chore: cleanup repo and remove some dev deps

.bazelrc

@@ -4,7 +4,7 @@
 
 build --incompatible_strict_action_env
 build --nolegacy_external_runfiles
-test --test_env=DOCKER_HOST
+common --test_env=DOCKER_HOST --action_env=DOCKER_HOST --repo_env=DOCKER_HOST
 
 # Disable bzlmod lockfile
 common --lockfile_mode=off

.github/workflows/ci.yaml

@@ -130,31 +130,7 @@ jobs:
       - name: Configure Remote Docker Host
         if: ${{ matrix.os == 'macos-13' }}
         run: echo "DOCKER_HOST=$(grep 'tc.host' ~/.testcontainers.properties | cut -d '=' -f2 | xargs)" >> $GITHUB_ENV
-
-      - name: Free space
-        if: ${{ matrix.os == 'ubuntu-latest' }}
-        run: |
-          sudo apt-get remove -y '^dotnet-.*'
-          sudo apt-get remove -y '^llvm-.*'
-          sudo apt-get remove -y 'php.*'
-          sudo apt-get remove -y 'google*'
-          sudo apt-get autoremove -y
-          sudo apt-get clean
-          rm -rf /usr/share/dotnet/
-
-      - name: Override CST
-        if: ${{ matrix.bzlmodEnabled && matrix.folder == '.'}}
-        run: |
-          cat >> MODULE.bazel <<EOF
-          single_version_override(
-              module_name = "container_structure_test",
-              patch_strip = 1,
-              patches = [
-                  "//oci/tests:cst_exclusive.patch",
-              ],
-          )
-          EOF
-
+
       - name: bazel test //...
         working-directory: ${{ matrix.folder }}
         env:

MODULE.bazel

@@ -32,7 +32,5 @@ use_repo(bazel_lib, "bsd_tar_toolchains", "jq_toolchains")
 # Dev dependencies
 
 bazel_dep(name = "rules_go", version = "0.46.0", dev_dependency = True, repo_name = "io_bazel_rules_go")
-bazel_dep(name = "rules_pkg", version = "0.7.0", dev_dependency = True)
 bazel_dep(name = "gazelle", version = "0.35.0", dev_dependency = True, repo_name = "bazel_gazelle")
 bazel_dep(name = "bazel_skylib_gazelle_plugin", version = "1.4.1", dev_dependency = True)
-bazel_dep(name = "container_structure_test", version = "1.16.0", dev_dependency = True)

WORKSPACE

@@ -38,11 +38,6 @@ load("@bazel_skylib//lib:unittest.bzl", "register_unittest_toolchains")
 
 register_unittest_toolchains()
 
-load("@container_structure_test//:repositories.bzl", "container_structure_test_register_toolchain")
-
-## Setup container structure test
-container_structure_test_register_toolchain(name = "container_structure_test")
-
 ## Setup rules_go
 load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
 
@@ -55,33 +50,9 @@ load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies")
 
 gazelle_dependencies()
 
-## Setup rules_pkg
-load("@rules_pkg//:deps.bzl", "rules_pkg_dependencies")
-
-rules_pkg_dependencies()
-
-## Unit test repositories
-
-# For sign_external test
-new_local_repository(
-    name = "empty_image",
-    build_file = "//examples/sign_external:BUILD.template",
-    path = "examples/sign_external/workspace",
-)
-
-# For attest_external test
-new_local_repository(
-    name = "example_sbom",
-    build_file = "//examples/attest_external:BUILD.template",
-    path = "examples/attest_external/workspace",
-)
-
-# For testing fetching from various registries
-load(":fetch.bzl", "fetch_images")
+## Setup test repositories
+load(":fetch.bzl", "fetch_images", "fetch_test_repos")
 
 fetch_images()
 
-### Fetch buildx
-load("//examples/dockerfile:buildx.bzl", "fetch_buildx")
-
-fetch_buildx()
+fetch_test_repos()

