In order centralize efforts this repo has been deprecated in favor of rules_distroless.
A ruleset for downloading debian-packages and including them in Container Images.
NOTE: this ruleset is heavily inspired by distroless
- Pinning of the debian-snapshot to use
- Pinning of packages using a single lockfile
- Fine-grained control over packages (and their dependencies) to exclude
- Fine-grained control over package-priorities
- Compatible with rules_docker
- Compatible with rules_oci
- There is no way to know which packages are already contained in previous layers, thus you have to be careful how you craft your package-repository.
From the release you wish to use:
https://github.com/betaboon/rules_debian_packages/releases
copy the WORKSPACE snippet into your WORKSPACE file.
To use a commit rather than a release, you can point at any SHA of the repo.
For example to use commit abc123:
- Replace
url = "https://github.com/betaboon/rules_debian_packages/releases/download/v0.1.0/rules_debian_packages-v0.1.0.tar.gz"with a GitHub-provided source archive likeurl = "https://github.com/betaboon/rules_debian_packages/archive/abc123.tar.gz" - Replace
strip_prefix = "rules_debian_packages-0.1.0"withstrip_prefix = "rules_debian_packages-abc123" - Update the
sha256. The easiest way to do this is to comment out the line, then Bazel will print a message with the correct value. Note that GitHub source archives don't have a strong guarantee on the sha256 stability, see https://github.blog/2023-02-21-update-on-the-future-stability-of-source-code-archives-and-hashes/
Usage of this ruleset involves three main steps:
- debian_packages_lockfile Generate a lockfile.
- debian_packages_repository Create a package repository.
- snapshots.yaml Specify snapshot versions.
- packages.yaml Specify packages to provide.