commit bb7db92ee6e788b576e22ece70914e0321a785f7
author Serge Bazanski <serge@nexantic.com> Thu Apr 30 12:43:10 2020 +0200
committer Serge Bazanski <serge@nexantic.com> Thu Apr 30 12:43:10 2020 +0200
tree 1f4fee21a390625bd9766d0394e3076cf7e34d48
parent 547b33f2b38dba41f2c171f8730ff5093b267eaf

Add all dependencies for Kubernetes worker

Adds Kubelet, CNI plugins, containerd, runc and gVisor using a
pre-baked list of dependencies generated using scripts/gazelle-deps/sh.

This moves all dependencies of gVisor, Kubernetes, runc, etc into the
same 'namespace' of Bazel external repositories, giving us ease of
accessing code as libraries, and benefits when it comes to version
auditing.

The gazelle-deps.sh script is a temporary solution that will be replaced
ASAP, see T725.

This unblocks T486.

This is an alternative to D389.

Test Plan: `bazel build //core:image` runs and picks up the new binaries

X-Origin-Diff: phab/D487
GitOrigin-RevId: a28a25071fa2ae76b272d237ce9af777485065ff

WORKSPACE

diff --git a/WORKSPACE b/WORKSPACE
index c444885..fec87fb 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -29,21 +29,25 @@
 load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 
 http_archive(
+    # Currently pinned to an unreleased commit for compatibility with pinned Gazelle below.
+    # (we need //go/platforms:{aix,illumos,...} as generated by Gazelle)
     name = "io_bazel_rules_go",
-    sha256 = "e6a6c016b0663e06fa5fccf1cd8152eab8aa8180c583ec20c872f4f9953a7ac5",
     urls = [
-        "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.22.1/rules_go-v0.22.1.tar.gz",
-        "https://github.com/bazelbuild/rules_go/releases/download/v0.22.1/rules_go-v0.22.1.tar.gz",
+        "https://github.com/bazelbuild/rules_go/archive/64f44314a710ce0e3ccc07891cec5f2047901ac8.tar.gz",
     ],
+    strip_prefix = "rules_go-64f44314a710ce0e3ccc07891cec5f2047901ac8",
+    sha256 = "a8045644f4790d8dc7f25d25ee56ed9b7668f609f2aa1c59eef48d2dd9755430",
 )
 
 http_archive(
+    # Currently pinned to an unreleased commit that fixes build tag usage in `update-repos`.
+    # This can be unpinned once it makes it into 0.21.0.
     name = "bazel_gazelle",
-    sha256 = "86c6d481b3f7aedc1d60c1c211c6f76da282ae197c3b3160f54bd3a8f847896f",
     urls = [
-        "https://storage.googleapis.com/bazel-mirror/github.com/bazelbuild/bazel-gazelle/releases/download/v0.19.1/bazel-gazelle-v0.19.1.tar.gz",
-        "https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.19.1/bazel-gazelle-v0.19.1.tar.gz",
+        "https://github.com/bazelbuild/bazel-gazelle/archive/f6ed80dc6ff71e33233006db9584da4cd36a81e6.zip",
     ],
+    strip_prefix = "bazel-gazelle-f6ed80dc6ff71e33233006db9584da4cd36a81e6",
+    sha256 = "509bb26e377a8ac28ebbd5fb999d15a428b092b0c533dc1e528d66d766ea273e",
 )
 
 load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
@@ -55,8 +59,22 @@
 go_repository(
     name = "org_golang_x_sys",
     importpath = "golang.org/x/sys",
-    sum = "h1:ZtoklVMHQy6BFRHkbG6JzK+S6rX82//Yeok1vMlizfQ=",
-    version = "v0.0.0-20191018095205-727590c5006e",
+    sum = "h1:q9u40nxWT5zRClI/uU9dHCiYGottAg6Nzz4YUQyHxdA=",
+    version = "v0.0.0-20190927073244-c990c680b611",
+)
+
+# we also pin github.com/golang/protobuf to 1.3.2, because we use gRPC 1.26 (can bump to 1.27
+# once https://github.com/etcd-io/etcd/issues/11563 is resolved and merged.
+
+go_repository(
+    name = "com_github_golang_protobuf",
+    build_file_proto_mode = "disable_global",
+    commit = "6c65a5562fc06764971b7c5d05c76c75e84bdbf7",
+    importpath = "github.com/golang/protobuf",
+    patches = [
+        "@io_bazel_rules_go//third_party:com_github_golang_protobuf-extras.patch",
+    ],
+    patch_args = ["-p1"],
 )
 
 go_rules_dependencies()
@@ -90,6 +108,13 @@
 
 protobuf_deps()
 
+# Build packages
+http_archive(
+    name = "rules_pkg",
+    sha256 = "5bdc04987af79bd27bc5b00fe30f59a858f77ffa0bd2d8143d5b31ad8b1bd71c",
+    url = "https://github.com/bazelbuild/rules_pkg/releases/download/0.2.0/rules_pkg-0.2.0.tar.gz",
+)
+
 # third_party external repositories
 load("//third_party/linux:external.bzl", "linux_external")
 
@@ -102,13 +127,6 @@
 
 edk2_external(name = "edk2")
 
-load("//third_party/kubernetes:external.bzl", "kubernetes_external")
-
-kubernetes_external(
-    name = "kubernetes",
-    version = "1.18.0",
-)
-
 load("//third_party/musl:external.bzl", "musl_external")
 
 musl_external(
@@ -130,13 +148,27 @@
     version = "5.2.1",
 )
 
-load("@kubernetes//build:workspace_mirror.bzl", "mirror")
+register_toolchains("//:host_python")
 
-http_archive(
-    name = "io_k8s_repo_infra",
-    sha256 = "f6d65480241ec0fd7a0d01f432938b97d7395aeb8eefbe859bb877c9b4eafa56",
-    strip_prefix = "repo-infra-9f4571ad7242bf3ec4b47365062498c2528f9a5f",
-    urls = mirror("https://github.com/kubernetes/repo-infra/archive/9f4571ad7242bf3ec4b47365062498c2528f9a5f.tar.gz"),
+# python dependencies. Currently we don't use Python, but some of our deps (ie. gvisor) do expect @pydeps// to exist, even
+# if it's not being used.
+
+load("@rules_python//python:pip.bzl", "pip_import")
+
+pip_import(
+    name = "pydeps",
+    requirements = "//third_party/py:requirements.txt",
 )
 
-register_toolchains("//:host_python")
+load("@pydeps//:requirements.bzl", "pip_install")
+
+pip_install()
+
+# same for gvisor/rules_docker.
+
+http_archive(
+    name = "io_bazel_rules_docker",
+    sha256 = "14ac30773fdb393ddec90e158c9ec7ebb3f8a4fd533ec2abbfd8789ad81a284b",
+    strip_prefix = "rules_docker-0.12.1",
+    urls = ["https://github.com/bazelbuild/rules_docker/releases/download/v0.12.1/rules_docker-v0.12.1.tar.gz"],
+)