Giter Club home page Giter Club logo

Comments (7)

thesayyn avatar thesayyn commented on September 27, 2024

also, strip down created as well as created properties in history within image config. optionally one should be able to set these to BUILD_TIMESTAMP when --stamp has been requested and stamp=True

furthermore, using references with tags (eg debian:latest) in repository rules like container_pull will eventually break one's build we should discourage anyone from doing that.

we should also document that this is okay for development purposes but shall never be accepted and checked into vcs.

from rules_oci.

thesayyn avatar thesayyn commented on September 27, 2024
  • strip PAX headers from tar layers.

this might not work if we ever support building Windows containers.

from rules_oci.

jfirebaugh avatar jfirebaugh commented on September 27, 2024

It looks like container base images are not treated hermetically at present? If I'm reading it right they're going to get downloaded during the execution phase by crane mutate <base>, so will not be subject to remote caching, Bazel integrity checks, invalidation, etc. Those seems like important aspects for reproducibility.

from rules_oci.

thesayyn avatar thesayyn commented on September 27, 2024

It looks like container base images are not treated hermetically at present? If I'm reading it right they're going to get downloaded during the execution phase by crane mutate <base>, so will not be subject to remote caching, Bazel integrity checks, invalidation, etc. Those seems like important aspects for reproducibility.

You are right. container_pull functionality is basically missing at the moment and #33 will remove the crane mutate behavior. I have been thinking about supporting container_pull which is capable of shallow pulling, remote cacheable via rctx.download, and integrity-checked blobs but don't have the time and resources to implement that yet.

from rules_oci.

alexeagle avatar alexeagle commented on September 27, 2024

We implemented a hermetic oci_pull rule now. Is there more to do for this issue?

from rules_oci.

thesayyn avatar thesayyn commented on September 27, 2024

We implemented a hermetic oci_pull rule now. Is there more to do for this issue?

only thing left from this list is asserting oci_image produces the same output with a clean build.

from rules_oci.

alexeagle avatar alexeagle commented on September 27, 2024

I guess we can just make a golden file test against the digest we produce in our e2e test

from rules_oci.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.