)]}'
{
  "log": [
    {
      "commit": "90d4051ae6119dc08dfa17f3a9e95e5b98fba2a5",
      "tree": "259b6d1ff0d250d9a3a9a64c96a17ce27fda6a27",
      "parents": [
        "363322e4f5719be205a78cea3fc2e30b4ae48929"
      ],
      "author": {
        "name": "Tim Windelschmidt",
        "email": "tim@monogon.tech",
        "time": "Tue Mar 25 12:37:06 2025 +0100"
      },
      "committer": {
        "name": "Tim Windelschmidt",
        "email": "tim@monogon.tech",
        "time": "Thu Mar 27 13:01:13 2025 +0000"
      },
      "message": "tools/bazel: don\u0027t patch aspect if not found\n\nChange-Id: I0ac6517ccbee95f1039e764e8a33edb385ccc28c\nReviewed-on: https://review.monogon.dev/c/monogon/+/4038\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n"
    },
    {
      "commit": "7f14f91765c6b32a95aac5d2b40a25bba1eae695",
      "tree": "d3da64e7bf9baf6c89e29df78ce86504e64e9c89",
      "parents": [
        "a7cfc1c29ec81525846a48b98d0f66e2899c13b8"
      ],
      "author": {
        "name": "Tim Windelschmidt",
        "email": "tim@monogon.tech",
        "time": "Fri Dec 15 21:49:15 2023 +0100"
      },
      "committer": {
        "name": "Tim Windelschmidt",
        "email": "tim@monogon.tech",
        "time": "Fri Dec 15 21:39:49 2023 +0000"
      },
      "message": "workspace: return to pre nix-shell directory before running bazel\n\nChange-Id: I64ec0f26e2b7fd4ec9497bc59d68df438f3496d4\nReviewed-on: https://review.monogon.dev/c/monogon/+/2579\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n"
    },
    {
      "commit": "5bfdb97df902a2ef27aecf40620d56773f9e90b3",
      "tree": "59684e3bed0821b6f1139d32042cb76ac0d2d8ec",
      "parents": [
        "1a773dd14503c985d4f4a8717a7d5a5ebcbe6552"
      ],
      "author": {
        "name": "Tim Windelschmidt",
        "email": "tim@monogon.tech",
        "time": "Sat Nov 25 06:01:28 2023 +0100"
      },
      "committer": {
        "name": "Tim Windelschmidt",
        "email": "tim@monogon.tech",
        "time": "Sat Nov 25 19:29:46 2023 +0000"
      },
      "message": "tools/bazel: Allow direct invocation of bazel wrapper and add more docs\n\nChange-Id: I5f03225fb3d5c0304e2f3843ac3d81af2d1b504e\nReviewed-on: https://review.monogon.dev/c/monogon/+/2384\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n"
    },
    {
      "commit": "246f2fe5d8139b167550b957365118d62ad8f4a9",
      "tree": "fbded2cea378207e9a605225a75bfbb84995da21",
      "parents": [
        "d9f1f1ec67af21eba685505d7b3086fc222106e1"
      ],
      "author": {
        "name": "Tim Windelschmidt",
        "email": "tim@monogon.tech",
        "time": "Thu Oct 26 04:39:35 2023 +0200"
      },
      "committer": {
        "name": "Tim Windelschmidt",
        "email": "tim@monogon.tech",
        "time": "Wed Nov 01 12:54:17 2023 +0000"
      },
      "message": "tools: extend bazel wrapper to execute commands inside nix-shell\n\nChange-Id: I27fd2e2ac863fabdc015437594bc2cc677279af1\nReviewed-on: https://review.monogon.dev/c/monogon/+/2239\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n"
    },
    {
      "commit": "9508b12bba50625eaccadc4aacf908ba538e3dd6",
      "tree": "acaf5e1981fc98101f25924a6fb44cf827f826c5",
      "parents": [
        "150f24a5421dc1449d79a801524a7c98754f7bca"
      ],
      "author": {
        "name": "Leopold Schabel",
        "email": "leo@monogon.tech",
        "time": "Fri Jul 14 17:54:17 2023 +0200"
      },
      "committer": {
        "name": "Leopold Schabel",
        "email": "leo@monogon.tech",
        "time": "Wed Jul 19 15:57:32 2023 +0000"
      },
      "message": "*: fully hermetic builds and nix shell support\n\nThis change is a slightly more polished version of Serge\u0027s experiment:\n- https://review.monogon.dev/c/monogon/+/1148\n- https://bin.monogon.dev/pasta/sloth-parrot-ant\n- https://bin.monogon.dev/pasta/eel-seal-wolf\n\nThere are two execution environments we have to support:\n\n- Most builds run inside a sandbox, which is a Fedora\n  environment and does not require any host dependencies at all.\n\n- Bazel itself and the tooling we require to bootstrap\n  the sandbox (mainly, Go and Proto toolchains). This has to\n  work directly on the host.\n\nWe first make the sandbox fully hermetic by setting\n--experimental_use_hermetic_linux_sandbox, which set up an empty /\ninstead of mounting over individual directories, removing any remaining\nhost paths from the sandbox (except /proc and /dev/shm, which are\nrequired by some toolchains). We also force static values for the shell,\n$TMPDIR and $PATH, which would otherwise leak into the sandbox.\n\nFor the host, we use buildFHSUserEnv to build an environment which\nsupports our static toolchains, and well as a clean Bazel build\nwithout all the nixpkgs patches which would otherwise break our custom\ntoolchains and sandbox implementation.\n\nThis allows us to use the exact same toolchains on NixOS and other\ndistros for perfect reproducibility.\n\nFixes https://github.com/monogon-dev/monogon/issues/174.\nFixes https://github.com/monogon-dev/monogon/issues/175.\n\nCo-authored-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nChange-Id: I665471a45b315ce7e93ef16d9d056d7622886959\nReviewed-on: https://review.monogon.dev/c/monogon/+/1929\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n"
