diff --git a/oci/private/auth_config_locator.bzl b/oci/private/auth_config_locator.bzl index c7e7fe6e..c39a2f84 100644 --- a/oci/private/auth_config_locator.bzl +++ b/oci/private/auth_config_locator.bzl @@ -1,10 +1,7 @@ "repository rule that locates the .docker/config.json or containers/auth.json file." load("@aspect_bazel_lib//lib:repo_utils.bzl", "repo_utils") - -def _file_exists(rctx, path): - result = rctx.execute(["stat", path]) - return result.return_code == 0 +load(":util.bzl", "util") # Path of the auth file is determined by the order described here; # https://github.com/google/go-containerregistry/tree/main/pkg/authn#tldr-for-consumers-of-this-package @@ -21,7 +18,7 @@ def _get_auth_file_path(rctx): config_path = "{}/config.json".format(DOCKER_CONFIG) - if _file_exists(rctx, config_path): + if util.file_exists(rctx, config_path): return config_path # https://docs.podman.io/en/latest/markdown/podman-login.1.html#authfile-path @@ -38,7 +35,7 @@ def _get_auth_file_path(rctx): if "REGISTRY_AUTH_FILE" in rctx.os.environ: config_path = rctx.os.environ["REGISTRY_AUTH_FILE"] - if _file_exists(rctx, config_path): + if util.file_exists(rctx, config_path): return config_path return None @@ -54,11 +51,11 @@ def _oci_auth_config_locator_impl(rctx): "\n", "Running one of `podman login`, `docker login`, `crane login` may help.", ], quiet = False) - rctx.file("config.json", "{}") + rctx.file("standard_authorization_config_path", "") else: - rctx.symlink(config_path, "config.json") + rctx.file("standard_authorization_config_path", config_path) - rctx.file("BUILD.bazel", """exports_files(["config.json"])""") + rctx.file("BUILD.bazel", """exports_files(["standard_authorization_config_path"])""") oci_auth_config_locator = repository_rule( implementation = _oci_auth_config_locator_impl, @@ -70,5 +67,7 @@ oci_auth_config_locator = repository_rule( # See: https://github.com/google/go-containerregistry/tree/main/pkg/authn#tldr-for-consumers-of-this-package for go implementation. "DOCKER_CONFIG", "REGISTRY_AUTH_FILE", + "XDG_RUNTIME_DIR", + "HOME", ], ) diff --git a/oci/private/pull.bzl b/oci/private/pull.bzl index 5388bf1a..bbfda2ca 100644 --- a/oci/private/pull.bzl +++ b/oci/private/pull.bzl @@ -25,8 +25,13 @@ _IMAGE_REFERENCE_ATTRS = { mandatory = True, ), "config": attr.label( - doc = "Label to a .docker/config.json file. by default this is generated by oci_auth_config in oci_register_toolchains macro.", - default = "@oci_auth_config//:config.json", + # TODO(2.0): remove + doc = "Label to a .docker/config.json file. `config` attribute overrides `config_path` attribute. DEPRECATED, will be removed in 2.0", + allow_single_file = True, + ), + "config_path": attr.label( + doc = "Label to a text file that contains the path of .docker/config.json. by default this is generated by oci_auth_config in oci_register_toolchains macro.", + default = "@oci_auth_config//:standard_authorization_config_path", allow_single_file = True, ), } @@ -288,9 +293,21 @@ Falling back to using `curl`. See https://github.com/bazelbuild/bazel/issues/178 return manifest, len(bytes) +def _get_auth_config_path(rctx): + path = "" + if rctx.attr.config: + path = rctx.path(rctx.attr.config) + elif rctx.attr.config_path: + path = rctx.read(rctx.path(rctx.attr.config_path)) + + if path: + return json.decode(rctx.read(path)) + + return {} + def _create_downloader(rctx): state = { - "config": json.decode(rctx.read(rctx.attr.config)), + "config": _get_auth_config_path(rctx), "auth": {}, "token": {}, } diff --git a/oci/private/util.bzl b/oci/private/util.bzl index 0824aec0..0662c30f 100644 --- a/oci/private/util.bzl +++ b/oci/private/util.bzl @@ -112,9 +112,16 @@ if defined args ( return win_launcher + +def _file_exists(rctx, path): + result = rctx.execute(["stat", path]) + return result.return_code == 0 + + util = struct( parse_image = _parse_image, sha256 = _sha256, warning = _warning, maybe_wrap_launcher_for_windows = _maybe_wrap_launcher_for_windows, + file_exists = _file_exists )