treewide: bump bazel dependencies
Change-Id: Iee54b3e74e914120ab8d644382afe40a3647ef4b
Reviewed-on: https://review.monogon.dev/c/monogon/+/3451
Tested-by: Jenkins CI
Reviewed-by: Serge Bazanski <serge@monogon.tech>
diff --git a/third_party/bazelrc/aspect/bazel7.bazelrc b/third_party/bazelrc/aspect/bazel7.bazelrc
index 212c26e..dbd40ee 100644
--- a/third_party/bazelrc/aspect/bazel7.bazelrc
+++ b/third_party/bazelrc/aspect/bazel7.bazelrc
@@ -1,8 +1,12 @@
# Speed up all builds by not checking if external repository files have been modified.
# Docs: https://github.com/bazelbuild/bazel/blob/1af61b21df99edc2fc66939cdf14449c2661f873/src/main/java/com/google/devtools/build/lib/bazel/repository/RepositoryOptions.java#L244
-build --noexperimental_check_external_repository_files
-fetch --noexperimental_check_external_repository_files
-query --noexperimental_check_external_repository_files
+common --noexperimental_check_external_repository_files
+
+# Don't report when the root module's lower bound for a dependency happens to be less than the resolved version.
+# This is expected and should NOT prompt an engineer to update our lower bound to match.
+# WARNING: For repository 'aspect_bazel_lib', the root module requires module version aspect_bazel_lib@1.30.2,
+# but got aspect_bazel_lib@1.31.2 in the resolved dependency graph.
+common --check_direct_dependencies=off
# Directories used by sandboxed non-worker execution may be reused to avoid unnecessary setup costs.
# Save time on Sandbox creation and deletion when many of the same kind of action run during the
diff --git a/third_party/bazelrc/aspect/convenience.bazelrc b/third_party/bazelrc/aspect/convenience.bazelrc
index c674569..796675a 100644
--- a/third_party/bazelrc/aspect/convenience.bazelrc
+++ b/third_party/bazelrc/aspect/convenience.bazelrc
@@ -3,7 +3,7 @@
build --keep_going
# Output test errors to stderr so users don't have to `cat` or open test failure log files when test
-# fail. This makes the log noiser in exchange for reducing the time-to-feedback on test failures for
+# fail. This makes the log noisier in exchange for reducing the time-to-feedback on test failures for
# users.
# Docs: https://bazel.build/docs/user-manual#test-output
test --test_output=errors
diff --git a/third_party/bazelrc/aspect/correctness.bazelrc b/third_party/bazelrc/aspect/correctness.bazelrc
index a599f6d..a146698 100644
--- a/third_party/bazelrc/aspect/correctness.bazelrc
+++ b/third_party/bazelrc/aspect/correctness.bazelrc
@@ -24,7 +24,7 @@
# Allow the Bazel server to check directory sources for changes. Ensures that the Bazel server
# notices when a directory changes, if you have a directory listed in the srcs of some target.
# Recommended when using
-# [copy_directory](https://github.com/aspect-build/bazel-lib/blob/main/docs/copy_directory.md) and
+# [copy_directory](https://github.com/bazel-contrib/bazel-lib/blob/main/docs/copy_directory.md) and
# [rules_js](https://github.com/aspect-build/rules_js) since npm package are source directories
# inputs to copy_directory actions.
# Docs: https://bazel.build/reference/command-line-reference#flag--host_jvm_args
@@ -68,7 +68,7 @@
common --incompatible_disallow_empty_glob
# Always download coverage files for tests from the remote cache. By default, coverage files are not
-# downloaded on test result cahce hits when --remote_download_minimal is enabled, making it impossible
+# downloaded on test result cache hits when --remote_download_minimal is enabled, making it impossible
# to generate a full coverage report.
# Docs: https://bazel.build/reference/command-line-reference#flag--experimental_fetch_all_coverage_outputs
# detching remote cache results
diff --git a/third_party/bazelrc/aspect/performance.bazelrc b/third_party/bazelrc/aspect/performance.bazelrc
index acc48c5..fa364a4 100644
--- a/third_party/bazelrc/aspect/performance.bazelrc
+++ b/third_party/bazelrc/aspect/performance.bazelrc
@@ -18,3 +18,12 @@
# author.
# Docs: https://bazel.build/reference/command-line-reference#flag--legacy_external_runfiles
build --nolegacy_external_runfiles
+
+# Avoid creating a runfiles tree for binaries or tests until it is needed.
