| Lorenz Brun | 6570219 | 2023-08-31 16:27:38 +0200 | [diff] [blame] | 1 | # Set compilation mode (-c) to debug when running with --config debug. |
| 2 | build:dbg --compilation_mode=dbg |
| 3 | |
| Leopold | eb2fb7b | 2022-06-08 13:18:51 +0200 | [diff] [blame] | 4 | # Enable strict_action_env (use static PATH and do not inherit environment variables). |
| 5 | # This avoids unnecessary cache invalidations. |
| 6 | build --incompatible_strict_action_env=true |
| 7 | |
| Leopold | bc93c2b | 2023-01-14 13:12:23 +0100 | [diff] [blame] | 8 | # Run all spawns in our own hermetic sandbox sysroot. |
| Leopold Schabel | 9508b12 | 2023-07-14 17:54:17 +0200 | [diff] [blame] | 9 | build --experimental_use_hermetic_linux_sandbox |
| Leopold | 7fbf104 | 2023-01-06 19:57:37 +0100 | [diff] [blame] | 10 | build --action_env=MONOGON_SANDBOX_DIGEST |
| 11 | import %workspace%/.bazelrc.sandbox |
| 12 | |
| Leopold Schabel | 9508b12 | 2023-07-14 17:54:17 +0200 | [diff] [blame] | 13 | # Hardwire all action envs to just use /usr/bin from the above sandbox. This is |
| 14 | # necessary on NixOS Bazel builds, as they really like to inject /nix/store/* |
| 15 | # paths otherwise. We also explicitly set it to /usr/bin only (no /bin) as |
| 16 | # otherwise calling gcc from /bin/gcc breaks its own resolution of subordinate |
| 17 | # commands (like cc1, as, etc.). |
| 18 | build --action_env=PATH=/usr/bin |
| 19 | build --host_action_env=PATH=/usr/bin |
| 20 | |
| 21 | # Make all shell run actions use /bin/bash instead of whatever the host might |
| 22 | # have set. Again, looking at you, Bazel-on-NixOS. |
| 23 | build --shell_executable=/bin/bash |
| 24 | |
| Leopold | bc93c2b | 2023-01-14 13:12:23 +0100 | [diff] [blame] | 25 | # No local CPP toolchain resolution. In our sandbox root, it doesn't make sense - |
| 26 | # anything auto-detected during analysis stage is on the host instead of the sandbox. |
| 27 | # Sysroot rebuild is pure Go and doesn't need it either. |
| 28 | # The flag ensures we fail early if we somehow depend on the host toolchain, |
| 29 | # and do not spend unnecessary time on autodiscovery. |
| 30 | build --action_env=BAZEL_DO_NOT_DETECT_CPP_TOOLCHAIN=1 |
| 31 | |
| 32 | # Use new-style C++ toolchain resolution. |
| 33 | build --incompatible_enable_cc_toolchain_resolution |
| 34 | |
| 35 | # In our monorepo, we mostly ignore the host platform since we bring our own |
| 36 | # execution environment. However, we still need to run a small number of tools |
| 37 | # such as gazelle. We can just use rules_go's pure-Go platform. Attempting to |
| 38 | # build CGO binaries for the host will fail (and does not make sense). |
| 39 | # The host is lava - it could be NixOS (or even potentially macOS/Windows). |
| 40 | build --host_platform=@io_bazel_rules_go//go/toolchain:linux_amd64 |
| 41 | |
| 42 | # Target platform for the monorepo is currently the same as the host platform, |
| 43 | # but we'll support cross-compilation at some point. Do not rely on it. |
| 44 | build --platforms=//build/platforms:linux_amd64 |
| 45 | # Make sure our platform is picked instead of the --host_platform. |
| 46 | build --extra_execution_platforms=//build/platforms:linux_amd64 |
| 47 | |
| Leopold | eb2fb7b | 2022-06-08 13:18:51 +0200 | [diff] [blame] | 48 | # Build resources |
| Leopold Schabel | 5c80aca | 2019-10-22 15:48:58 +0200 | [diff] [blame] | 49 | startup --batch_cpu_scheduling --io_nice_level 7 |
| Leopold | afb925b | 2023-01-08 16:57:28 +0100 | [diff] [blame] | 50 | test --test_output=errors |
| Lorenz Brun | 5d7d2a4 | 2020-04-06 14:11:02 +0200 | [diff] [blame] | 51 | |
| Leopold | 96b03c7 | 2022-06-08 12:59:58 +0200 | [diff] [blame] | 52 | # selinux: |
| 53 | # build with SELinux (containerd, kubelet) |
| 54 | # no_zfs,no_aufs,no_devicemapper: |
| 55 | # disable containerd features we don't need |
| 56 | # providerless,dockerless: |
| 57 | # build k8s without cloud provider and docker support |
| Serge Bazanski | 46e72ab | 2022-09-05 15:13:22 +0200 | [diff] [blame] | 58 | # nowasm: |
| 59 | # disable wasm plugin support in sqlc |
| Tim Windelschmidt | cf8a324 | 2023-11-23 02:22:57 +0100 | [diff] [blame] | 60 | # nobtrfs: |
| 61 | # disable btrfs support in node_exporter |
| 62 | build --@io_bazel_rules_go//go/config:tags=selinux,seccomp,no_zfs,no_aufs,no_devicemapper,providerless,dockerless,nowasm,netgo,osusergo,nobtrfs |
| Serge Bazanski | bb7db92 | 2020-04-30 12:43:10 +0200 | [diff] [blame] | 63 | |
| Lorenz Brun | 6570219 | 2023-08-31 16:27:38 +0200 | [diff] [blame] | 64 | # kvm_debug: |
| 65 | # prevent stackoverflows for gvisor |
| 66 | build:dbg --@io_bazel_rules_go//go/config:tags=selinux,seccomp,no_zfs,no_aufs,no_devicemapper,providerless,dockerless,nowasm,netgo,osusergo,kvm_debug |
| 67 | |
| Serge Bazanski | bb7db92 | 2020-04-30 12:43:10 +0200 | [diff] [blame] | 68 | # Build with C++17. |
| 69 | build --cxxopt=-std=c++17 |
| 70 | |
| Lorenz Brun | f640211 | 2020-05-04 16:50:31 +0200 | [diff] [blame] | 71 | # Set workspace status file and stamp |
| Serge Bazanski | a6a0392 | 2023-11-13 19:57:48 +0100 | [diff] [blame] | 72 | build --stamp --workspace_status_command=./build/print-workspace-status.py |
| Serge Bazanski | 385c12f | 2020-06-17 12:12:42 +0200 | [diff] [blame] | 73 | |
| Serge Bazanski | c3ad846 | 2021-01-08 16:45:51 +0100 | [diff] [blame] | 74 | # Load CI bazelrc if present. |
| 75 | try-import %workspace%/ci.bazelrc |
| Leopold | 3154587 | 2022-06-08 13:22:32 +0200 | [diff] [blame] | 76 | |
| 77 | # Load custom per-user settings. |
| 78 | try-import %workspace%/.bazelrc.user |