feat: setup ca-certificates and build images with steiger

Author: dmeijboom

.github/workflows/build.yml

@@ -23,22 +23,16 @@ jobs:
         run: |
           echo "${{ secrets.BUILDBUDDY_BAZELRC }}" > .bazelrc.user &&
             echo "build --compilation_mode=opt" >> .bazelrc.user
-      - name: Set up Docker Context for Buildx
-        id: buildx-context
-        run: docker context create builders || true
+      - name: Setup Steiger
+        run: |
+          curl -Lo steiger https://github.com/brainhivenl/steiger/releases/download/v0.0.1/steiger-x86_64-unknown-linux-gnu &&
+            sudo install steiger /usr/local/bin/ &&
+            rm steiger
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Push image [nginx]
-        run: bazel run nginx:push -- -t latest -r ghcr.io/brainpodnl/distroless-php/nginx
-      - name: Push image [php-fpm:7.2]
-        run: bazel run php:php-fpm-7.2_push -- -t 7.2 -r ghcr.io/brainpodnl/distroless-php/php-fpm
-      - name: Push image [php-fpm:7.4]
-        run: bazel run php:php-fpm-7.4_push -- -t 7.4 -r ghcr.io/brainpodnl/distroless-php/php-fpm
-      - name: Push image [php-fpm:8.3]
-        run: bazel run php:php-fpm-8.3_push -- -t 8.3 -r ghcr.io/brainpodnl/distroless-php/php-fpm
-      - name: Push image [php-fpm:8.4]
-        run: bazel run php:php-fpm-8.4_push -- -t 8.4 -r ghcr.io/brainpodnl/distroless-php/php-fpm
+      - name: Build and push
+        run: steiger build --repo ghcr.io/brainpodnl/distroless-php

MODULE.bazel

@@ -4,17 +4,17 @@ module(name = "distroless-php")
 
 bazel_dep(name = "rules_oci", version = "2.2.6")
 bazel_dep(name = "rules_pkg", version = "1.1.0")
-bazel_dep(name = "platforms", version = "0.0.11")
+bazel_dep(name = "platforms", version = "1.0.0")
 bazel_dep(name = "toolchains_llvm", version = "1.4.0")
-bazel_dep(name = "rules_distroless", version = "0.4.2")
-bazel_dep(name = "aspect_bazel_lib", version = "2.16.0")
-bazel_dep(name = "chrome-linux-sysroot", version = "0.0.1")
+bazel_dep(name = "rules_distroless", version = "0.5.3")
+bazel_dep(name = "aspect_bazel_lib", version = "2.21.1")
+bazel_dep(name = "chrome-linux-sysroot", version = "0.0.3")
 
-git_override(
-    module_name = "rules_distroless",
-    commit = "f994712f6bd573b3d50b207ae5fa3df077caed67",
-    remote = "https://github.com/GoogleContainerTools/rules_distroless.git",
-)
+# git_override(
+#     module_name = "rules_distroless",
+#     commit = "f994712f6bd573b3d50b207ae5fa3df077caed67",
+#     remote = "https://github.com/GoogleContainerTools/rules_distroless.git",
+# )
 
 PHP_VERSIONS = [
     "7.2",
@@ -23,6 +23,14 @@ PHP_VERSIONS = [
     "8.4",
 ]
 
+http_archive = use_repo_rule("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
+http_archive(
+    name = "ca-certificates",
+    build_file_content = 'exports_files(["data.tar.xz", "control.tar.xz"])',
+    sha256 = "ef590f89563aa4b46c8260d49d1cea0fc1b181d19e8df3782694706adf05c184",
+    urls = ["https://snapshot.debian.org/archive/debian/20250827T085636Z/pool/main/c/ca-certificates/ca-certificates_20250419_all.deb"],
+)
+
 llvm = use_extension("@toolchains_llvm//toolchain/extensions:llvm.bzl", "llvm")
 llvm.toolchain(
     name = "llvm_toolchain",