From d8a6b9a0d76444975479bcc8dde3a4e2a4a5b8dc Mon Sep 17 00:00:00 2001 From: Appu Goundan Date: Sat, 28 Oct 2023 17:57:15 -0400 Subject: [PATCH] Build java 21 from temurin archives for debian 12 This is "experimental" and we shouldn't advertise it. TODO: 1. auto updater: check github releases for a new version and generate an appropriate java_archives.bzl 2. eventually cover java 11, 17 on debian 12 with temurin 3. ask someone with intimate knowledge of bazel how to get version from the custom repository_rule into the env of the container Signed-off-by: Appu Goundan --- BUILD | 67 +++++---- WORKSPACE | 4 + java/BUILD | 128 ++++++++++++++++-- java/control | 7 + .../java17_nonroot_debian12_certs.yaml | 9 -- .../java17_nonroot_debian12_encoding.yaml | 12 -- .../java17_nonroot_debian12_libharfbuzz.yaml | 8 -- java/testdata/java17_root_debian12_certs.yaml | 9 -- .../java17_root_debian12_encoding.yaml | 12 -- .../java17_root_debian12_libharfbuzz.yaml | 8 -- java/testdata/java21_debian12.yaml | 28 ++++ java/testdata/java21_debug_debian12.yaml | 29 ++++ java_archives.bzl | 62 +++++++++ private/remote/temurin_archive.bzl | 82 +++++++++++ 14 files changed, 373 insertions(+), 92 deletions(-) create mode 100644 java/control delete mode 100644 java/testdata/java17_nonroot_debian12_certs.yaml delete mode 100644 java/testdata/java17_nonroot_debian12_encoding.yaml delete mode 100644 java/testdata/java17_nonroot_debian12_libharfbuzz.yaml delete mode 100644 java/testdata/java17_root_debian12_certs.yaml delete mode 100644 java/testdata/java17_root_debian12_encoding.yaml delete mode 100644 java/testdata/java17_root_debian12_libharfbuzz.yaml create mode 100644 java/testdata/java21_debian12.yaml create mode 100644 java/testdata/java21_debug_debian12.yaml create mode 100644 java_archives.bzl create mode 100644 private/remote/temurin_archive.bzl diff --git a/BUILD b/BUILD index 444e3b18a..ab45f7d99 100644 --- a/BUILD +++ b/BUILD @@ -259,7 +259,7 @@ JAVA_ARCHITECTURES = BASE_ARCHITECTURES + [ "ppc64le", ] -JAVA_BASE_VARIATIONS = [ +JAVA_VARIATIONS = [ ("latest", "root"), ("nonroot", "nonroot"), ("debug", "debug_root"), @@ -280,34 +280,27 @@ JAVA_BASE = { JAVA_BASE |= { "{REGISTRY}/{PROJECT_ID}/java-base-debian11:" + tag_base + "-" + arch: "//java:java_base_" + label + "_" + arch + "_debian11" for arch in JAVA_ARCHITECTURES - for (tag_base, label) in JAVA_BASE_VARIATIONS + for (tag_base, label) in JAVA_VARIATIONS } JAVA_BASE |= { "{REGISTRY}/{PROJECT_ID}/java-base-debian12:" + tag_base + "-" + arch: "//java:java_base_" + label + "_" + arch + "_debian12" for arch in JAVA_ARCHITECTURES - for (tag_base, label) in JAVA_BASE_VARIATIONS + for (tag_base, label) in JAVA_VARIATIONS } # oci_image_index JAVA_BASE |= { "{REGISTRY}/{PROJECT_ID}/java-base-debian11:" + tag_base: "//java:java_base_" + label + "_debian11" - for (tag_base, label) in JAVA_BASE_VARIATIONS + for (tag_base, label) in JAVA_VARIATIONS } JAVA_BASE |= { "{REGISTRY}/{PROJECT_ID}/java-base-debian12:" + tag_base: "//java:java_base_" + label + "_debian12" - for (tag_base, label) in JAVA_BASE_VARIATIONS + for (tag_base, label) in JAVA_VARIATIONS } ## JAVA11 -JAVA11_VARIATIONS = [ - ("latest", "root"), - ("nonroot", "nonroot"), - ("debug", "debug_root"), - ("debug-nonroot", "debug_nonroot"), -] - JAVA11 = { "{REGISTRY}/{PROJECT_ID}/java11:latest": "//java:java11_root_amd64_debian11", "{REGISTRY}/{PROJECT_ID}/java11:nonroot": "//java:java11_nonroot_amd64_debian11", @@ -317,24 +310,17 @@ JAVA11 = { JAVA11 |= { "{REGISTRY}/{PROJECT_ID}/java11-debian11:" + tag_base + "-" + arch: "//java:java11_" + label + "_" + arch + "_debian11" - for (tag_base, label) in JAVA11_VARIATIONS + for (tag_base, label) in JAVA_VARIATIONS for arch in JAVA_ARCHITECTURES } # oci_image_index JAVA11 |= { "{REGISTRY}/{PROJECT_ID}/java11-debian11:" + tag_base: "//java:java11_" + label + "_debian11" - for (tag_base, label) in JAVA11_VARIATIONS + for (tag_base, label) in JAVA_VARIATIONS } ## JAVA17 -JAVA17_VARIATIONS = [ - ("latest", "root"), - ("nonroot", "nonroot"), - ("debug", "debug_root"), - ("debug-nonroot", "debug_nonroot"), -] - JAVA17 = { "{REGISTRY}/{PROJECT_ID}/java17:latest": "//java:java17_root_amd64_debian11", "{REGISTRY}/{PROJECT_ID}/java17-debian12:latest": "//java:java17_root_amd64_debian12", @@ -348,25 +334,49 @@ JAVA17 = { JAVA17 |= { "{REGISTRY}/{PROJECT_ID}/java17-debian11:" + tag_base + "-" + arch: "//java:java17_" + label + "_" + arch + "_debian11" - for (tag_base, label) in JAVA17_VARIATIONS + for (tag_base, label) in JAVA_VARIATIONS for arch in JAVA_ARCHITECTURES } JAVA17 |= { "{REGISTRY}/{PROJECT_ID}/java17-debian12:" + tag_base + "-" + arch: "//java:java17_" + label + "_" + arch + "_debian12" - for (tag_base, label) in JAVA17_VARIATIONS + for (tag_base, label) in JAVA_VARIATIONS for arch in JAVA_ARCHITECTURES } # oci_image_index JAVA17 |= { "{REGISTRY}/{PROJECT_ID}/java17-debian11:" + tag_base: "//java:java17_" + label + "_debian11" - for (tag_base, label) in JAVA17_VARIATIONS + for (tag_base, label) in JAVA_VARIATIONS } JAVA17 |= { "{REGISTRY}/{PROJECT_ID}/java17-debian12:" + tag_base: "//java:java17_" + label + "_debian12" - for (tag_base, label) in JAVA17_VARIATIONS + for (tag_base, label) in JAVA_VARIATIONS +} + +## JAVA 21 (experimental for now) +JAVA_21_ARCHITECTURES = [ + "amd64", + "arm64", + "ppc64le", +] + +JAVA21 = { + "{REGISTRY}/{PROJECT_ID}/java21-debian12:" + tag_base + "-" + arch: "//java:java21_" + label + "_" + arch + "_debian12" + for (tag_base, label) in JAVA_VARIATIONS + for arch in JAVA_21_ARCHITECTURES +} + +# oci_image_index +JAVA21 |= { + "{REGISTRY}/{PROJECT_ID}/java21:" + tag_base: "//java:java21_" + label + "_debian12" + for (tag_base, label) in JAVA_VARIATIONS +} + +JAVA21 |= { + "{REGISTRY}/{PROJECT_ID}/java21-debian12:" + tag_base: "//java:java21_" + label + "_debian12" + for (tag_base, label) in JAVA_VARIATIONS } ## JETTY @@ -401,9 +411,16 @@ ALL |= JAVA11 ALL |= JAVA17 +ALL |= JAVA21 + ALL |= JETTY sign_and_push_all( name = "sign_and_push", images = ALL, ) + +sign_and_push_all( + name = "sign_and_push_java21", + images = JAVA21, +) diff --git a/WORKSPACE b/WORKSPACE index 3d1a4cae5..e8689d237 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -93,6 +93,10 @@ load(":node_archives.bzl", node_repositories = "repositories") node_repositories() +load(":java_archives.bzl", java_repositories = "repositories") + +java_repositories() + # For Jetty http_archive( name = "jetty", diff --git a/java/BUILD b/java/BUILD index c49eb7c4f..abd5618e4 100644 --- a/java/BUILD +++ b/java/BUILD @@ -5,7 +5,6 @@ load("//base:base.bzl", "deb_pkg") load("//base:distro.bzl", "DISTROS") load("//cacerts:java.bzl", "cacerts_java") load("//java:jre_ver.bzl", "jre_ver") -load("//:checksums.bzl", ARCHITECTURES = "BASE_ARCHITECTURES") load("//:debian_versions.bzl", DEBIAN_VERSIONS = "DEBIAN_PACKAGE_VERSIONS") package(default_visibility = ["//visibility:public"]) @@ -15,14 +14,18 @@ USERS = [ "nonroot", ] -JAVA_ARCHITECTURES = ARCHITECTURES + [ +JAVA_ARCHITECTURES = [ + "amd64", + "arm64", "s390x", "ppc64le", ] -JAVA_VERSIONS = [ - "11", - "17", +JAVA_21_ARCHITECTURES = [ + "amd64", + "arm64", + # "s390x", adoptium doesn't have a build yet + "ppc64le", ] JAVA_VERSIONS_PER_DISTRO = [ @@ -58,6 +61,36 @@ JAVA_VERSIONS_PER_DISTRO = [ for java_version, distro in JAVA_VERSIONS_PER_DISTRO ] +# special case for java 21, we will start using temurin, the goal is to slowly transition all builds +# to temurin, to also back support java 11 on debian12. +[ + pkg_tar( + name = "temurin_jre_" + java_version + "_" + arch, + symlinks = { + "usr/bin/java": "/usr/lib/jvm/temurin" + java_version + "_jre_" + arch + "/bin/java", + }, + deps = [ + "@temurin" + java_version + "_jre_" + arch, + ], + ) + for arch in JAVA_21_ARCHITECTURES + for java_version in ["21"] +] + +[ + pkg_tar( + name = "temurin_jdk_" + java_version + "_" + arch, + symlinks = { + "usr/bin/java": "/usr/lib/jvm/temurin" + java_version + "_jdk_" + arch + "/bin/java", + }, + deps = [ + "@temurin" + java_version + "_jdk_" + arch, + ], + ) + for arch in JAVA_21_ARCHITECTURES + for java_version in ["21"] +] + # Base [ oci_image_index( @@ -196,6 +229,81 @@ DISTRO_SPECIFIC_LIBRARIES = { for java_version, distro in JAVA_VERSIONS_PER_DISTRO ] +# Temurin Java 21 +[ + oci_image_index( + name = "java" + java_version + "_" + user + "_" + distro, + images = [ + "java" + java_version + "_" + user + "_" + arch + "_" + distro + for arch in JAVA_21_ARCHITECTURES + ], + ) + for user in USERS + for java_version, distro in [("21", "debian12")] +] + +[ + oci_image( + name = "java" + java_version + "_" + user + "_" + arch + "_" + distro, + base = ":java_base_" + user + "_" + arch + "_" + distro, + # We expect users to use: + # cmd = ["/path/to/deploy.jar", "--option1", ...] + entrypoint = [ + "/usr/bin/java", + "-jar", + ], + # TODO: I don't know how to set this correctly in bazel yet, so lets get + # someone who is a bazel expert to help with this to get this informations + # directly from the custom repository rule + # env = { + # "JAVA_VERSION": TBD, + # }, + tars = [ + ":temurin_jre_" + java_version + "_" + arch, + ], + ) + for arch in JAVA_21_ARCHITECTURES + for user in USERS + for java_version, distro in [("21", "debian12")] +] + +# Temurin Java 21 Debug +[ + oci_image_index( + name = "java" + java_version + "_debug_" + user + "_" + distro, + images = [ + "java" + java_version + "_debug_" + user + "_" + arch + "_" + distro + for arch in JAVA_21_ARCHITECTURES + ], + ) + for user in USERS + for java_version, distro in [("21", "debian12")] +] + +[ + oci_image( + name = "java" + java_version + "_debug_" + user + "_" + arch + "_" + distro, + architecture = arch, + base = ":java_base_debug_" + user + "_" + arch + "_" + distro, + # We expect users to use: + # cmd = ["/path/to/deploy.jar", "--option1", ...] + entrypoint = [ + "/usr/bin/java", + "-jar", + ], + # see oci_image for non debug image + # env = { + # "JAVA_VERSION": TBD , + # }, + tars = [ + ":temurin_jdk_" + java_version + "_" + arch, + ], + ) + for user in USERS + for arch in JAVA_21_ARCHITECTURES + for java_version, distro in [("21", "debian12")] +] + [ structure_test( name = "java_base" + mode + "_" + user + "_" + arch + "_" + distro + "_test", @@ -225,9 +333,9 @@ DISTRO_SPECIFIC_LIBRARIES = { "manual", ], ) - for arch in JAVA_ARCHITECTURES for user in USERS - for java_version, distro in JAVA_VERSIONS_PER_DISTRO + for java_version, distro in JAVA_VERSIONS_PER_DISTRO + [("21", "debian12")] + for arch in (JAVA_ARCHITECTURES if java_version != "21" else JAVA_21_ARCHITECTURES) ] [ @@ -240,9 +348,9 @@ DISTRO_SPECIFIC_LIBRARIES = { "manual", ], ) - for arch in JAVA_ARCHITECTURES for user in USERS - for java_version, distro in JAVA_VERSIONS_PER_DISTRO + for java_version, distro in JAVA_VERSIONS_PER_DISTRO + [("21", "debian12")] + for arch in (JAVA_ARCHITECTURES if java_version != "21" else JAVA_21_ARCHITECTURES) ] RULE_NAMES = [ @@ -252,6 +360,8 @@ RULE_NAMES = [ ("java17_root_debian12", "java17_root_amd64_debian12"), ("java17_nonroot_debian11", "java17_nonroot_amd64_debian11"), ("java17_nonroot_debian12", "java17_nonroot_amd64_debian12"), + ("java21_root_debian12", "java21_root_amd64_debian12"), + ("java21_nonroot_debian12", "java21_nonroot_amd64_debian12"), ] [ diff --git a/java/control b/java/control new file mode 100644 index 000000000..1770459c3 --- /dev/null +++ b/java/control @@ -0,0 +1,7 @@ +Package: Eclipse Temurin +Version: {{VERSION}} +Architecture: {{ARCHITECTURE}} +Maintainer: Adoptium Working Group +Homepage: https://adoptium.net +SHA256: {{SHA256}} +Description: Eclipse Temurin is the name of the OpenJDK distribution from Adoptium. diff --git a/java/testdata/java17_nonroot_debian12_certs.yaml b/java/testdata/java17_nonroot_debian12_certs.yaml deleted file mode 100644 index 951a12278..000000000 --- a/java/testdata/java17_nonroot_debian12_certs.yaml +++ /dev/null @@ -1,9 +0,0 @@ -schemaVersion: "1.0.0" -commandTests: - - name: connect_to_https_google_com - # This is a bit ugly because structure tests can't test the default entrypoint yet. - command: ["/usr/bin/java", - "-cp", - "/check_certs_java17_nonroot_debian12_binary.jar:/check_certs_java17_nonroot_debian12_binary", - "testdata.CheckCerts"] - expectedOutput: ['Successfully connected: 200'] diff --git a/java/testdata/java17_nonroot_debian12_encoding.yaml b/java/testdata/java17_nonroot_debian12_encoding.yaml deleted file mode 100644 index 92c39f954..000000000 --- a/java/testdata/java17_nonroot_debian12_encoding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -schemaVersion: "1.0.0" -commandTests: - - name: check_encoding - command: ["/usr/bin/java", - "-cp", - "/check_encoding_java17_nonroot_debian12_binary.jar:/check_encoding_java17_nonroot_debian12_binary", - "testdata.CheckEncoding"] - expectedOutput: ['LANG=C.UTF-8', - 'Locale.getDefault\(\)=en', - 'Charset.defaultCharset\(\)=UTF-8', - 'file.encoding=UTF-8', - 'sun.jnu.encoding=UTF-8'] diff --git a/java/testdata/java17_nonroot_debian12_libharfbuzz.yaml b/java/testdata/java17_nonroot_debian12_libharfbuzz.yaml deleted file mode 100644 index 1a34a7e2f..000000000 --- a/java/testdata/java17_nonroot_debian12_libharfbuzz.yaml +++ /dev/null @@ -1,8 +0,0 @@ -schemaVersion: "1.0.0" -commandTests: - - name: check_libharfbuzz - command: ["/usr/bin/java", - "-cp", - "/check_libharfbuzz_java17_nonroot_debian12_binary.jar:/check_libharfbuzz_java17_nonroot_debian12_binary", - "testdata.CheckLibharfbuzz"] - expectedOutput: ['^\d+ fonts available'] diff --git a/java/testdata/java17_root_debian12_certs.yaml b/java/testdata/java17_root_debian12_certs.yaml deleted file mode 100644 index a7688eaa6..000000000 --- a/java/testdata/java17_root_debian12_certs.yaml +++ /dev/null @@ -1,9 +0,0 @@ -schemaVersion: "1.0.0" -commandTests: - - name: connect_to_https_google_com - # This is a bit ugly because structure tests can't test the default entrypoint yet. - command: ["/usr/bin/java", - "-cp", - "/check_certs_java17_root_debian12_binary.jar:/check_certs_java17_root_debian12_binary", - "testdata.CheckCerts"] - expectedOutput: ['Successfully connected: 200'] diff --git a/java/testdata/java17_root_debian12_encoding.yaml b/java/testdata/java17_root_debian12_encoding.yaml deleted file mode 100644 index 695ef1022..000000000 --- a/java/testdata/java17_root_debian12_encoding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -schemaVersion: "1.0.0" -commandTests: - - name: check_encoding - command: ["/usr/bin/java", - "-cp", - "/check_encoding_java17_root_debian12_binary.jar:/check_encoding_java17_root_debian12_binary", - "testdata.CheckEncoding"] - expectedOutput: ['LANG=C.UTF-8', - 'Locale.getDefault\(\)=en', - 'Charset.defaultCharset\(\)=UTF-8', - 'file.encoding=UTF-8', - 'sun.jnu.encoding=UTF-8'] diff --git a/java/testdata/java17_root_debian12_libharfbuzz.yaml b/java/testdata/java17_root_debian12_libharfbuzz.yaml deleted file mode 100644 index 6efd5d2fb..000000000 --- a/java/testdata/java17_root_debian12_libharfbuzz.yaml +++ /dev/null @@ -1,8 +0,0 @@ -schemaVersion: "1.0.0" -commandTests: - - name: check_libharfbuzz - command: ["/usr/bin/java", - "-cp", - "/check_libharfbuzz_java17_root_debian12_binary.jar:/check_libharfbuzz_java17_root_debian12_binary", - "testdata.CheckLibharfbuzz"] - expectedOutput: ['^\d+ fonts available'] diff --git a/java/testdata/java21_debian12.yaml b/java/testdata/java21_debian12.yaml new file mode 100644 index 000000000..9d3ecf154 --- /dev/null +++ b/java/testdata/java21_debian12.yaml @@ -0,0 +1,28 @@ +schemaVersion: "2.0.0" +commandTests: + - name: java + command: "/usr/lib/jvm/temurin21_jre_amd64/bin/java" + args: ["-version"] + expectedError: ['openjdk version "21.0.1"'] + - name: java-symlink + command: "/usr/bin/java" + args: ["-version"] + expectedError: ['openjdk version "21.0.1"'] +fileExistenceTests: + - name: certs + path: "/etc/ssl/certs/java/cacerts" + shouldExist: true + - name: no-busybox + path: "/busybox/sh" + shouldExist: false + - name: no-shell + path: "/bin/sh" + shouldExist: false + - name: no-javac + path: "/usr/lib/jvm/temurin21_jre_amd64/bin/javac" + shouldExist: false +# todo +# metadataTest: +# envVars: +# - key: 'JAVA_VERSION' +# value: '21.0.1' diff --git a/java/testdata/java21_debug_debian12.yaml b/java/testdata/java21_debug_debian12.yaml new file mode 100644 index 000000000..096b8a24b --- /dev/null +++ b/java/testdata/java21_debug_debian12.yaml @@ -0,0 +1,29 @@ +schemaVersion: "2.0.0" +commandTests: + - name: java + command: "/usr/lib/jvm/temurin21_jdk_amd64/bin/java" + args: ["-version"] + expectedError: ['openjdk version "21.0.1"'] + - name: java-symlink + command: "/usr/bin/java" + args: ["-version"] + expectedError: ['openjdk version "21.0.1"'] + - name: javac + command: "/usr/lib/jvm/temurin21_jdk_amd64/bin/javac" + args: ["-version"] + expectedOutput: ['javac 21.0.1'] +fileExistenceTests: + - name: certs + path: "/etc/ssl/certs/java/cacerts" + shouldExist: true + - name: busybox + path: "/busybox/sh" + shouldExist: true + - name: no-shell + path: "/bin/sh" + shouldExist: false +# TODO +# metadataTest: +# envVars: +# - key: 'JAVA_VERSION' +# value: '17.0.8' diff --git a/java_archives.bzl b/java_archives.bzl new file mode 100644 index 000000000..fee1e3a15 --- /dev/null +++ b/java_archives.bzl @@ -0,0 +1,62 @@ +load("//private/remote:temurin_archive.bzl", "temurin_archive") + +def repositories(): + temurin_archive( + name = "temurin21_jre_amd64", + sha256 = "277f4084bee875f127a978253cfbaad09c08df597feaf5ccc82d2206962279a3", + strip_prefix = "jdk-21.0.1+12-jre", + urls = ["https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.1+12/OpenJDK21U-jre_x64_linux_hotspot_21.0.1_12.tar.gz"], + version = "21.0.1+12", + architecture = "amd64", + control = "//java:control", + ) + + temurin_archive( + name = "temurin21_jdk_amd64", + sha256 = "1a6fa8abda4c5caed915cfbeeb176e7fbd12eb6b222f26e290ee45808b529aa1", + strip_prefix = "jdk-21.0.1+12", + urls = ["https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.1+12/OpenJDK21U-jdk_x64_linux_hotspot_21.0.1_12.tar.gz"], + version = "21.0.1+12", + architecture = "amd64", + control = "//java:control", + ) + + temurin_archive( + name = "temurin21_jre_arm64", + sha256 = "4582c4cc0c6d498ba7a23fdb0a5179c9d9c0d7a26f2ee8610468d5c2954fcf2f", + strip_prefix = "jdk-21.0.1+12-jre", + urls = ["https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.1%2B12/OpenJDK21U-jre_aarch64_linux_hotspot_21.0.1_12.tar.gz"], + version = "21.0.1+12", + architecture = "arm64", + control = "//java:control", + ) + + temurin_archive( + name = "temurin21_jdk_arm64", + sha256 = "e184dc29a6712c1f78754ab36fb48866583665fa345324f1a79e569c064f95e9", + strip_prefix = "jdk-21.0.1+12", + urls = ["https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.1%2B12/OpenJDK21U-jdk_aarch64_linux_hotspot_21.0.1_12.tar.gz"], + version = "21.0.1+12", + architecture = "arm64", + control = "//java:control", + ) + + temurin_archive( + name = "temurin21_jre_ppc64le", + sha256 = "05cc9b7bfbe246c27d307783b3d5095797be747184b168018ae3f7cc55608db2", + strip_prefix = "jdk-21.0.1+12-jre", + urls = ["https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.1%2B12/OpenJDK21U-jre_ppc64le_linux_hotspot_21.0.1_12.tar.gz"], + version = "21.0.1+12", + architecture = "ppc64le", + control = "//java:control", + ) + + temurin_archive( + name = "temurin21_jdk_ppc64le", + sha256 = "9574828ef3d735a25404ced82e09bf20e1614f7d6403956002de9cfbfcb8638f", + strip_prefix = "jdk-21.0.1+12", + urls = ["https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.1%2B12/OpenJDK21U-jdk_ppc64le_linux_hotspot_21.0.1_12.tar.gz"], + version = "21.0.1+12", + architecture = "ppc64le", + control = "//java:control", + ) diff --git a/private/remote/temurin_archive.bzl b/private/remote/temurin_archive.bzl new file mode 100644 index 000000000..a45b434ad --- /dev/null +++ b/private/remote/temurin_archive.bzl @@ -0,0 +1,82 @@ +BUILD_TMPL = """\ +# GENERATED BY temurin_archive.bzl +load("@distroless//private/pkg:debian_spdx.bzl", "debian_spdx") +load("@distroless//private/util:merge_providers.bzl", "merge_providers") +load("@rules_pkg//:pkg.bzl", "pkg_tar") + +pkg_tar( + name = "data", + srcs = glob( + ["output/**/*"], + ), + package_dir = "/usr/lib/jvm/{name}", + strip_prefix = "external/{name}/output" +) + +pkg_tar( + name = "_control", + srcs = ["control"] +) + +debian_spdx( + name = "spdx", + control = ":_control.tar", + data = ":data.tar", + package_name = "{package_name}", + spdx_id = "{spdx_id}", + sha256 = "{sha256}", + urls = [{urls}] +) + +merge_providers( + name = "{name}", + srcs = [":data", ":spdx"], + visibility = ["//visibility:public"], +) +""" + +def _impl(rctx): + rctx.report_progress("Fetching {}".format(rctx.attr.package_name)) + rctx.download_and_extract( + url = rctx.attr.urls, + sha256 = rctx.attr.sha256, + type = rctx.attr.type, + stripPrefix = rctx.attr.strip_prefix, + output = "output", + ) + rctx.template( + "control", + rctx.attr.control, + substitutions = { + "{{VERSION}}": rctx.attr.version, + "{{ARCHITECTURE}}": rctx.attr.architecture, + "{{SHA256}}": rctx.attr.sha256, + }, + ) + rctx.file( + "BUILD.bazel", + content = BUILD_TMPL.format( + name = rctx.attr.name, + package_name = rctx.attr.package_name, + version = rctx.attr.version, + spdx_id = rctx.attr.name, + urls = ",".join(['"%s"' % url for url in rctx.attr.urls]), + sha256 = rctx.attr.sha256, + ), + ) + +temurin_archive = repository_rule( + implementation = _impl, + attrs = { + "urls": attr.string_list(mandatory = True), + "sha256": attr.string(mandatory = True), + "type": attr.string(default = ".tar.gz"), + "strip_prefix": attr.string(), + "package_name": attr.string(default = "temurin"), + "version": attr.string(mandatory = True), + "architecture": attr.string(mandatory = True), + # control is only used to populate the sbom, see https://github.com/GoogleContainerTools/distroless/issues/1373 + # for why writing debian control files to the image is incompatible with scanners. + "control": attr.label(), + }, +)