WORKSPACE.bzlmod

@@ -1,26 +1,11 @@
-new_local_repository(
-    name = "empty_image",  # for sign_external test
-    build_file = "//examples/sign_external:BUILD.template",
-    path = "examples/sign_external/workspace",
-)
-
-new_local_repository(
-    name = "example_sbom",  # for attest_external test
-    build_file = "//examples/attest_external:BUILD.template",
-    path = "examples/attest_external/workspace",
-)
-
-# Fetching various images
-load(":fetch.bzl", "fetch_images")
+## Setup test repositories
+load(":fetch.bzl", "fetch_images", "fetch_test_repos")
 
 fetch_images()
 
+fetch_test_repos()
+
 ### Setup rules_oci cosign
 load("//cosign:repositories.bzl", "cosign_register_toolchains")
 
 cosign_register_toolchains(name = "oci_cosign")
-
-### Fetch buildx
-load("//examples/dockerfile:buildx.bzl", "fetch_buildx")
-
-fetch_buildx()

e2e/wasm/BUILD.bazel

@@ -1,7 +1,7 @@
+load("@aspect_bazel_lib//lib:tar.bzl", "tar")
 load("@aspect_bazel_lib//lib:transitions.bzl", "platform_transition_filegroup")
 load("@bazel_skylib//rules:build_test.bzl", "build_test")
 load("@rules_oci//oci:defs.bzl", "oci_image", "oci_tarball")
-load("@rules_pkg//pkg:tar.bzl", "pkg_tar")
 load("@rules_rust//rust:defs.bzl", "rust_binary")
 
 package(default_visibility = ["//visibility:public"])
@@ -18,7 +18,7 @@ platform_transition_filegroup(
     target_platform = "@rules_rust//rust/platform:wasi",
 )
 
-pkg_tar(
+tar(
     name = "wasi_layer",
     srcs = ["wasi_binary"],
 )

e2e/wasm/MODULE.bazel

@@ -3,7 +3,6 @@ bazel_dep(name = "aspect_bazel_lib", version = "2.7.2")
 bazel_dep(name = "bazel_skylib", version = "1.5.0")
 bazel_dep(name = "platforms", version = "0.0.8")
 bazel_dep(name = "rules_rust", version = "0.45.1")
-bazel_dep(name = "rules_pkg", version = "0.10.1")
 bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.0")
 
 local_path_override(

e2e/wasm/WORKSPACE

@@ -16,20 +16,6 @@ load("@rules_oci//oci:repositories.bzl", "oci_register_toolchains")
 
 oci_register_toolchains(name = "oci")
 
-# rules_pkg
-http_archive(
-    name = "rules_pkg",
-    sha256 = "451e08a4d78988c06fa3f9306ec813b836b1d076d0f055595444ba4ff22b867f",
-    urls = [
-        "https://mirror.bazel.build/github.com/bazelbuild/rules_pkg/releases/download/0.7.1/rules_pkg-0.7.1.tar.gz",
-        "https://github.com/bazelbuild/rules_pkg/releases/download/0.7.1/rules_pkg-0.7.1.tar.gz",
-    ],
-)
-
-load("@rules_pkg//:deps.bzl", "rules_pkg_dependencies")
-
-rules_pkg_dependencies()
-
 # rules_rust
 http_archive(
     name = "rules_rust",

examples/BUILD.bazel

@@ -1,5 +1,17 @@
+load("@bazel_skylib//rules:native_binary.bzl", "native_binary")
+
 package(default_visibility = ["//examples:__subpackages__"])
 
+native_binary(
+    name = "docker_cli",
+    src = select({
+        "@bazel_tools//src/conditions:linux_x86_64": "@docker_cli_linux_amd64//:docker",
+        "@bazel_tools//src/conditions:darwin_arm64": "@docker_cli_darwin_arm64//:docker",
+        "@bazel_tools//src/conditions:darwin_x86_64": "@docker_cli_darwin_amd64//:docker",
+    }),
+    out = "docker",
+)
+
 platform(
     name = "linux_arm64",
     constraint_values = [

examples/assertion/assert.bzl → examples/assert.bzl

@@ -1,8 +1,13 @@
 "assertion rules to test metadata"
 
