Split helm_import_repository into different rules

`helm_import_repository` is for finding a chart in a [HTTP repository](https://helm.sh/docs/topics/chart_repository/), which may provide a OCI source.

`helm_import_url` is for directly downloading a chart package from  a HTTP URL.

`helm_import_registry` is for importing a chart from an [OCI registry](https://helm.sh/docs/topics/registries/).

Fixes #189, #195

Author: zachburg

helm/defs.bzl

@@ -12,7 +12,9 @@ load(
 load(
     "//helm/private:helm_import.bzl",
     _helm_import = "helm_import",
+    _helm_import_registry = "helm_import_registry",
     _helm_import_repository = "helm_import_repository",
+    _helm_import_url = "helm_import_url",
 )
 load(
     "//helm/private:helm_install.bzl",
@@ -57,6 +59,8 @@ load(
 helm_chart = _helm_chart
 helm_import = _helm_import
 helm_import_repository = _helm_import_repository
+helm_import_registry = _helm_import_registry
+helm_import_url = _helm_import_url
 helm_install = _helm_install
 helm_lint_aspect = _helm_lint_aspect
 helm_lint_test = _helm_lint_test

helm/private/helm_import.bzl

@@ -34,7 +34,7 @@ helm_import = rule(
             allow_single_file = [".tgz"],
         ),
         "version": attr.string(
-            doc = "The version fo the helm chart",
+            doc = "The version of the helm chart",
         ),
     },
 )
@@ -60,14 +60,6 @@ def _find_chart_url(repository_ctx, repo_file, chart_name, chart_version):
                 return url
     fail("cannot find {} (version {}) in {}".format(chart_name, chart_version, repository_ctx.attr.repository))
 
-def _get_chart_file_name(chart_url):
-    if chart_url.startswith("http") and chart_url.endswith(".tgz"):
-        return chart_url.split("/")[-1]
-    if chart_url.startswith("oci"):
-        chart_name, chart_version = chart_url.split("/")[-1].split(":")
-        return "{}-{}.tgz".format(chart_name, chart_version)
-    fail("cannot determine chart file name from {}".format(chart_url))
-
 def _find_chart_digest(manifest):
     for layer in manifest["layers"]:
         # https://helm.sh/docs/topics/registries/#helm-chart-manifest
@@ -83,141 +75,203 @@ helm_import(
     chart = "{chart_file}",
     visibility = ["//visibility:public"],
 )
+"""
 
-alias(
-    name = "{repository_name}",
-    actual = ":{chart_name}",
-    visibility = ["//visibility:public"],
+def _helm_import_url_impl(repository_ctx):
+    chart_name = repository_ctx.attr.chart_name
+    chart_url = repository_ctx.attr.url
+
+    chart_file = "{}.tgz".format(chart_name)
+
+    repository_ctx.file("BUILD.bazel", content = _HELM_DEP_BUILD_FILE.format(
+        chart_name = chart_name,
+        chart_file = chart_file,
+    ))
+
+    chart_package = repository_ctx.download(
+        output = repository_ctx.path(chart_file),
+        url = chart_url,
+        sha256 = repository_ctx.attr.sha256,
+    )
+
+    return {
+        "chart_name": chart_name,
+        "name": repository_ctx.name,
+        "sha256": chart_package.sha256,
+        "url": chart_url,
+    }
+
+helm_import_url = repository_rule(
+    implementation = _helm_import_url_impl,
+    attrs = {
+        "chart_name": attr.string(
+            doc = "Chart name to import.",
+            mandatory = True,
+        ),
+        "sha256": attr.string(
+            doc = "The expected SHA-256 hash of the chart imported.",
+        ),
+        "url": attr.string(
+            doc = "The URL where the chart can be directly downloaded.",
+            mandatory = True,
+        ),
+    },
 )
-"""
 
-def _helm_import_repository_impl(repository_ctx):
-    if repository_ctx.attr.url and repository_ctx.attr.repository:
-        fail("`url` and `repository` are exclusive arguments.")
-
-    if repository_ctx.attr.url:
-        chart_url = repository_ctx.attr.url
-        if repository_ctx.attr.chart_name:
-            fail("`url` provided, do not set `chart_name`")
-        if repository_ctx.attr.version:
-            fail("`url` provided, do not set `version`")
-    else:
-        if not repository_ctx.attr.chart_name:
-            fail("`chart_name` is required to locate chart")
-        if not repository_ctx.attr.version:
-            fail("`version` is required to locate chart")
-
-        repo_yaml = "index.yaml"
-        repository_ctx.download(
-            output = repo_yaml,
-            url = "{}/{}".format(
-                repository_ctx.attr.repository,
-                repo_yaml,
-            ),
-        )
+def _oci_url_download(repository_ctx, url, chart_file):
+    url, _, chart_version = url.rpartition(":")
+    hostname, _, chart_path = url.removeprefix("oci://").partition("/")
+
+    au = authn.new(repository_ctx)
+    token = au.get_token(hostname, chart_path)
+
+    manifest_json = "manifest.json"
+    manifest_url = "https://{}/v2/{}/manifests/{}".format(
+        hostname,
+        chart_path,
+        chart_version,
+    )
+    repository_ctx.download(
+        output = manifest_json,
+        url = manifest_url,
+        auth = {
+            manifest_url: token,
+        },
+        # Copied from `helm pull --debug`
+        headers = {
+            "Accept": [
+                "application/vnd.docker.distribution.manifest.v2+json",
+                "application/vnd.docker.distribution.manifest.list.v2+json",
+                "application/vnd.oci.image.manifest.v1+json",
+                "application/vnd.oci.image.index.v1+json",
+                "*/*",
+            ],
+        },
+    )
+    manifest = json.decode(repository_ctx.read(manifest_json))
 
