sin-ack/rules_apt

Rules for fetching packages from apt repositories

Bazel rules for .deb packages

A ruleset for downloading .deb packages, and including their contents as layers in container images.

NOTE: this ruleset is heavily inspired by distroless

Features

• Pinning of the Debian snapshot to use
• Pinning of packages using a single lockfile
• Fine-grained control over packages (and their dependencies) to exclude
• Fine-grained control over package priorities
• Compatible with rules_oci

Shortcomings

• There is no way to know which packages are already contained in previous layers, thus you have to be careful how you craft your package repository.

Installation

From the release you wish to use: https://github.com/sin-ack/rules_apt/releases copy the Bzlmod snippet into your MODULE.bazel file.

To use a commit rather than a release, use git_override:

# Version is optional when git_override is used.
bazel_dep(name = "rules_apt", version = "")

git_override(
    module_name = "rules_apt",
    commit = "58f8cec394363be9a3d53e7fbcbfd9c3b408cd1e",
    remote = "https://github.com/sin-ack/rules_apt.git",
)

You can also use local_path_override if you intend to vendor the ruleset, but don't do that.

Usage

Usage of this ruleset involves three main steps:

1. Generating a lockfile
2. Downloading packages
3. Consuming packages

Examples

• rules_oci

Public API Docs

• apt_lockfile Generate a lockfile.
• apt_repository Create a package repository.
• snapshots.yaml Specify snapshot versions.
• packages.yaml Specify packages to provide.