alpine updates #2275

Merged

mfreeman451 merged 1 commit from refs/pull/2275/head into main

2025-10-05 17:21:27 +00:00

mfreeman451 commented

2025-10-05 17:20:24 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #1703
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/1703
Original created: 2025-10-05T17:20:24Z
Original updated: 2025-10-05T17:21:46Z
Original head: carverauto/serviceradar:k8s/serviceradar_tools_not_starting
Original base: main
Original merged: 2025-10-05T17:21:27Z by @mfreeman451

PR Type

Enhancement

Description

Add Alpine Linux dependencies for bash functionality
Include readline, libncursesw, and ncurses-terminfo-base packages
Create extraction rules for new APK packages
Update tools image to include new dependencies

Diagram Walkthrough

flowchart LR
  A["MODULE.bazel"] --> B["New APK dependencies"]
  B --> C["BUILD.bazel"]
  C --> D["APK extraction rules"]
  D --> E["tools_image_amd64"]
  E --> F["Enhanced bash functionality"]

File Walkthrough

Relevant files

Dependencies

MODULE.bazel

Add three new Alpine APK dependencies

MODULE.bazel

Add alpine_readline_apk dependency with SHA256 hash
Add alpine_libncursesw_apk dependency with SHA256 hash
Add alpine_ncurses_terminfo_base_apk dependency with SHA256 hash

+24/-0

Enhancement

BUILD.bazel

Add APK extraction rules and update tools image

docker/images/BUILD.bazel

Create apk_readline_rootfs_amd64 extraction rule
Create apk_libncursesw_rootfs_amd64 extraction rule
Create apk_ncurses_terminfo_base_rootfs_amd64 extraction rule
Update tools_image_amd64 to include new tar layers

+102/-0

Imported from GitHub pull request. Original GitHub pull request: #1703 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/1703 Original created: 2025-10-05T17:20:24Z Original updated: 2025-10-05T17:21:46Z Original head: carverauto/serviceradar:k8s/serviceradar_tools_not_starting Original base: main Original merged: 2025-10-05T17:21:27Z by @mfreeman451 --- ### **PR Type** Enhancement ___ ### **Description** - Add Alpine Linux dependencies for bash functionality - Include readline, libncursesw, and ncurses-terminfo-base packages - Create extraction rules for new APK packages - Update tools image to include new dependencies ___ ### Diagram Walkthrough ```mermaid flowchart LR A["MODULE.bazel"] --> B["New APK dependencies"] B --> C["BUILD.bazel"] C --> D["APK extraction rules"] D --> E["tools_image_amd64"] E --> F["Enhanced bash functionality"] ``` <details> <summary><h3> File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Dependencies</strong></td><td><table> <tr> <td> <details> <summary><strong>MODULE.bazel</strong><dd><code>Add three new Alpine APK dependencies</code>                                        </dd></summary> <hr> MODULE.bazel <ul><li>Add <code>alpine_readline_apk</code> dependency with SHA256 hash<br> <li> Add <code>alpine_libncursesw_apk</code> dependency with SHA256 hash <br> <li> Add <code>alpine_ncurses_terminfo_base_apk</code> dependency with SHA256 hash</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1703/files#diff-6136fc12446089c3db7360e923203dd114b6a1466252e71667c6791c20fe6bdc">+24/-0</a>    </td> </tr> </table></td></tr><tr><td><strong>Enhancement</strong></td><td><table> <tr> <td> <details> <summary><strong>BUILD.bazel</strong><dd><code>Add APK extraction rules and update tools image</code>                    </dd></summary> <hr> docker/images/BUILD.bazel <ul><li>Create <code>apk_readline_rootfs_amd64</code> extraction rule<br> <li> Create <code>apk_libncursesw_rootfs_amd64</code> extraction rule<br> <li> Create <code>apk_ncurses_terminfo_base_rootfs_amd64</code> extraction rule<br> <li> Update <code>tools_image_amd64</code> to include new tar layers</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1703/files#diff-0e4db31c224a8f72ae8e870a849e38a59d74a2c7f7b04347b0b3eb07e20c5a80">+102/-0</a>  </td> </tr> </table></td></tr></tr></tbody></table> </details> ___

qodo-code-review[bot] commented

2025-10-05 17:20:47 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1703#issuecomment-3369198105
Original created: 2025-10-05T17:20:47Z

