Skip to content

GoogleContainerTools/rules_distroless

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

42 Commits

.bcr

.bcr

 
 

.github/workflows

.github/workflows

 
 

apt

apt

 
 

distroless

distroless

 
 

docs

docs

 
 

e2e/smoke

e2e/smoke

 
 

examples

examples

 
 

.bazelignore

.bazelignore

 
 

.bazelrc

.bazelrc

 
 

.bazelversion

.bazelversion

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

.pre-commit-config.yaml

.pre-commit-config.yaml

 
 

.prettierignore

.prettierignore

 
 

BUILD.bazel

BUILD.bazel

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

LICENSE

LICENSE

 
 

MODULE.bazel

MODULE.bazel

 
 

MODULE.bazel.lock

MODULE.bazel.lock

 
 

README.md

README.md

 
 

SECURITY.md

SECURITY.md

 
 

WORKSPACE.bazel

WORKSPACE.bazel

 
 

Repository files navigation

Bazel rules for fetching Debian packages

This ruleset designed to replace commands such as apt-get install, passwd, groupadd, useradd, update-ca-certificates.

Note

rules_distroless is an beta software and doesn't have a stable Public API yet, however many are already using it in production.

See Adopters section to see who's already using it.

Usage

Our examples demonstrate how to accomplish typical tasks such as create a new user group or create a new home directory.

We also we have distroless-specific rules that could be useful

  • flatten: flatten multiple tar archives.
  • os_release: create a /etc/os-release file
  • locale: strip /usr/lib/locale to be smaller.
  • dpkg_statusd: creates a package database at /var/lib/dpkg/status.d for scanners to discover installed packages.

Public API Docs

  • apt Repository rule for fetching/installing Debian/Ubuntu packages.
  • linux Various rules for creating Linux specific files.

Installation

See the install instructions on the release notes: https://github.com/GoogleContainerTools/rules_distroless/releases

To use a commit rather than a release, you can point at any SHA of the repo.

With bzlmod, you can use archive_override or git_override. For WORKSPACE, you modify the http_archive call; for example to use commit abc123 with a WORKSPACE file:

  1. Replace url = "https://github.com/GoogleContainerTools/rules_distroless/releases/download/v0.1.0/rules_distroless-v0.1.0.tar.gz" with a GitHub-provided source archive like url = "https://github.com/GoogleContainerTools/rules_distroless/archive/abc123.tar.gz"
  2. Replace strip_prefix = "rules_distroless-0.1.0" with strip_prefix = "rules_distroless-abc123"
  3. Update the sha256. The easiest way to do this is to comment out the line, then Bazel will print a message with the correct value.

Note that GitHub source archives don't have a strong guarantee on the sha256 stability, see https://github.blog/2023-02-21-update-on-the-future-stability-of-source-code-archives-and-hashes

Contributing

This ruleset is primarily funded to support distroless. We may not work on feature requests that do not support this mission. We will however accept fully tested contributions via pull requests if they align with the project goals (ex. a different compression format) and may reject requests that do not (ex. supporting a non deb based packaging format).

Adopters

An adopter? Add your company here by sending us a Pull Request.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity
Custom properties

Stars

27 stars

Watchers

8 watching

Forks

12 forks
Report repository

Releases

15 tags

Packages

No packages published

Contributors 8

Languages