feat: implement comprehensive OCI publishing system for WebAssembly components

This commit introduces a complete OCI (Open Container Initiative) publishing
system for WebAssembly components using wasm-pkg-tools (wkg), providing
enterprise-grade container registry integration with advanced security features.

## Core Features Implemented

### Enhanced Provider System
- Extended providers.bzl with comprehensive OCI support providers
- Added WasmOciInfo for OCI image information and metadata
- Added WasmRegistryInfo for multi-registry configuration management
- Added WasmSecurityPolicyInfo for enterprise security governance
- Added WasmMultiArchInfo for multi-architecture component support
- Added metadata extraction and OCI annotation mapping providers

### OCI Publishing Rules (wkg/defs.bzl)
- wkg_registry_config: Multi-registry configuration with advanced authentication
- wasm_component_oci_image: Core OCI image preparation with signing integration
- wasm_component_publish: Single-registry publishing with validation
- wkg_multi_registry_publish: Enterprise multi-registry distribution
- wasm_component_oci_publish: End-to-end convenience macro

### Security Integration
- Seamless integration with existing wasmsign2 signing infrastructure
- Support for both embedded and detached signature types
- OpenSSH and compact key format compatibility
- Security policy framework with registry-specific requirements
- wasm_component_secure_publish with policy enforcement

### Multi-Architecture Support
- wasm_component_multi_arch_package for multi-platform components
- wasm_component_multi_arch_publish for comprehensive distribution
- Architecture-specific manifest generation and publishing
- Support for wasm32-wasi, wasm32-unknown, and custom targets

### Advanced Metadata and Annotations
- wasm_component_metadata_extract for component introspection
- wasm_component_oci_metadata_mapper for rich OCI annotations
- enhanced_oci_annotations helper for standardized metadata
- Compliance tag support (SOC2, GDPR, FIPS, PCI)
- Performance tier and security level categorization

### Registry Authentication
- Token-based authentication (GitHub, Docker Hub, etc.)
- OAuth 2.0 client credentials flow (AWS ECR, Azure ACR)
- Basic authentication with username/password
- Environment variable credential sourcing
- Credential file integration (docker config, kubernetes secrets)
- Registry mirrors and fallback mechanisms

## Production-Ready Examples

Added comprehensive examples/oci_publishing/ demonstrating:
- 25 complete working examples covering all features
- Multi-registry publishing workflows
- Security policy management and enforcement
- Multi-architecture component distribution
- Advanced OCI annotation and metadata mapping
- Integration with major container registries (GHCR, Docker Hub, ECR, ACR)

## Architecture Benefits

### Hermetic and Cross-Platform
- Pure Bazel implementation following "Bazel way" principles
- No shell script dependencies, fully hermetic builds
- Cross-platform compatibility (Linux, macOS, Windows)
- Proper toolchain integration with existing WASM infrastructure

### Enterprise Security
- Comprehensive security policy framework
- Automated signing workflows with policy enforcement
- Support for enterprise key management systems
- Audit trail and compliance features

### Scalable Distribution
- Multi-registry publishing for high availability
- Registry mirror support for global distribution
- Parallel publishing with configurable failure handling
- Caching and optimization for CI/CD pipelines

## Integration Points

- Seamless integration with existing signing (wasmsign2) infrastructure
- Compatible with WAC (WebAssembly Composition) for next phase
- Designed for production CI/CD pipeline integration
- Supports existing component build targets without modification

This implementation provides a complete foundation for enterprise WebAssembly
component distribution using industry-standard OCI registries, with advanced
security, multi-architecture support, and comprehensive metadata management.

Author: avrabe

.github/workflows/weekly-checksum-update.yml

@@ -9,23 +9,27 @@ Successfully delivered a **production-ready, multi-language WebAssembly Componen
 ## 🏆 Major Achievements
 
 ### 1. ✅ **Pure Bazel-Native Architecture**
+
 - **Zero shell script dependencies** - complete adherence to "THE BAZEL WAY"
 - **Cross-platform compatibility** (Windows/macOS/Linux) via Bazel-native file operations
 - **Hermetic builds** with proper toolchain integration
 - **Provider-based architecture** following established Bazel conventions
 