+# Docs: https://bazel.build/reference/command-line-reference#flag--build_runfile_links
+# See https://github.com/bazelbuild/bazel/issues/6627
+#
+# This may break local workflows that `build` a binary target, then run the resulting program
+# outside of `bazel run`. In those cases, the script will need to call
+# `bazel build --build_runfile_links //my/binary:target` and then execute the resulting program.
+build --nobuild_runfile_links
diff --git a/third_party/gazelle/add-prepatching.patch b/third_party/gazelle/add-prepatching.patch
index fe2d31a..e4735c5 100644
--- a/third_party/gazelle/add-prepatching.patch
+++ b/third_party/gazelle/add-prepatching.patch
@@ -1,4 +1,4 @@
-From 914eedf51a7d636caa14c09554d1cf26fd87cb05 Mon Sep 17 00:00:00 2001
+From 6d876e488124d7f0f6d660164c112a1a5d375218 Mon Sep 17 00:00:00 2001
From: Tim Windelschmidt <tim@monogon.tech>
Date: Wed, 17 Jul 2024 18:27:41 +0200
Subject: [PATCH] Add support for prepatching
@@ -9,10 +9,10 @@
2 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/internal/bzlmod/go_deps.bzl b/internal/bzlmod/go_deps.bzl
-index e304ec5..778f3c3 100644
+index dcd0db3..7170506 100644
--- a/internal/bzlmod/go_deps.bzl
+++ b/internal/bzlmod/go_deps.bzl
-@@ -156,6 +156,9 @@ def _get_build_extra_args(path, gazelle_overrides, gazelle_default_attributes):
+@@ -159,6 +159,9 @@ def _get_build_extra_args(path, gazelle_overrides, gazelle_default_attributes):
def _get_patches(path, module_overrides):
return _get_override_or_default(module_overrides, struct(), {}, path, [], "patches")
@@ -22,7 +22,7 @@
def _get_patch_args(path, module_overrides):
override = _get_override_or_default(module_overrides, struct(), {}, path, None, "patch_strip")
return ["-p{}".format(override)] if override else []
-@@ -232,6 +235,7 @@ def _process_gazelle_override(gazelle_override_tag):
+@@ -235,6 +238,7 @@ def _process_gazelle_override(gazelle_override_tag):
def _process_module_override(module_override_tag):
return struct(
patches = module_override_tag.patches,
@@ -30,7 +30,7 @@
patch_strip = module_override_tag.patch_strip,
)
-@@ -240,6 +244,7 @@ def _process_archive_override(archive_override_tag):
+@@ -243,6 +247,7 @@ def _process_archive_override(archive_override_tag):
urls = archive_override_tag.urls,
sha256 = archive_override_tag.sha256,
strip_prefix = archive_override_tag.strip_prefix,
@@ -38,7 +38,7 @@
patches = archive_override_tag.patches,
patch_strip = archive_override_tag.patch_strip,
)
-@@ -605,6 +610,7 @@ def _go_deps_impl(module_ctx):
+@@ -611,6 +616,7 @@ def _go_deps_impl(module_ctx):
"build_directives": _get_directives(path, gazelle_overrides, gazelle_default_attributes),
"build_file_generation": _get_build_file_generation(path, gazelle_overrides, gazelle_default_attributes),
"build_extra_args": _get_build_extra_args(path, gazelle_overrides, gazelle_default_attributes),
@@ -46,7 +46,7 @@
"patches": _get_patches(path, module_overrides),
"patch_args": _get_patch_args(path, module_overrides),
"debug_mode": debug_mode,
-@@ -616,6 +622,7 @@ def _go_deps_impl(module_ctx):
+@@ -622,6 +628,7 @@ def _go_deps_impl(module_ctx):
"urls": archive_override.urls,
"strip_prefix": archive_override.strip_prefix,
"sha256": archive_override.sha256,
@@ -54,7 +54,7 @@
"patches": _get_patches(path, archive_overrides),
"patch_args": _get_patch_args(path, archive_overrides),
})
-@@ -761,6 +768,9 @@ _archive_override_tag = tag_class(
+@@ -775,6 +782,9 @@ _archive_override_tag = tag_class(
SHA-256 sum of the downloaded archive. When set, Bazel will verify the archive
against this sum before extracting it.""",
),
@@ -64,7 +64,7 @@
"patches": attr.label_list(
doc = "A list of patches to apply to the repository *after* gazelle runs.",
),
-@@ -799,6 +809,9 @@ _module_override_tag = tag_class(
+@@ -813,6 +823,9 @@ _module_override_tag = tag_class(
extension within this Bazel module.""",
mandatory = True,
),
@@ -75,12 +75,12 @@
doc = "A list of patches to apply to the repository *after* gazelle runs.",
),
diff --git a/internal/go_repository.bzl b/internal/go_repository.bzl
-index 627a1f9..b12adf4 100644
+index 48a9d14..e3efa5b 100644
--- a/internal/go_repository.bzl
+++ b/internal/go_repository.bzl
-@@ -296,6 +296,11 @@ def _go_repository_impl(ctx):
- if result.return_code:
- fail("%s: %s" % (ctx.name, result.stderr))
+@@ -286,6 +286,11 @@ def _go_repository_impl(ctx):
+ if result.return_code:
+ fail("%s: %s" % (ctx.name, result.stderr))
+ # TODO(lorenz): Replace this with patch() once the patches argument no longer gets merged with
+ # the attribute pulled from ctx.
