Comments (7)
also, strip down created
as well as created
properties in history within image config. optionally one should be able to set these to BUILD_TIMESTAMP
when --stamp
has been requested and stamp=True
furthermore, using references with tags (eg debian:latest
) in repository rules like container_pull
will eventually break one's build we should discourage anyone from doing that.
we should also document that this is okay for development purposes but shall never be accepted and checked into vcs.
from rules_oci.
- strip PAX headers from tar layers.
this might not work if we ever support building Windows containers.
from rules_oci.
It looks like container base images are not treated hermetically at present? If I'm reading it right they're going to get downloaded during the execution phase by crane mutate <base>
, so will not be subject to remote caching, Bazel integrity checks, invalidation, etc. Those seems like important aspects for reproducibility.
from rules_oci.
It looks like container base images are not treated hermetically at present? If I'm reading it right they're going to get downloaded during the execution phase by
crane mutate <base>
, so will not be subject to remote caching, Bazel integrity checks, invalidation, etc. Those seems like important aspects for reproducibility.
You are right. container_pull functionality is basically missing at the moment and #33 will remove the crane mutate
behavior. I have been thinking about supporting container_pull which is capable of shallow pulling, remote cacheable via rctx.download
, and integrity-checked blobs but don't have the time and resources to implement that yet.
from rules_oci.
We implemented a hermetic oci_pull
rule now. Is there more to do for this issue?
from rules_oci.
We implemented a hermetic
oci_pull
rule now. Is there more to do for this issue?
only thing left from this list is asserting oci_image produces the same output with a clean build.
from rules_oci.
I guess we can just make a golden file test against the digest we produce in our e2e test
from rules_oci.
Related Issues (20)
- FR: Ability to output `oci_image` as a .tar file HOT 7
- BUG: oci_pull hides error messages from URL rewriter HOT 3
- Where's toolchain_configure? HOT 1
- oci_pull() fails with "The registry sent a manifest with schemaVersion=1" when using v2.0.0-beta2 HOT 1
- What kind of encoding is this??? HOT 3
- FR: Support for skipping unchanged digests HOT 2
- Allow configuring registry_patterns in `oci_pull` HOT 2
- oci_tarball does not seem to be usable as data in an sh_test without copying
- Unable to use `bazel_tags` attribute
- Align oci_image's env attribute with Bazel common attribute standards
- FR: New rule `oci_image_binary` with dockerc (compile container image to a binary) HOT 2
- ECR rejects multiplatform images on v2.0.0-rc0 because schemaVersion missing in index.json
- bazel vendor try to fetch regctl archive for incompatible platform
- More flexibility when parsing docker config.json (or add a warning to docs)
- 404 when downloading jagertracing/all-in-one HOT 1
- FR: support multiple image locations in oci_pull
- Update release notes: treat #663 as breaking change HOT 1
- Documentation for cmd and entrypoint are imprecise/inconsistent with implementation
- index.json: No such file or directory HOT 1
- `base` does no longer accept a tarball HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rules_oci.