    },
    {
      "commit": "d266812c63eb25cf9a586297785add76f5b1f073",
      "tree": "6ff59931dce0fefd49e0b6af20e732eef2a8968b",
      "parents": [
        "f220b2923c0d8bcf760d1c86af51041371633617"
      ],
      "author": {
        "name": "Leopold",
        "email": "leo@monogon.tech",
        "time": "Wed Feb 01 15:15:59 2023 +0100"
      },
      "committer": {
        "name": "Leopold Schabel",
        "email": "leo@monogon.tech",
        "time": "Thu Feb 02 13:59:14 2023 +0000"
      },
      "message": "tools/bazel: remove .bazelrc.sandbox from checksum\n\nThis avoids recreating the sandbox on the second run on a clean\ncheckout. The file is autogenerated by tools/bazel, if the user\nchooses to modify it manually, that\u0027s on them.\n\nShould fix half of https://github.com/monogon-dev/monogon/issues/172.\n\nChange-Id: Id43d4c351f69c78ff7a4cd25b5bef84a632ff2b2\nReviewed-on: https://review.monogon.dev/c/monogon/+/1116\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n"
    },
    {
      "commit": "7fbf10455fd61b4c34182be5cdb3a53fd9897d4b",
      "tree": "02ead12ee79b10abfdd624071802acc771f6bb3e",
      "parents": [
        "bffdda85d7750c9a9a34289a79281edeae1d73ef"
      ],
      "author": {
        "name": "Leopold",
        "email": "leo@monogon.tech",
        "time": "Fri Jan 06 19:57:37 2023 +0100"
      },
      "committer": {
        "name": "Leopold Schabel",
        "email": "leo@monogon.tech",
        "time": "Thu Jan 19 19:07:21 2023 +0000"
      },
      "message": "*: bring our own sandbox root\n\nThis change removes the build container and replaces it with a\nBazel-built Fedora 37 sysroot which is bind-mounted into the Bazel\nsandbox using --sandbox_add_mount_pair. The tools/bazel wrapper script\nautomatically (re-)generates the sysroot when needed.\n\nBoth Bazelisk and Bazel\u0027s native wrapper automatically run the\ntools/bazel script, which means that our build should now work without\nextra steps on any machine with a working Bazelisk setup and unpriv ns.\n\nThis fixes all kinds of weirdness caused by the previous podman setup\n(\"bazel run\"/container pushes, log access, weird podman bugs,\nbreaking the IDE plugin for any non-Monogon workspaces...).\n\nUsing the sandbox hash as an action var also ensures that the cache\nis invalidated whenever the ambient environment changes. Previously,\nBazel did not invalidate build steps when any host dependency changed.\nTo my knowledge, this was the only remaining cause for stale builds.\n\nIt also means we cannot depend on the host toolchain since it\nwon\u0027t be accessible in the sandbox, and anything that inspects the\nhost during analysis stage will fail. This currently means that\nrunning on a non-Fedora host won\u0027t work - we fix this next.\n\nAll RPMs are pinned and the sysroot is fully reproducible.\n\nOnce we upgrade to Bazel 5.x, we can take it further by enabling\n--experimental_use_hermetic_linux_sandbox and fully remove the\nremaining host paths from the sandbox for full hermeticity.\n\nIn a follow-up, we can clean up the CI image to only contain the\nminimum dependencies needed for Bazelisk and the agent.\n\nExisting IntelliJ users need to remove the -Dbazel.bep.path flag\nfrom their VM options.\n\nHandbook/Rust rules are disabled temporarily to keep CI green\n(requires a more recent rules_rust version).\n\nChange-Id: I1f17d57d985ff9d749bf3359f259d8ef52247c18\nReviewed-on: https://review.monogon.dev/c/monogon/+/1033\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n"
    },
    {
      "commit": "294002872b79dff7f91538a45ac50a12d33607de",
      "tree": "ac03b2a5147e83d7ad2e767ebfa69a1f60221149",
      "parents": [
        "06f51944c154f10756796323b1cbde1ce5376c47"
      ],
      "author": {
        "name": "Leopold",
        "email": "leo@monogon.tech",
        "time": "Wed Jan 04 17:12:46 2023 +0100"
      },
      "committer": {
        "name": "Leopold Schabel",
        "email": "leo@monogon.tech",
        "time": "Thu Jan 05 13:17:22 2023 +0000"
      },
      "message": "tools/bazel: add wrapper script\n\nThis causes recent versions of Bazelisk (and native Bazel) to use\nour wrapper script automatically.\n\nIe74b9ecd removes the internal wrapper, which used to the same\njob but much less elegantly.\n\nChange-Id: Iabf0988c8d9ce2fa759ea81e6853380b56ffed2e\nReviewed-on: https://review.monogon.dev/c/monogon/+/1024\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n"
    }
  ]
}