Use bazel rules to build docker image and push to GCR

Using bazel to build and push image result in reproducible builds. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=187252645
2025-04-30 03:57:51 +02:00 · 2018-02-27 16:39:16 -08:00 · 2018-02-27 16:39:16 -08:00 · 753a269357
commit 753a269357
parent 9e3fb8b93c
6 changed files with 53 additions and 88 deletions
--- a/22
+++ b/22
@ -24,3 +24,25 @@ closure_repositories(
 load("//java/google/registry:repositories.bzl", "domain_registry_repositories")

 domain_registry_repositories()
+
+# Setup docker bazel rules
+git_repository(
+    name = "io_bazel_rules_docker",
+    remote = "https://github.com/bazelbuild/rules_docker.git",
+    tag = "v0.4.0",
+)
+
+load(
+    "@io_bazel_rules_docker//container:container.bzl",
+    "container_pull",
+    container_repositories = "repositories",
+)
+
+container_repositories()
+
+container_pull(
+  name = "java_base",
+  registry = "gcr.io",
+  repository = "distroless/java",
+  digest = "sha256:780ee786a774a25a4485f491b3e0a21f7faed01864640af7cebec63c46a0845a",
+)
--- a/java/google/registry/proxy/BUILD
+++ b/java/google/registry/proxy/BUILD
@ -2,6 +2,8 @@
 #   This package contains the code for the binary that proxies TCP traffic from
 #   the GCE/GKE to AppEngine.

+load("@io_bazel_rules_docker//container:container.bzl", "container_image", "container_push")
+
 package(
    default_visibility = ["//java/google/registry:registry_project"],
 )
@ -48,3 +50,28 @@ java_binary(
        "@io_netty_tcnative",
    ],
 )
+
+container_image(
+    name = "proxy_image",
+    base = "@java_base//image",
+    entrypoint = [
+        "java",
+        "-jar",
+        "proxy_server_deploy.jar",
+    ],
+    files = [":proxy_server_deploy.jar"],
+    ports = [
+        "30000",
+        "30001",
+        "30002",
+    ],
+)
+
+container_push(
+    name = "proxy_push",
+    format = "Docker",
+    image = ":proxy_image",
+    registry = "gcr.io",
+    repository = "GCP_PROJECT/IMAGE_NAME",
+    tag = "bazel",
+)
--- a/java/google/registry/proxy/config/default-config.yaml
+++ b/java/google/registry/proxy/config/default-config.yaml
@ -52,7 +52,7 @@ kms:
  cryptoKey: your-kms-cryptoKey

 epp:
-  port: 700
+  port: 30002
  relayHost: registry-project-id.appspot.com
  relayPath: /_dr/epp

@ -122,7 +122,7 @@ epp:
    customQuota: []

 whois:
-  port: 43
+  port: 30001
  relayHost: registry-project-id.appspot.com
  relayPath: /_dr/whois

--- a/java/google/registry/proxy/kubernetes/Dockerfile
+++ b/java/google/registry/proxy/kubernetes/Dockerfile
@ -1,24 +0,0 @@
-# Copyright 2018 The Nomulus Authors. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-FROM openjdk:8
-
-WORKDIR /proxy
-
-COPY ./proxy_server_deploy.jar /proxy/
-
-ENTRYPOINT ["java", "-jar", "proxy_server_deploy.jar"]
-
-# Ports used for health checking, WHOIS and EPP, respecitvely.
-EXPOSE 30000 30001 30002
--- a/java/google/registry/proxy/kubernetes/build_image.sh
+++ b/java/google/registry/proxy/kubernetes/build_image.sh
@ -1,61 +0,0 @@
-#!/bin/bash
-# Copyright 2018 The Nomulus Authors. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# This script builds the proxy jar file with all of its dependencies included,
-# then puts it in an image with a name compatible with GCR. If a "push"
-# argument is given, it also uploads the image to GCR.
-
-function cleanup() {
-  rm ${WORKDIR}/${TARGET} -f
-}
-
-trap cleanup EXIT
-
-PROJECT=`gcloud config list 2>&1 | grep project | awk -F'= ' '{print $2}'`;
-
-echo "PROJECT: ${PROJECT}"
-
-PACKAGE_PREFIX=""
-
-PACKAGE=${PACKAGE_PREFIX}"java/google/registry/proxy"
-
-TARGET=proxy_server_deploy.jar
-
-BUILD_TOOL=bazel
-
-WORKSPACE=`$BUILD_TOOL info workspace`
-
-WORKDIR=${WORKSPACE}/${PACKAGE}/kubernetes
-
-BINDIR=${WORKSPACE}/${BUILD_TOOL}-bin/${PACKAGE}
-
-$BUILD_TOOL build "//"${PACKAGE}:${TARGET}
-
-cp ${BINDIR}/${TARGET} ${WORKDIR}/
-
-docker build -t gcr.io/${PROJECT}/proxy:latest $WORKDIR
-
-# Publish the image to GCR if "push" argument is given.
-if [ -z $1 ]
-then
-  exit
-fi
-
-if [ $1 = "push" ]
-then
-  gcloud docker -- push gcr.io/${PROJECT}/proxy:latest
-else
-  echo "usage: $0 [push]"
-fi
--- a/java/google/registry/proxy/kubernetes/proxy-deployment.yaml
+++ b/java/google/registry/proxy/kubernetes/proxy-deployment.yaml
@ -20,7 +20,7 @@ spec:
          secretName: proxy-account
      containers:
      - name: proxy
-        image: INSERT_YOUR_IMAGE_NAME_HERE
+        image: gcr.io/GCP_PROJECT/IMAGE_NAME:bazel
        ports:
        - containerPort: 30000
          name: health-check
@ -41,6 +41,7 @@ spec:
        volumeMounts:
        - name: service-account
          mountPath: /var/secrets/google
+        imagePullPolicy: Always
        args: ["--log"]
        env:
        - name: GOOGLE_APPLICATION_CREDENTIALS