gvisor.dev/gvisor@v0.0.0-20240520182842-f9d4d51c7e0f/website/BUILD (about) 1 load("//images:defs.bzl", "docker_image") 2 load("//tools:defs.bzl", "bzl_library", "pkg_tar") 3 load("//website:defs.bzl", "doc", "docs") 4 5 package( 6 default_applicable_licenses = ["//:license"], 7 licenses = ["notice"], 8 ) 9 10 docker_image( 11 name = "website", 12 data = ":files", 13 statements = [ 14 "EXPOSE 8080/tcp", 15 'ENTRYPOINT ["/server"]', 16 ], 17 tags = [ 18 "local", 19 "manual", 20 "no-sandbox", 21 ], 22 ) 23 24 # files is the full file system of the generated container. 25 # 26 # It must collect the all tarballs (produced by the rules below), and run it 27 # through the Dockerfile to generate the site. Note that this checks all links, 28 # and therefore requires all static content to be present as well. 29 # 30 # Note that this rule violates most aspects of hermetic builds. However, this 31 # works much more reliably than depending on the container_image rules from 32 # bazel itself, which are convoluted and seem to have a hard time even finding 33 # the toolchain. 34 genrule( 35 name = "files", 36 srcs = [ 37 ":config", 38 ":css", 39 ":docs", 40 ":static", 41 ":syscallmd", 42 "//website/blog:posts", 43 "//website/cmd/server", 44 "@google_root_pem//file", 45 ], 46 outs = ["files.tgz"], 47 cmd = "set -x; " + 48 "T=$$(mktemp -d); " + 49 "mkdir -p $$T/input && " + 50 "mkdir -p $$T/output/_site && " + 51 "tar -xf $(location :config) -C $$T/input && " + 52 "tar -xf $(location :css) -C $$T/input && " + 53 "tar -xf $(location :docs) -C $$T/input && " + 54 "tar -xf $(location :syscallmd) -C $$T/input && " + 55 "tar -xf $(location //website/blog:posts) -C $$T/input && " + 56 "find $$T/input -type f -exec chmod u+rw {} \\; && " + 57 "docker run -i --user $$(id -u):$$(id -g) " + 58 "-v $$(readlink -m $$T/input):/input " + 59 "-v $$(readlink -m $$T/output/_site):/output " + 60 "gvisor.dev/images/jekyll && " + 61 "tar -xf $(location :static) -C $$T/output/_site && " + 62 "docker run -i --user $$(id -u):$$(id -g) " + 63 "-v $$(readlink -m $$T/output/_site):/output " + 64 "gvisor.dev/images/jekyll " + 65 "ruby /checks.rb " + 66 "/output && " + 67 "cp $(location //website/cmd/server) $$T/output/server && " + 68 "mkdir -p $$T/output/etc/ssl && " + 69 "cp $(location @google_root_pem//file) $$T/output/etc/ssl/cert.pem && " + 70 "tar -zcf $@ -C $$T/output . && " + 71 "rm -rf $$T", 72 tags = [ 73 "local", 74 "manual", 75 "no-sandbox", 76 ], 77 ) 78 79 # static are the purely static parts of the site. These are effectively copied 80 # in after jekyll generates all the dynamic content. 81 pkg_tar( 82 name = "static", 83 srcs = [ 84 "archive.key", 85 ] + glob([ 86 "performance/**", 87 ]), 88 strip_prefix = "./", 89 ) 90 91 # main.scss requires front-matter to be processed. 92 genrule( 93 name = "css", 94 srcs = glob([ 95 "css/**", 96 ]), 97 outs = [ 98 "css.tar", 99 ], 100 cmd = "T=$$(mktemp -d); " + 101 "mkdir -p $$T/css && " + 102 "for file in $(SRCS); do " + 103 "echo -en '---\\n---\\n' > $$T/css/$$(basename $$file) && " + 104 "cat $$file >> $$T/css/$$(basename $$file); " + 105 "done && " + 106 "tar -C $$T -czf $@ . && " + 107 "rm -rf $$T", 108 ) 109 110 # config is "mostly" static content. These are parts of the site that are 111 # present when jekyll runs, but are not dynamically generated. 112 pkg_tar( 113 name = "config", 114 srcs = [ 115 "_config.yml", 116 ":css", 117 "//website/blog:index.html", 118 "//website/users:index.html", 119 ] + glob([ 120 "assets/**", 121 "_includes/**", 122 "_layouts/**", 123 "_plugins/**", 124 "_sass/**", 125 ]), 126 strip_prefix = "./", 127 ) 128 129 # index is the index file. 130 doc( 131 name = "index", 132 src = "index.md", 133 layout = "base", 134 permalink = "/", 135 ) 136 137 # docs is the dynamic content of the site. 138 docs( 139 name = "docs", 140 deps = [ 141 ":index", 142 "//:code_of_conduct", 143 "//:contributing", 144 "//:governance", 145 "//:security", 146 "//g3doc:community", 147 "//g3doc:index", 148 "//g3doc:roadmap", 149 "//g3doc:style", 150 "//g3doc/architecture_guide:performance", 151 "//g3doc/architecture_guide:platforms", 152 "//g3doc/architecture_guide:resources", 153 "//g3doc/architecture_guide:security", 154 "//g3doc/proposals:gsoc_2021", 155 "//g3doc/user_guide:FAQ", 156 "//g3doc/user_guide:checkpoint_restore", 157 "//g3doc/user_guide:compatibility", 158 "//g3doc/user_guide:debugging", 159 "//g3doc/user_guide:filesystem", 160 "//g3doc/user_guide:gpu", 161 "//g3doc/user_guide:install", 162 "//g3doc/user_guide:networking", 163 "//g3doc/user_guide:observability", 164 "//g3doc/user_guide:platforms", 165 "//g3doc/user_guide:production", 166 "//g3doc/user_guide:runtime_monitoring", 167 "//g3doc/user_guide/containerd:configuration", 168 "//g3doc/user_guide/containerd:containerd_11", 169 "//g3doc/user_guide/containerd:quick_start", 170 "//g3doc/user_guide/quick_start:docker", 171 "//g3doc/user_guide/quick_start:kubernetes", 172 "//g3doc/user_guide/quick_start:oci", 173 "//g3doc/user_guide/tutorials:cni", 174 "//g3doc/user_guide/tutorials:docker", 175 "//g3doc/user_guide/tutorials:docker_compose", 176 "//g3doc/user_guide/tutorials:docker_in_gke_sandbox", 177 "//g3doc/user_guide/tutorials:docker_in_gvisor", 178 "//g3doc/user_guide/tutorials:falco", 179 "//g3doc/user_guide/tutorials:knative", 180 "//g3doc/user_guide/tutorials:kubernetes", 181 ], 182 ) 183 184 # Generate JSON for system call tables 185 genrule( 186 name = "syscalljson", 187 outs = ["syscalls.json"], 188 cmd = "$(location //runsc) -- help syscalls -format json -filename $@", 189 tools = ["//runsc"], 190 ) 191 192 # Generate markdown from the json dump. 193 genrule( 194 name = "syscallmd", 195 srcs = [":syscalljson"], 196 outs = ["syscallsmd"], 197 cmd = "T=$$(mktemp -d) && " + 198 "$(location //website/cmd/syscalldocs) -in $< -out $$T && " + 199 "tar -C $$T -czf $@ . && " + 200 "rm -rf $$T", 201 tools = ["//website/cmd/syscalldocs"], 202 ) 203 204 bzl_library( 205 name = "defs_bzl", 206 srcs = ["defs.bzl"], 207 visibility = ["//visibility:private"], 208 )