)]}' { "log": [ { "commit": "abe02eb86b64920be8aec862e380853be1fd3372", "tree": "1bc2e79cffe7c0d8a2a8b3d1596867493db2b7f5", "parents": [ "fdc3a2473e4ebfd77db342252e1088882e01b2d6" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 07 12:13:06 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Apr 19 08:06:00 2022 +0000" }, "message": "scripts: devcontainer: mount tmpfs on /tmp\n\nThis makes tests generally faster, but most importantly, it\nsignificantly deflakes etcd-heavy tests, especially when run with\n--runs_per_test\u003dmany. Without this, the underlying FS is overlayfs-fuse,\nwhich has very little iops to spare, to the point where etcd servers in\ntests will take hundreds of seconds because of iops starvation.\n\nSome cherrypicked figures:\n\nBefore:\n\n//metropolis/installer/test:installer PASSED in 30.8s\n//metropolis/pkg/event/etcd:etcd_test PASSED in 14.6s\n\nAfter:\n//metropolis/installer/test:installer PASSED in 18.9s\n//metropolis/pkg/event/etcd:etcd_test PASSED in 6.1s\n\nThis has the downside of possibly eating more RAM on developer machines,\nbut RAM is cheap. Importantly, our test suite seems to not leak things\ninto /tmp (other than some leftover empty directories), so RAM usage\nwithin the build container shouldn\u0027t balloon.\n\nThis is also something that\u0027s irrelevant for CI, as CI doesn\u0027t use\nscripts/{build,destroy}_container.sh.\n\nChange-Id: Iae12f6fdd5b48685f17f1466f2695f3707a0dd62\nReviewed-on: https://review.monogon.dev/c/monogon/+/653\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "a8e23543e792505ea8a40bf544d857163696a25b", "tree": "f496a4661b78c07d35d95fef7bc6fb4232d2db5d", "parents": [ "d23365d8645d1c7839a49af509af283ee1d0cc4f" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Mar 30 19:57:32 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Apr 04 09:10:38 2022 +0000" }, "message": "scripts/bin/bazel: be smart about allocating TTYs\n\nAllocating a TTY when output is being redirected results in improper\nmapping of stdout/stderr and everything gets mangled into stdout. This\nbreaks scripting our wrapped Bazel. This changes the wrapper to only\nallocate a TTY if the output is one as well.\n\nChange-Id: I5683020b5d89f3a7c7760db0fce3e9e8c628d326\nReviewed-on: https://review.monogon.dev/c/monogon/+/643\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "ed86976004c8a9d8d06e787ece3d59b04dba11f9", "tree": "523b4d1ec2ee73e3b612c5aa02ae8cab87766a11", "parents": [ "fbd38e280916f0883263cf0b566984d3fea4ff39" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Nov 18 13:30:58 2021 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Nov 18 13:11:11 2021 +0000" }, "message": "scripts: rename container image to full path as used in CI\n\nThis is needed due to what seems like a Podman bug: I have previously\nbuilt this image for CI (using scripts/push_ci_image.sh), which tagged\nit gcr.io/monogon-infra/monogon-builder:... . Then, when I ran\nscripts/create_container.sh it would actually not tag the container\nas monogon-builder, but instead as gcr.io/monogon-infra/monogon-builder.\nThis meant that scripts/bin/bazel kept using an older version of the\nimage than I expected.\n\nI would debug this further, but at some point we should have done this\nre-tag for local developer images anyway, as this will enable us to pull\nthis builder image from GCR in some cases if necessary (sparing some\ndevelopers the local image build step).\n\nChange-Id: I24445f94e7808cb4c478395358a4aa520df5906b\nReviewed-on: https://review.monogon.dev/c/monogon/+/446\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "6767e052c761f2b19a4966f707c65d8bc08c3c3c", "tree": "9fc05de5509f43721699819f4d159330a82fc3e6", "parents": [ "3cb0f4bdc0766574854a2db578fddd97b6648f6e" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Aug 02 17:48:35 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Aug 05 16:18:20 2021 +0000" }, "message": "scripts: stable directory matching\n\n2nd go at I30e1f0ec1b2a958decaffab181f3b80a4f37b2ce\n\nChange-Id: Id64776b079bc0e47963630b9f160aafed918b50e\nReviewed-on: https://review.monogon.dev/c/monogon/+/259\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "3cb0f4bdc0766574854a2db578fddd97b6648f6e", "tree": "abb60b92caf3bd63cb757fcbbda0631280d9c4e5", "parents": [ "439b95eb515c86ba8ce9917da258c0875f36f038" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Jul 19 15:22:07 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Jul 21 09:42:55 2021 +0000" }, "message": "scripts: check if running from original checkout\n\nChange-Id: I42e6b9e38a86a05c8ddbd2716ed2bd4d1db59331\nReviewed-on: https://review.monogon.dev/c/monogon/+/217\nReviewed-by: Sergiusz Bazanski \u003cserge@nexantic.com\u003e\n" }, { "commit": "e7bb94c0b2b2a7694c8985c5da80e814a51c4bdf", "tree": "89d182c5ef72d7f8e73b2eca677105cf6e91af88", "parents": [ "dd7b2d22fb0e13547505bacd862b92bf56a35983" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jul 02 17:11:58 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Fri Jul 02 17:27:17 2021 +0000" }, "message": "build/ci/Dockerfile: add ibazel\n\nibazel (a.k.a. bazel-watcher) is a tool which wraps bazel and\nautomatically rebuilds/restarts targets if source files or\ndependencies change.\n\nChange-Id: Ifd5b53619c597c28eaef217067e619430f71d885\nReviewed-on: https://review.monogon.dev/c/monogon/+/199\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "bd0d24e1fda0ee0cd8231d25eff499894226e04d", "tree": "3fb068803b9141172a154df14760a66199cd088c", "parents": [ "7fe19f7b49f4366fcba12b8f3cbef40913370ba9" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed May 19 14:27:36 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Thu May 20 10:08:56 2021 +0000" }, "message": "scripts: refactor for reliability\n\nThis is a small refactor/rewrite pass to scripts/create_container.sh and\nscripts/bin/bazel.\n\nFirst of all, it moves the IntelliJ aspect overriding logic from parsing\ncommand line flags in scripts/bin/bazel to replace the path that the\naspect is loaded from to crafting the build container in a way that the\naspect is already located where it\u0027s expected.\n\nThis allows us to vastly simplify the scripts/bin/bazel wrapper, and\nmost notably fixes an issue where it wasn\u0027t able to handle Bazel flags\nthat contained spaces and were wrapped in \"\"/\u0027\u0027 delimited strings.\nInstead of adding more and more flag replacing logic in this script, we\ngot rid of that logic entirely, and now the only thing that the wrapper\nscript does is set the output root and run Bazel within the container.\n\nAt the same time, we also fix discovering newer IntelliJ versions. On my\nmachine, it was still discovering my 2019 installation and using an old\nversion of the aspect.\n\nWe also generally dust off the scripts/create_container.sh script by\nensuring all variables are always used within double quotes (the\nprevious implementation could\u0027ve accidentally removed some directory from\nthe host if the user homedir contained spaces) and moving all of the\nlogic into a function that uses local variables.\n\nTested on my local workstation, IntelliJ sync works.