-        chart_url = _find_chart_url(repository_ctx, repo_yaml, repository_ctx.attr.chart_name, repository_ctx.attr.version)
+    # https://helm.sh/docs/topics/registries/#helm-chart-manifest
+    if manifest["config"]["mediaType"] != "application/vnd.cncf.helm.config.v1+json":
+        fail("oci://{}/{} is not a Helm chart package".format(hostname, chart_path))
 
-    chart_file = _get_chart_file_name(chart_url)
+    chart_digest = _find_chart_digest(manifest)
+    chart_blob_url = "https://{}/v2/{}/blobs/{}".format(
+        hostname,
+        chart_path,
+        chart_digest,
+    )
+
+    # Download the chart package:
+    return repository_ctx.download(
+        output = repository_ctx.path(chart_file),
+        url = chart_blob_url,
+        sha256 = repository_ctx.attr.sha256,
+        auth = {
+            chart_blob_url: token,
+        },
+    )
+
+def _helm_import_repository_impl(repository_ctx):
+    chart_name = repository_ctx.attr.chart_name
+    chart_version = repository_ctx.attr.version
+
+    repo_yaml = "index.yaml"
+    repository_ctx.download(
+        output = repo_yaml,
+        url = "{}/{}".format(
+            repository_ctx.attr.repository,
+            repo_yaml,
+        ),
+    )
+    chart_url = _find_chart_url(repository_ctx, repo_yaml, chart_name, chart_version)
+    chart_file = "{}.tgz".format(chart_name)
 
     if chart_url.startswith("http"):
-        result = repository_ctx.download(
+        chart_package = repository_ctx.download(
             output = repository_ctx.path(chart_file),
             url = chart_url,
             sha256 = repository_ctx.attr.sha256,
         )
     elif chart_url.startswith("oci"):
-        url, _, chart_version = chart_url.rpartition(":")
-        hostname, _, chart_path = url.removeprefix("oci://").partition("/")
-
-        au = authn.new(repository_ctx)
-        token = au.get_token(hostname, chart_path)
-
-        # Find the digest for the layer with the chart package in the image manifest:
-        manifest_json = "manifest.json"
-        manifest_url = "https://{}/v2/{}/manifests/{}".format(
-            hostname,
-            chart_path,
-            chart_version,
-        )
-        repository_ctx.download(
-            output = manifest_json,
-            url = manifest_url,
-            auth = {
-                manifest_url: token,
-            },
-            # Copied from `helm pull --debug`
-            headers = {
-                "Accept": [
-                    "application/vnd.docker.distribution.manifest.v2+json",
-                    "application/vnd.docker.distribution.manifest.list.v2+json",
-                    "application/vnd.oci.image.manifest.v1+json",
-                    "application/vnd.oci.image.index.v1+json",
-                    "*/*",
-                ],
-            },
-        )
-        manifest = json.decode(repository_ctx.read(manifest_json))
-
-        # https://helm.sh/docs/topics/registries/#helm-chart-manifest
-        if manifest["config"]["mediaType"] != "application/vnd.cncf.helm.config.v1+json":
-            fail("{} is not a Helm chart package".format(chart_url))
-
-        chart_digest = _find_chart_digest(manifest)
-        chart_blob_url = "https://{}/v2/{}/blobs/{}".format(
-            hostname,
-            chart_path,
-            chart_digest,
-        )
-
-        # Download the chart package:
-        result = repository_ctx.download(
-            output = repository_ctx.path(chart_file),
-            url = chart_blob_url,
-            sha256 = repository_ctx.attr.sha256,
-            auth = {
-                chart_blob_url: token,
-            },
-        )
-
+        chart_package = _oci_url_download(repository_ctx, chart_url, chart_file)
     else:
-        fail("cannot download {} from {}, unsupported scheme".format(repository_ctx.attr.chart_name, chart_url))
-
-    chart_name, _, chart_version = chart_file.removesuffix(".tgz").rpartition("-")
+        fail("cannot download {} from {}, unsupported scheme".format(chart_name, chart_url))
 
