# Import Aspect bazelrc presets
import %workspace%/third_party/bazelrc/aspect/bazel7.bazelrc
import %workspace%/third_party/bazelrc/aspect/convenience.bazelrc
import %workspace%/third_party/bazelrc/aspect/correctness.bazelrc
import %workspace%/third_party/bazelrc/aspect/performance.bazelrc

# Actually make the lock file a lock file by not updating it without any
# request to do so.
common --lockfile_mode=error

# Allow empty globs as there are a lot until we replace our rust toolchain and
# qemu BUILD files.
common --noincompatible_disallow_empty_glob

# Don't warn about too high test timeout as these can vary a lot.
test --notest_verbose_timeout_warnings

# Set compilation mode (-c) to debug when running with --config dbg.
build:dbg --compilation_mode=dbg

# Run all spawns in our own hermetic sandbox sysroot.
build --experimental_use_hermetic_linux_sandbox
build --sandbox_fake_hostname
build --sandbox_fake_username
build --action_env=MONOGON_SANDBOX_DIGEST
import %workspace%/.bazelrc.sandbox

# Enable revised output directory hash suffix computation
build --experimental_output_directory_naming_scheme=diff_against_dynamic_baseline
build --experimental_exec_configuration_distinguisher=off

# Hardwire all action envs to just use /usr/bin from the above sandbox. This is
# necessary on NixOS Bazel builds, as they really like to inject /nix/store/*
# paths otherwise. We also explicitly set it to /usr/bin only (no /bin) as
# otherwise calling gcc from /bin/gcc breaks its own resolution of subordinate
# commands (like cc1, as, etc.).
build --action_env=PATH=/usr/bin
build --host_action_env=PATH=/usr/bin

# Make all shell run actions use /bin/bash instead of whatever the host might
# have set. Again, looking at you, Bazel-on-NixOS.
build --shell_executable=/bin/bash

# No local CPP toolchain resolution. In our sandbox root, it doesn't make sense -
# anything auto-detected during analysis stage is on the host instead of the sandbox.
# Sysroot rebuild is pure Go and doesn't need it either.
# The flag ensures we fail early if we somehow depend on the host toolchain,
# and do not spend unnecessary time on autodiscovery.
build --action_env=BAZEL_DO_NOT_DETECT_CPP_TOOLCHAIN=1

# Use new-style C++ toolchain resolution.
build --incompatible_enable_cc_toolchain_resolution

# Use new-style proto toolchain resolution.
build --incompatible_enable_proto_toolchain_resolution

# In our monorepo, we mostly ignore the host platform since we bring our own
# execution environment. However, we still need to run a small number of tools
# such as gazelle. We can just use rules_go's pure-Go platform. Attempting to
# build CGO binaries for the host will fail (and does not make sense).
# The host is lava - it could be NixOS (or even potentially macOS/Windows).
build --host_platform=@io_bazel_rules_go//go/toolchain:linux_amd64

# Target platform for the monorepo is currently the same as the host platform,
# but we'll support cross-compilation at some point. Do not rely on it.
build --platforms=//build/platforms:linux_amd64
# Make sure our platform is picked instead of the --host_platform.
build --extra_execution_platforms=//build/platforms:linux_amd64

# Build resources
startup --batch_cpu_scheduling --io_nice_level 7
test --test_output=errors

# selinux:
#     build with SELinux (containerd, kubelet)
# no_zfs,no_aufs,no_devicemapper:
#     disable containerd features we don't need
# providerless,dockerless:
#     build k8s without cloud provider and docker support
# nowasm:
#     disable wasm plugin support in sqlc
# nobtrfs,nozfs,notapestats,norapl:
#     disable node_exporter features we don't need
build --@io_bazel_rules_go//go/config:tags=selinux,seccomp,no_zfs,no_aufs,no_devicemapper,providerless,dockerless,nowasm,netgo,osusergo,nobtrfs,nozfs,notapestats,norapl

# kvm_debug:
#     prevent stackoverflows for gvisor
build:dbg --@io_bazel_rules_go//go/config:tags=selinux,seccomp,no_zfs,no_aufs,no_devicemapper,providerless,dockerless,nowasm,netgo,osusergo,nobtrfs,nozfs,notapestats,norapl,kvm_debug

# Build with C++17.
build --cxxopt=-std=c++17

# Set workspace status file and stamp
build --stamp --workspace_status_command=./build/print-workspace-status.py

test --experimental_allow_tags_propagation
# Assume a 10k IOPS device (average NVMe) and 64GiB of RAM for test scheduling.
test --local_resources=iops=10000 --local_resources=ram=64000

# Load custom per-user settings.
try-import %workspace%/.bazelrc.user