\n\nChange-Id: I63ae042ffe0fc7f384b98768ed66b7426b3f5df4\nReviewed-on: https://review.monogon.dev/c/monogon/+/63\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "acae1ef4088e0e9579d7c35b2f7ce1de21c5ac22", "tree": "761455858b1e1491981d1d58dc093ca93402d541", "parents": [ "7b73537d3fe08f5bbca741c7abbd95115ac2e6c2" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed May 19 11:31:40 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Wed May 19 11:28:32 2021 +0000" }, "message": "*: replace nxt -\u003e monogon\n\nThese are hopefully the last leftovers from the nxt monorepo.\n\nThis change breaks existing build containers and IntelliJ setups, and\nunfortunately thrashes developer workstation Bazel caches.\n\nRunning `scripts/bin/destroy_container.sh \u0026\u0026\nscripts/bin/create_container.sh` and then following the IntelliJ setup\nguide in //README.md should be enough to fix everything.\n\nDid that locally and was able to set up a fully working IntelliJ\nIDE against this change.\n\nChange-Id: I090f4e4f2ea03998569a4ea3d1aa4cd4ec570f8a\nReviewed-on: https://review.monogon.dev/c/monogon/+/61\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "5aa494f9576756992113c72164ec6dc298071276", "tree": "076d9ea79874838d89cffa74f1f0d160a5884422", "parents": [ "6feb746cfafeedb600ae12e22be910ad376b30a5" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue May 18 18:57:10 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue May 18 18:12:39 2021 +0000" }, "message": "build/ci: move Dockerfile, document new CI\n\nThis moves the Builder Imager Dockerfile into //build/ci, adds some\nsmall changes to make it usable as a Jenkins agent base, documents its\nusage, and adds a script which builds and pushes that image into an\nexternal container registry.\n\nWe also remove the old Phabricator-based CI scripting.\n\nChange-Id: I332608f7d7105f675104db3ee2d787b2412fcbe9\nReviewed-on: https://review.monogon.dev/c/monogon/+/28\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "93bba15a0059da200a5d09a2bd7ec5ed5a667c60", "tree": "49f27c6425af3549f7fe4ddbf9a1880e2f0490b3", "parents": [ "f055a7fce0263a30fd2c853b5ed002a765fc23e8" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue May 04 13:41:18 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue May 04 18:49:19 2021 +0200" }, "message": "Update IntelliJ aspect patch to work with generated embedded libraries\n\nThis hacks the IntelliJ aspect to propagate import metadata (mainly import\npaths and files) along an `embed` attribute to the go_library. This is done since\nthere is a whitelist on the Java side which prevents it from picking up metadata\nfrom rules not called go_library. By technically making embedded libraries\npart of the go_library, they can be properly picked up.\n\nTest Plan: Works on my machine(tm)\n\nX-Origin-Diff: phab/D763\nGitOrigin-RevId: eed6a6d24d634aa1b21ccbd3521f3cfd8378340a\n" }, { "commit": "dca59d924dac4345099e5acd99405b5451d29cdb", "tree": "68d28ada7050e81f854589bf335447a0673f9e57", "parents": [ "58ec09eece3b2ca32112668cc6e5f1fd63ffa2a7" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 19:02:53 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 19:04:11 2021 +0200" }, "message": "scripts: replace /bin/bash by /usr/bin/env bash\n\nTest Plan: Set up environment locally; CI\n\nX-Origin-Diff: phab/D759\nGitOrigin-RevId: 01142b03dcfb44c1dcb42169cc9af187c1518107\n" }, { "commit": "58ec09eece3b2ca32112668cc6e5f1fd63ffa2a7", "tree": "380874242b1aa2555d122369b4384d445da808a0", "parents": [ "57a9d3e7c609203b95ee7d09db87a43a64f79be9" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 18:34:19 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Apr 01 18:59:03 2021 +0200" }, "message": "scripts: clean up build environment launch scripts\n\n- With a privileged container (which makes the Bazel sandbox work), the SELinux\n trick doesn\u0027t work anyway. Replace it by a `z` modifier which tells podman to\n set the right SELinux context on systems that have it.\n\n- Do not fail if IntelliJ is absent.\n\nTest Plan: works on my machineā„¢\n\nX-Origin-Diff: phab/D758\nGitOrigin-RevId: b9020bdd54fccde222872ca609ee79b1805dd479\n" }, { "commit": "c3ad846e0eaf4cf008130a643ff247aa27531e17", "tree": "d9a8287f49f596c8ffd9c7d0dce6939c16a06707", "parents": [ "febf0b0defa3a4ccfb58f4c77ddb095a2668162a" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jan 08 16:45:51 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jan 08 16:45:51 2021 +0100" }, "message": "ci: build both debug and non-debug builds, add secondary cache\n\nThis runs `test //... -c dbg` in addition to `test //...`. Because switching to-and-from the debug configuration causes the local cache to get thrashed, we add a secondary cache via --disk_cache. This should, at some point, be replaced with a proper remote cache instead.\n\nWe also drive-by fix a debug build issue.\n\nFixes T883.\n\nTest Plan: This should test more things in CI now.\n\nBug: T883\n\nX-Origin-Diff: phab/D688\nGitOrigin-RevId: 9c35c4737d6b205a6bc74d50665c37535ac1d5ba\n" }, { "commit": "febf0b0defa3a4ccfb58f4c77ddb095a2668162a", "tree": "03043ebb7c96fc2b8293221fdb59740dc162942e", "parents": [ "31370b07f0df2dc2765d812d4ce00a6b35185b16" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:34:28 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:34:28 2021 +0100" }, "message": "script: nexantic -\u003e monogon\n\nThis replaces the \u0027nexantic\u0027 build container with one called \u0027monogon\u0027.\n\nAlso drive-by fix Fietsje\u0027s proto package path.\n\nTest Plan: Refactor, CI only.\n\nX-Origin-Diff: phab/D687\nGitOrigin-RevId: 15165f3b57927836dc9601454b31dce4b2c09c7d\n" }, { "commit": "81de89b8675ee0ce677225ffef1cd3ee6ad9f56f", "tree": "e518c0a70ec203314fcd9415d01a484ac3182a91", "parents": [ "520c934288d32979ed54b7ffde74428e4583509b" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Dec 22 10:59:14 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Dec 22 10:59:14 2020 +0100" }, "message": "scripts: remove cockroachdb container\n\nRemoving Anubis/Delta in D676 frees us from needing to run a cockroachdb\ncontainer.\n\nTest Plan: Refactor, covered by tests.\n\nX-Origin-Diff: phab/D678\nGitOrigin-RevId: 704b0d9f2ea1f09e143758f1b3aa336a84904b74\n" }, { "commit": "a7dca8956f9e0182f51b74d1309f49f177416eef", "tree": "dd35e9e4433795b5a0d8eafbd814bc692dc58ccd", "parents": [ "5e4fc2d107722f748f90cad06601c1b20e0934fc" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Oct 26 13:53:53 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Oct 26 13:53:53 2020 +0100" }, "message": "scripts: update aspects patch to support custom toolchains\n\nTest Plan: tested locally, syncs, works again.\n\nX-Origin-Diff: phab/D635\nGitOrigin-RevId: 2a50ef50b2e3db86252d59359042c001b85ac318\n" }, { "commit": "5e4fc2d107722f748f90cad06601c1b20e0934fc", "tree": "3f29a0772e9182a7e7cc0073b61b00f58013e071", "parents": [ "fa5c2fccc528b40f216687e02f0c1cd004e013d6" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Sep 22 18:35:15 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Sep 22 18:35:15 2020 +0200" }, "message": "Add support for runc container runtime\n\nAdds the runc container runtime, its containerd shim, required Linux features and plumbs it into\nKubernetes using RuntimeClasses and containerd runtime selection. Also adds support for building C-based\ntargets as part of our initramfs.