This ruleset designed to replace commands such as apt-get install
, passwd
, groupadd
, useradd
, update-ca-certificates
.
[!NOTE] rules_distroless is an beta software and doesn't have a stable Public API yet, however many are already using it in production.
See Adopters section to see who's already using it.
Our examples demonstrate how to accomplish typical tasks such as create a new user group or create a new home directory.
We also we have distroless-specific rules that could be useful
tar
archives./etc/os-release
file/usr/lib/locale
to be smaller.See the install instructions on the release notes: https://github.com/GoogleContainerTools/rules_distroless/releases
To use a commit rather than a release, you can point at any SHA of the repo.
With bzlmod, you can use archive_override
or git_override
. For WORKSPACE
, you modify the http_archive
call; for example to use commit abc123
with a WORKSPACE
file:
url = "https://github.com/GoogleContainerTools/rules_distroless/releases/download/v0.1.0/rules_distroless-v0.1.0.tar.gz"
with a GitHub-provided source archive like url = "https://github.com/GoogleContainerTools/rules_distroless/archive/abc123.tar.gz"
strip_prefix = "rules_distroless-0.1.0"
with strip_prefix = "rules_distroless-abc123"
sha256
. The easiest way to do this is to comment out the line, then Bazel will
print a message with the correct value.Note that GitHub source archives don't have a strong guarantee on the sha256 stability, see https://github.blog/2023-02-21-update-on-the-future-stability-of-source-code-archives-and-hashes
This ruleset is primarily funded to support distroless. We may not work on feature requests that do not support this mission. We will however accept fully tested contributions via pull requests if they align with the project goals (ex. a different compression format) and may reject requests that do not (ex. supporting a non deb
based packaging format).
An adopter? Add your company here by sending us a Pull Request.