Skip to main content
Version: 0.2.x

push

Implementation details for the push rule

Rules

oci_push

Push an oci_image or oci_image_index to a remote registry.

Pushing and tagging are performed sequentially which MAY lead to non-atomic pushes if one the following events occur;

  • Remote registry rejects a tag due to various reasons. eg: forbidden characters, existing tags
  • Remote registry closes the connection during the tagging
  • Local network outages

In order to avoid incomplete pushes oci_push will push the image by its digest and then apply the default_tags sequentially at the remote registry.

Any failure during pushing or tagging will be reported with non-zero exit code cause remaining steps to be skipped.

Push an oci_image to docker registry with latest tag

oci_image(name = "image")

oci_push(
image = ":image",
repository = "index.docker.io/<ORG>/image",
default_tags = ["latest"]
)

Push an oci_image_index to github container registry with a semver tag

oci_image(name = "app_linux_arm64")

oci_image(name = "app_linux_amd64")

oci_image(name = "app_windows_amd64")

oci_image_index(
name = "app_image",
images = [
":app_linux_arm64",
":app_linux_amd64",
":app_windows_amd64",
]
)

oci_push(
image = ":app_image",
repository = "ghcr.io/<OWNER>/image",
default_tags = ["0.0.0"]
)

Ideally the semver information is gathered from a vcs, like git, instead of being hardcoded to the BUILD files. However, due to nature of BUILD files being static, one has to use -t|--tag flag to pass the tag at runtime instead of using default_tags. eg. bazel run //target:push -- --tag $(git tag)

Similary, the repository attribute can be overridden at runtime with the -r|--repository flag. eg. bazel run //target:push -- --repository index.docker.io/<ORG>/image

Example usage (generated):

load("@contrib_rules_oci//oci/private:push.bzl", "oci_push")

oci_push(
# A unique name for this target.
name = "",
# Repository URL where the image will be signed at, e.g.: `index.docker.io/<user>/image`
repository = "",
)

name

Required name.

A unique name for this target.

default_tags

Optional list of strings. Default: []

List of tags to apply to the image at remote registry.

image

Optional label. Default: None

Label to an oci_image or oci_image_index

repository

Required string.

    Repository URL where the image will be signed at, e.g.: `index.docker.io/<user>/image`.

Digests and tags are not allowed.