\n\nThe Bazel portion is a bit verbose but since label dicts cannot be reasonably concatenated and closures\nare prohibited in Starlark I see no better way.\n\nFor this to be usable for most images new Linux binfmt options have been added. The hashbang binfmt\nshouldn\u0027t have any negative impact, but binfmt_misc has a registry which is only namespaced if used\nwith user namespaces, which are currently not used and thus might represent an exploit vector. This\nis tracked in T864.\n\nTest Plan: New E2E tests covering this feature have been added.\n\nX-Origin-Diff: phab/D625\nGitOrigin-RevId: 1e7e27166135437b2965eca4dc238f3255c9b1ba\n" }, { "commit": "5be29dda1d099e1d72636aec06bd3995f39ae4d8", "tree": "b93a249b2f9cda93a07847708bc81be26be3ad12", "parents": [ "dbfc638fa03704d274f78b31f508dde1e37502ee" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 22 18:52:45 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 22 18:52:45 2020 +0200" }, "message": "scripts/create_container: fix cockroachdb startup\n\nAfter moving the build container to --net\u003dhost this broke building //...\n(as sqlboiler touches a local crdb in order to generate SQL\nboilerplate...). This moves cockroachdb to also run with --net\u003dhost, and\nfixes the advertisement address in the same way as it\u0027s fixed in\nrun_ci.sh.\n\nTest Plan: tested this locally :/\n\nX-Origin-Diff: phab/D562\nGitOrigin-RevId: 8b4dcc2b5c3f87c48824d6e0eb665bea44e84116\n" }, { "commit": "71f7a567f372b41b3ea5cf72dfebd0546e3ff7df", "tree": "ef5ea6804ca0419e8851d1a21f956508764ba446", "parents": [ "5a09142af47b710bb76df16eca94edefcd3052d7" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 22 16:37:28 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 22 16:37:28 2020 +0200" }, "message": "Revert \"scripts/create_container: fix cockroachdb startup\"\n\nThis reverts commit 25aee769a555d34ae3c9f12560a8a29986601034.\n\nThis was uh messed up in phabricator and contains changes that shouldn\u0027t\nhave landed.\n\nTest Plan: it\u0027s a revert.\n\nX-Origin-Diff: phab/D567\nGitOrigin-RevId: 0dee3a91f708a9c2aba6cc7dbc929c3c887647c3\n" }, { "commit": "5a09142af47b710bb76df16eca94edefcd3052d7", "tree": "6be9238cf37c51dfc8f99aded4ef06c4ac81bb12", "parents": [ "385c12f84a0f1b6b5d70f228a0fb629f6f8f316c" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 22 14:01:45 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 22 14:01:45 2020 +0200" }, "message": "scripts/create_container: fix cockroachdb startup\n\nAfter moving the build container to --net\u003dhost this broke building //...\n(as sqlboiler touches a local crdb in order to generate SQL\nboilerplate...). This moves cockroachdb to also run with --net\u003dhost, and\nfixes the advertisement address in the same way as it\u0027s fixed in\nrun_ci.sh.\n\nTest Plan: tested this locally :/\n\nX-Origin-Diff: phab/D562\nGitOrigin-RevId: 25aee769a555d34ae3c9f12560a8a29986601034\n" }, { "commit": "3b544a960249e7000b4fd9ce36f118c261c467df", "tree": "7c9c8febf50d0d4066ad952af8ce0fc09205352d", "parents": [ "e28e6d791792806eebbef7bb83681e6b6b815408" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Jun 08 19:24:42 2020 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Jun 08 19:24:42 2020 +0200" }, "message": "scripts: fietsje cleanliness check in CI\n\nTest Plan: CI\n\nBug: T788\n\nX-Origin-Diff: phab/D553\nGitOrigin-RevId: 25a9553d42c26507297d953849c838d55a1b4043\n" }, { "commit": "980d003d69087eb3ef8976a2a7c2df6c7d3c54e7", "tree": "21d2bb6bd95974f0d3aef170e04f49e1dcd1eb58", "parents": [ "3058b7ab4e220c37624e1204744f0b17efd920d5" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Jun 03 14:44:49 2020 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Jun 03 14:44:49 2020 +0200" }, "message": "scripts: create local container with --net\u003dhost\n\nThis makes local debugging easier. We don\u0027t consider the\ncontainer an effective security barrier, anyway.\n\nTest Plan: Connected to a local server.\n\nX-Origin-Diff: phab/D551\nGitOrigin-RevId: d452d9f5a4addf4c526b7ac8f7ac688c36b816c5\n" }, { "commit": "fc2c4f5bc24286f24d3fe130bec61cf9fc59982d", "tree": "f467337f1cc022eb06f0d6655a239af7a4a41723", "parents": [ "ac6b6441f65fa160c1a3d2e9b31277e747c96a32" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed May 06 19:26:32 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed May 06 19:26:32 2020 +0200" }, "message": "ci: enable race detector in tests\n\nThe Go race detector [1] allows to detect runtime data races between\nGoroutines.\n\nAdding it to the test suite can increase runtime significantly (by\naround 20x), but for the amount of tests we have right now it should\nbe acceptable to always run them on every diff in CI.\n\n[1] - https://golang.org/doc/articles/race_detector.html\n\nTest Plan: consider the test runtime increase before merging\n\nX-Origin-Diff: phab/D496\nGitOrigin-RevId: 655a9ae3d3b4d72eae26180434f685193de6d9a7\n" }, { "commit": "bb7db92ee6e788b576e22ece70914e0321a785f7", "tree": "1f4fee21a390625bd9766d0394e3076cf7e34d48", "parents": [ "547b33f2b38dba41f2c171f8730ff5093b267eaf" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Apr 30 12:43:10 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Apr 30 12:43:10 2020 +0200" }, "message": "Add all dependencies for Kubernetes worker\n\nAdds Kubelet, CNI plugins, containerd, runc and gVisor using a\npre-baked list of dependencies generated using scripts/gazelle-deps/sh.\n\nThis moves all dependencies of gVisor, Kubernetes, runc, etc into the\nsame \u0027namespace\u0027 of Bazel external repositories, giving us ease of\naccessing code as libraries, and benefits when it comes to version\nauditing.\n\nThe gazelle-deps.sh script is a temporary solution that will be replaced\nASAP, see T725.\n\nThis unblocks T486.\n\nThis is an alternative to D389.\n\nTest Plan: `bazel build //core:image` runs and picks up the new binaries\n\nX-Origin-Diff: phab/D487\nGitOrigin-RevId: a28a25071fa2ae76b272d237ce9af777485065ff\n" }, { "commit": "4ff52bd7326ff5b534261ffb47588a44216095af", "tree": "c3fdc157b6c47fd55e1f9ed001dc7a76e38e7515", "parents": [ "af5ec37ef2549cf136438e3fd1775ce601c25bc9" ], "author": { "name": "Hendrik Hofstadt", "email": "hendrik@nexantic.com", "time": "Sun Jan 12 15:21:49 2020 +0100" }, "committer": { "name": "Hendrik Hofstadt", "email": "hendrik@nexantic.com", "time": "Sun Jan 12 15:21:49 2020 +0100" }, "message": "Implement minijob\n\nThis implements a minimal job queue based on cockroachdb.\nCurrently this lacks getters for pending jobs.\n\nTest Plan: Execute the tests in minijob.\n\nX-Origin-Diff: phab/D253\nGitOrigin-RevId: b5c0bc0920a12cd976b848f05301f9d5f959e9de\n" }, { "commit": "30b00d6d9f0bc6928ea81a6780883d252def5a3c", "tree": "1ab8d6cb22fe61c89c8d5e45ea9bad027cdef89c", "parents": [ "da5cfaaf46e534220a52d9cf315ffe0a8c79c05d" ], "author": { "name": "Hendrik Hofstadt", "email": "hendrik@nexantic.com", "time": "Thu Feb 27 11:48:47 2020 +0100" }, "committer": { "name": "Hendrik Hofstadt", "email": "hendrik@nexantic.com", "time": "Thu Feb 27 11:48:47 2020 +0100" }, "message": "scripts: update aspects patch\n\nThe latest IntelliJ bazel plugin update can now resolve custom go code generators so we don\u0027t need most patches anymore.