)]}' { "log": [ { "commit": "2aa8b184fcbc713d99bb7c3d868d1ab9df6f5b71", "tree": "6ee292c36be2008e8d2fc4d7af23157c17c0c981", "parents": [ "bc93c2b50690e66712d80e4da5837554588ca065" ], "author": { "name": "Leopold", "email": "leo@monogon.tech", "time": "Sat Jan 14 23:31:43 2023 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Jan 19 19:07:21 2023 +0000" }, "message": "third_party/rust: update rules_rust and deps\n\nThis is required for rules_rust to work with CC toolchains.\n\nChange-Id: I15f20c7bde09697fda248f7107be8bcd00e24d57\nReviewed-on: https://review.monogon.dev/c/monogon/+/1073\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "7fbf10455fd61b4c34182be5cdb3a53fd9897d4b", "tree": "02ead12ee79b10abfdd624071802acc771f6bb3e", "parents": [ "bffdda85d7750c9a9a34289a79281edeae1d73ef" ], "author": { "name": "Leopold", "email": "leo@monogon.tech", "time": "Fri Jan 06 19:57:37 2023 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Jan 19 19:07:21 2023 +0000" }, "message": "*: bring our own sandbox root\n\nThis change removes the build container and replaces it with a\nBazel-built Fedora 37 sysroot which is bind-mounted into the Bazel\nsandbox using --sandbox_add_mount_pair. The tools/bazel wrapper script\nautomatically (re-)generates the sysroot when needed.\n\nBoth Bazelisk and Bazel\u0027s native wrapper automatically run the\ntools/bazel script, which means that our build should now work without\nextra steps on any machine with a working Bazelisk setup and unpriv ns.\n\nThis fixes all kinds of weirdness caused by the previous podman setup\n(\"bazel run\"/container pushes, log access, weird podman bugs,\nbreaking the IDE plugin for any non-Monogon workspaces...).\n\nUsing the sandbox hash as an action var also ensures that the cache\nis invalidated whenever the ambient environment changes. Previously,\nBazel did not invalidate build steps when any host dependency changed.\nTo my knowledge, this was the only remaining cause for stale builds.\n\nIt also means we cannot depend on the host toolchain since it\nwon\u0027t be accessible in the sandbox, and anything that inspects the\nhost during analysis stage will fail. This currently means that\nrunning on a non-Fedora host won\u0027t work - we fix this next.\n\nAll RPMs are pinned and the sysroot is fully reproducible.\n\nOnce we upgrade to Bazel 5.x, we can take it further by enabling\n--experimental_use_hermetic_linux_sandbox and fully remove the\nremaining host paths from the sandbox for full hermeticity.\n\nIn a follow-up, we can clean up the CI image to only contain the\nminimum dependencies needed for Bazelisk and the agent.\n\nExisting IntelliJ users need to remove the -Dbazel.bep.path flag\nfrom their VM options.\n\nHandbook/Rust rules are disabled temporarily to keep CI green\n(requires a more recent rules_rust version).\n\nChange-Id: I1f17d57d985ff9d749bf3359f259d8ef52247c18\nReviewed-on: https://review.monogon.dev/c/monogon/+/1033\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "ba7bc7664b53ce63824ec991febdd74ea4d9dbf3", "tree": "f645fd2ccedb7f31d48d14f7e1a10cd5ba3a9f71", "parents": [ "4abadef540e5c5155aa0e6cc7b19221cbaa4b82d" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 18:34:29 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Oct 24 18:34:29 2019 +0200" }, "message": "Fix protobuf dependencies for internal/api and internal/common\n\nThis fixes the build. As it turns out, the local `generated` folder\nhad the side effect of confusing gazelle.\n\nFixes regression introduced by D216.\n\nTest Plan: Ran scripts/gazelle.sh, protobuf dependencies were re-added.\n\nX-Origin-Diff: phab/D217\nGitOrigin-RevId: ac0d5dd89e5fb154fe363a40dc8f8965fa12ba8c\n" }, { "commit": "5c80acaec733e0b7c43cb0584cdeb7cebc826aa9", "tree": "f7db6de47e4ef38599da89dd4f1082c65569ca03", "parents": [ "a71b5a4c36d5cae089666eaad57514c64baf6f24" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:48:58 2019 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Oct 22 15:48:58 2019 +0200" }, "message": "Replace build system with a Bazel-based one\n\nThis pins our external dependencies and introduces a mostly-hermetic build where all dependencies are explicitly declared and rebuilt if needed.\n\nNecessary prerequite for a proper CI workflow. Since Bazel can cache build artifacts, we can remove the hardcoded binary artifacts from the repo.\n\nAs suggested in our discussions, the genrule that builds mkfs.xfs is basically doing the same as the previous build_artifacts.sh script (see source code comments for rationale).\n\nThe main issue at this point is that the `build/linux_kernel:image` target rebuilds the kernel each time any of its inputs (like cmd/init)\nchange. This is very hard to fix without compromising on hermeticity, porting kbuild to Bazel (no thanks) or injecting the initramfs into the\nkernel image in a separate rule (might just work, but the kernel build rule would either have custom code, or a massive set of outputs).\n\nPerhaps we could use a separate initramfs for development? Or deliberately poke holes into Bazel\u0027s sandbox to reuse kernel build?\n\nTest Plan:\nRun this in a fresh container with empty Bazel cache:\n\n bazelisk run scripts:launch\n\n... and watch as Bazel rebuilds the world.\n\nX-Origin-Diff: phab/D197\nGitOrigin-RevId: 21eea0e213a50e1c4ad25b2ac2bb87c53e36ea6d\n" } ] }