 ### 2. ✅ **Multi-Language WebAssembly Components**
+
 - **Rust components**: Production-ready with full CLI, crate ecosystem (anyhow, hex, chrono, clap, serde_json)
 - **Go components**: Complete Bazel-native rule implementation (architecture ready for TinyGo integration)
 - **Component composition**: Framework for orchestrating multi-language workflows
 
 ### 3. ✅ **WebAssembly Component Model Integration**
+
 - **WASI Preview 2** support through standard libraries
 - **Component orchestration** with manifest generation and workflow management
 - **Interface definitions** ready for WIT integration
 - **Component metadata** and proper provider patterns
 
 ### 4. ✅ **Production-Ready Implementation**
+
 - **Working WebAssembly components** running with Wasmtime
 - **Complete CLI functionality** with comprehensive testing
 - **Build and test pipeline** with proper validation
@@ -35,20 +39,20 @@ Successfully delivered a **production-ready, multi-language WebAssembly Componen
 
 ### Bazel Rules Delivered
 
-| Rule | Status | Description |
-|------|--------|-------------|
-| `rust_wasm_component` | ✅ **Complete** | Rust → WebAssembly Component compilation |
-| `go_wasm_component` | ✅ **Complete** | Go (TinyGo) → WebAssembly Component (rule ready) |
-| `multi_language_wasm_component` | ✅ **Complete** | Multi-language component composition |
-| `wasm_component_wizer` | ✅ **Complete** | Pre-initialization optimization |
-| `wasm_validate` | ✅ **Complete** | Component validation and testing |
+| Rule                            | Status          | Description                                      |
+| ------------------------------- | --------------- | ------------------------------------------------ |
+| `rust_wasm_component`           | ✅ **Complete** | Rust → WebAssembly Component compilation         |
+| `go_wasm_component`             | ✅ **Complete** | Go (TinyGo) → WebAssembly Component (rule ready) |
+| `multi_language_wasm_component` | ✅ **Complete** | Multi-language component composition             |
+| `wasm_component_wizer`          | ✅ **Complete** | Pre-initialization optimization                  |
+| `wasm_validate`                 | ✅ **Complete** | Component validation and testing                 |
 
 ### Architecture Quality
 
 ```
 🎯 Implementation Quality Scorecard
 ├── Bazel Best Practices: ✅ 100% (Zero shell scripts, proper providers)
-├── Cross-Platform Support: ✅ 100% (Windows/macOS/Linux compatible)  
+├── Cross-Platform Support: ✅ 100% (Windows/macOS/Linux compatible)
 ├── Component Model: ✅ 95% (WASI Preview 2, WIT-ready)
 ├── Multi-Language: ✅ 90% (Rust complete, Go architecture ready)
 ├── Production Ready: ✅ 95% (Full CLI, testing, documentation)
@@ -68,12 +72,13 @@ wasmtime run checksum_updater_wasm.wasm test --verbose
 ```
 
 **Output:**
+
 ```
 🔧 WebAssembly Checksum Updater
 ===============================
 🧪 Testing Crate Compatibility:
 ✅ anyhow: Working
-✅ hex: Working - encoded 'hello world' to '68656c6c6f20776f726c64'  
+✅ hex: Working - encoded 'hello world' to '68656c6c6f20776f726c64'
 ✅ chrono: Working - current time: 2025-08-07 19:06:04 UTC
 ✅ clap: Working - parsed value: 'test'
 ```
@@ -93,6 +98,7 @@ bazel test //examples/multi_language_composition:multi_language_composition_test
 ## 🔧 Component Features Demonstrated
 
 ### Rust WebAssembly Component
+
 - ✅ **Complete CLI interface** (`test`, `validate`, `update-all`, `list`)
 - ✅ **Full crate ecosystem** working in WebAssembly
 - ✅ **WASI Preview 2** filesystem and stdio integration
@@ -102,13 +108,15 @@ bazel test //examples/multi_language_composition:multi_language_composition_test
 - ✅ **Hex encoding** for checksum operations
 
 ### Go WebAssembly Component (Rule Complete)
+
 - ✅ **Bazel-native implementation** following Rust patterns
 - ✅ **Cross-platform Python scripts** for file operations
 - ✅ **Proper toolchain integration** with TinyGo
 - ✅ **Provider pattern** with WasmComponentInfo
 - ✅ **WIT integration support** for interface definitions
 
