Tips and tricks

Local development and troubleshooting with OCI images

Steps:

# find available bazel build targets
bazel query ... | grep image

# build the image (target) of interest
bazel build //rs/slack-notifications:slack-notifications-image

# import the docker image generated by bazel into podman
IMAGE=$(find bazel-out/ -name slack-notifications-image)
podman load --input $IMAGE

# run and test:
podman run [<other-args>] localhost/bazel-out/k8-opt/bin/rs/slack-notifications/slack-notifications-image

Add a deb package to an Ubuntu OCI image

Example code to be added to WORKSPACE.bazel (adjustments are necessary for your package!):

oci_pull(
    # tag = 22.04
    # https://hub.docker.com/layers/library/ubuntu/22.04/images/sha256-cb2af41f42b9c9bc9bcdc7cf1735e3c4b3d95b2137be86fd940373471a34c8b0
    name = "ubuntu_22_04",
    digest = "sha256:cb2af41f42b9c9bc9bcdc7cf1735e3c4b3d95b2137be86fd940373471a34c8b0",
    image = "index.docker.io/library/ubuntu",
)

_DEB_TO_LAYER = """\
genrule(
    name = "layer_tar",
    srcs = ["@ubuntu22_ca_certificates//:data.tar.zst"],
    outs = ["ca_certificates.tar"],
    cmd = "cat $< | zstd -d - -c >| $@",
    visibility = ["//visibility:public"],
)

alias(
    name = "layer",
    actual = ":data.tar.zst",
    visibility = ["//visibility:public"],
)
"""

http_archive(
    name = "ubuntu22_ca_certificates",
    build_file_content = _DEB_TO_LAYER,
    sha256 = "8ddd3b5d72fa144e53974d6a5782d25a0a9e1eec006118ecf2b76d53a7530f6a",
    urls = [
        "http://mirrors.kernel.org/ubuntu/pool/main/c/ca-certificates/ca-certificates_20230311ubuntu0.22.04.1_all.deb",
        "http://de.archive.ubuntu.com/ubuntu/pool/main/c/ca-certificates/ca-certificates_20230311ubuntu0.22.04.1_all.deb",
        "http://ftp.osuosl.org/pub/ubuntu/pool/main/c/ca-certificates/ca-certificates_20230311ubuntu0.22.04.1_all.deb",
    ],
)

After that, once could add the additional layer to an image with something like:

rust_binary_oci_image_rules(
    name = "oci_image",
    src = ":slack-notifications",
    base_image = "@distroless_cc_debian12",
    other_layers = ["@ubuntu22_ca_certificates//:layer_tar"],
)