refactor: registryless oci_image

MODULE.bazel

@@ -12,9 +12,16 @@ bazel_dep(name = "platforms", version = "0.0.8")
 
 oci = use_extension("//oci:extensions.bzl", "oci")
 oci.toolchains()
-use_repo(oci, "oci_crane_registry_toolchains", "oci_crane_toolchains")
+use_repo(oci, "oci_crane_toolchains", "oci_regctl_toolchains")
 
-register_toolchains("@oci_crane_toolchains//:all", "@oci_crane_registry_toolchains//:all")
+register_toolchains("@oci_crane_toolchains//:all", "@oci_regctl_toolchains//:all")
+
+# Workaround https://github.com/aspect-build/bazel-lib/pull/832
+zstd = use_extension("@aspect_bazel_lib//lib:extensions.bzl", "toolchains")
+zstd.zstd()
+use_repo(zstd, "zstd_toolchains")
+
+register_toolchains("@zstd_toolchains//:all")
 
 # Dev dependencies
 bazel_lib = use_extension("@aspect_bazel_lib//lib:extensions.bzl", "toolchains", dev_dependency = True)

e2e/pull/wksp/MODULE.bazel

@@ -11,7 +11,7 @@ local_path_override(
 oci = use_extension("@rules_oci//oci:extensions.bzl", "oci")
 oci.pull(
     name = "empty_image",
-    digest = "sha256:2d4595bbc0fabeb1489b1071f56c26f44a2f495afaa9386ad7d24e7b3d8dfd3e",
+    digest = "sha256:e40e202a677ddddeaaf4603df278a6da42130d750622f1b1130bdafe6876a6e0",
     image = "http://localhost:1447/empty_image",
 )
 use_repo(oci, "empty_image")

e2e/pull/wksp/WORKSPACE

@@ -15,6 +15,6 @@ load("@rules_oci//oci:pull.bzl", "oci_pull")
 
 oci_pull(
     name = "empty_image",
-    digest = "sha256:2d4595bbc0fabeb1489b1071f56c26f44a2f495afaa9386ad7d24e7b3d8dfd3e",
+    digest = "sha256:e40e202a677ddddeaaf4603df278a6da42130d750622f1b1130bdafe6876a6e0",
     image = "http://localhost:1447/empty_image",
 )

examples/big_image/BUILD.bazel

@@ -1,38 +1,60 @@
-load("@rules_pkg//pkg:tar.bzl", "pkg_tar")
-load("//oci:defs.bzl", "oci_image")
-
+load("@aspect_bazel_lib//lib:tar.bzl", "tar")
+load("//oci:defs.bzl", "oci_image", "oci_tarball")
 
 # These numbers were gathered on a `Apple M2 Pro`
 # Darwin Kernel Version 23.2.0: Wed Nov 15 21:55:06 PST 2023; root:xnu-10002.61.3~2/RELEASE_ARM64_T6020
 # 10 CPU x 32GB RAM
 
 # 1- Create an image with 10 layers 3GiB each.
 # Perf: `< 50s`
-N_BASE_LAYERS=10
+N_BASE_LAYERS = 10
 
 genrule(
     name = "3gib_file",
-    cmd = "mkfile 3G $@",
     outs = ["3gib_file.out"],
+    cmd = "head -c 314572800 < /dev/urandom > $@",
+    local = True,
     tags = ["manual"],
 )
 
 [
-    pkg_tar(
+    tar(
+        name = "blayer_%s" % i,
+        srcs = ["3gib_file"],
+        compress = "gzip",
+        mtree = [
+            "%s.dat uid=0 gid=0 mode=0755 type=file contents=$(location :3gib_file)" % i,
+        ],
+        tags = ["manual"],
+    )
+    for i in range(0, 5)
+]
+
+[
+    tar(
         name = "blayer_%s" % i,
         srcs = ["3gib_file"],
-        package_dir = "blayer_%s" % i,
+        compress = "zstd",
+        mtree = [
+            "%s.dat uid=0 gid=0 mode=0755 type=file contents=$(location :3gib_file)" % i,
+        ],
         tags = ["manual"],
     )
-    for i in range(N_BASE_LAYERS)
+    for i in range(5, 10)
 ]
 
 oci_image(
     name = "base",
-    os = "linux",
     architecture = "arm64",
-    tars = [":blayer_%s" % i for i in range(N_BASE_LAYERS)],
+    os = "linux",
     tags = ["manual"],
+    tars = [":blayer_%s" % i for i in range(N_BASE_LAYERS)],
+)
+
+oci_tarball(
+    name = "evil",
+    image = ":base",
+    repo_tags = ["hello:test"],
 )
 
 # 2- Create an image that extends the base without adding additional layers
@@ -44,28 +66,24 @@ oci_image(
     tags = ["manual"],
 )
 