\nAlso since the source file was changed the old patch did not apply anymore.\n\nTest Plan: synced with latest Bazel plugin and checked that sqlboiler sources and mixed srcs/embed libraries resolve.\n\nX-Origin-Diff: phab/D411\nGitOrigin-RevId: b47ae60c1ca8506f6c94cbdb3d9e7016bddd9fae\n" }, { "commit": "da5cfaaf46e534220a52d9cf315ffe0a8c79c05d", "tree": "2b329e15589b360f430b615cfc50f212a7ce5ed8", "parents": [ "1a5a667667849db21b533405245239445947b7fb" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Feb 24 10:07:10 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Feb 24 10:07:10 2020 +0100" }, "message": "Share Go pkg cache in CI\n\nThis will decrease build times for scripts/gazelle.sh invocations, which will\notherwise re-download all modules every time.\n\nThere\u0027s likely a small risk of corrupting the shared cache, at which point it\nwould have to cleaned manually.\n\nAccording to this GitHub issue, what we\u0027re doing is supported:\nhttps://github.com/golang/go/issues/26794\n\nDue to the lockfile, this also serializes builds that need to download new packages.\nIf this ever becomes an issue, we can create a per-working copy cache like we do for Bazel.\n\nTest Plan:\nRe-ran CI build multiple times, packages were not re-downloaded.\nBuild time decreased by ~5-7s.\n\nX-Origin-Diff: phab/D374\nGitOrigin-RevId: ec2f347d791f2915c5ecc04d9b67029de386aae9\n" }, { "commit": "6c8d5f9319706be576563b990c875afc0d60d02d", "tree": "914915b626992cb596323c7756c4f01e02e24832", "parents": [ "2fb13a89a00a1d0bf2e87f10516dcb5d7c0691dc" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Feb 11 12:42:29 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Feb 11 12:42:29 2020 +0100" }, "message": "repositories.bzl -\u003e third_party/go/repositories.bzl\n\nLet\u0027s keep the root of the monorepo tidy. Also, a list of third party\ndependencies sounds like it should belong in third_party/, really.\n\nTest Plan: more build file mangling, CI should catch issues\n\nX-Origin-Diff: phab/D392\nGitOrigin-RevId: 3fdd7bb430e8b44df7301520657170ce28ba859e\n" }, { "commit": "5e0bd2d43ab72cf4091e7689d02f95e07b1c1010", "tree": "24920f9a9a322b58fe79258a735af3a460dd08f1", "parents": [ "7a1b10c4eb2a01084298537fae46f60ecf97cb6c" ], "author": { "name": "Hendrik Hofstadt", "email": "hendrik@nexantic.com", "time": "Mon Feb 10 19:46:41 2020 +0100" }, "committer": { "name": "Hendrik Hofstadt", "email": "hendrik@nexantic.com", "time": "Mon Feb 10 19:46:41 2020 +0100" }, "message": "Resolve embedded Go dependencies in IDEA\n\nThe bazel plugin aspects don\u0027t resolve embedded go libraries\u0027 source files.\n\n```\n\ngo_proto_library(\n name \u003d \"api_go_proto\",\n compilers \u003d [\"@io_bazel_rules_go//proto:go_grpc\"],\n importpath \u003d \"git.monogon.dev/source/nexantic.git/core/generated/api\",\n proto \u003d \":api_proto\",\n visibility \u003d [\"//visibility:public\"],\n deps \u003d [\"//core/api/common:go_default_library\"],\n)\n\ngo_library(\n name \u003d \"go_default_library\",\n embed \u003d [\":api_go_proto\"],\n importpath \u003d \"git.monogon.dev/source/nexantic.git/core/generated/api\",\n visibility \u003d [\"//visibility:public\"],\n)\n\n```\n\nIn this case the IDEA plugin would load only the proto library since it exposes more source files. The plugin will always load the rule with the most exposed source files.\nThis means that if we add additional source files to the go rule but still less than the proto files, they will be dropped even though we have the embedding that should theoretically merge them.\n\nThis revision merges embedded and source files so we can add custom go code to schema packages.\n\nTest Plan: patched and resynced\n\nX-Origin-Diff: phab/D394\nGitOrigin-RevId: 37639045a920b6d52e2e41119e5e06957b309f51\n" }, { "commit": "ab0cc82b343ad93736ea4094844839a717190fd8", "tree": "4367888166668b53ab51fc9b73955eaa9b6872d6", "parents": [ "822341ae63f435519b5329db3a9fe671fc48684c" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Feb 03 21:11:16 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Feb 03 21:11:16 2020 +0100" }, "message": "Fail CI build if scripts/gazelle.sh dirties the working copy\n\nTest Plan:\nmaster happened to have an extra go.mod dependency that was caught:\n\n```lang\u003ddiff\nUnclean working directory after running scripts/gazelle.sh:\ndiff --git a/go.mod b/go.mod\nindex 9ff6291..bfea6de 100644\n--- a/go.mod\n+++ b/go.mod\n@@ -16,7 +16,6 @@ require (\n \tgithub.com/gofrs/uuid v3.2.0+incompatible // indirect\n \tgithub.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d\n \tgithub.com/golang/groupcache v0.0.0-20190702054246-869f871628b6 // indirect\n-\tgithub.com/golang/protobuf v1.3.2\n \tgithub.com/google/go-cmp v0.3.1 // indirect\n \tgithub.com/google/go-tpm v0.1.2-0.20190725015402-ae6dd98980d4\n \tgithub.com/google/go-tpm-tools v0.0.0-20190731025042-f8c04ff88181\n```\n\nBug: T561\n\nX-Origin-Diff: phab/D371\nGitOrigin-RevId: 13a24e85589c4f015cb476a9b817fd570871298e\n" }, { "commit": "822341ae63f435519b5329db3a9fe671fc48684c", "tree": "9a00fa6f64850c8607975bd8e7279d257c3c6ac6", "parents": [ "731d00ae802712305d2a01ea4a7bbc74227b2f0d" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Feb 03 21:51:47 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Feb 03 21:51:47 2020 +0100" }, "message": "Manually invalidate image cache in CI\n\nOur objective is to ensure that the build always uses the latest\nDockerfile for a given build, while minimizing rebuilds.\n\nA counter is explicit and can be used to intentionally invalidate\nthe image cache, even if the the file\u0027s content did not change.\n\nThe caching performed by `podman build` is not very clever -\nit\u0027s not shared between repositories, and is easily invalidated\nby successive builds with different versions of the Dockerfile.\n\nGarbage collection is not trivial, since there may be multiple\nin-flight revisions with different counters.\n\nRef T506\n\nFixes T616\n\nTest Plan: CI ;)\n\nBug: T616, T506\n\nX-Origin-Diff: phab/D373\nGitOrigin-RevId: 5bfb8cd8b98175d645c904aee8e45402d0c049c7\n" }, { "commit": "f8323f1010f4d1714570197f438888d081056846", "tree": "58c3328cd2e1a576d0aa29ccebac6dd7b6a3077a", "parents": [ "83dc285944ad65d429bb2641a7348366e7028c40" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Jan 07 23:26:34 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Jan 07 23:26:34 2020 +0100" }, "message": "Remove synthetic GOPATH and symlinks\n\nAs it turns out, `go mod tidy` complains about missing modules\nbut still properly generates go.mod, so it appears that we do\nnot need a GOPATH or symlinks except for non-IntelliJ IDE support.\n\nWe should standardize on IntelliJ and just get rid of this\nworkaround. Hendrik had trouble rebasing the shield revisions\n(that have a lot of generated code) and it\u0027s likely a lot of\nwork to maintain this hack in the future.\n\nSee D305, D309\n\nTest Plan:\nRan `scripts/gazelle.sh` after deleting all symlinks\nand tested that `go mod tidy` properly restored the go.mod file\nafter modifying it manually.