Updating module dependencies to newer versions (#17)

* Updating module dependencies to newer versions * Updating documentation * Retiring tarball as rules_OCI has retired it * Debugging issues with new skydoc version
ihavespoons · Dec 9, 2024 · afea6c6 · afea6c6
1 parent 7378477
commit afea6c6
Show file tree

Hide file tree

Showing 8 changed files with 17 additions and 53 deletions.
diff --git a/MODULE.bazel b/MODULE.bazel
@@ -7,8 +7,8 @@ module(
 )
 
 bazel_dep(name = "aspect_bazel_lib", version = "2.7.3")
-bazel_dep(name = "bazel_skylib", version = "1.6.1")
+bazel_dep(name = "bazel_skylib", version = "1.7.1")
 bazel_dep(name = "platforms", version = "0.0.10")
 
-bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True)
+bazel_dep(name = "buildifier_prebuilt", version = "7.3.1", dev_dependency = True)
 bazel_dep(name = "stardoc", version = "0.6.2", dev_dependency = True)
diff --git a/README.md b/README.md
@@ -19,7 +19,7 @@ The public API is outlined below. It is currently barebones with more features b
 
 ## Syft
 
-- [syft_sbom](docs/syft_sbom.md) - Generate an SBOM from a provided tarball
+- [syft_sbom](docs/syft_sbom.md) - Generate an SBOM from a provided oci_image
 
 ## Grype
 - [grype_report](docs/grype_report.md) - Generate CVE Report for an syft_sbom using grype binary that is pulled as a toolchain.

diff --git a/docs/multiarch-example.md b/docs/multiarch-example.md
diff --git a/docs/syft_sbom.md b/docs/syft_sbom.md
diff --git a/e2e/grype_database_name/MODULE.bazel b/e2e/grype_database_name/MODULE.bazel
@@ -5,8 +5,8 @@ module(
 )
 
 # Dependencies
-bazel_dep(name = "bazel_skylib", version = "1.6.1", dev_dependency = True)
-bazel_dep(name = "rules_oci", version = "1.7.5", dev_dependency = True)
+bazel_dep(name = "bazel_skylib", version = "1.7.1", dev_dependency = True)
+bazel_dep(name = "rules_oci", version = "2.0.1", dev_dependency = True)
 bazel_dep(name = "rules_syft", version = "0.0.0", dev_dependency = True)
 
 # Override for local testing

diff --git a/e2e/smoke/BUILD b/e2e/smoke/BUILD
@@ -1,5 +1,5 @@
 load("@bazel_skylib//rules:build_test.bzl", "build_test")
-load("@rules_oci//oci:defs.bzl", "oci_image", "oci_tarball")
+load("@rules_oci//oci:defs.bzl", "oci_image")
 load("@rules_syft//grype:defs.bzl", "grype_report", "grype_test")
 load("@rules_syft//syft:defs.bzl", "syft_sbom")
 
@@ -8,12 +8,6 @@ oci_image(
     base = "@ubuntu",
 )
 
-oci_tarball(
-    name = "tarball",
-    image = ":image",
-    repo_tags = [],
-)
-
 syft_sbom(
     name = "sbom_pulled",
     image = "@ubuntu",
@@ -24,11 +18,6 @@ syft_sbom(
     image = ":image",
 )
 
-syft_sbom(
-    name = "sbom_tarball",
-    image = ":tarball",
-)
-
 grype_report(
     name = "cve_report_pulled",
     database = "@grype_database",
@@ -57,7 +46,6 @@ build_test(
     targets = [
         ":sbom_pulled",
         ":sbom_image",
-        ":sbom_tarball",
         ":cve_report_pulled",
         ":cve_test_pulled",
     ],

diff --git a/e2e/smoke/MODULE.bazel b/e2e/smoke/MODULE.bazel
@@ -5,8 +5,8 @@ module(
 )
 
 # Dependencies
-bazel_dep(name = "bazel_skylib", version = "1.6.1", dev_dependency = True)
-bazel_dep(name = "rules_oci", version = "1.7.5", dev_dependency = True)
+bazel_dep(name = "bazel_skylib", version = "1.7.1", dev_dependency = True)
+bazel_dep(name = "rules_oci", version = "2.0.1", dev_dependency = True)
 bazel_dep(name = "rules_syft", version = "0.0.0", dev_dependency = True)
 
 # Override for local testing

diff --git a/syft/private/generate.bzl b/syft/private/generate.bzl
@@ -3,29 +3,23 @@
 load("//syft:providers.bzl", "SyftSbomInfo")
 load("//syft/private:file_mappings.bzl", "FILE_MAPPINGS")
 
-_DOC = """Generate SBOM for an oci_tarball or oci_image using syft binary that is pulled as a toolchain.
+_DOC = """Generate SBOM for an oci_image using syft binary that is pulled as a toolchain.
 
 ```starlark
 oci_image(
     name = "image"
 )
 
-oci_tarball(
-    name = "image_tarball",
-    image = ":image",
-    repo_tags = []
-)
-
 syft_sbom(
     name = "generate_sbom",
-    image = ":image_tarball"
+    image = ":image"
 )
 ```
 """
 
 _attrs = {
     "image": attr.label(
-        doc = "Label to an oci_tarball or oci_image directory",
+        doc = "Label to an oci_image directory",
         allow_single_file = True,
         mandatory = True,
     ),
@@ -52,7 +46,7 @@ output:
 
 def syft_sbom_impl(ctx):
     """
-    Implementation for generating SBOM for an oci_tarball or oci_image using syft binary that is pulled as a toolchain.
+    Implementation for generating SBOM for an oci_image using syft binary that is pulled as a toolchain.
 
     Args:
         ctx: action context