+load("@aspect_bazel_lib//lib:diff_test.bzl", "diff_test")
 load("@bazel_skylib//rules:native_binary.bzl", "native_test")
 load("@bazel_skylib//rules:write_file.bzl", "write_file")
 
+# THIS LOAD STATEMENT DEPENDS ON setup_assertion_repos.bzl
+load("@docker_configure//:defs.bzl", "TARGET_COMPATIBLE_WITH")
+load("//oci:defs.bzl", "oci_tarball")
+
 DIGEST_CMD = """
 image_path="$(location {image})"
 manifest_digest=$$($(JQ_BIN) -r '.manifests[0].digest | sub(":"; "/")' $$image_path/index.json)
@@ -18,7 +23,7 @@ def assert_oci_config(
         entrypoint_eq = None,
         cmd_eq = None,
         env_eq = None,
-        ports_eq = None,
+        exposed_ports_eq = None,
         user_eq = None,
         workdir_eq = None,
         architecture_eq = None,
@@ -38,9 +43,9 @@ def assert_oci_config(
     if env_eq:
         config["Env"] = ["=".join(e) for e in env_eq.items()]
     if workdir_eq:
-        config["Workdir"] = workdir_eq
-    if ports_eq:
-        config["Ports"] = ports_eq
+        config["WorkingDir"] = workdir_eq
+    if exposed_ports_eq:
+        config["ExposedPorts"] = {port: {} for port in exposed_ports_eq}
     if user_eq:
         config["User"] = user_eq
     if labels_eq:
@@ -98,3 +103,79 @@ def assert_oci_config(
         }),
         out = name,
     )
+
+def assert_oci_image_command(
+        name,
+        image,
+        args = [],
+        tags = [],
+        exit_code_eq = None,
+        output_eq = None):
+    "assert a that a container works with the given command."
+
+    tag = "oci.local/assert/" + native.package_name().replace("/", "_") + ":latest"
+    oci_tarball(
+        name = name + "_tarball",
+        image = image,
+        repo_tags = [tag],
+        tags = tags + ["manual"],
+    )
+
+    native.filegroup(
+        name = name + "_tarball_archive",
+        srcs = [name + "_tarball"],
+        output_group = "tarball",
+        tags = tags + ["manual"],
+    )
+
+    docker_args = " ".join(['"' + arg + '"' for arg in ([tag] + args)])
+
+    native.genrule(
+        name = name + "_gen",
+        srcs = [
+            name + "_tarball_archive",
+        ],
+        output_to_bindir = True,
+        cmd = """
+docker=$(location //examples:docker_cli)
+$$docker load -i $(location :{name}_tarball_archive)
+container_id=$$($$docker run -d {docker_args})
+$$docker wait $$container_id > $(location :{name}_exit_code)
+$$docker logs $$container_id > $(location :{name}_output)
+
+""".format(name = name, docker_args = docker_args),
+        outs = [
+            name + "_output",
+            name + "_exit_code",
+        ],
+        target_compatible_with = TARGET_COMPATIBLE_WITH,
+        tools = ["//examples:docker_cli"],
+    )
+
+    if output_eq:
+        write_file(
+            name = name + "_output_eq_expected",
+            out = name + "_output_eq_expected.txt",
+            content = [output_eq],
+            tags = tags + ["manual"],
+        )
+        diff_test(
+            name = name + "_assert_output_eq",
+            file1 = name + "_output",
+            file2 = name + "_output_eq_expected",
+            tags = tags,
+        )
+
+    if exit_code_eq != None:
+        write_file(
+            name = name + "_exit_code_expected",
+            out = name + "_exit_code_expected.txt",
+            content = [str(exit_code_eq) + "\n"],
+            tags = tags + ["manual"],
+        )
+        diff_test(
+            name = name + "_assert_exit_code_eq",
+            file1 = name + "_exit_code",
+            file2 = name + "_exit_code_expected",
+            tags = tags,
+        )