constellation/e2e/malicious-join/BUILD.bazel
Malte Poll ae6b22a143
deps: update rules_oci to a pre-release version to fix memory leak (#2729)
rules_oci spawns local container registry processes and in the past,
those would not be cleaned up explicitly, leading to an accumulation
of processes when using remote execution with buildbarn.
This pre-release contains a fix: https://github.com/bazel-contrib/rules_oci/pull/421
Additionally, windows support for rules_oci was removed in this fork,
since it is currently broken.
2023-12-19 15:40:04 +01:00

98 lines
2.5 KiB
Python

load("@com_github_ash2k_bazel_tools//multirun:def.bzl", "multirun")
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push")
load("@rules_pkg//:pkg.bzl", "pkg_tar")
load("//bazel/oci:containers.bzl", "container_reponame")
load("//bazel/sh:def.bzl", "sh_template")
go_library(
name = "malicious-join_lib",
srcs = ["malicious-join.go"],
importpath = "github.com/edgelesssys/constellation/v2/e2e/malicious-join",
visibility = ["//visibility:public"],
deps = [
"//internal/attestation/variant",
"//internal/cloud/cloudprovider",
"//internal/grpc/dialer",
"//internal/logger",
"//joinservice/joinproto",
"@org_uber_go_zap//:zap",
"@org_uber_go_zap//zapcore",
],
)
go_binary(
name = "malicious-join_bin",
embed = [":malicious-join_lib"],
pure = "on",
race = "off",
visibility = ["//visibility:public"],
)
pkg_tar(
name = "layer",
srcs = [
":malicious-join_bin",
],
mode = "0755",
remap_paths = {"/malicious-join_bin": "/malicious-join_bin"},
)
oci_image(
name = "malicious-join_image",
base = "@distroless_static_linux_amd64",
entrypoint = ["/malicious-join_bin"],
tars = [
":layer",
],
visibility = ["//visibility:public"],
)
container_reponame(
name = "container_name",
container_name = "malicious-join-test",
)
genrule(
name = "malicious-join-test_repotag",
srcs = [
":container_name",
"//bazel/settings:tag",
],
outs = ["repotag.txt"],
cmd = "cat $(location :container_name) <(echo -n :) $(location //bazel/settings:tag) > $@",
visibility = ["//visibility:public"],
)
oci_push(
name = "malicious-join_push",
image = ":malicious-join_image",
remote_tags = "//bazel/settings:tag",
repository_file = ":container_name",
)
sh_template(
name = "template_job",
data = [
"job.yaml",
":repotag.txt",
"@yq_toolchains//:resolved_toolchain",
],
substitutions = {
"@@REPO_TAG@@": "$(rootpath :repotag.txt)",
"@@TEMPLATE@@": "$(rootpath :job.yaml)",
"@@YQ_BIN@@": "$(rootpath @yq_toolchains//:resolved_toolchain)",
},
template = "job_template.sh.in",
visibility = ["//visibility:public"],
)
multirun(
name = "stamp_and_push",
commands = [
":template_job",
":malicious-join_push",
],
visibility = ["//visibility:public"],
)