Use bazel rules to build docker image and push to GCR

Using bazel to build and push image result in reproducible builds. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=187252645
2025-04-30 12:07:51 +02:00 · 2018-02-27 16:39:16 -08:00 · 2018-02-27 16:39:16 -08:00 · 753a269357
commit 753a269357
parent 9e3fb8b93c
6 changed files with 53 additions and 88 deletions
--- a/22
+++ b/22
@ -24,3 +24,25 @@ closure_repositories(
 load("//java/google/registry:repositories.bzl", "domain_registry_repositories")
 domain_registry_repositories()
 # Setup docker bazel rules
 git_repository(
    name = "io_bazel_rules_docker",
    remote = "https://github.com/bazelbuild/rules_docker.git",
    tag = "v0.4.0",
 )
 load(
    "@io_bazel_rules_docker//container:container.bzl",
    "container_pull",
    container_repositories = "repositories",
 )
 container_repositories()
 container_pull(
  name = "java_base",
  registry = "gcr.io",
  repository = "distroless/java",
  digest = "sha256:780ee786a774a25a4485f491b3e0a21f7faed01864640af7cebec63c46a0845a",
 )
--- a/java/google/registry/proxy/BUILD
+++ b/java/google/registry/proxy/BUILD
@ -2,6 +2,8 @@
 #   This package contains the code for the binary that proxies TCP traffic from
 #   the GCE/GKE to AppEngine.
 load("@io_bazel_rules_docker//container:container.bzl", "container_image", "container_push")
 package(
    default_visibility = ["//java/google/registry:registry_project"],
 )
@ -48,3 +50,28 @@ java_binary(
        "@io_netty_tcnative",
    ],
 )
 container_image(
    name = "proxy_image",
    base = "@java_base//image",
    entrypoint = [
        "java",
        "-jar",
        "proxy_server_deploy.jar",
    ],
    files = [":proxy_server_deploy.jar"],
    ports = [
        "30000",
        "30001",
        "30002",
    ],
 )
 container_push(
    name = "proxy_push",
    format = "Docker",
    image = ":proxy_image",
    registry = "gcr.io",
    repository = "GCP_PROJECT/IMAGE_NAME",
    tag = "bazel",
 )
--- a/java/google/registry/proxy/config/default-config.yaml
+++ b/java/google/registry/proxy/config/default-config.yaml
@ -52,7 +52,7 @@ kms:
  cryptoKey: your-kms-cryptoKey
 epp:
-  port: 700
+  port: 30002
  relayHost: registry-project-id.appspot.com
  relayPath: /_dr/epp
@ -122,7 +122,7 @@ epp:
    customQuota: []
 whois:
-  port: 43
+  port: 30001
  relayHost: registry-project-id.appspot.com
  relayPath: /_dr/whois
--- a/java/google/registry/proxy/kubernetes/Dockerfile
+++ b/java/google/registry/proxy/kubernetes/Dockerfile
@ -1,24 +0,0 @@
 # Copyright 2018 The Nomulus Authors. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 FROM openjdk:8
 WORKDIR /proxy
 COPY ./proxy_server_deploy.jar /proxy/
 ENTRYPOINT ["java", "-jar", "proxy_server_deploy.jar"]
 # Ports used for health checking, WHOIS and EPP, respecitvely.
 EXPOSE 30000 30001 30002
--- a/java/google/registry/proxy/kubernetes/build_image.sh
+++ b/java/google/registry/proxy/kubernetes/build_image.sh
@ -1,61 +0,0 @@
 #!/bin/bash
 # Copyright 2018 The Nomulus Authors. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # This script builds the proxy jar file with all of its dependencies included,
 # then puts it in an image with a name compatible with GCR. If a "push"
 # argument is given, it also uploads the image to GCR.
 function cleanup() {
  rm ${WORKDIR}/${TARGET} -f
 }
 trap cleanup EXIT
 PROJECT=`gcloud config list 2>&1 | grep project | awk -F'= ' '{print $2}'`;
 echo "PROJECT: ${PROJECT}"
 PACKAGE_PREFIX=""
 PACKAGE=${PACKAGE_PREFIX}"java/google/registry/proxy"
 TARGET=proxy_server_deploy.jar
 BUILD_TOOL=bazel
 WORKSPACE=`$BUILD_TOOL info workspace`
 WORKDIR=${WORKSPACE}/${PACKAGE}/kubernetes
 BINDIR=${WORKSPACE}/${BUILD_TOOL}-bin/${PACKAGE}
 $BUILD_TOOL build "//"${PACKAGE}:${TARGET}
 cp ${BINDIR}/${TARGET} ${WORKDIR}/
 docker build -t gcr.io/${PROJECT}/proxy:latest $WORKDIR
 # Publish the image to GCR if "push" argument is given.
 if [ -z $1 ]
 then
  exit
 fi
 if [ $1 = "push" ]
 then
  gcloud docker -- push gcr.io/${PROJECT}/proxy:latest
 else
  echo "usage: $0 [push]"
 fi
--- a/java/google/registry/proxy/kubernetes/proxy-deployment.yaml
+++ b/java/google/registry/proxy/kubernetes/proxy-deployment.yaml
@ -20,7 +20,7 @@ spec:
          secretName: proxy-account
      containers:
      - name: proxy
-        image: INSERT_YOUR_IMAGE_NAME_HERE
+        image: gcr.io/GCP_PROJECT/IMAGE_NAME:bazel
        ports:
        - containerPort: 30000
          name: health-check
@ -41,6 +41,7 @@ spec:
        volumeMounts:
        - name: service-account
          mountPath: /var/secrets/google
        imagePullPolicy: Always
        args: ["--log"]
        env:
        - name: GOOGLE_APPLICATION_CREDENTIALS