diff --git a/.bazelrc b/.bazelrc index a489fc5dc..d69208d7f 100644 --- a/.bazelrc +++ b/.bazelrc @@ -1,16 +1,16 @@ +# Import bazelrc presets +import %workspace%/bazel/bazelrc/bazel6.bazelrc +import %workspace%/bazel/bazelrc/convenience.bazelrc +import %workspace%/bazel/bazelrc/correctness.bazelrc +import %workspace%/bazel/bazelrc/debug.bazelrc +import %workspace%/bazel/bazelrc/performance.bazelrc +import %workspace%/bazel/bazelrc/cc.bazelrc + # share bazel cache between checkouts of the same project # and keep old build caches around for longer common --disk_cache=~/.cache/shared_bazel_action_cache common --repository_cache=~/.cache/shared_bazel_repository_cache -# better caching / reproducibility -common --incompatible_strict_action_env=true -common --experimental_output_directory_naming_scheme=diff_against_baseline - -# disable automatic toolchain detection for C/C++ -common --incompatible_enable_cc_toolchain_resolution -common --action_env BAZEL_DO_NOT_DETECT_CPP_TOOLCHAIN=1 - # inject version information into binaries common --stamp --workspace_status_command=tools/workspace_status.sh @@ -32,12 +32,6 @@ build --flag_alias=container_prefix=//bazel/settings:container_prefix # set cli edition flag alias build --flag_alias=cli_edition=//bazel/settings:cli_edition -# build only what is needed for tests -test --build_tests_only - -# bazel config for debug builds -common:debug --compilation_mode=dbg --strip=never - # bazel configs to explicitly target a platform common:host --platforms @local_config_platform//:host common:linux_amd64 --platforms @zig_sdk//libc_aware/platform:linux_amd64_gnu.2.23 diff --git a/.github/actions/setup_bazel/action.yml b/.github/actions/setup_bazel/action.yml index 93952aa22..15b39dbaa 100644 --- a/.github/actions/setup_bazel/action.yml +++ b/.github/actions/setup_bazel/action.yml @@ -34,24 +34,7 @@ runs: run: | echo "::group::Configure Bazel" cat <> "${WORKSPACE}/.bazeloverwriterc" - # general - common --color=yes - common --terminal_columns=143 - common --build_metadata=ROLE=CI - common --show_progress_rate_limit=5 - common --curses=yes - common --verbose_failures - common --announce_rc - # test related - test --show_timestamps - test --keep_going - # remote cache / execution related - common --bes_timeout=600s - common --experimental_remote_build_event_upload=minimal - common --experimental_remote_cache_compression - common --nolegacy_important_outputs - common --noremote_upload_local_results - common --remote_timeout=3600 + import %workspace%/bazel/bazelrc/ci.bazelrc EOF echo "::endgroup::" @@ -68,6 +51,14 @@ runs: common --bes_backend=grpcs://remote.buildbuddy.io common --remote_cache=grpcs://remote.buildbuddy.io common --remote_header=x-buildbuddy-api-key=${BUILDBUDDY_ORG_API_KEY} + cquery --bes_results_url= + cquery --bes_backend= + cquery --remote_cache= + cquery --remote_header= + query --bes_results_url= + query --bes_backend= + query --remote_cache= + query --remote_header= EOF echo "::endgroup::" @@ -93,6 +84,12 @@ runs: common --bes_results_url=https://app.buildbuddy.io/invocation/ common --bes_backend=grpcs://remote.buildbuddy.io common --remote_header=x-buildbuddy-api-key=${BUILDBUDDY_ORG_API_KEY} + cquery --bes_results_url= + cquery --bes_backend= + cquery --remote_header= + query --bes_results_url= + query --bes_backend= + query --remote_header= EOF echo "::endgroup::" diff --git a/bazel/bazelrc/bazel6.bazelrc b/bazel/bazelrc/bazel6.bazelrc new file mode 100644 index 000000000..11a1c67fa --- /dev/null +++ b/bazel/bazelrc/bazel6.bazelrc @@ -0,0 +1,15 @@ +# Speed up all builds by not checking if external repository files have been modified. +# Docs: https://github.com/bazelbuild/bazel/blob/1af61b21df99edc2fc66939cdf14449c2661f873/src/main/java/com/google/devtools/build/lib/bazel/repository/RepositoryOptions.java#L244 +build --noexperimental_check_external_repository_files +fetch --noexperimental_check_external_repository_files +query --noexperimental_check_external_repository_files + +# Directories used by sandboxed non-worker execution may be reused to avoid unnecessary setup costs. +# Save time on Sandbox creation and deletion when many of the same kind of action run during the +# build. +# Docs: https://bazel.build/reference/command-line-reference#flag--reuse_sandbox_directories +build --reuse_sandbox_directories + +# Avoid this flag being enabled by remote_download_minimal or remote_download_toplevel +# See https://meroton.com/blog/bazel-6-errors-build-without-the-bytes/ +build --noexperimental_action_cache_store_output_metadata