mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-27 00:19:36 -05:00
ae6b22a143
rules_oci spawns local container registry processes and in the past, those would not be cleaned up explicitly, leading to an accumulation of processes when using remote execution with buildbarn. This pre-release contains a fix: https://github.com/bazel-contrib/rules_oci/pull/421 Additionally, windows support for rules_oci was removed in this fork, since it is currently broken.
98 lines
2.5 KiB
Python
98 lines
2.5 KiB
Python
load("@com_github_ash2k_bazel_tools//multirun:def.bzl", "multirun")
|
|
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
|
|
load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push")
|
|
load("@rules_pkg//:pkg.bzl", "pkg_tar")
|
|
load("//bazel/oci:containers.bzl", "container_reponame")
|
|
load("//bazel/sh:def.bzl", "sh_template")
|
|
|
|
go_library(
|
|
name = "malicious-join_lib",
|
|
srcs = ["malicious-join.go"],
|
|
importpath = "github.com/edgelesssys/constellation/v2/e2e/malicious-join",
|
|
visibility = ["//visibility:public"],
|
|
deps = [
|
|
"//internal/attestation/variant",
|
|
"//internal/cloud/cloudprovider",
|
|
"//internal/grpc/dialer",
|
|
"//internal/logger",
|
|
"//joinservice/joinproto",
|
|
"@org_uber_go_zap//:zap",
|
|
"@org_uber_go_zap//zapcore",
|
|
],
|
|
)
|
|
|
|
go_binary(
|
|
name = "malicious-join_bin",
|
|
embed = [":malicious-join_lib"],
|
|
pure = "on",
|
|
race = "off",
|
|
visibility = ["//visibility:public"],
|
|
)
|
|
|
|
pkg_tar(
|
|
name = "layer",
|
|
srcs = [
|
|
":malicious-join_bin",
|
|
],
|
|
mode = "0755",
|
|
remap_paths = {"/malicious-join_bin": "/malicious-join_bin"},
|
|
)
|
|
|
|
oci_image(
|
|
name = "malicious-join_image",
|
|
base = "@distroless_static_linux_amd64",
|
|
entrypoint = ["/malicious-join_bin"],
|
|
tars = [
|
|
":layer",
|
|
],
|
|
visibility = ["//visibility:public"],
|
|
)
|
|
|
|
container_reponame(
|
|
name = "container_name",
|
|
container_name = "malicious-join-test",
|
|
)
|
|
|
|
genrule(
|
|
name = "malicious-join-test_repotag",
|
|
srcs = [
|
|
":container_name",
|
|
"//bazel/settings:tag",
|
|
],
|
|
outs = ["repotag.txt"],
|
|
cmd = "cat $(location :container_name) <(echo -n :) $(location //bazel/settings:tag) > $@",
|
|
visibility = ["//visibility:public"],
|
|
)
|
|
|
|
oci_push(
|
|
name = "malicious-join_push",
|
|
image = ":malicious-join_image",
|
|
remote_tags = "//bazel/settings:tag",
|
|
repository_file = ":container_name",
|
|
)
|
|
|
|
sh_template(
|
|
name = "template_job",
|
|
data = [
|
|
"job.yaml",
|
|
":repotag.txt",
|
|
"@yq_toolchains//:resolved_toolchain",
|
|
],
|
|
substitutions = {
|
|
"@@REPO_TAG@@": "$(rootpath :repotag.txt)",
|
|
"@@TEMPLATE@@": "$(rootpath :job.yaml)",
|
|
"@@YQ_BIN@@": "$(rootpath @yq_toolchains//:resolved_toolchain)",
|
|
},
|
|
template = "job_template.sh.in",
|
|
visibility = ["//visibility:public"],
|
|
)
|
|
|
|
multirun(
|
|
name = "stamp_and_push",
|
|
commands = [
|
|
":template_job",
|
|
":malicious-join_push",
|
|
],
|
|
visibility = ["//visibility:public"],
|
|
)
|