From 0d90696187ab86b0ab73a7b03a163e661799a6e3 Mon Sep 17 00:00:00 2001 From: Tobias Schlatter Date: Thu, 20 Jun 2024 14:38:43 +0200 Subject: [PATCH] feat: add support for settings volumes (#632) --- docs/compare_dockerfile.md | 2 +- docs/image.md | 6 ++++-- examples/assert.bzl | 3 +++ examples/assertion/BUILD.bazel | 4 ++++ oci/defs.bzl | 14 +++++++++++++- oci/private/image.bzl | 5 +++++ oci/private/image.sh | 3 +++ 7 files changed, 33 insertions(+), 4 deletions(-) diff --git a/docs/compare_dockerfile.md b/docs/compare_dockerfile.md index e6ebf97b..fb0c626d 100644 --- a/docs/compare_dockerfile.md +++ b/docs/compare_dockerfile.md @@ -27,7 +27,7 @@ Let's compare them to their rules_oci counterparts: - `SHELL` -> Use `oci_image#entrypoint` instead. - `STOPSIGNAL` -> Not supported - `USER` -> Not supported. Use the tar rule's mechanism for setting gid/uid -- `VOLUME` -> See: https://github.com/bazel-contrib/rules_oci/issues/406 +- `VOLUME` -> Use `oci_image#volumes` - `WORKDIR` -> Use `oci_image#workdir` diff --git a/docs/image.md b/docs/image.md index 3b830bc0..d616deee 100644 --- a/docs/image.md +++ b/docs/image.md @@ -14,7 +14,7 @@ load("@rules_oci//oci:defs.bzl", ...)
 oci_image_rule(name, annotations, architecture, base, cmd, entrypoint, env, exposed_ports, labels,
-               os, tars, user, variant, workdir)
+               os, tars, user, variant, volumes, workdir)
 
Build an OCI compatible container image. @@ -83,6 +83,7 @@ oci_image( | tars | List of tar files to add to the image as layers. Do not sort this list; the order is preserved in the resulting image. Less-frequently changed files belong in lower layers to reduce the network bandwidth required to pull and push.

The authors recommend [dive](https://github.com/wagoodman/dive) to explore the layering of the resulting image. | List of labels | optional | [] | | user | The username or UID which is a platform-specific structure that allows specific control over which user the process run as. This acts as a default value to use when the value is not specified when creating a container. For Linux based systems, all of the following are valid: user, uid, user:group, uid:gid, uid:group, user:gid. If group/gid is not specified, the default group and supplementary groups of the given user/uid in /etc/passwd from the container are applied. | String | optional | "" | | variant | The variant of the specified CPU architecture. eg: v6, v7, v8. See: https://github.com/opencontainers/image-spec/blob/main/image-index.md#platform-variants for more. | String | optional | "" | +| volumes | A file containing a comma separated list of volumes. (e.g. /srv/data,/srv/other-data) | Label | optional | None | | workdir | Sets the current working directory of the entrypoint process in the container. This value acts as a default and may be replaced by a working directory specified when creating a container. | String | optional | "" | @@ -91,7 +92,7 @@ oci_image( ## oci_image
-oci_image(name, labels, annotations, env, cmd, entrypoint, exposed_ports, kwargs)
+oci_image(name, labels, annotations, env, cmd, entrypoint, exposed_ports, volumes, kwargs)
 
