Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / bc93c2b50690e66712d80e4da5837554588ca065^! / . / .bazelrc
commitbc93c2b50690e66712d80e4da5837554588ca065[log] [tgz]
authorLeopold <leo@monogon.tech>Sat Jan 14 13:12:23 2023 +0100
committerLeopold Schabel <leo@monogon.tech>Thu Jan 19 19:07:21 2023 +0000
tree68842095e93b11649cdc23da3bb4a6ef24f9dc8a
parente1ebf729194f3673ea0638f0aceb90cb70de23aa [diff] [blame]
*: migrate to CC toolchains and Bazel 5.4.0

Change-Id: Iff3c0ddda4413dd0c5fa657a5b7813223e98611e
Reviewed-on: https://review.monogon.dev/c/monogon/+/1079
Tested-by: Jenkins CI
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>

diff --git a/.bazelrc b/.bazelrc
index 3b901c2..220c5dd 100644
--- a/.bazelrc
+++ b/.bazelrc

@@ -2,12 +2,35 @@
 # This avoids unnecessary cache invalidations.
 build --incompatible_strict_action_env=true
 
-# TODO: Enable hermetic sandbox on Bazel 5.x
-# build --experimental_use_hermetic_linux_sandbox
-
+# Run all spawns in our own hermetic sandbox sysroot.
+#build --experimental_use_hermetic_linux_sandbox
+# TODO: https://github.com/bazelbuild/rules_go/issues/1910
 build --action_env=MONOGON_SANDBOX_DIGEST
 import %workspace%/.bazelrc.sandbox
 
+# No local CPP toolchain resolution. In our sandbox root, it doesn't make sense -
+# anything auto-detected during analysis stage is on the host instead of the sandbox.
+# Sysroot rebuild is pure Go and doesn't need it either.
+# The flag ensures we fail early if we somehow depend on the host toolchain,
+# and do not spend unnecessary time on autodiscovery.
+build --action_env=BAZEL_DO_NOT_DETECT_CPP_TOOLCHAIN=1
+
+# Use new-style C++ toolchain resolution.
+build --incompatible_enable_cc_toolchain_resolution
+
+# In our monorepo, we mostly ignore the host platform since we bring our own
+# execution environment. However, we still need to run a small number of tools
+# such as gazelle. We can just use rules_go's pure-Go platform. Attempting to
+# build CGO binaries for the host will fail (and does not make sense).
+# The host is lava - it could be NixOS (or even potentially macOS/Windows).
+build --host_platform=@io_bazel_rules_go//go/toolchain:linux_amd64
+
+# Target platform for the monorepo is currently the same as the host platform,
+# but we'll support cross-compilation at some point. Do not rely on it.
+build --platforms=//build/platforms:linux_amd64
+# Make sure our platform is picked instead of the --host_platform.
+build --extra_execution_platforms=//build/platforms:linux_amd64
+
 # Build resources
 startup --batch_cpu_scheduling --io_nice_level 7
 test --test_output=errors
@@ -28,11 +51,6 @@
 # Set workspace status file and stamp
 build --stamp --workspace_status_command=./build/print-workspace-status.sh
 
-# Use our custom-configured host C++ toolchain.
-build --crosstool_top=//build/toolchain:host_cc_suite
-build --host_crosstool_top=//build/toolchain:host_cc_suite
-build --cpu=k8
-
 # Load CI bazelrc if present.
 try-import %workspace%/ci.bazelrc