\n\nX-Origin-Diff: phab/D311\nGitOrigin-RevId: fe4bc491fca6fa072cff047185d7c18305564ea4\n" }, { "commit": "8cc81f6d87a7fe2a1440a112a51d2fdfcf5bf568", "tree": "1e719b87498a6197b678805f3dc2528ac5f79ce7", "parents": [ "eff7217f788aae2af6b86dbb91defa3171eb88b8" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Jan 06 17:04:54 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Jan 06 17:04:54 2020 +0100" }, "message": "Pick the latest IntelliJ config folder for $ASPECT_ORIG\n\nTest Plan: Executed the two lines in my local shell\n\nX-Origin-Diff: phab/D306\nGitOrigin-RevId: f5744482129a649d358944fff0ae80a96e28a47d\n" }, { "commit": "eff7217f788aae2af6b86dbb91defa3171eb88b8", "tree": "c092558c9d6cc64725c1a41ed6797736ad5552e2", "parents": [ "a4516f9887e43b774e49c22db93cdf289dc9cfb1" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Sat Jan 04 15:07:52 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Sat Jan 04 15:07:52 2020 +0100" }, "message": "Synthesize fake GOPATH and remove bazel_copy_generated_for_ide.sh\n\nWe can use rules_go to create a fake symlink farm GOPATH. This can be\nset as the GOPATH in IDEs that do not have native support for Bazel,\nand we can stop maintaining the bazel_copy_generated_for_ide.sh hack.\n\nThe remaining issue is that we still need Go tooling to manage our\ngo.mod file that serves as the input to Gazelle, so we need to add\nreplace directives to ensure that Go tools can resolve generated code.\n\nThe proper fix for all this is the upcoming native Bazel support in Go:\nhttps://github.com/bazelbuild/rules_go/issues/512\n\nTest Plan:\nRan `bazel build :gopath`, and a wild\n`bazel-bin/gopath/src/git.monogon.dev/source/nexantic.git/core/generated/api/schema.pb.go`\nappeared.\n\n`scripts/symlink_generated_files.sh` created a valid symlink in core/generated\nand `go mod tidy` ran successfully (despite complaining about the symlink).\n\nRunning `scripts/gazelle.sh` twice worked.\n\nX-Origin-Diff: phab/D305\nGitOrigin-RevId: 0d456bc57d4a2d72e30865ffef777d2f5be5c407\n" }, { "commit": "b7a18fd9be7732e9ed9b29f33b7f545916da207b", "tree": "e748ecfad21a55dc128f1d98b48307ba6160a204", "parents": [ "049049626fe28957009c7957fba5e04bd928ae78" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 28 13:57:54 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 28 13:57:54 2019 +0100" }, "message": "Bump IJ version to 2019.3\n\nTest Plan: Recreated container, Bazel things still worked\n\nX-Origin-Diff: phab/D279\nGitOrigin-RevId: 9aa7832fd81ef7cfdf875db8732790b438c74a57\n" }, { "commit": "d868d69320140863a1938bfa042ad0824cfa9500", "tree": "fd519288299185f48eec666a19b061b1444c9f78", "parents": [ "45333b68dd60942adc61a29f50b2c72420b792e3" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Sun Nov 17 17:28:29 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Sun Nov 17 17:28:29 2019 +0100" }, "message": "Add go-sqlite3 dependency to go.mod\n\nFixes this \"go mod tidy\" error on master:\n\n```\ngit.monogon.dev/source/nexantic.git imports\n\tgithub.com/rubenv/sql-migrate/sql-migrate imports\n\tgithub.com/mattn/go-sqlite3: module github.com/mattn/go-sqlite3@latest found (v2.0.0+incompatible), but does not contain package github.com/mattn/go-sqlite3\n```\n\nThe fix was to run `go mod tidy` using Go 1.12, since Go 1.13 got confused\nabout the sqlite3 package (there is no v2.0.0 - I suspect an issue with\nthe proxy). Notably, neither sql-migrate nor go-sqlite3 use Go modules,\nand there\u0027s no way to get rid of the dependency:\n\nhttps://github.com/rubenv/sql-migrate/blob/aff46b65bb7f71e015dc28dc2edd083737985dfb/sql-migrate/config.go#L17\n\nAdds a `go mod tidy` invocation to gazelle.sh.\n\nTest Plan: Ran gazelle.sh.\n\nX-Origin-Diff: phab/D268\nGitOrigin-RevId: 843710797dc2bccc2c7efdc249ac2b28a23c3fae\n" }, { "commit": "399fe83ccccf616b5bc47c91693f86bce526f652", "tree": "e963fb801159692afcf9be25d5f687dfc94d7690", "parents": [ "8b9c055ed5a0dc77a191fb19d6812ea137c2b0fa" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Fri Nov 15 21:15:30 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Fri Nov 15 21:15:30 2019 +0100" }, "message": "Patch IntelliJ Bazel plugin to recognize our custom generators\n\nWe can get rid of the fuzzy $ASPECT_PATH matching now that Hendrik\nhas deployed rW, and can remove the bind mount.\n\nTest Plan:\nRecreated container, ran tests and full sync. Generated SQL code\nwas properly recognized.\n\nX-Origin-Diff: phab/D265\nGitOrigin-RevId: 81de00d54402107ba217ab28b8812ace772777ac\n" }, { "commit": "8b9c055ed5a0dc77a191fb19d6812ea137c2b0fa", "tree": "d10f003ebe7fe9f75b4d22451a889dc91faebe88", "parents": [ "7670e67e72d6d4aaac174b91f4465a67479e1026" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Fri Nov 15 14:07:45 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Fri Nov 15 14:07:45 2019 +0100" }, "message": "Bazel IntelliJ plugin support\n\nThis eliminates the need for manually synchronizing generated files.\n\nThe plugin authors advise against checking in the .iwjb directory,\nwhich we resolutely ignore. The recommended method is to provide a\ntemplate .bazelproject file that everyone needs to manually import and\nupdate. However, checking in the directory is supported and no different\nthan checking in .idea. This allows us to version things like watchers\nand run configurations, at the expense of requiring everyone to use\nthe same IntelliJ and Bazel plugin versions.\n\nHow it works:\n\n- Source code and execroot paths are identical inside and outside the\n container. This requires a bind mount. To avoid conflicts with a\n local Bazel instance, a separate directory is used.\n\n The wrapper script injects a --output_user_root startup parameter.\n We cannot set this in .bazelrc since we cannot substitute the\n user home. This means that running bazel inside the container,\n without the wrapper, will no longer work/blow up the overlayfs.\n\n Did anyone do this?\n\n- The tmpfs and other caches are eliminated.\n Forcing it hasn\u0027t been ideal anyway due to\n the excessive memory usage, and it can still be accomplished\n by mounting a tmpfs to `~/.cache/bazel-nxt` or symlinking it to\n `/dev/shm` or similar (set proper permissions!).\n\n- The plugin configures a custom local repository that has helper\n scripts. Since we need to be on the same IntelliJ version, we can\n simply hardcode the path and bind mount it (read only).\n\n The alternative would be to copy the files into the container and\n override the command line option using sync_flags\n (https://github.com/bazelbuild/intellij/issues/397), but bind\n mounting seems muche easier at no disadvantage.\n\n- IntelliJ needs a somewhat obscure custom startup option (see README)\n for BEP temp files (https://github.com/bazelbuild/intellij/issues/407).\n\nTest Plan:\n- Running tests works:\n\n {F16996}\n\n- Full and partial sync works:\n\n {F17000}\n\n- Updating a protobuf file triggered the watcher, which rebuilt the\n generated files. After triggering an source sync, the changes\n are visible in the IDE (I suspect that IntelliJ does not inotify-\n watch the generated files since they are outside the project directory.