You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Docker image, gcr.io/bazel-public/bazel:5.2.0 (created by bazel/oci/Dockerfile based on #1290) was supposed to be compatible with previously released images in marketplace.gcr.io/google/bazel, but it seems not compatible. gcr.io/bazel-public/bazel:5.2.0 runs as non-root user whereas the previous images run as root. Updating Cloud Build CI pipelines that use the previously released images to gcr.io/bazel-public/bazel:5.2.0 results in permission issues when Bazel tries to create output files under /builder/home/.cache. This requires extra efforts to users (See below). I'm wondering whether this repository provides Docker images more compatible with the previously released images so that users of Cloud Build can smoothly update Bazel Docker images with 5.2.0 or newer.
Here is an incomplete list of extra efforts required when using gcr.io/bazel-public/bazel:5.2.0 in Cloud Build:
With gcr.io/bazel-public/bazel:5.2.0, users need to run bazel with --output_user_root and --symlink_prefix= (because /workspace is not writable).
With gcr.io/bazel-public/bazel:5.2.0, it is more challenging to push Docker images built with Bazel (e.g., container_image rule in rules_docker). It is very tricky to tag built images because gcr.io/bazel-public/bazel:5.2.0 doesn't install docker whereas the previously released images do (we would like to use Docker command instead of using container_push rule since it modifies external resource via bazel run). This limitation suggests us to invoke the docker command in a different build step such as gcr.io/cloud-builders/docker:latest along with user-defined volumes to persist Bazel outputs, but that's also tricky since creating user-defined volume under / requires root permission, but gcr.io/bazel-public/bazel:5.2.0 is ran as non-root.
The text was updated successfully, but these errors were encountered:
Docker image,
gcr.io/bazel-public/bazel:5.2.0
(created bybazel/oci/Dockerfile
based on #1290) was supposed to be compatible with previously released images inmarketplace.gcr.io/google/bazel
, but it seems not compatible.gcr.io/bazel-public/bazel:5.2.0
runs as non-root user whereas the previous images run as root. Updating Cloud Build CI pipelines that use the previously released images togcr.io/bazel-public/bazel:5.2.0
results in permission issues when Bazel tries to create output files under/builder/home/.cache
. This requires extra efforts to users (See below). I'm wondering whether this repository provides Docker images more compatible with the previously released images so that users of Cloud Build can smoothly update Bazel Docker images with 5.2.0 or newer.Here is an incomplete list of extra efforts required when using
gcr.io/bazel-public/bazel:5.2.0
in Cloud Build:gcr.io/bazel-public/bazel:5.2.0
, users need to run bazel with--output_user_root
and--symlink_prefix=
(because/workspace
is not writable).gcr.io/bazel-public/bazel:5.2.0
, it is more challenging to push Docker images built with Bazel (e.g.,container_image
rule in rules_docker). It is very tricky to tag built images becausegcr.io/bazel-public/bazel:5.2.0
doesn't install docker whereas the previously released images do (we would like to use Docker command instead of usingcontainer_push
rule since it modifies external resource viabazel run
). This limitation suggests us to invoke the docker command in a different build step such asgcr.io/cloud-builders/docker:latest
along with user-defined volumes to persist Bazel outputs, but that's also tricky since creating user-defined volume under/
requires root permission, butgcr.io/bazel-public/bazel:5.2.0
is ran as non-root.The text was updated successfully, but these errors were encountered: