Bazel helper rules to aid with some of the steps needed to create a Linux /
Debian installation. These rules are designed to replace commands such as
apt-get install
, passwd
, groupadd
, useradd
, update-ca-certificates
.
Caution
rules_distroless
is currently in beta and does not yet offer a stable
Public API. However, many users are already successfully using it in
production environments. Check Adopters to see who's already
using it.
This ruleset is primarily funded to support Google's distroless
container
images. We may not work on feature requests that do not support this mission.
We will however accept fully tested contributions via pull requests if they
align with the project goals (e.g. add support for a different compression
format) and may reject requests that do not (e.g. supporting other packaging
formats other than .deb
).
Tip
There's limited maintainer time for this project, so we strongly encourage focused, small, and readable Pull Requests.
Note
If you are using Bazel 6 you need to enable Bzlmod by adding
common --enable_bzlmod
to .bazelrc
If you are using Bazel 7+
it's enabled by default.
Add the following to your MODULE.bazel
file:
bazel_dep(name = "rules_distroless", version = "0.3.9")
You can find the latest release version in the Bazel Central Registry.
If you want to use a specific commit (e.g. there are commits in main
that are
still not part of a release) you can use one of the few mechanisms that Bazel
provides to override repos.
You can use git_override
, archive_override
, etc (or
local_path_override
if you want to test a local patch):
bazel_dep(name = "rules_distroless", version = "0.3.9")
git_override(
module_name = "rules_distroless",
remote = "https://github.com/GoogleContainerTools/rules_distroless.git",
commit = "6ccc0307f618e67a9252bc6ce2112313c2c42b7f",
)
Warning
Bzlmod is replacing the legacy WORKSPACE
system. The WORKSPACE
file will
be disabled by default in Bazel 8 (late 2024) and will be completely removed
in Bazel 9 (late 2025). Please migrate to Bzlmod following the steps in the
Bzlmod migration guide.
You can find the latest release in the rules_distroless
Github releases
page.
The examples demonstrate how to accomplish typical tasks such as create a new user group or create a new home directory:
- groupadd
- passwd
- useradd --home
- update-ca-certificates
- keytool
- apt-get install from Debian repositories.
- apt-get install from Ubuntu repositories.
We also have distroless
-specific rules that could be useful:
- flatten: flatten multiple
tar
archives. - os_release: create an
/etc/os-release
file. - locale: strip
/usr/lib/locale
to be smaller. - dpkg_statusd: creates a
/var/lib/dpkg/status.d
package database for scanners to discover installed packages.
To read more specific documentation for each of the rules in the repo please check the following docs:
- apt: repository rule for installing Debian/Ubuntu packages.
- apt macro: legacy macro for installing Debian/Ubuntu packages.
- rules: various helper rules to aid with creating a Linux / Debian installation from scratch.
Tip
Are you using rules_distroless
? Please send us a Pull Request to add your
project or company name here!