\n\nX-Origin-Diff: phab/D263\nGitOrigin-RevId: 39c50665575c2a0131c492385b0981b7ee2588d8\n" }, { "commit": "383d4bb84b7b5062b859f81db10e3f16bd427739", "tree": "9430d87be1ea0716b4075d5d19a358c2e3630383", "parents": [ "68c58755e0a56e1b1c565d80f99056ec4948fbec" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 14 22:53:58 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 14 22:53:58 2019 +0100" }, "message": "Run \"bazel test //...\" in CI\n\nThis will build all buildable targets and test all testable targets.\n\nThe hardcoded Harbormaster rules have been removed in Phabricator.\n\nAdds a simple test for booting Smalltown.\n\nBUILD files that are injected into repositories have been renamed to\nBUILD.repo to ensure that Bazel does not recognize them as local BUILD\nfiles and attempt to build them.\n\nTest Plan: Covered by CI :)\n\nBug: T483\n\nX-Origin-Diff: phab/D262\nGitOrigin-RevId: 3512a5e13430001f4e6f91d21ac503564c8fb085\n" }, { "commit": "5ed291ea1833ffd07665b6194f7b6db2b7c1c4aa", "tree": "3a0f4cb2e726cddade0c6295c56b5d901b94c052", "parents": [ "4b0e5c075a81a7ea251c5c85af1d15c5ab54e962" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 14 19:09:24 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 14 19:09:24 2019 +0100" }, "message": "IntelliJ generated sources content root and file watcher\n\nThis automatically refreshes the generated source files, and the\ngenerated sources folder now has a nice icon.\n\nPotential conflict if anyone uses IntelliJ without the container\n(which I\u0027m not aware of).\n\nTest Plan: Modified protobuf file, generated sources were automatically refreshed.\n\nX-Origin-Diff: phab/D234\nGitOrigin-RevId: 5f5eb7f2cf541c7dd143564dcad4885476b4bfb0\n" }, { "commit": "e47ace84cb3e30375dcb4236c17ee9710a77a6ad", "tree": "c0e71fd6d25e4efad7175103b3b3780b773a02a0", "parents": [ "5b87d7b074f3385eb85de601f48f4f7bccf1d423" ], "author": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Wed Nov 06 12:45:47 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@brun.one", "time": "Wed Nov 06 12:45:47 2019 +0100" }, "message": "Fixes bazel_copy_generated_for_ide paths\n\nThis fixes the paths in bazel_copy_generated\nfor the new monorepo layout\n\nTest Plan: By using it :)\n\nX-Origin-Diff: phab/D246\nGitOrigin-RevId: 01fc0488ef4e2f6412ae458b4f2010a975a83692\n" }, { "commit": "5b87d7b074f3385eb85de601f48f4f7bccf1d423", "tree": "8c87ae8ce2f880af7963298811570e749e0a2a10", "parents": [ "1626705fd0ae9e93f563c2463fc514a144d41a99" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 14:56:30 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 14:56:30 2019 +0000" }, "message": "Follow-up fix for D250 - actually use the new volume\n\nTest Plan: Covered by CI\n\nX-Origin-Diff: phab/D251\nGitOrigin-RevId: 65c547de038a4dfd37c7c8394a8a0e79914333bb\n" }, { "commit": "1626705fd0ae9e93f563c2463fc514a144d41a99", "tree": "0b882399123846787b9a20265b04e41cdf1e4941", "parents": [ "654930736a90fb7f2dadf280dc9044d8e57bce06" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 14:43:21 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 14:43:21 2019 +0000" }, "message": "Separate cache volume for each working copy\n\nWe can rely on the repository leases to coordinate Bazel caches,\nbasically leasing them out along with the repository.\n\nWith multiple copies of the cache, keeping them on a tmpfs seems\nlike a bad idea, so we switch to a local volume.\n\nTest Plan: Covered by CI\n\nX-Origin-Diff: phab/D250\nGitOrigin-RevId: 01d9392198d8c00089d3133425091ab766b9b590\n" }, { "commit": "4d39d37035c5e46274183f36221c2e50f99bb411", "tree": "48820886a3b559eac0669b1a7291425471efcc44", "parents": [ "0bcaaee19dc2338751705a83126cec40a1b8a2e8" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 14:11:12 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 14:11:12 2019 +0000" }, "message": "Remove left-over debugging code introduced in D242\n\nThis was, of course, done on purpose in order to check how carefully\nyou read the code ;-)\n\nTest Plan: N/A\n\nX-Origin-Diff: phab/D247\nGitOrigin-RevId: caf9e59d4c87c59eab6e08c70cdcd61b1fa12627\n" }, { "commit": "052af2dce813dba9f74ffc05ffd760e60a37c23b", "tree": "e0c5dac8c237ad4e92a6c2d91427678d8a4e1691", "parents": [ "b51b4171390ec52433f8c06faef46ef5eccf91d4" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 02:21:53 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Nov 06 02:21:53 2019 +0000" }, "message": "Simple CI pipeline for Smalltown Core\n\nSince we run as root on the build server, we can properly mount a tmpfs\nas the shared build volume with exec support (this is still broken for\nunprivileged create_container.sh). We\u0027ll have to see when and if this\nblows up, and whether we want to use a disk-backed volume instead.\n\nThe pipeline has two stages that run the following commands:\n\n- `scripts/run_ci.sh ${build.id} ${target.phid} bazel build //core/scripts:launch`\n\n- `timeout 30 scripts/run_ci.sh ${build.id} ${target.phid} bazel run //core/scripts:launch; true` (for visual inspection)\n\nThose are placeholders - we will want to integrate any and all\ntests in Bazel, only trigger tests whose dependencies have been\nmodified in a given build step, and report individual results back\nto Habormaster.\n\nWhat works:\n\n- Persistent working copies on the build server. Drydocks caches a number of\n persistent repository copies to avoid a full clone on each build, and\n uses a leasing mechanism to allocate them. Of course, this means we\n have to be careful about not polluting the repo, but Bazel takes care of that.\n\n- Shared build cache with fast incremental rebuilds\n (a build with no changes takes ~15s including the podman build step).\n\n- Full rebuild after volume deletion takes ~4m.\n\n- Build output shows up in Phabricator in real time.\n\n- Aborting a build properly cancels the running build and clean up the pod.\n\n- Launching the QEMU VM.\n\n- Reporting build status back to Harbormaster (noop at the moment, can\n be used to report unit test states later). This uses the awesome undocumented\n SSH conduit transport so we don\u0027t have to deploy a separate token on the host.\n\n- Phabricator revisions are drafts until all tests complete successfully.\n\nTest Plan: See tests :-)\n\nBug: T483\n\nX-Origin-Diff: phab/D242\nGitOrigin-RevId: 64eca996c8704cb0cd4f1cbb4f88f71a6fdca1eb\n" }, { "commit": "b51b4171390ec52433f8c06faef46ef5eccf91d4", "tree": "8c537364ed17732d16800fbe0e5a710519de71ca", "parents": [ "6c39ea1355bf2853abdbd2f69a7eece222c44b78" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Nov 04 12:55:19 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Nov 04 12:55:19 2019 +0000" }, "message": "Remove --userns\u003dkeep-id in create_container.sh\n\nWith a mapped user namespace, recent podman versions fail to mount /sys\n\nThis removes some isolation, similar to using uid 0 in a regular Docker container.\n\nTest Plan: Ran build\n\nX-Origin-Diff: phab/D238\nGitOrigin-RevId: 39dc826f4ce95a6c5b405a49be3d2e9d19174fc1\n" }, { "commit": "3e6018fcf0645da7876eec06d1604438bea0550e", "tree": "6bb2fa6081152d2dc32530a8eaaf0a58c31dc35e", "parents": [ "0d7c91e331022831a974c2e34d32bb5b89ddc89c" ], "author": { "name": "Hendrik Hofstadt", "email": "hendrik@certus.one", "time": "Mon Oct 28 21:29:42 2019 +0100" }, "committer": { "name": "Hendrik Hofstadt", "email": "hendrik@certus.one", "time": "Mon Oct 28 21:29:42 2019 +0100" }, "message": "Add sqlboiler bazel rules\n\nThis implements a bazel rule to build sqlboiler models from sql migration stacks. It also launches a cockroachdb container in `create_container` and puts it in one pod with the nexantic-dev container.