Skip to content

Latest commit

 

History

History
120 lines (77 loc) · 4.8 KB

push.md

File metadata and controls

120 lines (77 loc) · 4.8 KB

To load these rules, add this to the top of your BUILD file:

load("@rules_oci//oci:defs.bzl", ...)

oci_push_rule

oci_push_rule(name, image, remote_tags, repository, repository_file)

Push an oci_image or oci_image_index to a remote registry.

Internal rule used by the oci_push macro.

Pushing and tagging are performed sequentially which MAY lead to non-atomic pushes if one the following events occur;

  • Remote registry rejects a tag due to various reasons. eg: forbidden characters, existing tags
  • Remote registry closes the connection during the tagging
  • Local network outages

In order to avoid incomplete pushes oci_push will push the image by its digest and then apply the remote_tags sequentially at the remote registry.

Any failure during pushing or tagging will be reported with non-zero exit code cause remaining steps to be skipped.

Push an oci_image to docker registry with latest tag

oci_image(name = "image")

oci_push(
    image = ":image",
    repository = "index.docker.io/<ORG>/image",
    remote_tags = ["latest"]
)

Push a multi-architecture image to github container registry with a semver tag

oci_image(name = "app_linux_arm64")

oci_image(name = "app_linux_amd64")

oci_image(name = "app_windows_amd64")

oci_image_index(
    name = "app_image",
    images = [
        ":app_linux_arm64",
        ":app_linux_amd64",
        ":app_windows_amd64",
    ]
)

# This is defined in our /examples/push
stamp_tags(
    name = "stamped",
    remote_tags = ["""($stamp.BUILD_EMBED_LABEL // "0.0.0")"""],
)

oci_push(
    image = ":app_image",
    repository = "ghcr.io/<OWNER>/image",
    remote_tags = ":stamped",
)

When running the pusher, you can pass flags:

  • Override repository; -r|--repository flag. e.g. bazel run //myimage:push -- --repository index.docker.io/<ORG>/image
  • Tags in addition to remote_tags remote_tags; -t|--tag flag, e.g. bazel run //myimage:push -- --tag latest

ATTRIBUTES

Name Description Type Mandatory Default
name A unique name for this target. Name required
image Label to an oci_image or oci_image_index Label required
remote_tags a .txt file containing tags, one per line. These are passed to crane tag Label optional None
repository Repository URL where the image will be signed at, e.g.: index.docker.io/<user>/image. Digests and tags are not allowed. String optional ""
repository_file The same as 'repository' but in a file. This allows pushing to different repositories based on stamping. Label optional None

oci_push

oci_push(name, remote_tags, tags, kwargs)

Macro wrapper around oci_push_rule.

Allows the remote_tags attribute to be a list of strings in addition to a text file.

PARAMETERS

Name Description Default Value
name name of resulting oci_push_rule none
remote_tags a list of tags to apply to the image after pushing, or a label of a file containing tags one-per-line. See stamped_tags as one example of a way to produce such a file. None
tags Tags to propagate to targets declared by this macro. Input will be filtered to well known tags only. See [propagate_well_known_tags] (https://github.com/aspect-build/bazel-lib/blob/main/docs/utils.md#propagate_well_known_tags) for details. []
kwargs other named arguments to oci_push_rule. none