treewide: Add remote execution support
This adds support for remote execution by adding a target to build
a sandbox OCI image.
Change-Id: I848f705b7ea7311e20945ee8676cc7a52c8c33aa
Reviewed-on: https://review.monogon.dev/c/monogon/+/3783
Reviewed-by: Leopold Schabel <leo@monogon.tech>
Tested-by: Jenkins CI
diff --git a/build/remote_worker/BUILD.bazel b/build/remote_worker/BUILD.bazel
new file mode 100644
index 0000000..742d684
--- /dev/null
+++ b/build/remote_worker/BUILD.bazel
@@ -0,0 +1,59 @@
+load("@aspect_bazel_lib//lib:expand_template.bzl", "expand_template")
+load("@bazel_skylib//rules:write_file.bzl", "write_file")
+load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push")
+load("@rules_pkg//pkg:mappings.bzl", "pkg_mklink")
+load("@rules_pkg//pkg:tar.bzl", "pkg_tar")
+
+# Because bazeldnf writes multiple files when using their symlink feature,
+# we have to do them manually with a second layer.
+# https://github.com/rmohr/bazeldnf/issues/88
+pkg_mklink(
+ name = "ld-link",
+ link_name = "usr/bin/ld",
+ target = "/usr/bin/ld.bfd",
+)
+
+pkg_tar(
+ name = "links",
+ srcs = [
+ ":ld-link",
+ ],
+)
+
+oci_image(
+ name = "remote_worker_image",
+ base = "@distroless_base",
+ entrypoint = [],
+ tags = ["no-remote"],
+ tars = [
+ "//third_party/sandboxroot:sandbox",
+ ":links",
+ ],
+ visibility = ["//visibility:private"],
+ workdir = "/root",
+)
+
+write_file(
+ name = "tags_tmpl",
+ out = "tags.txt.tmpl",
+ content = [
+ "BUILD_VERSION",
+ ],
+)
+
+# Use the value of --embed_label under --stamp, otherwise use a deterministic constant
+# value to ensure cache hits for actions that depend on this.
+expand_template(
+ name = "stamped",
+ out = "_stamped.tags.txt",
+ stamp_substitutions = {"BUILD_VERSION": "{{STABLE_MONOGON_metropolis_version}}"},
+ substitutions = {"BUILD_VERSION": "0.0.0"},
+ template = "tags_tmpl",
+)
+
+oci_push(
+ name = "remote_worker_push",
+ image = ":remote_worker_image",
+ remote_tags = ":stamped",
+ repository = "gcr.io/monogon-infra/sandbox",
+)