)]}'
{
  "commit": "2983d7285fe019f943f1b722f26a0f2e959c5f80",
  "tree": "f6b5056682bef41597d02347dff0d523916d196f",
  "parents": [
    "e28e1b3556feb786c71f161b357fcf6899e44c19"
  ],
  "author": {
    "name": "Leopold Schabel",
    "email": "leo@nexantic.com",
    "time": "Wed Oct 23 12:16:42 2019 +0200"
  },
  "committer": {
    "name": "Leopold Schabel",
    "email": "leo@nexantic.com",
    "time": "Wed Oct 23 12:16:42 2019 +0200"
  },
  "message": "Improve Bazel Fedora build container handling and cache repository downloads\n\nAdds lifecycle management scripts for the dev container and a \"bazel\" wrapper script, which sets container-only startup options.\n\nReplaces /dev/null bind mounts by SELinux contexts for container breakup prevention, since newer podman versions managed to somehow break the ordering of mounts and mounting on top of a volume gives ENOENT. This requires a placeholder .arcconfig.\n\nOn Fedora, SELinux prevents the container from accessing /dev/kvm, which requires a custom policy (see rWa716c988d69e).\n\nDesign considerations:\n\n- The build cache is on a tmpfs. This avoids fuse-overlayfs overhead. If the container is recreated, we want to drop the build cache - Bazel does not track ambient dependencies, so we do not know if we need to rebuild anything (like after upgrading a compiler).\n\n- The repository cache contains just workspace dependencies and is mounted as a volume.\n\nThe repository caches does not work terribly well yet, we probably need to mount parts ~/.cache/bazel as well. podman always mounts volumes as noexec, so this is not as straight-forward as it looks.\n\nTest Plan:\nRan the commands from the README as my unprivileged workstation user.\nSmalltown was built and launched successfully.\n\nX-Origin-Diff: phab/D198\nGitOrigin-RevId: aff720d2862cdf5d1df67813d842d221d69a84c0\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "4fa5e8f57646867316aefbaddd5a22a6486d381e",
      "old_mode": 33188,
      "old_path": "README.md",
      "new_id": "303b6025039d3420574272bd9a7cc5179e477300",
      "new_mode": 33188,
      "new_path": "README.md"
    },
    {
      "type": "add",
      "old_id": "0000000000000000000000000000000000000000",
      "old_mode": 0,
      "old_path": "/dev/null",
      "new_id": "799edd80ecbfdbf28456ee0ad5f0a27e8b891818",
      "new_mode": 33261,
      "new_path": "scripts/bin/bazel"
    },
    {
      "type": "add",
      "old_id": "0000000000000000000000000000000000000000",
      "old_mode": 0,
      "old_path": "/dev/null",
      "new_id": "6d284a1988a355db2c697e06751421c8ee3eae86",
      "new_mode": 33261,
      "new_path": "scripts/create_container.sh"
    },
    {
      "type": "add",
      "old_id": "0000000000000000000000000000000000000000",
      "old_mode": 0,
      "old_path": "/dev/null",
      "new_id": "13fefe3af6c6894f897861af5132960976016bcd",
      "new_mode": 33261,
      "new_path": "scripts/destroy_container.sh"
    },
    {
      "type": "add",
      "old_id": "0000000000000000000000000000000000000000",
      "old_mode": 0,
      "old_path": "/dev/null",
      "new_id": "8b60bd69ad31028a5abd7925a421368daa0a3db2",
      "new_mode": 33261,
      "new_path": "scripts/run_in_container.sh"
    }
  ]
}