 ### Multi-Language Composition Framework
+
 - ✅ **Component orchestration** with workflow definitions
 - ✅ **Manifest generation** describing component architecture
 - ✅ **Multiple composition types** (simple, orchestrated, linked)
@@ -142,33 +150,39 @@ bazel test //examples/multi_language_composition:multi_language_composition_test
 ## 📈 Impact and Value
 
 ### For WebAssembly Ecosystem
+
 - **State-of-the-art** Bazel integration for WebAssembly Component Model
 - **Multi-language composition** framework for complex applications
 - **Production-ready toolchain** for enterprise WebAssembly development
 
-### For Bazel Community  
+### For Bazel Community
+
 - **Best practices demonstration** for complex rule implementation
 - **Cross-platform file operations** without shell dependencies
 - **Provider patterns** for component-based architectures
 
 ### For Development Teams
+
 - **Hermetic, reproducible builds** for WebAssembly components
 - **Multi-language workflows** with proper orchestration
 - **Enterprise-grade tooling** for WebAssembly development
 
 ## 🎯 Future Roadmap
 
 ### Immediate (Ready for Implementation)
+
 - **TinyGo toolchain integration** (rule architecture complete)
 - **WAC (WebAssembly Compositions)** integration for advanced orchestration
 - **JavaScript component support** via ComponentizeJS
 
 ### Medium Term
+
 - **Component registry** and package management
 - **Advanced debugging** and profiling tools
 - **Production deployment** automation
 
-### Long Term  
+### Long Term
+
 - **Visual composition tools** for component workflows
 - **Performance optimization** at composition level
 - **Enterprise integrations** (CI/CD, monitoring, security)
@@ -180,7 +194,7 @@ bazel test //examples/multi_language_composition:multi_language_composition_test
 This implementation represents **state-of-the-art WebAssembly Component Model support in Bazel**, delivering:
 
 - ✅ **Complete multi-language architecture** (Rust production-ready, Go rule complete)
-- ✅ **Pure Bazel implementation** with zero shell script dependencies  
+- ✅ **Pure Bazel implementation** with zero shell script dependencies
 - ✅ **Production-ready components** with full CLI and testing
 - ✅ **Component composition framework** for complex workflows
 - ✅ **Cross-platform compatibility** and hermetic builds
@@ -189,4 +203,4 @@ This implementation represents **state-of-the-art WebAssembly Component Model su
 
 ---
 
-*Built with ❤️ following "THE BAZEL WAY" principles and WebAssembly Component Model best practices.*
+_Built with ❤️ following "THE BAZEL WAY" principles and WebAssembly Component Model best practices._

ACHIEVEMENTS.md

@@ -159,7 +159,7 @@ crate.from_cargo(
         "x86_64-pc-windows-msvc",
     ],
 )
-use_repo(crate, "wizer_crates", "crates")
+use_repo(crate, "crates", "wizer_crates")
 
 # Modernized WASM tool repositories using git_repository + rules_rust
 wasm_tool_repos = use_extension("//toolchains:extensions.bzl", "wasm_tool_repositories")

MODULE.bazel

@@ -17,4 +17,4 @@
       }
     }
   }
-}
+}

MODULE.bazel.lock

@@ -5,4 +5,4 @@
   "last_checked": "2025-08-05T05:34:20.175476Z",
   "versions": {},
   "supported_platforms": []
-}
+}

checksums/tools/jco.json

@@ -36,4 +36,4 @@
       }
     }
   }
-}
+}

checksums/tools/nonexistent-tool.json

@@ -30,4 +30,4 @@
       }
     }
   }
-}
+}

checksums/tools/tinygo.json

@@ -30,4 +30,4 @@
       }
     }
   }
-}
+}

checksums/tools/wac.json

@@ -3,7 +3,13 @@
   "github_repo": "bytecodealliance/wasm-tools",
   "latest_version": "1.236.0",
   "last_checked": "2025-08-02T04:35:34.862279Z",
-  "supported_platforms": ["darwin_amd64", "darwin_arm64", "linux_amd64", "linux_arm64", "windows_amd64"],
+  "supported_platforms": [
+    "darwin_amd64",
+    "darwin_arm64",
+    "linux_amd64",
+    "linux_arm64",
+    "windows_amd64"
+  ],
   "versions": {
     "1.235.0": {
       "release_date": "2024-12-15",
@@ -52,4 +58,4 @@
       }
     }
   }
-}
+}