\n\nCurrently gazelle overwrites the `go_library` rule. I still need to find a way to properly exclude it.\n\nTest Plan: Built a sample set of sql models\n\nX-Origin-Diff: phab/D226\nGitOrigin-RevId: ff24f07bb0b3da9994c52a74f48b54e1e2bea726\n" }, { "commit": "0d7c91e331022831a974c2e34d32bb5b89ddc89c", "tree": "5b822873c015053f4b697d60c33fa3b1ef9a3a4b", "parents": [ "043daa57020dd36e074488dcb432114a548a3d2a" ], "author": { "name": "Hendrik Hofstadt", "email": "hendrik@certus.one", "time": "Wed Oct 23 21:44:47 2019 +0200" }, "committer": { "name": "Hendrik Hofstadt", "email": "hendrik@certus.one", "time": "Wed Oct 23 21:44:47 2019 +0200" }, "message": "Implement monorepo layout\n\nImplemented the nexantic monorepo.\n\nSmalltown code was moved to `core`. From now on all code will live in top level directories named after the projects with the exception for general purpose libraries which should go to `\u003clang\u003elibs`.\n\nGeneral build and utility folders are underscore prefixed.\n\nThe repo name will from now on be rNXT (nexantic). I think this change makes sense since components in this repo will not all be part of Smalltown, the Smalltown brand has been claimed by Signon GmbH so we need to change it anyway and the longer we wait the harder it will be to change/move it.\n\nTest Plan: Launched Smalltown using `./scripts/bin/bazel run //core/scripts:launch`\n\nX-Origin-Diff: phab/D210\nGitOrigin-RevId: fa5a7f08143d2ead2cb7206b4c63ab641794162c\n" }, { "commit": "043daa57020dd36e074488dcb432114a548a3d2a", "tree": "2975b607028ca0c085df182afd809d1d322be2b7", "parents": [ "23be9215aae77d2171c31f767c37cf69050fb748" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Oct 28 11:48:45 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Oct 28 11:48:45 2019 +0000" }, "message": "Fix caching and set home to /user\n\nTest Plan: Ran build\n\nX-Origin-Diff: phab/D220\nGitOrigin-RevId: d93c13b9a74c45d717e92151cdb10f0f3484a78b\n" }, { "commit": "23be9215aae77d2171c31f767c37cf69050fb748", "tree": "72323854031d5311f437e490370f1644d34f0796", "parents": [ "ba7bc7664b53ce63824ec991febdd74ea4d9dbf3" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Oct 28 11:48:32 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Oct 28 11:48:32 2019 +0000" }, "message": "Use rsync --delete to sync generated dependencies\n\nTest Plan:\nRecreated container, ran `build api/...` and the copy script,\neverything works.\n\nX-Origin-Diff: phab/D218\nGitOrigin-RevId: 22160ddaf417177ba7af94ea29d75663b20950b0\n" }, { "commit": "4abadef540e5c5155aa0e6cc7b19221cbaa4b82d", "tree": "cdc71545bda98761bd7cd80958f3127b08da2d28", "parents": [ "f5c89110d9af59fe3a5c928ce1b244d3ad815fce" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 18:19:53 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 18:19:53 2019 +0200" }, "message": "Specify -prune\u003dtrue Gazelle flag\n\nThis cleans up our repositories.bzl file.\n\nUpdate BUILD.bazel files and go.mod. `google.golang.org/appengine v1.4.0`\ndisappears due to a bug that was fixed in Go 1.13 - make sure your\nworkstation is up to date, an automated installer for Fedora was\nadded in rWdfcd0da736.\n\nTest Plan: Ran scripts/gazelle.sh, repositories.bzl was updated properly.\n\nX-Origin-Diff: phab/D216\nGitOrigin-RevId: 2435f88beb610845edfc8a6c50e4ef16edb895ea\n" }, { "commit": "f5c89110d9af59fe3a5c928ce1b244d3ad815fce", "tree": "a6af6fdd7f920a9411389b38abc1f096cadc41c1", "parents": [ "1fbd7d9ef119d7a0487a7234affe7683c43a7b80" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 17:51:49 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 17:51:49 2019 +0200" }, "message": "Create generated folder in bazel_copy_generated_for_ide.sh\n\nMinor change,\n\nTest Plan:\n\nRan the script inside the container, dependencies were fetched.\n\nGitOrigin-RevId: 91edd8babca5e506885b311cf95b4e8deb4f0525\n" }, { "commit": "52804a1970bf8633c216fea4e165df4e88a16acc", "tree": "e6be5233989911dd21f2d74a170199a396793054", "parents": [ "b51250a42b51b8dc6509c7dc57522d42bced2c00" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 02:17:13 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 02:17:13 2019 +0200" }, "message": "Run as unprivileged user in container in a new user namespace\n\nThis prevents the build from accidentally modifying system files in\nthe container, and increases security.\n\nTest Plan:\n scripts/destroy_container.sh; scripts/create_container.sh \u0026\u0026 scripts/run_in_container.sh id\n # uid\u003d1000(1000) gid\u003d1000 groups\u003d1000\n\n bazel run scripts:launch\n # works\n\nX-Origin-Diff: phab/D212\nGitOrigin-RevId: 74af18ee49cf48e45440e12e9efe36e57be5f18d\n" }, { "commit": "b51250a42b51b8dc6509c7dc57522d42bced2c00", "tree": "2acae03fe183393dae34c7cabd6f92f10dd8d08b", "parents": [ "3ea707028e5f140b1a5186a7086c0089a70c8f9c" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 23:32:59 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 23:32:59 2019 +0200" }, "message": "Update Bazel to 1.1.0 and replace bazelisk by a direct download\n\nThis pins the version and avoids the need to redownload the binary\neach time the container is recreated.\n\nThe .bazelversion file was bazelisk-specific and is no longer needed.\n\nTest Plan:\nRebuilt the container, ran `scripts:launch`.\n\nModifying the checksum caused to build to fail.\n\nX-Origin-Diff: phab/D211\nGitOrigin-RevId: ec9ec2b97c6555a676f6444ac3923fad34b2cd16\n" }, { "commit": "3ea707028e5f140b1a5186a7086c0089a70c8f9c", "tree": "f07f5a23d75445789a1cbb116e8ca30471106ab2", "parents": [ "544440b6c8603ddaa548add84a657c999feeec49" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 16:40:06 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 16:40:06 2019 +0200" }, "message": "Mount Bazel repository_cache, Go mod cache and Go build cache as volumes\n\nThis leaves us with only git_repository rules not being cached,\nthe worst offender being the edk2 recursive submodule clone.\n\nSee: https://github.com/bazelbuild/bazel/issues/5116\n\ngazelle\u0027s repo lookup (running `go list`) is also not cached, even if the\nrepositories themselves are.\n\nWe can eliminate most of the remaining rebuild time by mounting\nthe entire execroot, however, this is currently foiled by a podman bug\n(Bazel needs to execute lots of binaries inside the root):\n\nhttps://github.com/containers/libpod/issues/4318\n\nTest Plan:\nRan `bazel build scripts:launch`, recreated container, ran it again.\n\nBuild times decreased significantly:\n\n INFO: Elapsed time: 279.951s, Critical Path: 119.05s\n INFO: 477 processes: 476 linux-sandbox, 1 local.\n INFO: Build completed successfully, 497 total actions\n\nX-Origin-Diff: phab/D206\nGitOrigin-RevId: 2d17a7eeb5d8b70ad4e26c13a0c6b31c4edfb33f\n" }, { "commit": "2a2081cc8bdb0a04a1c5e4509ce5cb569f3ef110", "tree": "af2403c83ae163f1f512721b1c27643d21ab39b2", "parents": [ "7afd390eadf37eac58d4db8ad3751783c40bdf37" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 13:33:10 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 13:33:10 2019 +0200" }, "message": "Increase robustness of bazel wrapper script and remove repository_cache\n\nThis allows the wrapper script to be called from anywhere.