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
⚪	Supply chain integrity Description: The APK extraction genrule unpacks and copies files from downloaded APKs into the build output without verifying package signatures beyond a fixed SHA256 for the outer APK, potentially allowing tampered inner contents if the APK source is compromised. BUILD.bazel [163-187] Referred Code set -euo pipefail APK=$(location @alpine_readline_apk//file) TMP=$(@D)/readline_extract rm -rf "$${TMP}" mkdir -p "$${TMP}/extracted" "$${TMP}/rootfs" tar -xzf "$${APK}" -C "$${TMP}/extracted" DATA_TAR=`find "$${TMP}/extracted" -maxdepth 1 -type f -name 'data.tar.' -print -quit` if [ -n "$${DATA_TAR}" ]; then case "$${DATA_TAR}" in .gz) tar -xzf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; .xz) tar -xJf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; .bz2) tar -xjf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; ) tar -xf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; esac else shopt -s nullglob for entry in "$${TMP}/extracted"/; do base=`basename "$${entry}"` case "$${base}" in .SIGN*\|.PKGINFO) continue ;; esac ... (clipped 4 lines)
	External dependency pinning Description: External binaries are fetched over HTTPS via hardcoded URLs; while SHA256 pinning is present, there is no redundancy or signature verification, posing a potential supply-chain risk if the mirror is compromised. MODULE.bazel [796-818] Referred Code http_file( name = "alpine_readline_apk", sha256 = "177b9c76718d0a12cd1c27f2a3e422341ad93259ad56d77f55da712563049aed", urls = [ "https://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/readline-8.2.10-r0.apk", ], ) http_file( name = "alpine_libncursesw_apk", sha256 = "db40dff96b7bb668257e45a5d14cab346bdfc7992598d5c51ee64dfc4ad014d5", urls = [ "https://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/libncursesw-6.4_p20240420-r2.apk", ], ) http_file( name = "alpine_ncurses_terminfo_base_apk", sha256 = "555948e6b67d4bddc213673843a63bbd3d30548133bdff8aff9e66988285ae7e", urls = [ "https://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/ncurses-terminfo-base-6.4_p20240420-r2.apk", ... (clipped 2 lines)
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
⚪	No custom compliance provided Follow the guide to enable custom compliance check.

