Migrating to rules_oci

# Bazel and Docker with rules_oci Bazel Community Day - San Francisco - May 23 ---  slides: https://hackmd.io/@aspect/rules_oci --- Regardless of language, container images are the most popular deployment artifact. Most Bazel users want them in `bazel-out` --- ![](https://hackmd.io/_uploads/Bk0G2WnSo.png) --- ## About me - Maintainer rules_nodejs, rules_python, Aspect's rulesets - Ex-maintainer rules_docker - Started Rules Authors SIG with Helen and Keith --- ![](https://hackmd.io/_uploads/HJnKzO9En.png) --- Private note to self: do something to engage audience now --- ## Storytime: rules_docker - Once upon a time... - Matt started Chainguard - Scope got bigger than Google could fund --- ### Not maintainable - Pusher and puller programs not released - Language-specific rules - Barely "keeping the lights on" --- :sweat_smile: How many of you contributed to rules_docker? How did it go? --- ### Key observations Container images are just a tar of tars with a manifest. `rules_pkg` can build tars. Manifests are simple text files. Capable image manipulation tools exist, e.g. `crane` rules_oci doesn't need to do much! ---  ![](https://hackmd.io/_uploads/H1B7hdFr2.png) --- ```graphviz digraph { compound=true rankdir=LR graph [ fontname="Source Sans Pro", fontsize=20 ]; node [ fontname="Source Sans Pro", fontsize=18 ]; subgraph cluster0 { registry [shape=none] } subgraph cluster1 { concentrate = true node [ fontname="Courier", fontsize=18]; a [label="oci_pull"] [shape=box] b [label="oci_push"] sync [label="oci_image" ] bin [label="*_binary"] tar [label="pkg_tar"] sync -> b a -> sync bin -> tar tar -> sync b -> registry registry -> a label="Typical usage" } } ``` --- ## And more - we follow strict oci standard - experimental signing and attesting - experimental windows containers - https://registry.bazel.build/modules/container_structure_test --- **What's next**: run containerized actions (a.k.a. `container_run_and_commit_*`) Minimal solution: rely on Bazel! - `--experimental_enable_docker_sandbox` - `--spawn_strategy=docker` - `--experimental_docker_image` Follow https://github.com/bazel-contrib/rules_oci/issues/132 --- ![](https://hackmd.io/_uploads/HybERpjNh.png) --- ## Funding rules_oci Distroless team funded initial creation. Bazel Rules Authors SIG funded the 1.0 release. Continued funding is needed! https://opencollective.com/bazel-rules-authors-sig/projects/rules_oci Filing good issues and answering questions are also great ways to contribute. :pray: --- ![](https://hackmd.io/_uploads/ByPyUdFrn.png) --- One last thing: let's see about that audience engagement tactic! --- ### Thank you! Big :bow: to Sahin! https://github.com/thesayyn https://www.linkedin.com/in/alexeagle/ https://blog.aspect.dev https://bazel-contrib.github.io/SIG-rules-authors/ After talks, come speak with me and my co-founder Greg!