thoughtpolice
commented
1 year ago Unfortunately this task is highly non-trivial in general as you can see from the implementation of something like those docker_build rules. I suspect this is unfortunately one of those cases where the answer is "no, but patches are welcome"
There are alternatives to crafting an entire bespoke filesystem image yourself, some tools can help you. For example, the tool buildah can create an OCI image from a directory you give it, so you can craft any filesystem layout for the container you want. I suspect this would be a great solution for Go binaries — you can just put the binary in a directory, pack it into an OCI image, and then ship that to your container registry. This is what people typically call "distroless containers", as they only contain your binary and whatever else they need (other binaries, maybe config files or startup scripts). This assumes your binary is fully statically linked. A rule like this, buildah_container_image or something, is probably ~30ish lines of Starlark total.
https://github.com/containers/buildah/blob/main/demos/buildah-scratch-demo.sh
If you do need distro-based containers, or something like them (e.g. your go app uses cgo and therefore needs libc.so.6), you can still use something like buildah. But you'd be on the hook for also populating a filesystem root for the container to use, based on some distro of your choosing. That's... it's own whole story.
ndmitchell
salrashid123
imjasonh
I'm evaluating buck2 with the specific intent to generate container images that are deterministic
i do know you can do this with bazel and in golang with ko:
but the state of the underlying library set is...well:
i manged to build a simple go app with buck2 but struggling to find an example that would generate a container image.
Is this even possible with buck2 at the moment (any examples would go a long way).