bazel: support packaging as docker image

Big picture: * Use Distroless containers from Google to have a minimal base image * Since we don't have bash in these containers change our LD_LIBRARY_PATH loader script to static Golang binaries * Mimic the layout/functionality of our existing images We don't package host shared libraries (glibc, libgcc) however, so we still need a solution to package those up, ideally with a clang sysroot.
redpanda-data · Jan 3, 2025 · 2d07fa8 · 2d07fa8
1 parent 5571870
commit 2d07fa8
Show file tree

Hide file tree

Showing 6 changed files with 813 additions and 28 deletions.
diff --git a/MODULE.bazel b/MODULE.bazel
@@ -270,6 +270,38 @@ crate.annotation(
     gen_build_script = "off",
 )
 
+# ====================================
+# OCI Base Images
+# ====================================
+bazel_dep(name = "rules_oci", version = "2.0.1", dev_dependency = True)
+
+oci = use_extension("@rules_oci//oci:extensions.bzl", "oci")
+
+# Use a distroless docker image that only comes with the following:
+#
+# ca-certificates
+# /etc/passwd entry for a root user
+# /tmp directory
+# tzdata
+# glibc
+# libgcc1
+oci.pull(
+    name = "distroless_cc_debian12",
+    # This is the latest nonroot tag
+    digest = "sha256:594b5200fd1f06d17a877ebee16d4af84a9a7ab83c898632a2d5609c0593cbab",
+    image = "gcr.io/distroless/cc-debian12",
+    platforms = [
+        "linux/amd64",
+        "linux/arm64/v8",
+    ],
+)
+use_repo(
+    oci,
+    "distroless_cc_debian12",
+    "distroless_cc_debian12_linux_amd64",
+    "distroless_cc_debian12_linux_arm64_v8",
+)
+
 # ====================================
 # clang-tidy
 # ====================================