To load these rules, add this to the top of your BUILD
file:
load("@rules_oci//oci:defs.bzl", ...)
oci_push_rule(name, image, remote_tags, repository, repository_file)
Push an oci_image or oci_image_index to a remote registry.
Internal rule used by the oci_push macro.
Pushing and tagging are performed sequentially which MAY lead to non-atomic pushes if one the following events occur;
- Remote registry rejects a tag due to various reasons. eg: forbidden characters, existing tags
- Remote registry closes the connection during the tagging
- Local network outages
In order to avoid incomplete pushes oci_push will push the image by its digest and then apply the remote_tags
sequentially at
the remote registry.
Any failure during pushing or tagging will be reported with non-zero exit code cause remaining steps to be skipped.
Push an oci_image to docker registry with latest tag
oci_image(name = "image")
oci_push(
image = ":image",
repository = "index.docker.io/<ORG>/image",
remote_tags = ["latest"]
)
Push a multi-architecture image to github container registry with a semver tag
oci_image(name = "app_linux_arm64")
oci_image(name = "app_linux_amd64")
oci_image(name = "app_windows_amd64")
oci_image_index(
name = "app_image",
images = [
":app_linux_arm64",
":app_linux_amd64",
":app_windows_amd64",
]
)
# This is defined in our /examples/push
stamp_tags(
name = "stamped",
remote_tags = ["""($stamp.BUILD_EMBED_LABEL // "0.0.0")"""],
)
oci_push(
image = ":app_image",
repository = "ghcr.io/<OWNER>/image",
remote_tags = ":stamped",
)
When running the pusher, you can pass flags:
- Override
repository
;-r|--repository
flag. e.g.bazel run //myimage:push -- --repository index.docker.io/<ORG>/image
- Tags in addition to remote_tags
remote_tags
;-t|--tag
flag, e.g.bazel run //myimage:push -- --tag latest
ATTRIBUTES
Name | Description | Type | Mandatory | Default |
---|---|---|---|---|
name | A unique name for this target. | Name | required | |
image | Label to an oci_image or oci_image_index | Label | required | |
remote_tags | a .txt file containing tags, one per line. These are passed to crane tag |
Label | optional | None |
repository | Repository URL where the image will be signed at, e.g.: index.docker.io/<user>/image . Digests and tags are not allowed. |
String | optional | "" |
repository_file | The same as 'repository' but in a file. This allows pushing to different repositories based on stamping. | Label | optional | None |
oci_push(name, remote_tags, tags, kwargs)
Macro wrapper around oci_push_rule.
Allows the remote_tags attribute to be a list of strings in addition to a text file.
PARAMETERS
Name | Description | Default Value |
---|---|---|
name | name of resulting oci_push_rule | none |
remote_tags | a list of tags to apply to the image after pushing, or a label of a file containing tags one-per-line. See stamped_tags as one example of a way to produce such a file. | None |
tags | Tags to propagate to targets declared by this macro. Input will be filtered to well known tags only. See [propagate_well_known_tags] (https://github.com/aspect-build/bazel-lib/blob/main/docs/utils.md#propagate_well_known_tags) for details. | [] |
kwargs | other named arguments to oci_push_rule. | none |