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/1703#issuecomment-3369198105 Original created: 2025-10-05T17:20:47Z --- ## PR Compliance Guide 🔍  Below is a summary of compliance checks for this PR:<br> <table><tbody><tr><td colspan='2'><strong>Security Compliance</strong></td></tr> <tr><td rowspan=2>⚪</td> <td><details><summary><strong>Supply chain integrity </strong></summary><br> <b>Description:</b> The APK extraction genrule unpacks and copies files from downloaded APKs into the build <br>output without verifying package signatures beyond a fixed SHA256 for the outer APK, <br>potentially allowing tampered inner contents if the APK source is compromised.<br> <strong><a href='https://github.com/carverauto/serviceradar/pull/1703/files#diff-0e4db31c224a8f72ae8e870a849e38a59d74a2c7f7b04347b0b3eb07e20c5a80R163-R187'>BUILD.bazel [163-187]</a></strong><br> <details open><summary>Referred Code</summary> ```txt set -euo pipefail APK=$(location @alpine_readline_apk//file) TMP=$(@D)/readline_extract rm -rf "$${TMP}" mkdir -p "$${TMP}/extracted" "$${TMP}/rootfs" tar -xzf "$${APK}" -C "$${TMP}/extracted" DATA_TAR=`find "$${TMP}/extracted" -maxdepth 1 -type f -name 'data.tar.*' -print -quit` if [ -n "$${DATA_TAR}" ]; then case "$${DATA_TAR}" in *.gz) tar -xzf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; *.xz) tar -xJf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; *.bz2) tar -xjf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; *) tar -xf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; esac else shopt -s nullglob for entry in "$${TMP}/extracted"/*; do base=`basename "$${entry}"` case "$${base}" in .SIGN*|.PKGINFO) continue ;; esac ... (clipped 4 lines) ``` </details></details></td></tr> <tr><td><details><summary><strong>External dependency pinning </strong></summary><br> <b>Description:</b> External binaries are fetched over HTTPS via hardcoded URLs; while SHA256 pinning is <br>present, there is no redundancy or signature verification, posing a potential supply-chain <br>risk if the mirror is compromised.<br> <strong><a href='https://github.com/carverauto/serviceradar/pull/1703/files#diff-6136fc12446089c3db7360e923203dd114b6a1466252e71667c6791c20fe6bdcR796-R818'>MODULE.bazel [796-818]</a></strong><br> <details open><summary>Referred Code</summary> ```txt http_file( name = "alpine_readline_apk", sha256 = "177b9c76718d0a12cd1c27f2a3e422341ad93259ad56d77f55da712563049aed", urls = [ "https://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/readline-8.2.10-r0.apk", ], ) http_file( name = "alpine_libncursesw_apk", sha256 = "db40dff96b7bb668257e45a5d14cab346bdfc7992598d5c51ee64dfc4ad014d5", urls = [ "https://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/libncursesw-6.4_p20240420-r2.apk", ], ) http_file( name = "alpine_ncurses_terminfo_base_apk", sha256 = "555948e6b67d4bddc213673843a63bbd3d30548133bdff8aff9e66988285ae7e", urls = [ "https://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/ncurses-terminfo-base-6.4_p20240420-r2.apk", ... (clipped 2 lines) ``` </details></details></td></tr> <tr><td colspan='2'><strong>Ticket Compliance</strong></td></tr> <tr><td>⚪</td><td><details><summary>🎫 <strong>No ticket provided </summary></strong> - [ ] Create ticket/issue  </details></td></tr> <tr><td colspan='2'><strong>Codebase Duplication Compliance</strong></td></tr> <tr><td>⚪</td><td><details><summary><strong>Codebase context is not defined </strong></summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/core-abilities/rag_context_enrichment/'>guide</a> to enable codebase context checks. </details></td></tr> <tr><td colspan='2'><strong>Custom Compliance</strong></td></tr> <tr><td>⚪</td><td><details><summary><strong>No custom compliance provided</strong></summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/'>guide</a> to enable custom compliance check. </details></td></tr> <tr><td align="center" colspan="2">   </td></tr></tbody></table> <details><summary>Compliance status legend</summary> 🟢 - Fully Compliant<br> 🟡 - Partial Compliant<br> 🔴 - Not Compliant<br> ⚪ - Requires Further Human Verification<br> 🏷️ - Compliance label<br> </details>

qodo-code-review[bot] commented

2025-10-05 17:21:46 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1703#issuecomment-3369198752
Original created: 2025-10-05T17:21:46Z

