Skip to main content
Version: 1.0.x

push

To load these rules, add this to the top of your BUILD file:

load("@rules_oci//oci:defs.bzl", ...)

Rules

oci_push_rule

Push an oci_image or oci_image_index to a remote registry.

Internal rule used by the oci_push macro.

Pushing and tagging are performed sequentially which MAY lead to non-atomic pushes if one the following events occur;

  • Remote registry rejects a tag due to various reasons. eg: forbidden characters, existing tags
  • Remote registry closes the connection during the tagging
  • Local network outages

In order to avoid incomplete pushes oci_push will push the image by its digest and then apply the remote_tags sequentially at the remote registry.

Any failure during pushing or tagging will be reported with non-zero exit code cause remaining steps to be skipped.

Push an oci_image to docker registry with latest tag

oci_image(name = "image")

oci_push(
    image = ":image",
    repository = "index.docker.io/<ORG>/image",
    remote_tags = ["latest"]
)

Push a multi-architecture image to github container registry with a semver tag

oci_image(name = "app_linux_arm64")

oci_image(name = "app_linux_amd64")

oci_image(name = "app_windows_amd64")

oci_image_index(
    name = "app_image",
    images = [
        ":app_linux_arm64",
        ":app_linux_amd64",
        ":app_windows_amd64",
    ]
)

# This is defined in our /examples/push
stamp_tags(
    name = "stamped",
    remote_tags = ["""($stamp.BUILD_EMBED_LABEL // "0.0.0")"""],
)

oci_push(
    image = ":app_image",
    repository = "ghcr.io/<OWNER>/image",
    tags = ":stamped",
)

When running the pusher, you can pass flags:

  • Override repository; -r|--repository flag. e.g. bazel run //myimage:push -- --repository index.docker.io/<ORG>/image
  • Tags in addition to remote_tags remote_tags; -t|--tag flag, e.g. bazel run //myimage:push -- --tag latest

Example usage (generated):

load("@rules_oci//oci:defs.bzl", "oci_push_rule")

oci_push_rule(
    # A unique name for this target.
    name = "",
    # Label to an oci_image or oci_image_index
    image = "",
    # Repository URL where the image will be signed at, e.g.: `index.docker.io/<user>/image`
    repository = "",
)

name

Required name.

A unique name for this target.

image

Required label.

Label to an oci_image or oci_image_index

remote_tags

Optional label. Default: None

    a .txt file containing tags, one per line.

These are passed to crane tag

repository

Required string.

    Repository URL where the image will be signed at, e.g.: `index.docker.io/<user>/image`.

Digests and tags are not allowed.

Macros and Functions

oci_push

Macro wrapper around oci_push_rule.

Allows the remote_tags attribute to be a list of strings in addition to a text file.

Example usage (generated):

load("@rules_oci//oci:defs.bzl", "oci_push")

oci_push(
    # name of resulting oci_push_rule
    name = "",
)

name

Required.

name of resulting oci_push_rule

remote_tags

Optional. Default: None

a list of tags to apply to the image after pushing, or a label of a file containing tags one-per-line. See stamped_tags as one example of a way to produce such a file.

kwargs

Optional.

other named arguments to oci_push_rule.

Last updated on by Greg Magolan