🚀 feature request

Relevant Rules

py_binary

Description

With a similar motivation as #691, we would like to package a py_binary (including runfiles) into an oci_image and run it within a minimum base image like distroless_base in order to minimize the attack surface. This does not come with a shell and other tools which are required by #1929 so this unfortunately doesn't help us.

Describe the solution you'd like

Use a statically linked executable as loader.

Describe alternatives you've considered

Add more stuff to the base image. This is suboptimal as this does not only increase the size but also the attack surface.