@@ -90,7 +90,7 @@
# Repositories are fetched. Determine if build file generation is needed.
build_file_names = ctx.attr.build_file_name.split(",")
existing_build_file = ""
-@@ -582,7 +587,10 @@ go_repository = repository_rule(
+@@ -623,7 +628,10 @@ go_repository = repository_rule(
prefixed with `#` automatically. A common use case is to pass a list of
Gazelle directives.""",
),
diff --git a/third_party/go/patches/gvisor-unix-0.20.patch b/third_party/go/patches/gvisor-unix-0.20.patch
deleted file mode 100644
index 80908e6..0000000
--- a/third_party/go/patches/gvisor-unix-0.20.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Fix for https://github.com/google/gvisor/issues/10483
-
---- a/pkg/xdp/xdp.go
-+++ b/pkg/xdp/xdp.go
-@@ -151,9 +151,9 @@
- }
-
- reg := unix.XDPUmemReg{
-- Addr: uint64(sliceBackingPointer(umemMemory)),
-- Len: uint64(len(umemMemory)),
-- Size: opts.FrameSize,
-+ Addr: uint64(sliceBackingPointer(umemMemory)),
-+ Len: uint64(len(umemMemory)),
-+ Chunk_size: opts.FrameSize,
- // Not useful in the RX path.
- Headroom: 0,
- // TODO(b/240191988): Investigate use of SHARED flag.
diff --git a/third_party/rust-reproducibility.patch b/third_party/rust-reproducibility.patch
index 7fc23db..e0254f2 100644
--- a/third_party/rust-reproducibility.patch
+++ b/third_party/rust-reproducibility.patch
@@ -1,6 +1,6 @@
-From 01a53a95a8fa20f2bf5ec6357baa457e7b2bc9f2 Mon Sep 17 00:00:00 2001
-From: Tim Windelschmidt <tim@monogon.tech>
-Date: Fri, 12 Jan 2024 15:44:41 +0100
+From 544ee8b571a006a8e03eb4401f6644bb8bf6628f Mon Sep 17 00:00:00 2001
+From: Serge Bazanski <serge@monogon.tech>
+Date: Wed, 25 Sep 2024 02:38:50 +0200
Subject: [PATCH] Improve reproducibility
Fixes a few issues with rules_rust/rustc reproducibility when the same code is
@@ -24,19 +24,19 @@
2. We add a remap path option to rustc that replaces bazel-out/<dir>/bin/ with
bin/.
---
- proto/prost/private/prost.bzl | 4 +++-
+ proto/prost/private/prost.bzl | 3 ++-
proto/protobuf/proto.bzl | 2 +-
rust/private/clippy.bzl | 2 +-
rust/private/rust.bzl | 6 +++---
rust/private/rustc.bzl | 4 ++++
rust/private/utils.bzl | 7 +++++--
- 6 files changed, 17 insertions(+), 8 deletions(-)
+ 6 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/proto/prost/private/prost.bzl b/proto/prost/private/prost.bzl
-index 38bd7b4f..645a520f 100644
+index 20814500..45b283d9 100644
--- a/proto/prost/private/prost.bzl
+++ b/proto/prost/private/prost.bzl
-@@ -131,7 +131,8 @@ def _compile_rust(ctx, attr, crate_name, src, deps, edition):
+@@ -132,7 +132,8 @@ def _compile_rust(ctx, attr, crate_name, src, deps, edition):
A DepVariantInfo provider.