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
High-level	Abstract duplicated APK extraction logic Abstract the duplicated APK extraction logic from the three new `genrule`s into a single, reusable Bazel macro to improve code maintainability and readability. Examples: docker/images/BUILD.bazel [159-255] `name = "apk_readline_rootfs_amd64", srcs = ["@alpine_readline_apk//file"], outs = ["apk_readline_rootfs_amd64.tar"], cmd = """ set -euo pipefail APK=$(location @alpine_readline_apk//file) TMP=$(@D)/readline_extract rm -rf "$${TMP}" mkdir -p "$${TMP}/extracted" "$${TMP}/rootfs" tar -xzf "$${APK}" -C "$${TMP}/extracted" ... (clipped 87 lines)` Solution Walkthrough: Before: `# docker/images/BUILD.bazel genrule( name = "apk_readline_rootfs_amd64", srcs = ["@alpine_readline_apk//file"], outs = ["apk_readline_rootfs_amd64.tar"], cmd = """ # ... ~25 lines of duplicated shell script ... """, ) genrule( name = "apk_libncursesw_rootfs_amd64", srcs = ["@alpine_libncursesw_apk//file"], outs = ["apk_libncursesw_rootfs_amd64.tar"], cmd = """ # ... ~25 lines of duplicated shell script ... """, ) # ... and another for ncurses_terminfo_base` After: # tools/apk.bzl (new file) def apk_extractor(name, apk_label): native.genrule( name = name, srcs = [apk_label], outs = [f"{name}.tar"], cmd = """ # ... ~25 lines of parameterized shell script ... """, ) # docker/images/BUILD.bazel load("//tools:apk.bzl", "apk_extractor") apk_extractor( name = "apk_readline_rootfs_amd64", apk_label = "@alpine_readline_apk//file", ) apk_extractor( name = "apk_libncursesw_rootfs_amd64", apk_label = "@alpine_libncursesw_apk//file", ) # ... and another call for ncurses_terminfo_base Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies significant code duplication across three new `genrule`s and proposes a valid abstraction using a Bazel macro, which would greatly improve maintainability and readability.	Medium
General	Refactor duplicated logic into macro Refactor the three nearly identical `genrule` targets into a single Bazel macro to eliminate code duplication. The macro should be parameterized with the package-specific details. docker/images/BUILD.bazel [158-255] -genrule( - name = "apk_readline_rootfs_amd64", - srcs = ["@alpine_readline_apk//file"], - outs = ["apk_readline_rootfs_amd64.tar"], - cmd = """ +# It's recommended to place this macro in a separate .bzl file and load it. +# For example, in 'docker/images/apk.bzl' +def apk_rootfs(name, apk, tmp_dir_name): + native.genrule( + name = name, + srcs = [apk], + outs = [name + ".tar"], + cmd = """ set -euo pipefail -APK=$(location @alpine_readline_apk//file) -TMP=$(@D)/readline_extract +APK=$(location {apk}) +TMP=$(@D)/{tmp_dir_name} rm -rf "$${TMP}" mkdir -p "$${TMP}/extracted" "$${TMP}/rootfs" tar -xzf "$${APK}" -C "$${TMP}/extracted" DATA_TAR=`find "$${TMP}/extracted" -maxdepth 1 -type f -name 'data.tar.' -print -quit` if [ -n "$${DATA_TAR}" ]; then case "$${DATA_TAR}" in .gz) tar -xzf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; .xz) tar -xJf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; .bz2) tar -xjf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; ) tar -xf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; esac else shopt -s nullglob for entry in "$${TMP}/extracted"/; do base=`basename "$${entry}"` case "$${base}" in .SIGN\|.PKGINFO) continue ;; esac cp -a "$${entry}" "$${TMP}/rootfs/" done fi tar -czf "$@" -C "$${TMP}/rootfs" . -""", +""".format(apk = apk, tmp_dir_name = tmp_dir_name), + ) + +# In BUILD.bazel, after loading the macro: +# load("//docker/images:apk.bzl", "apk_rootfs") + +apk_rootfs( + name = "apk_readline_rootfs_amd64", + apk = "@alpine_readline_apk//file", + tmp_dir_name = "readline_extract", ) -genrule( +apk_rootfs( name = "apk_libncursesw_rootfs_amd64", - srcs = ["@alpine_libncursesw_apk//file"], - outs = ["apk_libncursesw_rootfs_amd64.tar"], - cmd = """ -set -euo pipefail -APK=$(location @alpine_libncursesw_apk//file) -TMP=$(@D)/libncursesw_extract -rm -rf "$${TMP}" -mkdir -p "$${TMP}/extracted" "$${TMP}/rootfs" -tar -xzf "$${APK}" -C "$${TMP}/extracted" -DATA_TAR=`find "$${TMP}/extracted" -maxdepth 1 -type f -name 'data.tar.' -print -quit` -if [ -n "$${DATA_TAR}" ]; then - case "$${DATA_TAR}" in - .gz) tar -xzf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; - .xz) tar -xJf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; - .bz2) tar -xjf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; - ) tar -xf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; - esac -else - shopt -s nullglob - for entry in "$${TMP}/extracted"/; do - base=`basename "$${entry}"` - case "$${base}" in - .SIGN\|.PKGINFO) continue ;; - esac - cp -a "$${entry}" "$${TMP}/rootfs/" - done -fi -tar -czf "$@" -C "$${TMP}/rootfs" . -""", + apk = "@alpine_libncursesw_apk//file", + tmp_dir_name = "libncursesw_extract", ) -genrule( +apk_rootfs( name = "apk_ncurses_terminfo_base_rootfs_amd64", - srcs = ["@alpine_ncurses_terminfo_base_apk//file"], - outs = ["apk_ncurses_terminfo_base_rootfs_amd64.tar"], - cmd = """ -set -euo pipefail -APK=$(location @alpine_ncurses_terminfo_base_apk//file) -TMP=$(@D)/ncurses_terminfo_base_extract -rm -rf "$${TMP}" -mkdir -p "$${TMP}/extracted" "$${TMP}/rootfs" -tar -xzf "$${APK}" -C "$${TMP}/extracted" -DATA_TAR=`find "$${TMP}/extracted" -maxdepth 1 -type f -name 'data.tar.' -print -quit` -if [ -n "$${DATA_TAR}" ]; then - case "$${DATA_TAR}" in - .gz) tar -xzf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; - .xz) tar -xJf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; - .bz2) tar -xjf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; - ) tar -xf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; - esac -else - shopt -s nullglob - for entry in "$${TMP}/extracted"/; do - base=`basename "$${entry}"` - case "$${base}" in - .SIGN\|.PKGINFO) continue ;; - esac - cp -a "$${entry}" "$${TMP}/rootfs/" - done -fi -tar -czf "$@" -C "$${TMP}/rootfs" . -""", + apk = "@alpine_ncurses_terminfo_base_apk//file", + tmp_dir_name = "ncurses_terminfo_base_extract", ) Apply / Chat* Suggestion importance[1-10]: 7 __ Why: The suggestion correctly identifies significant code duplication across three new `genrule` targets and proposes an idiomatic solution using a Bazel macro, which greatly improves code maintainability and readability.	Medium
More

