base: "//nodejs:nodejs" + version + label + "_" + user + "_" + distro - for distro in DISTROS + PREVIEW_DISTROS - for version in NODEJS_VERSIONS - for (tag_base, label, user) in NODEJS_VARIATIONS + "{REGISTRY}/{PROJECT_ID}/nodejs" + version + "-" + distro + ":" + tag_base: "//nodejs:nodejs" + version + debug_mode + "_" + user + "_" + distro + for version in NODEJS_MAJOR_VERSIONS + for distro in NODEJS_DISTROS + for (tag_base, debug_mode, user) in VARIANTS } NODEJS |= { - "{REGISTRY}/{PROJECT_ID}/nodejs" + version + ":" + tag_base + "-" + arch: "//nodejs:nodejs" + version + label + "_" + user + "_" + arch + "_" + DEFAULT_DISTRO - for version in NODEJS_VERSIONS - for arch in node_arch(version) - for (tag_base, label, user) in NODEJS_VARIATIONS + "{REGISTRY}/{PROJECT_ID}/nodejs" + version + ":" + tag_base + "-" + arch: "//nodejs:nodejs" + version + debug_mode + "_" + user + "_" + arch + "_" + DEFAULT_DISTRO + for version in NODEJS_MAJOR_VERSIONS + for arch in NODEJS_ARCHITECTURES[DEFAULT_DISTRO][version] + for (tag_base, debug_mode, user) in VARIANTS } # oci_image_index NODEJS |= { - "{REGISTRY}/{PROJECT_ID}/nodejs" + version + ":" + tag_base: "//nodejs:nodejs" + version + label + "_" + user + "_" + DEFAULT_DISTRO - for version in NODEJS_VERSIONS - for (tag_base, label, user) in NODEJS_VARIATIONS + "{REGISTRY}/{PROJECT_ID}/nodejs" + version + ":" + tag_base: "//nodejs:nodejs" + version + debug_mode + "_" + user + "_" + DEFAULT_DISTRO + for version in NODEJS_MAJOR_VERSIONS + for (tag_base, debug_mode, user) in VARIANTS } +############################################################################## +# Java will remain a bit bizzare as we clean it up post debian12 deprecation # +# - make all things multi-arch # +# - use the standard variants # +############################################################################## ## JAVA_BASE -JAVA_ARCHITECTURES = BASE_ARCHITECTURES + [ - "s390x", - "ppc64le", -] - JAVA_VARIATIONS = [ ("latest", "root"), ("nonroot", "nonroot"), @@ -246,7 +222,7 @@ JAVA_BASE = { JAVA_BASE |= { "{REGISTRY}/{PROJECT_ID}/java-base-debian12:" + tag_base + "-" + arch: "//java:java_base_" + label + "_" + arch + "_debian12" - for arch in JAVA_ARCHITECTURES + for arch in JAVA_ARCHITECTURES["debian12"] for (tag_base, label) in JAVA_VARIATIONS } @@ -270,7 +246,7 @@ JAVA17 = { JAVA17 |= { "{REGISTRY}/{PROJECT_ID}/java17-debian12:" + tag_base + "-" + arch: "//java:java17_" + label + "_" + arch + "_debian12" for (tag_base, label) in JAVA_VARIATIONS - for arch in JAVA_ARCHITECTURES + for arch in JAVA_ARCHITECTURES["debian12"] } JAVA17 |= { @@ -282,8 +258,8 @@ JAVA17 |= { JAVA21 = { "{REGISTRY}/{PROJECT_ID}/java21-" + distro + ":" + tag_base + "-" + arch: "//java:java21_" + label + "_" + arch + "_" + distro for (tag_base, label) in JAVA_VARIATIONS - for arch in JAVA_ARCHITECTURES - for distro in DISTROS + PREVIEW_DISTROS + for distro in JAVA_DISTROS + for arch in JAVA_ARCHITECTURES[distro] } # oci_image_index @@ -295,14 +271,14 @@ JAVA21 |= { JAVA21 |= { "{REGISTRY}/{PROJECT_ID}/java21-" + distro + ":" + tag_base: "//java:java21_" + label + "_" + distro for (tag_base, label) in JAVA_VARIATIONS - for distro in DISTROS + PREVIEW_DISTROS + for distro in JAVA_DISTROS } ## Java 25 from temurin, available on debian13 JAVA25 = { "{REGISTRY}/{PROJECT_ID}/java25-debian13:" + tag_base + "-" + arch: "//java:java25_" + label + "_" + arch + "_debian13" for (tag_base, label) in JAVA_VARIATIONS - for arch in JAVA_ARCHITECTURES + for arch in JAVA_ARCHITECTURES["debian13"] } # oci_image_index diff --git a/base/BUILD b/base/BUILD index 8dcad96b3..a39a5e89b 100644 --- a/base/BUILD +++ b/base/BUILD @@ -1,26 +1,22 @@ load(":base.bzl", "base_image", "base_image_index", "base_nossl_image", "base_nossl_image_index") -load("//:distro.bzl", "DISTROS", "PREVIEW_DISTROS") -load("//:checksums.bzl", "ARCHITECTURES") +load(":config.bzl", "BASE_ARCHITECTURES", "BASE_DISTROS", "BASE_NOSSL_PACKAGES", "BASE_PACKAGES") package(default_visibility = ["//visibility:public"]) -BASE_DISTROS = DISTROS + PREVIEW_DISTROS - -BASE_ARCHITECTURES = ARCHITECTURES - # base nossl [ base_nossl_image( arch = arch, distro = distro, + packages = BASE_NOSSL_PACKAGES[distro], ) for distro in BASE_DISTROS - for arch in BASE_ARCHITECTURES + for arch in BASE_ARCHITECTURES[distro] ] [ base_nossl_image_index( - architectures = BASE_ARCHITECTURES, + architectures = BASE_ARCHITECTURES[distro], distro = distro, ) for distro in BASE_DISTROS @@ -32,14 +28,15 @@ BASE_ARCHITECTURES = ARCHITECTURES base_image( arch = arch, distro = distro, + packages = BASE_PACKAGES[distro], ) for distro in BASE_DISTROS - for arch in BASE_ARCHITECTURES + for arch in BASE_ARCHITECTURES[distro] ] [ base_image_index( - architectures = BASE_ARCHITECTURES, + architectures = BASE_ARCHITECTURES[distro], distro = distro, ) for distro in BASE_DISTROS diff --git a/base/base.bzl b/base/base.bzl index 97e3c3292..1bd9b6fb8 100644 --- a/base/base.bzl +++ b/base/base.bzl @@ -4,13 +4,9 @@ load("@container_structure_test//:defs.bzl", "container_structure_test") load("@rules_go//go:def.bzl", "go_binary") load("@rules_oci//oci:defs.bzl", "oci_image", "oci_image_index") load("@rules_pkg//:pkg.bzl", "pkg_tar") -load("//:checksums.bzl", "VARIANTS") -load("//common:variables.bzl", "NONROOT") +load("//common:variables.bzl", "DEBUG_MODE", "NONROOT", "USERS") load("//private/util:deb.bzl", "deb") -USERS = ["root", "nonroot"] -DEBUG_MODE = ["", "_debug"] - def base_nossl_image_index(distro, architectures): """base nossl image index for a distro @@ -49,7 +45,7 @@ def base_image_index(distro, architectures): for mode in DEBUG_MODE ] -def base_nossl_image(distro, arch): +def base_nossl_image(distro, arch, packages): """base nossl and debug images and tests for a distro/arch Args: @@ -62,7 +58,8 @@ def base_nossl_image(distro, arch): name = "base_nossl" + mode + "_" + user + "_" + arch + "_" + distro, base = "//static:static" + mode + "_" + user + "_" + arch + "_" + distro, tars = [ - deb.package(arch, distro, "libc6"), + deb.package(arch, distro, pkg) + for pkg in packages ], ) for user in USERS @@ -85,7 +82,7 @@ def base_nossl_image(distro, arch): tags = ["manual", arch], ) -def base_image(distro, arch): +def base_image(distro, arch, packages): """base and debug images and tests for a distro/arch Args: @@ -102,8 +99,8 @@ def base_image(distro, arch): name = "base" + mode + "_" + user + "_" + arch + "_" + distro, base = "//static:static" + mode + "_" + user + "_" + arch + "_" + distro, tars = [ - deb.package(arch, distro, "libc6"), - deb.package(arch, distro, LIBSSL[distro]), + deb.package(arch, distro, pkg) + for pkg in packages ], ) for user in USERS diff --git a/base/config.bzl b/base/config.bzl new file mode 100644 index 000000000..085b94b71 --- /dev/null +++ b/base/config.bzl @@ -0,0 +1,25 @@ +BASE_DISTROS = ["debian12", "debian13"] +BASE_ARCHITECTURES = { + "debian12": ["amd64", "arm64", "arm", "s390x", "ppc64le"], + "debian13": ["amd64", "arm64", "arm", "s390x", "ppc64le"], +} + +BASE_PACKAGES = { + "debian12": [ + "libc6", + "libssl3", + ], + "debian13": [ + "libc6", + "libssl3t64", + ], +} + +BASE_NOSSL_PACKAGES = { + "debian12": [ + "libc6", + ], + "debian13": [ + "libc6", + ], +} diff --git a/cc/BUILD b/cc/BUILD index c1eb14c10..d29fccb90 100644 --- a/cc/BUILD +++ b/cc/BUILD @@ -1,25 +1,21 @@ load(":cc.bzl", "cc_image", "cc_image_index") -load("//:distro.bzl", "DISTROS", "PREVIEW_DISTROS") -load("//:checksums.bzl", "ARCHITECTURES") +load(":config.bzl", "CC_ARCHITECTURES", "CC_DISTROS", "CC_PACKAGES") package(default_visibility = ["//visibility:public"]) -CC_DISTROS = DISTROS + PREVIEW_DISTROS - -CC_ARCHITECTURES = ARCHITECTURES - [ cc_image( arch = arch, distro = distro, + packages = CC_PACKAGES[distro], ) for distro in CC_DISTROS - for arch in CC_ARCHITECTURES + for arch in CC_ARCHITECTURES[distro] ] [ cc_image_index( - architectures = CC_ARCHITECTURES, + architectures = CC_ARCHITECTURES[distro], distro = distro, ) for distro in CC_DISTROS diff --git a/cc/cc.bzl b/cc/cc.bzl index 8cae11809..de728c8bc 100644 --- a/cc/cc.bzl +++ b/cc/cc.bzl @@ -1,18 +1,6 @@ load("@rules_oci//oci:defs.bzl", "oci_image", "oci_image_index") load("//private/util:deb.bzl", "deb") - -DEBUG_MODE = ["", "_debug"] -USERS = ["root", "nonroot"] - -DISTRO_SPECIFIC_LIBRARIES = { - "debian12": [ - "gcc-12-base", - ], - "debian13": [ - "gcc-14-base", - "zlib1g", - ], -} +load("//common:variables.bzl", "DEBUG_MODE", "USERS") def cc_image_index(distro, architectures): """cc image index for a distro @@ -33,7 +21,7 @@ def cc_image_index(distro, architectures): for user in USERS ] -def cc_image(distro, arch): +def cc_image(distro, arch, packages): """base nossl and debug images and tests for a distro/arch Args: @@ -45,10 +33,9 @@ def cc_image(distro, arch): name = "cc" + mode + "_" + user + "_" + arch + "_" + distro, base = "//base:base" + mode + "_" + user + "_" + arch + "_" + distro, tars = [ - deb.package(arch, distro, "libgomp1"), - deb.package(arch, distro, "libstdc++6"), - deb.package(arch, distro, "libgcc-s1"), - ] + [deb.package(arch, distro, library) for library in DISTRO_SPECIFIC_LIBRARIES[distro]], + deb.package(arch, distro, pkg) + for pkg in packages + ], ) for mode in DEBUG_MODE for user in USERS diff --git a/cc/config.bzl b/cc/config.bzl new file mode 100644 index 000000000..f6324974c --- /dev/null +++ b/cc/config.bzl @@ -0,0 +1,21 @@ +CC_DISTROS = ["debian12", "debian13"] +CC_ARCHITECTURES = { + "debian12": ["amd64", "arm64", "arm", "s390x", "ppc64le"], + "debian13": ["amd64", "arm64", "arm", "s390x", "ppc64le"], +} + +CC_PACKAGES = { + "debian12": [ + "libgomp1", + "libstdc++6", + "libgcc-s1", + "gcc-12-base", + ], + "debian13": [ + "libgomp1", + "libstdc++6", + "libgcc-s1", + "gcc-14-base", + "zlib1g", + ], +} diff --git a/checksums.bzl b/checksums.bzl deleted file mode 100644 index 11bb3337a..000000000 --- a/checksums.bzl +++ /dev/null @@ -1,14 +0,0 @@ -BASE_ARCHITECTURES = ["amd64", "arm64"] - -ARCHITECTURES = BASE_ARCHITECTURES + ["arm", "s390x", "ppc64le"] - -VERSIONS = [ - ("debian11", "bullseye", "11"), # deprecated - ("debian12", "bookworm", "12"), - ("debian13", "trixie", "13"), -] - -VARIANTS = { - "arm": "v7", - "arm64": "v8", -} diff --git a/common/BUILD.bazel b/common/BUILD.bazel index afa2f0b56..88fd9d742 100644 --- a/common/BUILD.bazel +++ b/common/BUILD.bazel @@ -1,12 +1,15 @@ load("@aspect_bazel_lib//lib:tar.bzl", "tar") load("@rules_distroless//distroless:defs.bzl", "cacerts", "group", "home", "locale", "os_release", "passwd") -load("//:checksums.bzl", "ARCHITECTURES", "VERSIONS") -load("//:distro.bzl", "DISTROS", "PREVIEW_DISTROS") +load("//:distro.bzl", "ALL_ARCHITECTURES", "ALL_DISTROS", "VERSIONS") load("//private/util:deb.bzl", "deb") load(":variables.bzl", "MTIME", "NOBODY", "NONROOT", "OS_RELEASE", "ROOT", "quote") package(default_visibility = ["//visibility:public"]) +COMMON_ARCHITECTURES = ALL_ARCHITECTURES + +COMMON_DISTROS = ALL_DISTROS + tar( name = "rootfs", srcs = [], @@ -52,8 +55,8 @@ tar( package = deb.data(arch, distro, "libc-bin"), time = MTIME, ) - for arch in ARCHITECTURES - for distro in DISTROS + PREVIEW_DISTROS + for arch in COMMON_ARCHITECTURES + for distro in COMMON_DISTROS ] [ @@ -62,8 +65,8 @@ tar( package = deb.data(arch, distro, "ca-certificates"), time = MTIME, ) - for arch in ARCHITECTURES - for distro in DISTROS + PREVIEW_DISTROS + for arch in COMMON_ARCHITECTURES + for distro in COMMON_DISTROS ] # create /etc/group with the root, tty, and staff groups diff --git a/common/variables.bzl b/common/variables.bzl index 767bd8a1f..cb1821ff0 100644 --- a/common/variables.bzl +++ b/common/variables.bzl @@ -20,3 +20,6 @@ ROOT = 0 # TODO: this should be 0, but for now we'll use this to minimize diff. MTIME = "946684800" + +DEBUG_MODE = ["", "_debug"] +USERS = ["root", "nonroot"] diff --git a/distro.bzl b/distro.bzl index 8315acdc1..bd2b4d380 100644 --- a/distro.bzl +++ b/distro.bzl @@ -1,2 +1,12 @@ -DISTROS = ["debian12"] -PREVIEW_DISTROS = ["debian13"] +VERSIONS = [ + ("debian12", "bookworm", "12"), + ("debian13", "trixie", "13"), +] + +VARIANTS = { + "arm": "v7", + "arm64": "v8", +} + +ALL_ARCHITECTURES = ["amd64", "arm64", "arm", "s390x", "ppc64le"] +ALL_DISTROS = ["debian12", "debian13"] diff --git a/examples/cc/BUILD b/examples/cc/BUILD index ace940fc7..fc7e6226a 100644 --- a/examples/cc/BUILD +++ b/examples/cc/BUILD @@ -2,7 +2,7 @@ # reference only. Note that repo maintainers can freely change any part of the # repository code at any time. load("@container_structure_test//:defs.bzl", "container_structure_test") -load("//:distro.bzl", "DISTROS") +load("//cc:config.bzl", DISTROS = "CC_DISTROS") load("//private/oci:defs.bzl", "cc_image") package(default_visibility = ["//visibility:public"]) diff --git a/examples/cc/testdata/hello_cc_debian13.yaml b/examples/cc/testdata/hello_cc_debian13.yaml new file mode 100644 index 000000000..924800186 --- /dev/null +++ b/examples/cc/testdata/hello_cc_debian13.yaml @@ -0,0 +1,5 @@ +schemaVersion: "1.0.0" +commandTests: + - name: hello_cc + command: ['/hello_cc_debian13_binary'] + expectedOutput: ['Hello from distroless C\+\+!'] diff --git a/examples/cc/testdata/hello_debian13.yaml b/examples/cc/testdata/hello_debian13.yaml new file mode 100644 index 000000000..0a194f74c --- /dev/null +++ b/examples/cc/testdata/hello_debian13.yaml @@ -0,0 +1,5 @@ +schemaVersion: "1.0.0" +commandTests: + - name: hello + command: ['/hello_debian13_binary'] + expectedOutput: ['Hello from distroless C!'] diff --git a/examples/nodejs/BUILD b/examples/nodejs/BUILD index 6cb805bfa..6f44c4373 100644 --- a/examples/nodejs/BUILD +++ b/examples/nodejs/BUILD @@ -4,11 +4,19 @@ load("@container_structure_test//:defs.bzl", "container_structure_test") load("@rules_oci//oci:defs.bzl", "oci_image") load("@rules_pkg//:pkg.bzl", "pkg_tar") -load("//:checksums.bzl", ARCHITECTURES = "BASE_ARCHITECTURES") -load("//:distro.bzl", "DISTROS") package(default_visibility = ["//visibility:public"]) +ARCHITECTURES = [ + "amd64", + "arm64", +] + +DISTROS = [ + "debian12", + "debian13", +] + # These examples are adapted from: # https://howtonode.org/hello-node diff --git a/examples/nonroot/BUILD b/examples/nonroot/BUILD index 928485a50..f356006ed 100644 --- a/examples/nonroot/BUILD +++ b/examples/nonroot/BUILD @@ -6,7 +6,7 @@ load("@rules_go//go:def.bzl", "go_binary") load("@rules_distroless//distroless:defs.bzl", "home", "passwd") load("@rules_oci//oci:defs.bzl", "oci_image") load("@rules_pkg//:pkg.bzl", "pkg_tar") -load("//:distro.bzl", "DISTROS") +load("//:distro.bzl", DISTROS = "ALL_DISTROS") # Create a passwd file and home directory with a nonroot user and uid. passwd( diff --git a/examples/python3/BUILD b/examples/python3/BUILD index bf099f6f6..7fddacd61 100644 --- a/examples/python3/BUILD +++ b/examples/python3/BUILD @@ -3,7 +3,7 @@ # repository code at any time. load("@rules_oci//oci:defs.bzl", "oci_image", "oci_tarball") load("@rules_pkg//:pkg.bzl", "pkg_tar") -load("//:distro.bzl", "DISTROS") +load("//python3:config.bzl", DISTROS = "PYTHON_DISTROS") pkg_tar( name = "hello_py", diff --git a/experimental/busybox/BUILD b/experimental/busybox/BUILD index ede5f20b9..f1ec52e32 100644 --- a/experimental/busybox/BUILD +++ b/experimental/busybox/BUILD @@ -1,23 +1,13 @@ -load("//:checksums.bzl", "ARCHITECTURES") +load("//:distro.bzl", BUSYBOX_ARCHITECTURES = "ALL_ARCHITECTURES") load(":commands.bzl", "busybox_layer") package(default_visibility = ["//static:__subpackages__"]) -# This works for all architectures because it is just files. -# Ppc64le/Arm/Arm64/Amd64/s390x needs special case as there is no direct working binary file available. -SPECIAL_CASE_ARCH = [ - "ppc64le", - "arm", - "arm64", - "amd64", - "s390x", -] - [ busybox_layer( name = "busybox_" + arch, - busybox = "@busybox_" + arch + "//:file" if arch in SPECIAL_CASE_ARCH else "@busybox_" + arch + "//file", + busybox = "@busybox_" + arch + "//:file", compress = "gzip", ) - for arch in ARCHITECTURES + for arch in BUSYBOX_ARCHITECTURES ] diff --git a/java/BUILD b/java/BUILD index b1b86c69a..169ac02b9 100644 --- a/java/BUILD +++ b/java/BUILD @@ -1,28 +1,25 @@ -load(":java.bzl", "java_base_image", "java_base_image_index", "java_image_index", "java_openjdk_image", "java_temurin_image_from_adoptium_debs", "java_temurin_image_from_github_releases") -load("//:distro.bzl", "DISTROS", "PREVIEW_DISTROS") +load(":java.bzl", "java_base_image", "java_base_image_index", "java_build_base_image", "java_image_index", "java_openjdk_image", "java_temurin_image_from_adoptium_debs", "java_temurin_image_from_github_releases") +load(":config.bzl", "JAVA_ARCHITECTURES", "JAVA_BASE_PACKAGES", "JAVA_BUILD_BASE_PACKAGES", "JAVA_DISTROS") package(default_visibility = ["//visibility:public"]) -JAVA_DISTROS = DISTROS + PREVIEW_DISTROS - -JAVA_ARCHITECTURES = { - "debian12": [ - "amd64", - "arm64", - "s390x", - "ppc64le", - ], - "debian13": [ - "amd64", - "arm64", - "s390x", - "ppc64le", - ], -} +# unpublished build-base images (deprecated) +[ + java_build_base_image( + "debian12", + arch, + JAVA_BUILD_BASE_PACKAGES["debian12"], + ) + for arch in JAVA_ARCHITECTURES["debian12"] +] # publishable java base images [ - java_base_image(distro, arch) + java_base_image( + distro, + arch, + JAVA_BASE_PACKAGES[distro], + ) for distro in JAVA_DISTROS for arch in JAVA_ARCHITECTURES[distro] ] @@ -35,7 +32,7 @@ JAVA_ARCHITECTURES = { for distro in JAVA_DISTROS ] -# publishable java temurin images from github releases +# publishable java temurin images from github releases (deprecated) ADOPTIUM_GH_PER_DISTRO = [ ("21", "debian12"), ] @@ -58,7 +55,7 @@ ADOPTIUM_DEB_PER_DISTRO = [ for arch in JAVA_ARCHITECTURES[distro] ] -# publishable java openjdk (from debian) images +# publishable java openjdk (from debian) images (deprecated) JAVA_OPENJDK_VERSIONS_PER_DISTRO = [ ("17", "debian12"), ] diff --git a/java/config.bzl b/java/config.bzl new file mode 100644 index 000000000..4dfa5656b --- /dev/null +++ b/java/config.bzl @@ -0,0 +1,70 @@ +JAVA_DISTROS = ["debian12", "debian13"] +JAVA_ARCHITECTURES = { + "debian12": ["amd64", "arm64", "s390x", "ppc64le"], + "debian13": ["amd64", "arm64", "s390x", "ppc64le"], +} + +# deprecated, remove with debian12 deprecation +JAVA_BUILD_BASE_PACKAGES = { + "debian12": [ + "zlib1g", + "libjpeg62-turbo", + "liblcms2-2", + "libfreetype6", + "fonts-dejavu-core", + "fontconfig-config", + "libexpat1", + "libfontconfig1", + "libuuid1", + "libbrotli1", + "libcrypt1", + "libstdc++6", + "libgcc-s1", + "gcc-12-base", + "libpng16-16", + ], +} + +JAVA_BASE_PACKAGES = { + # debian 12 contains extra packages to add libharfbuzz + "debian12": [ + "zlib1g", + "libjpeg62-turbo", + "liblcms2-2", + "libfreetype6", + "fonts-dejavu-core", + "fontconfig-config", + "libexpat1", + "libfontconfig1", + "libuuid1", + "libbrotli1", + "libcrypt1", + "libstdc++6", + "libgcc-s1", + "gcc-12-base", + "libpng16-16", + "libharfbuzz0b", + "libgraphite2-3", + "libpcre2-8-0", + "libglib2.0-0", + ], + # debian 13 - temurin ships with libharfbuzz already + "debian13": [ + "zlib1g", + "libjpeg62-turbo", + "liblcms2-2", + "libfreetype6", + "fonts-dejavu-core", + "fontconfig-config", + "libexpat1", + "libfontconfig1", + "libuuid1", + "libbrotli1", + "libcrypt1", + "libstdc++6", + "libgcc-s1", + "gcc-14-base", + "libpng16-16t64", + "libbz2-1.0", + ], +} diff --git a/java/java.bzl b/java/java.bzl index 1d5f7963d..57f9c7ac4 100644 --- a/java/java.bzl +++ b/java/java.bzl @@ -2,37 +2,12 @@ load("@container_structure_test//:defs.bzl", "container_structure_test") load("@java_versions//:versions.bzl", "JAVA_RELEASE_VERSIONS") load("@rules_oci//oci:defs.bzl", "oci_image", "oci_image_index") load("@rules_pkg//:pkg.bzl", "pkg_tar") -load("//:distro.bzl", "DISTROS", "PREVIEW_DISTROS") +load("//common:variables.bzl", "DEBUG_MODE", "USERS") load("//java:jre_ver.bzl", "jre_ver") load("//private/oci:defs.bzl", "java_image") load("//private/util:deb.bzl", "deb") load("//private/util:java_cacerts.bzl", "java_cacerts") -DEBUG_MODE = ["", "_debug"] -USERS = ["root", "nonroot"] - -DISTRO_SPECIFIC_LIBRARIES = { - "build_base": { - "debian12": [ - "gcc-12-base", - "libpng16-16", - ], - "debian13": [ - "gcc-14-base", - "libpng16-16t64", - "libbz2-1.0", - ], - }, - "base": { - "debian12": [ - "libglib2.0-0", - ], - "debian13": [ - "libglib2.0-0t64", - ], - }, -} - def ca_certs(distro, arch): """java ca certs for a specific arch and distro """ @@ -45,7 +20,8 @@ def ca_certs(distro, arch): archive = "//common:cacerts_" + distro + "_" + arch, ) -def java_build_base_image(distro, arch): +# deprecated, remove with debian12 removal +def java_build_base_image(distro, arch, packages): """a base image that isn't published for building temurin and debian sourced java images temurin ships with libharfbuzz and certs but debian distributed ones do not include it libharfbuzz depends on libpcre,libglib,libgraphite @@ -53,33 +29,20 @@ def java_build_base_image(distro, arch): Args: distro: name of distribution arch: the target architecture + packages: to add to the image (from a debianX_java repo) """ - # check if we already made these - if native.existing_rule("java_build_base_" + USERS[0] + "_" + arch + "_" + distro): - return - [ oci_image( name = "java_build_base" + mode + "_" + user + "_" + arch + "_" + distro, - base = ("//base:base_nossl" if (not ("debug" in mode)) else "//base:base_nossl_debug") + "_" + user + "_" + arch + "_" + distro, + base = "//base:base_nossl" + mode + "_" + user + "_" + arch + "_" + distro, env = {"LANG": "C.UTF-8"}, tars = [ - deb.package(arch, distro, "zlib1g", "java"), - deb.package(arch, distro, "libjpeg62-turbo", "java"), - deb.package(arch, distro, "liblcms2-2", "java"), - deb.package(arch, distro, "libfreetype6", "java"), - deb.package(arch, distro, "fonts-dejavu-core", "java"), - deb.package(arch, distro, "fontconfig-config", "java"), - deb.package(arch, distro, "libexpat1", "java"), - deb.package(arch, distro, "libfontconfig1", "java"), - deb.package(arch, distro, "libuuid1", "java"), - deb.package(arch, distro, "libbrotli1", "java"), - deb.package(arch, distro, "libcrypt1", "java"), - deb.package(arch, distro, "libstdc++6", "java"), - deb.package(arch, distro, "libgcc-s1", "java"), + deb.package(arch, distro, pkg, "java") + for pkg in packages + ] + [ "//common:locale_" + distro + "_" + arch, - ] + [deb.package(arch, distro, library, "java") for library in DISTRO_SPECIFIC_LIBRARIES["build_base"][distro]], + ], ) for mode in DEBUG_MODE for user in USERS @@ -104,29 +67,30 @@ def java_base_image_index(distro, architectures): for user in USERS ] -def java_base_image(distro, arch): +def java_base_image(distro, arch, packages): """java base for a distro/arch Args: distro: name of distribution arch: the target arch + packages: to add to the image (from a debianX_java repo) """ # pre-req - java_build_base_image(distro, arch) ca_certs(distro, arch) [ oci_image( name = "java_base" + mode + "_" + user + "_" + arch + "_" + distro, - base = "java_build_base" + mode + "_" + user + "_" + arch + "_" + distro, + base = "//base:base_nossl" + mode + "_" + user + "_" + arch + "_" + distro, env = {"LANG": "C.UTF-8"}, tars = [ - deb.package(arch, distro, "libharfbuzz0b", "java"), - deb.package(arch, distro, "libgraphite2-3", "java"), - deb.package(arch, distro, "libpcre2-8-0", "java"), # required for libharfbuzz0b but remove for temurin installs + deb.package(arch, distro, pkg, "java") + for pkg in packages + ] + [ + "//common:locale_" + distro + "_" + arch, ":cacerts_java_" + arch + "_" + distro, - ] + [deb.package(arch, distro, library, "java") for library in DISTRO_SPECIFIC_LIBRARIES["base"][distro]], + ], ) for mode in DEBUG_MODE for user in USERS @@ -166,6 +130,7 @@ def java_image_index(distro, java_version, architectures): for mode in DEBUG_MODE ] +# deprecated, remove with debian12 removal def temurin_jre_prep(java_version, arch): rule_name = "temurin_jre_" + java_version + "_" + arch if native.existing_rule(rule_name): @@ -181,6 +146,7 @@ def temurin_jre_prep(java_version, arch): ], ) +# deprecated, remove with debian12 removal def temurin_jdk_prep(java_version, arch): rule_name = "temurin_jdk_" + java_version + "_" + arch if native.existing_rule(rule_name): @@ -196,6 +162,7 @@ def temurin_jdk_prep(java_version, arch): ], ) +# deprecated, remove with debian12 removal def