     repository_ctx.file("BUILD.bazel", content = _HELM_DEP_BUILD_FILE.format(
         chart_name = chart_name,
         chart_file = chart_file,
-        repository_name = repository_ctx.name,
     ))
 
     return {
         "chart_name": chart_name,
         "name": repository_ctx.name,
         "repository": repository_ctx.attr.repository,
-        "sha256": result.sha256,
-        "url": chart_url,
+        "sha256": chart_package.sha256,
         "version": chart_version,
     }
 
 helm_import_repository = repository_rule(
     implementation = _helm_import_repository_impl,
-    doc = "A rule for fetching external Helm charts from an arbitrary URL or repository.",
+    doc = "A rule for fetching external Helm chart from a HTTP repository.",
     attrs = {
         "chart_name": attr.string(
-            doc = "Chart name to import. Must be set if `repository` is specified",
+            doc = "Chart name to import.",
+            mandatory = True,
         ),
         "repository": attr.string(
-            doc = "Chart repository url where to locate the requested chart. Mutually exclusive with `url`.",
+            doc = "Repository URL where to locate the specified chart.",
+            mandatory = True,
         ),
         "sha256": attr.string(
             doc = "The expected SHA-256 hash of the chart imported.",
         ),
-        "url": attr.string(
-            doc = "The url where a chart can be directly downloaded. Mutually exclusive with `chart_name`, `repository`, and `version`",
+        "version": attr.string(
+            doc = "Chart version to import.",
+            mandatory = True,
+        ),
+    },
+)
+
+def _helm_import_registry_impl(repository_ctx):
+    registry = repository_ctx.attr.registry
+    chart_name = repository_ctx.attr.chart_name
+    version = repository_ctx.attr.version
+
+    chart_url = "{}/{}:{}".format(registry, chart_name, version)
+    chart_file = "{}.tgz".format(chart_name)
+    chart_package = _oci_url_download(repository_ctx, chart_url, chart_file)
+
+    repository_ctx.file("BUILD.bazel", content = _HELM_DEP_BUILD_FILE.format(
+        chart_name = chart_name,
+        chart_file = chart_file,
+    ))
+
+    return {
+        "chart_name": chart_name,
+        "name": repository_ctx.name,
+        "registry": repository_ctx.attr.registry,
+        "sha256": chart_package.sha256,
+        "version": repository_ctx.attr.version,
+    }
+
+helm_import_registry = repository_rule(
+    implementation = _helm_import_registry_impl,
+    doc = "A rule for fetching an external Helm chart from a OCI registry.",
+    attrs = {
+        "chart_name": attr.string(
+            doc = "Chart name to import.",
+            mandatory = True,
+        ),
+        "registry": attr.string(
+            doc = "OCI registry URL where to locate the specified chart.",
+            mandatory = True,
+        ),
+        "sha256": attr.string(
+            doc = "The expected SHA-256 hash of the chart imported.",
         ),
         "version": attr.string(
-            doc = "Specify a version constraint for the chart version to use. Must be set if `repository` is specified.",
+            doc = "Chart version to import.",
+            mandatory = True,
         ),
     },
 )

tests/test_deps.bzl

@@ -3,7 +3,7 @@
 load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 load("@bazel_tools//tools/build_defs/repo:utils.bzl", "maybe")
 load("@rules_oci//oci:pull.bzl", "oci_pull")
-load("//helm:defs.bzl", "helm_import_repository")
+load("//helm:defs.bzl", "helm_import_registry", "helm_import_repository", "helm_import_url")
 
 _CM_HELM_PUSH_BUILD_CONTENT = """\
 package(default_visibility = ["//visibility:public"])
@@ -31,17 +31,20 @@ def helm_test_deps():
 
     # Directly download this chart from a HTTP URL:
     maybe(
-        helm_import_repository,
+        helm_import_url,
         name = "helm_test_deps__with_chart_deps_postgresql",
+        chart_name = "postgresql",
         url = "https://charts.bitnami.com/bitnami/postgresql-14.0.5.tgz",
         sha256 = "38d9b6657aa3b0cc16d190570dbaf96796e997d03a1665264dac9966343e4d1b",
     )
 
-    # Directly download this chart from an OCI URL:
+    # Download this chart from an OCI registry:
     maybe(
-        helm_import_repository,
+        helm_import_registry,
         name = "helm_test_deps__with_chart_deps_grafana",
-        url = "oci://registry-1.docker.io/bitnamicharts/grafana:12.1.4",
+        registry = "oci://registry-1.docker.io/bitnamicharts",
+        chart_name = "grafana",
+        version = "12.1.4",
         sha256 = "015f66a231a809557ab368d903f6762ba31ba2f7b3d0f890445be6e8f213cff1",
     )