Macro wrapper around [oci_image_rule](#oci_image_rule). @@ -120,6 +121,7 @@ This is similar to the same-named target created by rules_docker's `container_im | cmd | Command & argument configured by default in the running container. See documentation above. | None | | entrypoint | Entrypoint configured by default in the running container. See documentation above. | None | | exposed_ports | Exposed ports in the running container. See documentation above. | None | +| volumes | Volumes for the container. See documentation above. | None | | kwargs | other named arguments to [oci_image_rule](#oci_image_rule) and [common rule attributes](https://bazel.build/reference/be/common-definitions#common-attributes). | none | diff --git a/examples/assert.bzl b/examples/assert.bzl index 0eef15b3..635a48a9 100644 --- a/examples/assert.bzl +++ b/examples/assert.bzl @@ -24,6 +24,7 @@ def assert_oci_config( cmd_eq = None, env_eq = None, exposed_ports_eq = None, + volumes_eq = None, user_eq = None, workdir_eq = None, architecture_eq = None, @@ -46,6 +47,8 @@ def assert_oci_config( config["WorkingDir"] = workdir_eq if exposed_ports_eq: config["ExposedPorts"] = {port: {} for port in exposed_ports_eq} + if volumes_eq: + config["Volumes"] = {volume: {} for volume in volumes_eq} if user_eq: config["User"] = user_eq if labels_eq: diff --git a/examples/assertion/BUILD.bazel b/examples/assertion/BUILD.bazel index e03c21a2..86617b95 100644 --- a/examples/assertion/BUILD.bazel +++ b/examples/assertion/BUILD.bazel @@ -187,6 +187,7 @@ oci_image( "5678/udp", "5000", ], + volumes = ["/srv/data"], # user & workdir user = "root", workdir = "/root", @@ -230,6 +231,9 @@ assert_oci_config( "5678/udp", "5000", ], + volumes_eq = [ + "/srv/data", + ], image = ":case8", labels_eq = { "org.opencontainers.image.version": "0.0.0", diff --git a/oci/defs.bzl b/oci/defs.bzl index e71c0824..d9e76e82 100644 --- a/oci/defs.bzl +++ b/oci/defs.bzl @@ -22,7 +22,7 @@ oci_image_rule = _oci_image oci_image_index = _oci_image_index oci_push_rule = _oci_push -def oci_image(name, labels = None, annotations = None, env = None, cmd = None, entrypoint = None, exposed_ports = None, **kwargs): +def oci_image(name, labels = None, annotations = None, env = None, cmd = None, entrypoint = None, exposed_ports = None, volumes = None, **kwargs): """Macro wrapper around [oci_image_rule](#oci_image_rule). Allows labels and annotations to be provided as a dictionary, in addition to a text file. @@ -44,6 +44,7 @@ def oci_image(name, labels = None, annotations = None, env = None, cmd = None, e cmd: Command & argument configured by default in the running container. See documentation above. entrypoint: Entrypoint configured by default in the running container. See documentation above. exposed_ports: Exposed ports in the running container. See documentation above. + volumes: Volumes for the container. See documentation above. **kwargs: other named arguments to [oci_image_rule](#oci_image_rule) and [common rule attributes](https://bazel.build/reference/be/common-definitions#common-attributes). """ @@ -109,6 +110,16 @@ def oci_image(name, labels = None, annotations = None, env = None, cmd = None, e ) exposed_ports = exposed_ports_label + if types.is_list(volumes): + volumes_label = "_{}_write_volumes".format(name) + write_file( + name = volumes_label, + out = "_{}.volumes.txt".format(name), + content = [",".join(volumes)], + **forwarded_kwargs + ) + volumes = volumes_label + oci_image_rule( name = name, annotations = annotations, @@ -117,6 +128,7 @@ def oci_image(name, labels = None, annotations = None, env = None, cmd = None, e cmd = cmd, entrypoint = entrypoint, exposed_ports = exposed_ports, + volumes = volumes, **kwargs ) diff --git a/oci/private/image.bzl b/oci/private/image.bzl index 7d659d3b..9ed63dab 100644 --- a/oci/private/image.bzl +++ b/oci/private/image.bzl @@ -82,6 +82,7 @@ If `group/gid` is not specified, the default group and supplementary groups of t """), "workdir": attr.string(doc = "Sets the current working directory of the `entrypoint` process in the container. This value acts as a default and may be replaced by a working directory specified when creating a container."), "exposed_ports": attr.label(doc = "A file containing a comma separated list of exposed ports. (e.g. 2000/tcp, 3000/udp or 4000. No protocol defaults to tcp).", allow_single_file = True), + "volumes": attr.label(doc = "A file containing a comma separated list of volumes. (e.g. /srv/data,/srv/other-data)", allow_single_file = True), "os": attr.string(doc = "The name of the operating system which the image is built to run on. eg: `linux`, `windows`. See $GOOS documentation for possible values: https://go.dev/doc/install/source#environment"), "architecture": attr.string(doc = "The CPU architecture which the binaries in this image are built to run on. eg: `arm64`, `arm`, `amd64`, `s390x`. See $GOARCH documentation for possible values: https://go.dev/doc/install/source#environment"), "variant": attr.string(doc = "The variant of the specified CPU architecture. eg: `v6`, `v7`, `v8`. See: https://github.com/opencontainers/image-spec/blob/main/image-index.md#platform-variants for more."), @@ -195,6 +196,10 @@ def _oci_image_impl(ctx): args.add(ctx.file.exposed_ports.path, format = "--exposed-ports=%s") inputs.append(ctx.file.exposed_ports) + if ctx.attr.volumes: + args.add(ctx.file.volumes.path, format = "--volumes=%s") + inputs.append(ctx.file.volumes) + if ctx.attr.cmd: args.add(ctx.file.cmd.path, format = "--cmd=%s") inputs.append(ctx.file.cmd) diff --git a/oci/private/image.sh b/oci/private/image.sh index 195146c0..c5397399 100644 --- a/oci/private/image.sh +++ b/oci/private/image.sh @@ -154,6 +154,9 @@ for ARG in "$@"; do --exposed-ports=*) CONFIG=$(jq --rawfile ep "${ARG#--exposed-ports=}" '.config.ExposedPorts = ($ep | split(",") | map({key: ., value: {}}) | from_entries)' <<<"$CONFIG") ;; + --volumes=*) + CONFIG=$(jq --rawfile volumes "${ARG#--volumes=}" '.config.Volumes = ($volumes | split(",") | map({key: ., value: {}}) | from_entries)' <<<"$CONFIG") + ;; --user=*) CONFIG=$(jq --arg user "${ARG#--user=}" '.config.User = $user' <<<"$CONFIG") ;;