diff --git a/bazel/bazelrc/cc.bazelrc b/bazel/bazelrc/cc.bazelrc new file mode 100644 index 000000000..2b2ca85fd --- /dev/null +++ b/bazel/bazelrc/cc.bazelrc @@ -0,0 +1,3 @@ +# disable automatic toolchain detection for C/C++ +common --incompatible_enable_cc_toolchain_resolution +common --action_env BAZEL_DO_NOT_DETECT_CPP_TOOLCHAIN=1 diff --git a/bazel/bazelrc/ci.bazelrc b/bazel/bazelrc/ci.bazelrc new file mode 100644 index 000000000..b29009f48 --- /dev/null +++ b/bazel/bazelrc/ci.bazelrc @@ -0,0 +1,82 @@ +# We recommend enforcing a policy that keeps your CI from being slowed down +# by individual test targets that should be optimized +# or split up into multiple test targets with sharding or manually. +# Set this flag to exclude targets that have their timeout set to eternal (>15m) from running on CI. +# Docs: https://bazel.build/docs/user-manual#test-timeout-filters +test --test_timeout_filters=-eternal + +# Announce all announces command options read from the bazelrc file(s) when starting up at the +# beginning of each Bazel invocation. This is very useful on CI to be able to inspect what Bazel rc +# settings are being applied on each run. +# Docs: https://bazel.build/docs/user-manual#announce-rc +common --announce_rc + +# Add a timestamp to each message generated by Bazel specifying the time at which the message was +# displayed. +# Docs: https://bazel.build/docs/user-manual#show-timestamps +build --show_timestamps + +# Only show progress every 15 seconds on CI. +# We want to find a compromise between printing often enough to show that the build isn't stuck, +# but not so often that we produce a long log file that requires a lot of scrolling. +# https://bazel.build/reference/command-line-reference#flag--show_progress_rate_limit +common --show_progress_rate_limit=15 + +# Use cursor controls in screen output. +# Docs: https://bazel.build/docs/user-manual#curses +common --curses=yes + +# Use colors to highlight output on the screen. Set to `no` if your CI does not display colors. +# Docs: https://bazel.build/docs/user-manual#color +common --color=yes + +# The terminal width in columns. Configure this to override the default value based on what your CI system renders. +# Docs: https://github.com/bazelbuild/bazel/blob/1af61b21df99edc2fc66939cdf14449c2661f873/src/main/java/com/google/devtools/build/lib/runtime/UiOptions.java#L151 +build --terminal_columns=143 + +###################################### +# Generic remote cache configuration # +###################################### + +# Only download remote outputs of top level targets to the local machine. +# Docs: https://bazel.build/reference/command-line-reference#flag--remote_download_toplevel +# TODO(malt3): find out why this is not working +# build --remote_download_toplevel + +# The maximum amount of time to wait for remote execution and cache calls. +# https://bazel.build/reference/command-line-reference#flag--remote_timeout +build --remote_timeout=3600 + +# Upload locally executed action results to the remote cache. +# Docs: https://bazel.build/reference/command-line-reference#flag--remote_upload_local_results +# TODO(malt3): find out why this is not working +# build --remote_upload_local_results + +# Fall back to standalone local execution strategy if remote execution fails. If the grpc remote +# cache connection fails, it will fail the build, add this so it falls back to the local cache. +# Docs: https://bazel.build/reference/command-line-reference#flag--remote_local_fallback +build --remote_local_fallback + +# Fixes builds hanging on CI that get the TCP connection closed without sending RST packets. +# Docs: https://bazel.build/reference/command-line-reference#flag--grpc_keepalive_time +build --grpc_keepalive_time=30s + + +###################################### +# Edgeless specific # +###################################### + +# Ensure runs in CI are tagged as such. +common --build_metadata=ROLE=CI + +# show verbose failure messages in CI. +common --verbose_failures + +# extend time available to upload build events +common --bes_timeout=600s + +# options to limit the amount of data uploaded/downloaded to/from the remote cache +common --experimental_remote_build_event_upload=minimal +common --experimental_remote_cache_compression +common --nolegacy_important_outputs +common --noremote_upload_local_results diff --git a/bazel/bazelrc/convenience.bazelrc b/bazel/bazelrc/convenience.bazelrc new file mode 100644 index 000000000..c674569ff --- /dev/null +++ b/bazel/bazelrc/convenience.bazelrc @@ -0,0 +1,28 @@ +# Attempt to build & test every target whose prerequisites were successfully built. +# Docs: https://bazel.build/docs/user-manual#keep-going +build --keep_going + +# Output test errors to stderr so users don't have to `cat` or open test failure log files when test +# fail. This makes the log noiser in exchange for reducing the time-to-feedback on test failures for +# users. +# Docs: https://bazel.build/docs/user-manual#test-output +test --test_output=errors + +# Show the output files created by builds that requested more than one target. This helps users +# locate the build outputs in more cases +# Docs: https://bazel.build/docs/user-manual#show-result +build --show_result=20 + +# Bazel picks up host-OS-specific config lines from bazelrc files. For example, if the host OS is +# Linux and you run bazel build, Bazel picks up lines starting with build:linux. Supported OS +# identifiers are `linux`, `macos`, `windows`, `freebsd`, and `openbsd`. Enabling this flag is +# equivalent to using `--config=linux` on Linux, `--config=windows` on Windows, etc. +# Docs: https://bazel.build/reference/command-line-reference#flag--enable_platform_specific_config +common --enable_platform_specific_config + +# Output a heap dump if an OOM is thrown during a Bazel invocation +# (including OOMs due to `--experimental_oom_more_eagerly_threshold`). +# The dump will be written to `/.heapdump.hprof`. +# You may need to configure CI to capture this artifact and upload for later use. +# Docs: https://bazel.build/reference/command-line-reference#flag--heap_dump_on_oom +common --heap_dump_on_oom diff --git a/bazel/bazelrc/correctness.bazelrc b/bazel/bazelrc/correctness.bazelrc new file mode 100644 index 000000000..6c7934609 --- /dev/null +++ b/bazel/bazelrc/correctness.bazelrc @@ -0,0 +1,46 @@ +# Don't allow network access for build actions in the sandbox. +# Ensures that you don't accidentally make non-hermetic actions/tests which depend on remote +# services. +# Developers should tag targets with `tags=["requires-network"]` to opt-out of the enforcement. +# Docs: https://bazel.build/reference/command-line-reference#flag--sandbox_default_allow_network +build --sandbox_default_allow_network=false + +# Allow the Bazel server to check directory sources for changes. Ensures that the Bazel server +# notices when a directory changes, if you have a directory listed in the srcs of some target. +# Recommended when using +# [copy_directory](https://github.com/aspect-build/bazel-lib/blob/main/docs/copy_directory.md) and +# [rules_js](https://github.com/aspect-build/rules_js) since npm package are source directories +# inputs to copy_directory actions. +# Docs: https://bazel.build/reference/command-line-reference#flag--host_jvm_args +startup --host_jvm_args=-DBAZEL_TRACK_SOURCE_DIRECTORIES=1 + +# Allow exclusive tests to run in the sandbox. Fixes a bug where Bazel doesn't enable sandboxing for +# tests with `tags=["exclusive"]`. +# Docs: https://bazel.build/reference/command-line-reference#flag--incompatible_exclusive_test_sandboxed +test --incompatible_exclusive_test_sandboxed + +# Use a static value for `PATH` and does not inherit `LD_LIBRARY_PATH`. Doesn't let environment +# variables like `PATH` sneak into the build, which can cause massive cache misses when they change. +# Use `--action_env=ENV_VARIABLE` if you want to inherit specific environment variables from the +# client, but note that doing so can prevent cross-user caching if a shared cache is used. +# Docs: https://bazel.build/reference/command-line-reference#flag--incompatible_strict_action_env +build --incompatible_strict_action_env + +# Propagate tags from a target declaration to the actions' execution requirements. +# Ensures that tags applied in your BUILD file, like `tags=["no-remote"]` +# get propagated to actions created by the rule. +# Without this option, you rely on rules authors to manually check the tags you passed +# and apply relevant ones to the actions they create. +# See https://github.com/bazelbuild/bazel/issues/8830 for details. +# Docs: https://bazel.build/reference/command-line-reference#flag--experimental_allow_tags_propagation +build --experimental_allow_tags_propagation +fetch --experimental_allow_tags_propagation +query --experimental_allow_tags_propagation + +# Do not automatically create `__init__.py` files in the runfiles of Python targets. Fixes the wrong +# default that comes from Google's internal monorepo by using `__init__.py` to delimit a Python +# package. Precisely, when