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/1703#issuecomment-3369198752 Original created: 2025-10-05T17:21:46Z --- ## PR Code Suggestions ✨  Explore these optional code suggestions: <table><thead><tr><td><strong>Category</strong></td><td align=left><strong>Suggestion                                                                                                                                    </strong></td><td align=center><strong>Impact</strong></td></tr><tbody><tr><td rowspan=1>High-level</td> <td> <details><summary>Abstract duplicated APK extraction logic</summary> ___ **Abstract the duplicated APK extraction logic from the three new <code>genrule</code>s into a <br>single, reusable Bazel macro to improve code maintainability and readability.** ### Examples: <details> <summary> <a href="https://github.com/carverauto/serviceradar/pull/1703/files#diff-0e4db31c224a8f72ae8e870a849e38a59d74a2c7f7b04347b0b3eb07e20c5a80R159-R255">docker/images/BUILD.bazel [159-255]</a> </summary> ```starlark name = "apk_readline_rootfs_amd64", srcs = ["@alpine_readline_apk//file"], outs = ["apk_readline_rootfs_amd64.tar"], cmd = """ set -euo pipefail APK=$(location @alpine_readline_apk//file) TMP=$(@D)/readline_extract rm -rf "$${TMP}" mkdir -p "$${TMP}/extracted" "$${TMP}/rootfs" tar -xzf "$${APK}" -C "$${TMP}/extracted" ... (clipped 87 lines) ``` </details> ### Solution Walkthrough: #### Before: ```starlark # docker/images/BUILD.bazel genrule( name = "apk_readline_rootfs_amd64", srcs = ["@alpine_readline_apk//file"], outs = ["apk_readline_rootfs_amd64.tar"], cmd = """ # ... ~25 lines of duplicated shell script ... """, ) genrule( name = "apk_libncursesw_rootfs_amd64", srcs = ["@alpine_libncursesw_apk//file"], outs = ["apk_libncursesw_rootfs_amd64.tar"], cmd = """ # ... ~25 lines of duplicated shell script ... """, ) # ... and another for ncurses_terminfo_base ``` #### After: ```starlark # tools/apk.bzl (new file) def apk_extractor(name, apk_label): native.genrule( name = name, srcs = [apk_label], outs = [f"{name}.tar"], cmd = """ # ... ~25 lines of parameterized shell script ... """, ) # docker/images/BUILD.bazel load("//tools:apk.bzl", "apk_extractor") apk_extractor( name = "apk_readline_rootfs_amd64", apk_label = "@alpine_readline_apk//file", ) apk_extractor( name = "apk_libncursesw_rootfs_amd64", apk_label = "@alpine_libncursesw_apk//file", ) # ... and another call for ncurses_terminfo_base ``` <details><summary>Suggestion importance[1-10]: 8</summary> __ Why: The suggestion correctly identifies significant code duplication across three new `genrule`s and proposes a valid abstraction using a Bazel macro, which would greatly improve maintainability and readability. </details></details></td><td align=center>Medium </td></tr><tr><td rowspan=1>General</td> <td> <details><summary>Refactor duplicated logic into macro</summary> ___ **Refactor the three nearly identical <code>genrule</code> targets into a single Bazel macro to <br>eliminate code duplication. The macro should be parameterized with the <br>package-specific details.** [docker/images/BUILD.bazel [158-255]](https://github.com/carverauto/serviceradar/pull/1703/files#diff-0e4db31c224a8f72ae8e870a849e38a59d74a2c7f7b04347b0b3eb07e20c5a80R158-R255) ```diff -genrule( - name = "apk_readline_rootfs_amd64", - srcs = ["@alpine_readline_apk//file"], - outs = ["apk_readline_rootfs_amd64.tar"], - cmd = """ +# It's recommended to place this macro in a separate .bzl file and load it. +# For example, in 'docker/images/apk.bzl' +def apk_rootfs(name, apk, tmp_dir_name): + native.genrule( + name = name, + srcs = [apk], + outs = [name + ".tar"], + cmd = """ set -euo pipefail -APK=$(location @alpine_readline_apk//file) -TMP=$(@D)/readline_extract +APK=$(location {apk}) +TMP=$(@D)/{tmp_dir_name} rm -rf "$${TMP}" mkdir -p "$${TMP}/extracted" "$${TMP}/rootfs" tar -xzf "$${APK}" -C "$${TMP}/extracted" DATA_TAR=`find "$${TMP}/extracted" -maxdepth 1 -type f -name 'data.tar.