java_temurin_image_from_github_releases(distro, java_version, arch): """java images from temurin distributions downloaded from github releases. This approach is used for debian12 and is deprecated for newer distributions @@ -207,8 +174,6 @@ def java_temurin_image_from_github_releases(distro, java_version, arch): arch: the target arch """ - # pre-req - java_build_base_image(distro, arch) temurin_jdk_prep(java_version, arch) temurin_jre_prep(java_version, arch) @@ -265,9 +230,6 @@ def java_temurin_image_from_adoptium_debs(distro, java_version, arch): arch: the target arch """ - # pre-req - java_build_base_image(distro, arch) - # intermediary rule to configure jre symlinks pkg_tar( name = "temurin_" + java_version + "_jre_" + arch + "_" + distro, @@ -306,7 +268,7 @@ def java_temurin_image_from_adoptium_debs(distro, java_version, arch): [ oci_image( name = "java" + java_version + "_" + user + "_" + arch + "_" + distro, - base = ":java_build_base_" + user + "_" + arch + "_" + distro, + base = ":java_base_" + user + "_" + arch + "_" + distro, # We expect users to use: # cmd = ["/path/to/deploy.jar", "--option1", ...] entrypoint = [ @@ -324,7 +286,6 @@ def java_temurin_image_from_adoptium_debs(distro, java_version, arch): tars = [ # we use system certs, but we might want to pull this out of the distro # like we did for the github released temurin - ":cacerts_java_" + arch + "_" + distro, ":temurin_" + java_version + "_jre_" + arch + "_" + distro, ], ) @@ -335,7 +296,7 @@ def java_temurin_image_from_adoptium_debs(distro, java_version, arch): [ oci_image( name = "java" + java_version + "_debug_" + user + "_" + arch + "_" + distro, - base = ":java_build_base_debug_" + user + "_" + arch + "_" + distro, + base = ":java_base_debug_" + user + "_" + arch + "_" + distro, # We expect users to use: # cmd = ["/path/to/deploy.jar", "--option1", ...] entrypoint = [ diff --git a/nodejs/BUILD b/nodejs/BUILD index fc71deb0a..82d82c643 100644 --- a/nodejs/BUILD +++ b/nodejs/BUILD @@ -1,16 +1,8 @@ load(":nodejs.bzl", "nodejs_image", "nodejs_image_index") -load(":node_arch.bzl", "node_arch") -load("//:distro.bzl", "DISTROS", "PREVIEW_DISTROS") +load(":config.bzl", "NODEJS_ARCHITECTURES", "NODEJS_DISTROS", "NODEJS_MAJOR_VERSIONS") package(default_visibility = ["//visibility:public"]) -NODEJS_MAJOR_VERSIONS = ("20", "22", "24") - -NODEJS_DISTROS = DISTROS + PREVIEW_DISTROS - -# NODEJS_ARCHITECTURES = ARCHITECTURES -# using node_arch for now, but we can probably get rid of that - [ nodejs_image( arch = arch, @@ -19,12 +11,12 @@ NODEJS_DISTROS = DISTROS + PREVIEW_DISTROS ) for distro in NODEJS_DISTROS for major_version in NODEJS_MAJOR_VERSIONS - for arch in node_arch(major_version) + for arch in NODEJS_ARCHITECTURES[distro][major_version] ] [ nodejs_image_index( - architectures = node_arch(major_version), + architectures = NODEJS_ARCHITECTURES[distro][major_version], distro = distro, major_version = major_version, ) diff --git a/nodejs/config.bzl b/nodejs/config.bzl new file mode 100644 index 000000000..1b2612ca2 --- /dev/null +++ b/nodejs/config.bzl @@ -0,0 +1,14 @@ +NODEJS_DISTROS = ["debian12", "debian13"] +NODEJS_ARCHITECTURES = { + "debian12": { + "20": ["amd64", "arm64", "arm", "s390x", "ppc64le"], + "22": ["amd64", "arm64", "arm", "s390x", "ppc64le"], + "24": ["amd64", "arm64", "s390x", "ppc64le"], + }, + "debian13": { + "20": ["amd64", "arm64", "arm", "s390x", "ppc64le"], + "22": ["amd64", "arm64", "arm", "s390x", "ppc64le"], + "24": ["amd64", "arm64", "s390x", "ppc64le"], + }, +} +NODEJS_MAJOR_VERSIONS = ["20", "22", "24"] diff --git a/nodejs/node_arch.bzl b/nodejs/node_arch.bzl deleted file mode 100644 index 6102a80a8..000000000 --- a/nodejs/node_arch.bzl +++ /dev/null @@ -1,7 +0,0 @@ -load("//:checksums.bzl", "ARCHITECTURES") - -# Function to filter architectures based on Node.js version -def node_arch(major_version): - if int(major_version) >= 24: - return [arch for arch in ARCHITECTURES if arch != "arm"] - return ARCHITECTURES diff --git a/nodejs/nodejs.bzl b/nodejs/nodejs.bzl index d265e911b..5a9364f24 100644 --- a/nodejs/nodejs.bzl +++ b/nodejs/nodejs.bzl @@ -1,11 +1,7 @@ load("@container_structure_test//:defs.bzl", "container_structure_test") load("@rules_oci//oci:defs.bzl", "oci_image", "oci_image_index") load("@rules_pkg//:pkg.bzl", "pkg_tar") - -NODEJS_MAJOR_VERSIONS = ("20", "22", "24") - -DEBUG_MODE = ["", "_debug"] -USERS = ["root", "nonroot"] +load("//common:variables.bzl", "DEBUG_MODE", "USERS") def nodejs_image_index(distro, major_version, architectures): """nodejs image index for a distro diff --git a/python3/BUILD b/python3/BUILD index 32df1b9f7..9a5ca0b1c 100644 --- a/python3/BUILD +++ b/python3/BUILD @@ -1,24 +1,20 @@ -load("//:checksums.bzl", "BASE_ARCHITECTURES") +load(":config.bzl", "PYTHON_ARCHITECTURES", "PYTHON_DISTROS") load(":python.bzl", "python3_image", "python3_image_index") package(default_visibility = ["//visibility:public"]) -PYTHON_DISTROS = ["debian12"] - -PYTHON_ARCHITECTURES = BASE_ARCHITECTURES - [ python3_image( arch = arch, distro = distro, ) for distro in PYTHON_DISTROS - for arch in PYTHON_ARCHITECTURES + for arch in PYTHON_ARCHITECTURES[distro] ] [ python3_image_index( - architectures = PYTHON_ARCHITECTURES, + architectures = PYTHON_ARCHITECTURES[distro], distro = distro, ) for distro in PYTHON_DISTROS diff --git a/python3/config.bzl b/python3/config.bzl new file mode 100644 index 000000000..89387ed0f --- /dev/null +++ b/python3/config.bzl @@ -0,0 +1,4 @@ +PYTHON_DISTROS = ["debian12"] +PYTHON_ARCHITECTURES = { + "debian12": ["amd64", "arm64"], +} diff --git a/python3/python.bzl b/python3/python.bzl index 240e5624a..b4e4a3f13 100644 --- a/python3/python.bzl +++ b/python3/python.bzl @@ -2,9 +2,7 @@ load("@container_structure_test//:defs.bzl", "container_structure_test") load("@rules_oci//oci:defs.bzl", "oci_image", "oci_image_index") load("@rules_pkg//:pkg.bzl", "pkg_tar") load("//private/util:deb.bzl", "deb") - -USERS = ["root", "nonroot"] -DEBUG_MODE = ["", "_debug"] +load("//common:variables.bzl", "DEBUG_MODE", "USERS") DISTRO_VERSION = { "debian12": "3.11", diff --git a/static/BUILD b/static/BUILD index 64ffa26a6..719159675 100644 --- a/static/BUILD +++ b/static/BUILD @@ -1,25 +1,20 @@ load(":static.bzl", "static_image", "static_image_index") -load("//:distro.bzl", "DISTROS", "PREVIEW_DISTROS") -load("//:checksums.bzl", "ARCHITECTURES") +load(":config.bzl", "STATIC_ARCHITECTURES", "STATIC_DISTROS") package(default_visibility = ["//visibility:public"]) -STATIC_DISTROS = DISTROS + PREVIEW_DISTROS - -STATIC_ARCHITECTURES = ARCHITECTURES - [ static_image( arch = arch, distro = distro, ) for distro in STATIC_DISTROS - for arch in STATIC_ARCHITECTURES + for arch in STATIC_ARCHITECTURES[distro] ] [ static_image_index( - architectures = STATIC_ARCHITECTURES, + architectures = STATIC_ARCHITECTURES[distro], distro = distro, ) for distro in STATIC_DISTROS diff --git a/static/config.bzl b/static/config.bzl new file mode 100644 index 000000000..209815cd8 --- /dev/null +++ b/static/config.bzl @@ -0,0 +1,8 @@ +STATIC_DISTROS = ["debian12", "debian13"] +STATIC_ARCHITECTURES = { + "debian12": ["amd64", "arm64", "arm", "s390x", "ppc64le"], + "debian13": ["amd64", "arm64", "arm", "s390x", "ppc64le"], +} + +# STATIC_PACKAGES is somewhat unecessary as the image has remained +# relative unchanged over the years, if we need to, we can add it in diff --git a/static/static.bzl b/static/static.bzl index b1234c476..7389ffa9e 100644 --- a/static/static.bzl +++ b/static/static.bzl @@ -4,12 +4,11 @@ load("@container_structure_test//:defs.bzl", "container_structure_test") load("@rules_go//go:def.bzl", "go_binary") load("@rules_oci//oci:defs.bzl", "oci_image", "oci_image_index") load("@rules_pkg//:pkg.bzl", "pkg_tar") -load("//:checksums.bzl", "VARIANTS") -load("//common:variables.bzl", "NONROOT") +load("//:distro.bzl", "VARIANTS") +load("//common:variables.bzl", "DEBUG_MODE", "NONROOT") load("//private/util:deb.bzl", "deb") USER_VARIANTS = [("root", 0, "/"), ("nonroot", NONROOT, "/home/nonroot")] -DEBUG_MODE = ["", "_debug"] def static_image_index(distro, architectures): """Build image index for a distro