{"id":19054457,"url":"https://github.com/datadog/rules_oci","last_synced_at":"2025-07-25T16:41:28.817Z","repository":{"id":38329343,"uuid":"446577758","full_name":"DataDog/rules_oci","owner":"DataDog","description":"blazing fast Bazel rules for building OCI Images","archived":false,"fork":false,"pushed_at":"2024-05-22T21:09:54.000Z","size":35245,"stargazers_count":14,"open_issues_count":11,"forks_count":3,"subscribers_count":316,"default_branch":"main","last_synced_at":"2024-05-22T21:41:27.769Z","etag":null,"topics":["bazel","bazel-rules","oci","oras"],"latest_commit_sha":null,"homepage":"","language":"Starlark","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DataDog.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-01-10T20:50:39.000Z","updated_at":"2024-05-31T00:31:46.792Z","dependencies_parsed_at":"2024-01-25T17:56:47.123Z","dependency_job_id":"79dd29bd-e7e5-4722-aa07-9b3c6c93c842","html_url":"https://github.com/DataDog/rules_oci","commit_stats":{"total_commits":44,"total_committers":4,"mean_commits":11.0,"dds":0.2272727272727273,"last_synced_commit":"93fc7f94f9001e24144b53338df49699a51ef380"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DataDog%2Frules_oci","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DataDog%2Frules_oci/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DataDog%2Frules_oci/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DataDog%2Frules_oci/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DataDog","download_url":"https://codeload.github.com/DataDog/rules_oci/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240110039,"owners_count":19749234,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bazel","bazel-rules","oci","oras"],"created_at":"2024-11-08T23:38:27.316Z","updated_at":"2025-02-22T01:18:51.567Z","avatar_url":"https://github.com/DataDog.png","language":"Starlark","funding_links":[],"categories":[],"sub_categories":[],"readme":"## `rules_oci` - blazing fast Bazel rules for building OCI Images\n\nRULES_OCI IS HIGHLY EXPERIMENTAL WITH PLANNED BREAKING CHANGES, PLEASE DO NOT\nDEPEND ON FOR PRODUCTION USE-CASES.\n\nA Bazel rule-set for extending, creating and publishing OCI artifacts, including image\nmanifests, image indexes (multi-arch images) and custom artifacts\n([ORAS](https://github.com/oras-project)), with a focus on:\n* **Speed**, only pulling artifacts that are needed at build-time (no more long image pull times)\n* **Extensibility**, creating custom artifacts to leverage standard OCI distribution\n  APIs\n* **Multi-arch images**, compiling and building multi-arch images with a single Bazel invocation\n\nIn addition to Bazel rules, we offer many helpers for interacting with OCI\nartifacts under the `go/pkg` directory and a CLI tool for creating new OCI\nartifacts.\n\n`rules_oci` makes an effort to support Docker media types, but there is no\nguarantee of long-term support. Most CRI support the OCI types or there are\ntools available to convert [between the\nspecifications](https://github.com/opencontainers/image-spec/blob/v1.0.2/conversion.md).\n\n### Setup\n\n```\n# Load OCI Bootstrapping rules or copy the rule into your repository.\ngit_repository(\n    name = \"rules_oci_bootstrap\",\n    remote = \"https://github.com/DataDog/rules_oci_bootstrap.git\",\n    commit = \"75330296a80c4a5bfa228dc585ca9a9c3e56d45d\",\n)\n\nload(\"@rules_oci_bootstrap//:defs.bzl\", \"oci_blob_pull\")\noci_blob_pull(\n    name = \"com_github_datadog_rules_oci\",\n    digest = \"sha256:cc6c59ed7da6bb376552461e06068f883bbe335359c122c15dce3c24e19cd8e2\",\n    extract = True,\n    registry = \"ghcr.io\",\n    repository = \"datadog/rules_oci/rules\",\n    type = \"tar.gz\",\n)\n```\n\n### Docs\n\n[Rule API](docs/docs.md)\n\nExamples can be found in the `tests` directory.\n\n### How it works at a high level\n\nAt fetch-time we only pull down the manifest json that represents the\nstructure of the image, rather than pull down everything -- we call this a shallow\npull. We then modify the manifest and republish it with just the changed layers\nat \"bazel run\"-time.\n\nThis is perfect for the use-case of creating \"application images\", aka images\nwhere you just plop a binary on top of a base image. Some additional small\nchanges can be done such as injecting a shared library or a config file.\n\nWe've found in most cases we don't need to pull these additional layers as they\nwere pushed there previously or can copy (via the mount api) within the same\nregistry.\n\nThis has the downside that there is no verification of all of the content\nin the image, but this trade-off is worth the speed of not downloaded many GBs of\nbase images.\n\n### Roadmap\n* [ ] Flesh out code for non-shallow pulls and cases where the layers are coming\n      from a different registry.\n* [ ] Full Starlark DSL for creating custom artifacts, it's currently looks\n  a bit wonky\n* [ ] Support for the ORAS Artifact Spec\n* [ ] Support for custom artifact crawlers to pull artifacts that have children\nnot represented by the OCI Image Spec. Ex pulling a full CNAB bundle and all\ndependencies.\n* [ ] Benchmark against `rules_docker` and raw `docker build`.\n\n### FAQ\n\n**Comparison to `rules_docker`**\n* `rules_docker` is built on `go-containerregistry`, which is focused on Docker,\n  `rules_oci` uses `containerd` whose implementation complies more to the OCI spec\n  and more easily supports custom artifacts\n* `rules_oci` focused on supporting the OCI Image spec, rather than the Docker\n  spec\n* `rules_oci` doesn't have language specific rules, instead a higher-level\n  package can build on `rules_oci` to create rules like `go_image`\n* `rules_docker` doesn't have support for multi-arch images [#1599](https://github.com/bazelbuild/rules_docker/issues/1599)\n\n### Developing\n\n#### Updating dependencies\n\nRun `bzl run //:go -- get DEPENDENCY`\n\n#### Tests\n\nRun the tests using\n\n```\nbazel run //:bootstrap\nbazel test //...\n```\n\nYou will also need to make it possible for docker to access `ghcr.io` (see the code in\n[.github/workflows/main.yaml](.github/workflows/main.yaml) for what we do in CI; an equivalent\nmethod for local build using the [gh CLI](https://github.com/cli/cli) can be found\n[here](https://gist.github.com/mislav/e154d707db230dc882d7194ec85d79f6)).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatadog%2Frules_oci","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdatadog%2Frules_oci","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatadog%2Frules_oci/lists"}