Migrating to rules_oci

slides: https://hackmd.io/@aspect/rules_oci

Regardless of language,

container images are the most popular deployment artifact.

Most Bazel users want them in bazel-out

About me

Maintainer rules_nodejs, rules_python, Aspect's rulesets
Ex-maintainer rules_docker
Started Rules Authors SIG with Helen and Keith

Private note to self: do something to engage audience now

Storytime: rules_docker

Once upon a time…
Matt started Chainguard
Scope got bigger than Google could fund

Not maintainable

Pusher and puller programs not released
Language-specific rules
Barely "keeping the lights on"

How many of you contributed to rules_docker? How did it go?

Key observations

Container images are just a tar of tars with a manifest.
rules_pkg can build tars.
Manifests are simple text files.

Capable image manipulation tools exist, e.g. crane

rules_oci doesn't need to do much!


digraph {
  compound=true
  rankdir=LR

  graph [ fontname="Source Sans Pro", fontsize=20 ];
  node [ fontname="Source Sans Pro", fontsize=18 ];

  subgraph cluster0 {
      registry [shape=none]
  }
  
  subgraph cluster1 {
    concentrate = true
    node [ fontname="Courier", fontsize=18];
    a [label="oci_pull"] [shape=box]
    b [label="oci_push"] 
    sync [label="oci_image" ]
    bin [label="*_binary"]
    tar [label="pkg_tar"]
    sync -> b 
    a -> sync 
    bin -> tar
    tar -> sync
    b -> registry
    registry -> a
    label="Typical usage"
  }
}