\n\nThe repo cache does not actually work as expected since it does not\ncache most external dependencies we care about, and is not always a\nvalid command line argument, so we would either have to specify it\nin .bazelrc (breaking non-standard dev setups), or specify it manually.\n\nTest Plan: Ran the bazel wrapper from my home directory, got expected output.\n\nX-Origin-Diff: phab/D204\nGitOrigin-RevId: 74d09ba24fd84ba0dd6e1ba282995c452546eb25\n" }, { "commit": "7afd390eadf37eac58d4db8ad3751783c40bdf37", "tree": "73b7533e0ba991eb8f2d98ed58e4350ca4c8e394", "parents": [ "2983d7285fe019f943f1b722f26a0f2e959c5f80" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 12:16:57 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 12:16:57 2019 +0200" }, "message": "Use --privileged in Fedora container\n\nThis enables the namespace-based sandbox in Bazel.\n\nUsing `--privileged` isn\u0027t as dangerous as it looks, when used with podman in rootless mode (i.e. ran as unprivileged user), in which case it uses user namespaces.\n\nWe drop `--net\u003dhost`, which is not actually necessary.\n\nTest Plan:\n scripts/destroy_container.sh\n scripts/create_container.sh\n scripts/run_in_container.sh bazelisk build :swtpm_data\n\n This now fails properly when ran with the container:\n\n swtpm-localca: touch: cannot touch \u0027/var/lib/swtpm-localca/.lock.swtpm-localca\u0027: Read-only file system\n swtpm-localca: Error: Could not create lock file /var/lib/swtpm-localca/.lock.swtpm-localca.\n\nX-Origin-Diff: phab/D202\nGitOrigin-RevId: f51a831e7584cccf21860e9f18b73272a658f055\n" }, { "commit": "2983d7285fe019f943f1b722f26a0f2e959c5f80", "tree": "f6b5056682bef41597d02347dff0d523916d196f", "parents": [ "e28e1b3556feb786c71f161b357fcf6899e44c19" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 12:16:42 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Oct 23 12:16:42 2019 +0200" }, "message": "Improve Bazel Fedora build container handling and cache repository downloads\n\nAdds lifecycle management scripts for the dev container and a \"bazel\" wrapper script, which sets container-only startup options.\n\nReplaces /dev/null bind mounts by SELinux contexts for container breakup prevention, since newer podman versions managed to somehow break the ordering of mounts and mounting on top of a volume gives ENOENT. This requires a placeholder .arcconfig.\n\nOn Fedora, SELinux prevents the container from accessing /dev/kvm, which requires a custom policy (see rWa716c988d69e).\n\nDesign considerations:\n\n- The build cache is on a tmpfs. This avoids fuse-overlayfs overhead. If the container is recreated, we want to drop the build cache - Bazel does not track ambient dependencies, so we do not know if we need to rebuild anything (like after upgrading a compiler).\n\n- The repository cache contains just workspace dependencies and is mounted as a volume.\n\nThe repository caches does not work terribly well yet, we probably need to mount parts ~/.cache/bazel as well. podman always mounts volumes as noexec, so this is not as straight-forward as it looks.\n\nTest Plan:\nRan the commands from the README as my unprivileged workstation user.\nSmalltown was built and launched successfully.\n\nX-Origin-Diff: phab/D198\nGitOrigin-RevId: aff720d2862cdf5d1df67813d842d221d69a84c0\n" }, { "commit": "e28e1b3556feb786c71f161b357fcf6899e44c19", "tree": "4bc2b91b2e276c6e7ee4131ab0c76eec4ec391fa", "parents": [ "5c80acaec733e0b7c43cb0584cdeb7cebc826aa9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Oct 22 19:20:34 2019 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Oct 22 19:20:34 2019 +0200" }, "message": "Fix Bazel on properly sandboxed execution\n\nTest Plan: Tested by launching VM\n\nX-Origin-Diff: phab/D199\nGitOrigin-RevId: d27f09e62067082ca0d6f40510c851752094b481\n" }, { "commit": "5c80acaec733e0b7c43cb0584cdeb7cebc826aa9", "tree": "f7db6de47e4ef38599da89dd4f1082c65569ca03", "parents": [ "a71b5a4c36d5cae089666eaad57514c64baf6f24" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:48:58 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:48:58 2019 +0200" }, "message": "Replace build system with a Bazel-based one\n\nThis pins our external dependencies and introduces a mostly-hermetic build where all dependencies are explicitly declared and rebuilt if needed.\n\nNecessary prerequite for a proper CI workflow. Since Bazel can cache build artifacts, we can remove the hardcoded binary artifacts from the repo.\n\nAs suggested in our discussions, the genrule that builds mkfs.xfs is basically doing the same as the previous build_artifacts.sh script (see source code comments for rationale).\n\nThe main issue at this point is that the `build/linux_kernel:image` target rebuilds the kernel each time any of its inputs (like cmd/init)\nchange. This is very hard to fix without compromising on hermeticity, porting kbuild to Bazel (no thanks) or injecting the initramfs into the\nkernel image in a separate rule (might just work, but the kernel build rule would either have custom code, or a massive set of outputs).\n\nPerhaps we could use a separate initramfs for development? Or deliberately poke holes into Bazel\u0027s sandbox to reuse kernel build?\n\nTest Plan:\nRun this in a fresh container with empty Bazel cache:\n\n bazelisk run scripts:launch\n\n... and watch as Bazel rebuilds the world.\n\nX-Origin-Diff: phab/D197\nGitOrigin-RevId: 21eea0e213a50e1c4ad25b2ac2bb87c53e36ea6d\n" }, { "commit": "67f9d096fb66d9f9298542d98d128a42b9d43695", "tree": "cb548c7e7a63df850302f6bb42a5a6bb3e5d2700", "parents": [ "40ab4b41d338657c67a7fa72a3f76e26f582d98e" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:41:42 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:41:42 2019 +0200" }, "message": "Refactor build_artifacts.sh and makefile\n\n- Move everything to .data, .vendor, .artifacts and .bin in order to cleanly separate build input and output.\n- Sprinkle some subshells on build_artifacts.sh to make it fail more gracefully.\n- Fix fetch_third_party.sh check.\n- GOBUILD make helper.\n- Dockerfile with build dependencies.\n\nTest Plan:\nRan `make clean` and build steps described in README.md, it boots:\n\n{P84}\n\nX-Origin-Diff: phab/D195\nGitOrigin-RevId: 4106534c7248931b79e93e2a13153482033cd0d8\n" }, { "commit": "f95909d11f20c01129120274076a44a689eabe3d", "tree": "2ba85463c30b26c0df8b7c278ea5df22da42dfdb", "parents": [ "ae0d90d0f95a1a71801d31d5460d32f8644fc0dd" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Sep 11 19:48:26 2019 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Sep 11 19:48:26 2019 +0200" }, "message": "UEFI EDK II, TPM minting, QEMU launcher and basic DHCP support\n\nTest Plan:\nYou still need a recent version of QEMU and swtpm installed (these are not yet integrated)\nRun `make launch` and have fun with a running Smalltown instance :)\n\nX-Origin-Diff: phab/D159\nGitOrigin-RevId: c7245bfbabebf92507445525bee009a71d19caea\n" } ] }