| Leopold | eb2fb7b | 2022-06-08 13:18:51 +0200 | [diff] [blame] | 1 | # Enable strict_action_env (use static PATH and do not inherit environment variables). |
| 2 | # This avoids unnecessary cache invalidations. |
| 3 | build --incompatible_strict_action_env=true |
| 4 | |
| Leopold | bc93c2b | 2023-01-14 13:12:23 +0100 | [diff] [blame] | 5 | # Run all spawns in our own hermetic sandbox sysroot. |
| Leopold Schabel | 9508b12 | 2023-07-14 17:54:17 +0200 | [diff] [blame] | 6 | build --experimental_use_hermetic_linux_sandbox |
| Leopold | 7fbf104 | 2023-01-06 19:57:37 +0100 | [diff] [blame] | 7 | build --action_env=MONOGON_SANDBOX_DIGEST |
| 8 | import %workspace%/.bazelrc.sandbox |
| 9 | |
| Leopold Schabel | 9508b12 | 2023-07-14 17:54:17 +0200 | [diff] [blame] | 10 | # Hardwire all action envs to just use /usr/bin from the above sandbox. This is |
| 11 | # necessary on NixOS Bazel builds, as they really like to inject /nix/store/* |
| 12 | # paths otherwise. We also explicitly set it to /usr/bin only (no /bin) as |
| 13 | # otherwise calling gcc from /bin/gcc breaks its own resolution of subordinate |
| 14 | # commands (like cc1, as, etc.). |
| 15 | build --action_env=PATH=/usr/bin |
| 16 | build --host_action_env=PATH=/usr/bin |
| 17 | |
| 18 | # Make all shell run actions use /bin/bash instead of whatever the host might |
| 19 | # have set. Again, looking at you, Bazel-on-NixOS. |
| 20 | build --shell_executable=/bin/bash |
| 21 | |
| Leopold | bc93c2b | 2023-01-14 13:12:23 +0100 | [diff] [blame] | 22 | # No local CPP toolchain resolution. In our sandbox root, it doesn't make sense - |
| 23 | # anything auto-detected during analysis stage is on the host instead of the sandbox. |
| 24 | # Sysroot rebuild is pure Go and doesn't need it either. |
| 25 | # The flag ensures we fail early if we somehow depend on the host toolchain, |
| 26 | # and do not spend unnecessary time on autodiscovery. |
| 27 | build --action_env=BAZEL_DO_NOT_DETECT_CPP_TOOLCHAIN=1 |
| 28 | |
| 29 | # Use new-style C++ toolchain resolution. |
| 30 | build --incompatible_enable_cc_toolchain_resolution |
| 31 | |
| 32 | # In our monorepo, we mostly ignore the host platform since we bring our own |
| 33 | # execution environment. However, we still need to run a small number of tools |
| 34 | # such as gazelle. We can just use rules_go's pure-Go platform. Attempting to |
| 35 | # build CGO binaries for the host will fail (and does not make sense). |
| 36 | # The host is lava - it could be NixOS (or even potentially macOS/Windows). |
| 37 | build --host_platform=@io_bazel_rules_go//go/toolchain:linux_amd64 |
| 38 | |
| 39 | # Target platform for the monorepo is currently the same as the host platform, |
| 40 | # but we'll support cross-compilation at some point. Do not rely on it. |
| 41 | build --platforms=//build/platforms:linux_amd64 |
| 42 | # Make sure our platform is picked instead of the --host_platform. |
| 43 | build --extra_execution_platforms=//build/platforms:linux_amd64 |
| 44 | |
| Leopold | eb2fb7b | 2022-06-08 13:18:51 +0200 | [diff] [blame] | 45 | # Build resources |
| Leopold Schabel | 5c80aca | 2019-10-22 15:48:58 +0200 | [diff] [blame] | 46 | startup --batch_cpu_scheduling --io_nice_level 7 |
| Leopold | afb925b | 2023-01-08 16:57:28 +0100 | [diff] [blame] | 47 | test --test_output=errors |
| Lorenz Brun | 5d7d2a4 | 2020-04-06 14:11:02 +0200 | [diff] [blame] | 48 | |
| Leopold | 96b03c7 | 2022-06-08 12:59:58 +0200 | [diff] [blame] | 49 | # selinux: |
| 50 | # build with SELinux (containerd, kubelet) |
| 51 | # no_zfs,no_aufs,no_devicemapper: |
| 52 | # disable containerd features we don't need |
| 53 | # providerless,dockerless: |
| 54 | # build k8s without cloud provider and docker support |
| Serge Bazanski | 46e72ab | 2022-09-05 15:13:22 +0200 | [diff] [blame] | 55 | # nowasm: |
| 56 | # disable wasm plugin support in sqlc |
| Serge Bazanski | eca5af9 | 2023-06-20 13:31:37 +0200 | [diff] [blame] | 57 | build --@io_bazel_rules_go//go/config:tags=selinux,seccomp,no_zfs,no_aufs,no_devicemapper,providerless,dockerless,nowasm,netgo,osusergo |
| Serge Bazanski | bb7db92 | 2020-04-30 12:43:10 +0200 | [diff] [blame] | 58 | |
| 59 | # Build with C++17. |
| 60 | build --cxxopt=-std=c++17 |
| 61 | |
| Lorenz Brun | f640211 | 2020-05-04 16:50:31 +0200 | [diff] [blame] | 62 | # Set workspace status file and stamp |
| 63 | build --stamp --workspace_status_command=./build/print-workspace-status.sh |
| Serge Bazanski | 385c12f | 2020-06-17 12:12:42 +0200 | [diff] [blame] | 64 | |
| Serge Bazanski | c3ad846 | 2021-01-08 16:45:51 +0100 | [diff] [blame] | 65 | # Load CI bazelrc if present. |
| 66 | try-import %workspace%/ci.bazelrc |
| Leopold | 3154587 | 2022-06-08 13:22:32 +0200 | [diff] [blame] | 67 | |
| 68 | # Load custom per-user settings. |
| 69 | try-import %workspace%/.bazelrc.user |