*' -print -quit` if [ -n "$${DATA_TAR}" ]; then case "$${DATA_TAR}" in *.gz) tar -xzf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; *.xz) tar -xJf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; *.bz2) tar -xjf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; *) tar -xf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; esac else shopt -s nullglob for entry in "$${TMP}/extracted"/*; do base=`basename "$${entry}"` case "$${base}" in .SIGN*|.PKGINFO) continue ;; esac cp -a "$${entry}" "$${TMP}/rootfs/" done fi tar -czf "$@" -C "$${TMP}/rootfs" . -""", +""".format(apk = apk, tmp_dir_name = tmp_dir_name), + ) + +# In BUILD.bazel, after loading the macro: +# load("//docker/images:apk.bzl", "apk_rootfs") + +apk_rootfs( + name = "apk_readline_rootfs_amd64", + apk = "@alpine_readline_apk//file", + tmp_dir_name = "readline_extract", ) -genrule( +apk_rootfs( name = "apk_libncursesw_rootfs_amd64", - srcs = ["@alpine_libncursesw_apk//file"], - outs = ["apk_libncursesw_rootfs_amd64.tar"], - cmd = """ -set -euo pipefail -APK=$(location @alpine_libncursesw_apk//file) -TMP=$(@D)/libncursesw_extract -rm -rf "$${TMP}" -mkdir -p "$${TMP}/extracted" "$${TMP}/rootfs" -tar -xzf "$${APK}" -C "$${TMP}/extracted" -DATA_TAR=`find "$${TMP}/extracted" -maxdepth 1 -type f -name 'data.tar.*' -print -quit` -if [ -n "$${DATA_TAR}" ]; then - case "$${DATA_TAR}" in - *.gz) tar -xzf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; - *.xz) tar -xJf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; - *.bz2) tar -xjf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; - *) tar -xf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; - esac -else - shopt -s nullglob - for entry in "$${TMP}/extracted"/*; do - base=`basename "$${entry}"` - case "$${base}" in - .SIGN*|.PKGINFO) continue ;; - esac - cp -a "$${entry}" "$${TMP}/rootfs/" - done -fi -tar -czf "$@" -C "$${TMP}/rootfs" . -""", + apk = "@alpine_libncursesw_apk//file", + tmp_dir_name = "libncursesw_extract", ) -genrule( +apk_rootfs( name = "apk_ncurses_terminfo_base_rootfs_amd64", - srcs = ["@alpine_ncurses_terminfo_base_apk//file"], - outs = ["apk_ncurses_terminfo_base_rootfs_amd64.tar"], - cmd = """ -set -euo pipefail -APK=$(location @alpine_ncurses_terminfo_base_apk//file) -TMP=$(@D)/ncurses_terminfo_base_extract -rm -rf "$${TMP}" -mkdir -p "$${TMP}/extracted" "$${TMP}/rootfs" -tar -xzf "$${APK}" -C "$${TMP}/extracted" -DATA_TAR=`find "$${TMP}/extracted" -maxdepth 1 -type f -name 'data.tar.*' -print -quit` -if [ -n "$${DATA_TAR}" ]; then - case "$${DATA_TAR}" in - *.gz) tar -xzf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; - *.xz) tar -xJf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; - *.bz2) tar -xjf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; - *) tar -xf "$${DATA_TAR}" -C "$${TMP}/rootfs" ;; - esac -else - shopt -s nullglob - for entry in "$${TMP}/extracted"/*; do - base=`basename "$${entry}"` - case "$${base}" in - .SIGN*|.PKGINFO) continue ;; - esac - cp -a "$${entry}" "$${TMP}/rootfs/" - done -fi -tar -czf "$@" -C "$${TMP}/rootfs" . -""", + apk = "@alpine_ncurses_terminfo_base_apk//file", + tmp_dir_name = "ncurses_terminfo_base_extract", ) ``` - [ ] **Apply / Chat**  <details><summary>Suggestion importance[1-10]: 7</summary> __ Why: The suggestion correctly identifies significant code duplication across three new `genrule` targets and proposes an idiomatic solution using a Bazel macro, which greatly improves code maintainability and readability. </details></details></td><td align=center>Medium </td></tr> <tr><td align="center" colspan="2"> - [ ] More  </td><td></td></tr></tbody></table>