a `py_binary` or `py_test` target has `legacy_create_init` set to `auto (the +# default), it is treated as false if and only if this flag is set. See +# https://github.com/bazelbuild/bazel/issues/10076. +# Docs: https://bazel.build/reference/command-line-reference#flag--incompatible_default_to_explicit_init_py +build --incompatible_default_to_explicit_init_py diff --git a/bazel/bazelrc/debug.bazelrc b/bazel/bazelrc/debug.bazelrc new file mode 100644 index 000000000..7634e45a8 --- /dev/null +++ b/bazel/bazelrc/debug.bazelrc @@ -0,0 +1,22 @@ +############################################################ +# Use `bazel test --config=debug` to enable these settings # +############################################################ + +# Stream stdout/stderr output from each test in real-time. +# Docs: https://bazel.build/docs/user-manual#test-output +test:debug --test_output=streamed + +# Run one test at a time. +# Docs: https://bazel.build/reference/command-line-reference#flag--test_strategy +test:debug --test_strategy=exclusive + +# Prevent long running tests from timing out. +# Docs: https://bazel.build/docs/user-manual#test-timeout +test:debug --test_timeout=9999 + +# Always run tests even if they have cached results. +# Docs: https://bazel.build/docs/user-manual#cache-test-results +test:debug --nocache_test_results + +# enable debug symbols and disable stripping +common:debug --compilation_mode=dbg --strip=never diff --git a/bazel/bazelrc/performance.bazelrc b/bazel/bazelrc/performance.bazelrc new file mode 100644 index 000000000..9d0ba3057 --- /dev/null +++ b/bazel/bazelrc/performance.bazelrc @@ -0,0 +1,43 @@ +# Speed up all builds by not checking if output files have been modified. Lets you make changes to +# the output tree without triggering a build for local debugging. For example, you can modify +# [rules_js](https://github.com/aspect-build/rules_js) 3rd party npm packages in the output tree +# when local debugging. +# Docs: https://github.com/bazelbuild/bazel/blob/1af61b21df99edc2fc66939cdf14449c2661f873/src/main/java/com/google/devtools/build/lib/pkgcache/PackageOptions.java#L185 +build --noexperimental_check_output_files +fetch --noexperimental_check_output_files +query --noexperimental_check_output_files + +# Don't apply `--noremote_upload_local_results` and `--noremote_accept_cached` to the disk cache. +# If you have both `--noremote_upload_local_results` and `--disk_cache`, then this fixes a bug where +# Bazel doesn't write to the local disk cache as it treats as a remote cache. +# Docs: https://bazel.build/reference/command-line-reference#flag--incompatible_remote_results_ignore_disk +build --incompatible_remote_results_ignore_disk + +# Directories used by sandboxed non-worker execution may be reused to avoid unnecessary setup costs. +# Save time on Sandbox creation and deletion when many of the same kind of action run during the +# build. +# No longer experimental in Bazel 6: https://github.com/bazelbuild/bazel/commit/c1a95501a5611878e5cc43a3cc531f2b9e47835b +# Docs: https://bazel.build/reference/command-line-reference#flag--reuse_sandbox_directories +build --experimental_reuse_sandbox_directories + +# Do not build runfiles symlink forests for external repositories under +# `.runfiles/wsname/external/repo` (in addition to `.runfiles/repo`). This reduces runfiles & +# sandbox creation times & prevents accidentally depending on this feature which may flip to off by +# default in the future. Note, some rules may fail under this flag, please file issues with the rule +# author. +# Docs: https://bazel.build/reference/command-line-reference#flag--legacy_external_runfiles +build --nolegacy_external_runfiles + +# Some actions are always IO-intensive but require little compute. It's wasteful to put the output +# in the remote cache, it just saturates the network and fills the cache storage causing earlier +# evictions. It's also not worth sending them for remote execution. +# For actions like PackageTar it's usually faster to just re-run the work locally every time. +# You'll have to look at an execution log to figure out what other action mnemonics you care about. +# In some cases you may need to patch rulesets to add a mnemonic to actions that don't have one. +# https://bazel.build/reference/command-line-reference#flag--modify_execution_info +build --modify_execution_info=PackageTar=+no-remote,OCIImage=+no-remote + +# build only what is needed for tests +test --build_tests_only + +common --experimental_output_directory_naming_scheme=diff_against_baseline