-
-
 # 3- Create an image that extends the base with additional layers
 # Perf: `< 2s` if bazel doesn't permit tree artifact symlinks (for copying the base layers)
 # Perf: `< 0.5s` if bazel permits tree artifact symlinks (for linking the base layers)
 # Perf: `< 20s` for adding the new 5 layers, 3gib each.
-N_LAYERS=5
+N_LAYERS = 5
 
 [
-    pkg_tar(
+    tar(
         name = "layer_%s" % i,
         srcs = ["3gib_file"],
         tags = ["manual"],
     )
     for i in range(N_LAYERS)
 ]
 
-
 oci_image(
     name = "extended",
     base = ":base",
-    tars = [":layer_%s" % i for i in range(N_LAYERS)],
     tags = ["manual"],
+    tars = [":layer_%s" % i for i in range(N_LAYERS)],
 )
-

examples/env/BUILD.bazel

@@ -19,7 +19,7 @@ expand_template(
 
 oci_image(
     name = "image",
-    base = "@ubuntu",
+    base = "@debian",
     cmd = ["test.sh"],
     env = ":env",
     tars = ["app.tar"],

examples/env_inheritance/BUILD.bazel

@@ -1,23 +1,23 @@
+load("@aspect_bazel_lib//lib:tar.bzl", "tar")
 load("@aspect_bazel_lib//lib:testing.bzl", "assert_contains")
 load("@container_structure_test//:defs.bzl", "container_structure_test")
-load("@rules_pkg//pkg:tar.bzl", "pkg_tar")
 load("//oci:defs.bzl", "oci_image")
 
-pkg_tar(
+tar(
     name = "app",
     srcs = ["test.bash"],
 )
 
 oci_image(
     name = "middle_image",
-    base = "@ubuntu",
+    base = "@ubuntu_linux_amd64",
     cmd = ["test.sh"],
     env = {
         "ENV1": "$PATH:/test",
         "ENV2": "/prepend:${PATH}:/test2",
         "ENV3": "key1=value1 key2=value2",
     },
-    tars = ["app.tar"],
+    tars = [":app"],
 )
 
 oci_image(
@@ -45,9 +45,5 @@ genrule(
 assert_contains(
     name = "check_digest",
     actual = ":hash",
-    expected = "sha256:d15c83f8f8438e5e05ff40478dc98ad923e9afa272b6630c5b29baf6f7e93585",
-    # TODO: enable once there's a new version of crane
-    # https://github.com/google/go-containerregistry/issues/1542
-    # https://github.com/bazel-contrib/rules_oci/issues/58
-    tags = ["manual"],
+    expected = "sha256:71b67123d22c29a52e69c46e77bf63eced4c0d21c46e7d1c346c6afe7c79ca01",
 )

examples/env_inheritance/test.yaml

@@ -3,7 +3,7 @@ schemaVersion: "2.0.0"
 commandTests:
   - name: "echo hello"
     command: "bash"
-    args: ["test.bash"]
+    args: ["examples/env_inheritance/test.bash"]
     expectedOutput: ["hello world!"]
 
 metadataTest:

examples/multi_arch/BUILD.bazel

@@ -43,5 +43,5 @@ genrule(
 assert_contains(
     name = "check_digest",
     actual = ":hash",
-    expected = "sha256:a5285d5827015227664ab5a2334a32b9750bd6ec8cfe3b655376b997f020eb43",
+    expected = "sha256:57e3811e25d18fe08b36359a690c100e231ad0af4d18ad76e26016b11e25450c",
 )

examples/simple/BUILD.bazel

@@ -42,10 +42,19 @@ oci_image(
     },
 )
 
+oci_image(
+    name = "image_based",
+    base = ":image",
+    # adding a new env should preserve the previously set envs!
+    env = {
+        "LOCAL": "true",  # LOCAL=/test
+    },
+)
+
 container_structure_test(
     name = "test",
     configs = ["test.yaml"],
-    image = ":image",
+    image = ":image_based",
 )
 
 repo_tags = [

examples/simple/test.yaml

@@ -8,6 +8,8 @@ metadataTest:
       value: "/test:/test"
     - key: PATH
       value: "/usr/local/bin:"
+    - key: LOCAL
+      value: "true"
   labels:
     - key: org.opencontainers.image.version
       value: 0.0.0

oci/BUILD.bazel

@@ -6,15 +6,15 @@ exports_files(
 )
 
 # These are the targets rule authors should put in their "toolchains"
-# attribute in order to get a crane/zot executable for the correct platform.
+# attribute in order to get a crane/regctl executable for the correct platform.
 # See https://docs.bazel.build/versions/main/toolchains.html#writing-rules-that-use-toolchains
 toolchain_type(
     name = "crane_toolchain_type",
     visibility = ["//visibility:public"],
 )
 
 toolchain_type(
-    name = "registry_toolchain_type",
+    name = "regctl_toolchain_type",
     visibility = ["//visibility:public"],
 )