Use rules distroless to build example container

This introduces the rules_distroless-based `oak_containers/app_base`,
and uses it to build the hello world example runtime bundle.

Bug: b/491930890
Change-Id: I838bba2e226a712bebe6b70ab9a43b886a6a6964

Author: jblebrun

MODULE.bazel

@@ -142,7 +142,7 @@ bazel_dep(name = "rules_nixpkgs_core", version = "0.13.0")
 nix_repos = use_extension("//bazel/nix:extensions.bzl", "nix_repos", dev_dependency = True)
 use_repo(nix_repos, "nix_linux_kernel", "nix_vanilla_linux_kernel")
 
-##### OCI
+##### Container Management
 
 bazel_dep(name = "rules_oci", version = "2.2.6")
 
@@ -170,6 +170,16 @@ use_repo(oak_toolchains, "oak_cc_toolchain_sysroot", "umoci")
 # On macOS, uses system-installed umoci (via Nix). See umoci_toolchain.bzl.
 register_toolchains("@umoci//:umoci_toolchain", "@umoci//:umoci_toolchain_darwin")
 
+bazel_dep(name = "rules_distroless", version = "0.6.1")
+
+apt = use_extension("@rules_distroless//apt:extensions.bzl", "apt")
+apt.install(
+    name = "oak_containers_app_base",
+    lock = "//oak_containers/app_base:app_base.lock.json",
+    manifest = "//oak_containers/app_base:app_base.yaml",
+)
+use_repo(apt, "oak_containers_app_base")
+
 # Run clang-tidy on C++ code with the following command:
 # bazel build //cc/... \
 #   --aspects=@bazel_clang_tidy//clang_tidy:clang_tidy.bzl%clang_tidy_aspect \

MODULE.bazel.lock

@@ -17,9 +17,7 @@
 load("@rules_cc//cc:cc_binary.bzl", "cc_binary")
 load("@rules_cc//cc:cc_library.bzl", "cc_library")
 load("@rules_cc//cc:cc_test.bzl", "cc_test")
-load("@rules_oci//oci:defs.bzl", "oci_image")
-load("@rules_pkg//pkg:tar.bzl", "pkg_tar")
-load("//bazel:defs.bzl", "oci_runtime_bundle")
+load("//oak_containers/app_base:defs.bzl", "app_bundle")
 
 package(licenses = ["notice"])
 
@@ -87,22 +85,9 @@ cc_binary(
     ],
 )
 
-pkg_tar(
-    name = "tar",
-    srcs = [":main"],
-    package_dir = "/usr/local/bin",
-)
-
-oci_image(
-    name = "image",
-    base = "@distroless_cc_debian12_linux_amd64",
-    entrypoint = ["/usr/local/bin/main"],
-    tars = [":tar"],
-)
-
-oci_runtime_bundle(
+app_bundle(
     name = "bundle",
-    image = ":image",
+    binary = ":main",
     visibility = [
         "//oak_containers/examples/hello_world/host_app:__subpackages__",
     ],