Skip to main content

An OCI plugin for the Pants build system

Project description

OCI backend for Pants

PyPI

Warning This plugin is in development. No stability is guaranteed! Contributions welcome.

This is a backend implementing support for building OCI images in pants; running them, and publishing them to container registries. To do this, this plugin uses three different tools:

  • umoci for manipulating OCI images
  • runc for exeuction
  • skopeo for pulling and pushing images

Planned and missing features

  • Currently there's no support for pulling tags, as that would break determinism
  • Multi-platform SHA/.sig is untested/unsupported
  • skopeo doesn't support MacOS, preventing pulling and pushing images.
  • No "in-container" build steps

Targets

There's six targets currently implemented, of which five are generic:

  • oci_pull_image
  • oci_pull_images
  • oci_image_build
  • oci_image_empty
  • oci_build_layer

And one with some special language semantics:

  • oci_python_image - this is the same as oci_image_build, but will prefer to set the entrypoint to .pex files.

oci_pull_image

Pull an image from a repository with a specific digest.

oci_pull_image(
    name="base-python",
    repository="docker.io/library/python",
    sha="b78b777208be08edd8f297035cdfbacddb45170ad778fd643c792ee045187e39"
)
Argument Meaning Default value
name The target name Same as any other target, which is the directory name
repository Fully qualified repository name Required
sha The digest of the image, minus the @sha: prefix. Required
anonymous Whether to pull the image anonymously. false
decsription A description of the target
tags List of tags []

oci_pull_images

Pull multiple shas for an image, generating a target for each. In the below example, we'd get the targets :python#slim and :python#buster.

oci_pull_image(
    name="python",
    repository="docker.io/library/python",
    variants={
       "slim": "f8fbb2370c6314c806b2ddbec8d94375987e16bc122379bef979c6fc5e962920",
       "buster": "97c123c899c8c9ca46248f4002ec4173322e0a1086b386efefac163c64967ba2"
    }
)
Argument Meaning Default value
name The target name Same as any other target, which is the directory name
repository Fully qualified repository name Required
variants Dictionary with local tags to the remote sha Required
anonymous Whether to pull the image anonymously false
decsription A description of the target
tags List of tags []

oci_build_image

Build an image with the provided packages embedded.

oci_image_build(
    name="my-server",
    base=":python#slim",
    repository="my-registry.example.com/a-namespace/an-image",
    tag="latest",
    packages=[":my_pex"]
)
Argument Meaning Default value
name The target name Same as any other target, which is the directory name
base The base image to use. Matches the FROM directive in a Dockerfile Required
packages Packaged targets to include. The first element will be used as the entrypoint. []
repository Fully qualified repository name Required when publishing
tag Remote tag to use Required when publishing
decsription A description of the target
tags List of tags []

oci_python_image

Build a Python image with the provided packages embedded.

oci_python_image(
    name="my-server",
    base=":python#slim",
    repository="my-registry.example.com/a-namespace/an-image",
	main="/app/server/start.py",
    tag="latest",
    packages=[":my_pex"]
)
Argument Meaning Default value
name The target name Same as any other target, which is the directory name
base The base image to use. Matches the FROM directive in a Dockerfile Required
packages Packaged targets to include. The first element will be used as the entrypoint. []
python_main The main file to run The last .pex in the dependency list
repository Fully qualified repository name Required when publishing
tag Remote tag to use Required when publishing
decsription A description of the target
tags List of tags []

oci_image_empty

An empty base image with no contents at all. This is declared as //:empty automatically, but you can use this to create new targets.

oci_image_empty(
    name="empty",
)
Argument Meaning Default value
name The target name Same as any other target, which is the directory name
decsription A description of the target
tags List of tags []

oci_build_layer

Run an image command, and capture the configured output into a layer artifact, that can be injected into other images. This matches the COPY --from workflows.

oci_build_layer( name="layer" base=[":rust-1-70"], packages=[":files"], env=['RUSTC_OPTS=...'], command=['cd /my-package && cargo build --release'], outputs=['/my-package/target/release/my-package'], )


| Argument      | Meaning                                                                        | Default value                                          |
|---------------|--------------------------------------------------------------------------------|--------------------------------------------------------|
| `name`        | The target name                                                                | Same as any other target, which is the directory name  |
| `packages`    | Packaged targets to include. The first element will be used as the entrypoint. | `[]`                                                   |
| `env`         | Environment variables to set. Does not support interpolation.                  | `[]`                                                   |
| `outputs`     | Paths to capture into the built layer.                                         | `[]`                                                   |
| `exclude`     | Globs to not include in the output.                                            | `[]`                                                   |
| `decsription` | A description of the target                                                    |                                                        |
| `output_path` | The output path during `pants package`                                         | A variant generated from the target name and directory |
| `tags`        | List of tags                                                                   | `[]`                                                   |

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pants_backend_oci-0.7.0.tar.gz (27.6 kB view details)

Uploaded Source

Built Distribution

pants_backend_oci-0.7.0-py2.py3-none-any.whl (41.4 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file pants_backend_oci-0.7.0.tar.gz.

File metadata

  • Download URL: pants_backend_oci-0.7.0.tar.gz
  • Upload date:
  • Size: 27.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.9.20

File hashes

Hashes for pants_backend_oci-0.7.0.tar.gz
Algorithm Hash digest
SHA256 25255ba2f2699de590f6a36d63bcdd1de883f8411a78874da327248577eda6fb
MD5 14ef9525305a8b2fa957611599cf8115
BLAKE2b-256 b68771d0269761c08f1252ac5e636e2d300f9c74ce1595d26efb13ede79d4012

See more details on using hashes here.

File details

Details for the file pants_backend_oci-0.7.0-py2.py3-none-any.whl.

File metadata

File hashes

Hashes for pants_backend_oci-0.7.0-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 42d933999ad7a88aa0a499e34c9a3ce0c7a58ede7720d9bf29cd8efeb35a7126
MD5 c9cb7debecb4f29cd9e41011df769f52
BLAKE2b-256 3e125b95be61c01bfb065d54ac18870234b770bd2d54f0f75599c49584c455c6

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page