Open
Description
What is the current behavior?
Hello! I'm encountering an issue with py_image_layer where the I'm unable to set the owner of the application binary that gets passed as tars layer to oci_image. In the image, I can see the UID / GID / user for 65534 / nobody but when I start up the container and check the permissions of the app on the image, the file / folder for the app binary shows the owner as root:root.
Here's my setup:
MODULE.bazel
bazel_dep(name = "aspect_bazel_lib", version = "2.10.0")
bazel_dep(name = "aspect_rules_py", version = "1.2.1")
bazel_dep(name = "rules_oci", version = "2.2.0")
python.toolchain(
configure_coverage_tool = True,
ignore_root_user_error = False,
is_default = "3.11",
python_version = "3.11",
)
BUILD
load("@aspect_rules_py//py:defs.bzl", "py_image_layer", "py_binary")
load("@rules_oci//oci:defs.bzl", "oci_image")
py_binary(
name = "app_binary",
srcs = ["main.py"],
main = "main.py",
)
py_image_layer(
name = "layer",
binary = ":app_binary",
)
oci_image(
name = "app_binary",
entrypoint = ["/myapp/server/app_binary"],
base = "@debian_slim_base",
tars = [":layer"],
user = "65534:65534",
)
Describe the feature
Can we had some attributes to make the owner of the app in the layer configurable? It would be nice to be able to set uid:gid as an parameter to py_image_layer like so
py_binary(
name = "app_binary",
srcs = ["main.py"],
main = "main.py",
)
py_image_layer(
name = "layer",
binary = ":app_binary",
user = "65534:65534",
)
oci_image(
name = "app_binary",
entrypoint = ["/myapp/server/app_binary"],
base = "@debian_slim_base",
tars = [":layer"],
user = "65534:65534",
)