"""
toolchain = ctx.toolchains["@rules_rust//rust:toolchain_type"]
@@ -60,10 +60,10 @@
output_dir,
crate_name,
diff --git a/rust/private/clippy.bzl b/rust/private/clippy.bzl
-index ef3ec2f8..cab2e6bf 100644
+index 748f33a0..772b39ad 100644
--- a/rust/private/clippy.bzl
+++ b/rust/private/clippy.bzl
-@@ -132,7 +132,7 @@ def _clippy_aspect_impl(target, ctx):
+@@ -131,7 +131,7 @@ def _clippy_aspect_impl(target, ctx):
dep_info = dep_info,
linkstamp_outs = linkstamp_outs,
ambiguous_libs = ambiguous_libs,
@@ -73,7 +73,7 @@
out_dir = out_dir,
build_env_files = build_env_files,
diff --git a/rust/private/rust.bzl b/rust/private/rust.bzl
-index afe1f129..ee73ee44 100644
+index 21881729..24792e99 100644
--- a/rust/private/rust.bzl
+++ b/rust/private/rust.bzl
@@ -159,7 +159,7 @@ def _rust_library_common(ctx, crate_type):
@@ -85,29 +85,29 @@
rust_lib_name = determine_lib_name(
crate_name,
-@@ -309,7 +309,7 @@ def _rust_test_impl(ctx):
- # Target is building the crate in `test` config
- crate = ctx.attr.crate[rust_common.crate_info] if rust_common.crate_info in ctx.attr.crate else ctx.attr.crate[rust_common.test_crate_info].crate
-
-- output_hash = determine_output_hash(crate.root, ctx.label)
-+ output_hash = determine_output_hash(ctx.bin_dir, crate.root, ctx.label)
- output = ctx.actions.declare_file(
- "test-%s/%s%s" % (
- output_hash,
-@@ -368,7 +368,7 @@ def _rust_test_impl(ctx):
- crate_root = crate_root_src(ctx.attr.name, ctx.files.srcs, crate_root_type)
- srcs, crate_root = transform_sources(ctx, ctx.files.srcs, crate_root)
-
-- output_hash = determine_output_hash(crate_root, ctx.label)
-+ output_hash = determine_output_hash(ctx.bin_dir, crate_root, ctx.label)
- output = ctx.actions.declare_file(
- "test-%s/%s%s" % (
- output_hash,
+@@ -316,7 +316,7 @@ def _rust_test_impl(ctx):
+ )
+ else:
+ crate_name = crate.name
+- output_hash = determine_output_hash(crate.root, ctx.label)
++ output_hash = determine_output_hash(ctx.bin_dir, crate.root, ctx.label)
+ output = ctx.actions.declare_file(
+ "test-%s/%s%s" % (
+ output_hash,
+@@ -380,7 +380,7 @@ def _rust_test_impl(ctx):
+ ctx.label.name + toolchain.binary_ext,
+ )
+ else:
+- output_hash = determine_output_hash(crate_root, ctx.label)
++ output_hash = determine_output_hash(ctx.bin_dir, crate_root, ctx.label)
+ output = ctx.actions.declare_file(
+ "test-%s/%s%s" % (
+ output_hash,
diff --git a/rust/private/rustc.bzl b/rust/private/rustc.bzl
-index 6dbb258b..bb5e0b05 100644
+index c82c236b..576de4e3 100644
--- a/rust/private/rustc.bzl
+++ b/rust/private/rustc.bzl
-@@ -965,6 +965,10 @@ def construct_arguments(
+@@ -973,6 +973,10 @@ def construct_arguments(
if remap_path_prefix != None:
rustc_flags.add("--remap-path-prefix=${{pwd}}={}".format(remap_path_prefix))
@@ -119,10 +119,10 @@
for kind in emit:
if kind == "link" and crate_info.type == "bin" and crate_info.output != None:
diff --git a/rust/private/utils.bzl b/rust/private/utils.bzl
-index 57a3fe7a..315f45b6 100644
+index a0fda352..ff45a149 100644
--- a/rust/private/utils.bzl
+++ b/rust/private/utils.bzl
-@@ -186,7 +186,7 @@ def abs(value):
+@@ -188,7 +188,7 @@ def abs(value):
return -value
return value
@@ -131,7 +131,7 @@
"""Generates a hash of the crate root file's path.
Args:
-@@ -197,8 +197,11 @@ def determine_output_hash(crate_root, label):
+@@ -199,8 +199,11 @@ def determine_output_hash(crate_root, label):
str: A string representation of the hash.
"""