bazel: always use nix

This commit is contained in:
Malte Poll 2023-10-04 10:51:17 +02:00 committed by Malte Poll
parent d046ba01ff
commit d22f53d7cc
13 changed files with 49 additions and 195 deletions

View File

@ -40,9 +40,8 @@ common:linux_amd64_static --platforms @zig_sdk//libc_aware/platform:linux_amd64_
common:linux_arm64_static --platforms @zig_sdk//libc_aware/platform:linux_arm64_musl common:linux_arm64_static --platforms @zig_sdk//libc_aware/platform:linux_arm64_musl
# bazel configs to explicitly target NixOS # bazel configs to explicitly target NixOS
common:nix --host_platform=@io_tweag_rules_nixpkgs//nixpkgs/platforms:host common --host_platform=@io_tweag_rules_nixpkgs//nixpkgs/platforms:host
common:nix --crosstool_top=@local_config_cc//:toolchain common --crosstool_top=@local_config_cc//:toolchain
common:nix --action_env=BAZEL_NIX_HOST_PLATFORM=1
# bazel config to explicitly disable stamping (hide version information at build time) # bazel config to explicitly disable stamping (hide version information at build time)
common:nostamp --nostamp --workspace_status_command= common:nostamp --nostamp --workspace_status_command=

View File

@ -172,9 +172,9 @@ jobs:
TARGET: //image/system:${{ matrix.csp }}_${{ matrix.attestation_variant }}_${{ needs.build-settings.outputs.stream }} TARGET: //image/system:${{ matrix.csp }}_${{ matrix.attestation_variant }}_${{ needs.build-settings.outputs.stream }}
run: | run: |
echo "::group::Build" echo "::group::Build"
bazel build --host_platform=@rules_nixpkgs_core//platforms:host "${TARGET}" bazel build "${TARGET}"
{ {
echo "image-dir=$(bazel cquery --host_platform=@rules_nixpkgs_core//platforms:host --output=files "$TARGET")" echo "image-dir=$(bazel cquery --output=files "$TARGET")"
} | tee -a "$GITHUB_OUTPUT" } | tee -a "$GITHUB_OUTPUT"
echo "::endgroup::" echo "::endgroup::"

View File

@ -13,7 +13,7 @@ load("@io_tweag_rules_nixpkgs//nixpkgs:repositories.bzl", "rules_nixpkgs_depende
rules_nixpkgs_dependencies() rules_nixpkgs_dependencies()
load("@io_tweag_rules_nixpkgs//nixpkgs:nixpkgs.bzl", "nixpkgs_flake_package", "nixpkgs_git_repository", "nixpkgs_package", "nixpkgs_python_configure") load("@io_tweag_rules_nixpkgs//nixpkgs:nixpkgs.bzl", "nixpkgs_cc_configure", "nixpkgs_flake_package", "nixpkgs_git_repository", "nixpkgs_package", "nixpkgs_python_configure")
nixpkgs_git_repository( nixpkgs_git_repository(
name = "nixpkgs", name = "nixpkgs",
@ -38,32 +38,27 @@ nixpkgs_package(
repository = "@nixpkgs", repository = "@nixpkgs",
) )
load("//bazel/mkosi:mkosi_configure.bzl", "find_system_mkosi") load("//bazel/mkosi:mkosi_configure.bzl", "register_mkosi")
find_system_mkosi(name = "constellation_mkosi") register_mkosi(
name = "mkosi_nix_toolchain",
)
# Python toolchain # Python toolchain
load("//bazel/toolchains:python_deps.bzl", "python_deps") load("//bazel/toolchains:python_deps.bzl", "python_deps")
python_deps() python_deps()
load("@rules_python//python:repositories.bzl", "py_repositories", "python_register_toolchains") load("@rules_python//python:repositories.bzl", "py_repositories")
py_repositories() py_repositories()
# if nix is installed, use nixpkgs python toolchain...
nixpkgs_python_configure( nixpkgs_python_configure(
fail_not_supported = False, fail_not_supported = False,
python3_attribute_path = "python311.withPackages(ps: with ps; [ numpy ])", python3_attribute_path = "python311",
repository = "@nixpkgs", repository = "@nixpkgs",
) )
# ... otherwise, fall back to rules_python toolchain
python_register_toolchains(
name = "python3_11",
python_version = "3.11",
)
# Go toolchain # Go toolchain
load("//bazel/toolchains:go_rules_deps.bzl", "go_deps") load("//bazel/toolchains:go_rules_deps.bzl", "go_deps")
@ -78,19 +73,13 @@ load("@io_bazel_rules_go//go:deps.bzl", "go_rules_dependencies")
go_rules_dependencies() go_rules_dependencies()
local_repository( load("@io_tweag_rules_nixpkgs//nixpkgs:toolchains/go.bzl", "nixpkgs_go_configure")
name = "nixos-support",
path = "bazel/nixos-support", nixpkgs_go_configure(
attribute_path = "go_1_21",
repository = "@nixpkgs",
) )
load("@nixos-support//:nixos-support.bzl", "gen_imports")
gen_imports()
load("@nixos_support//:imports.bzl", "cc_toolchain", "go_toolchain")
go_toolchain()
load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies") load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies")
gazelle_dependencies(go_repository_default_config = "//:WORKSPACE.bazel") gazelle_dependencies(go_repository_default_config = "//:WORKSPACE.bazel")
@ -152,7 +141,21 @@ load("@hermetic_cc_toolchain//toolchain:defs.bzl", zig_toolchains = "toolchains"
zig_toolchains() zig_toolchains()
cc_toolchain() nixpkgs_cc_configure(repository = "@nixpkgs")
register_toolchains(
"@zig_sdk//libc_aware/toolchain:linux_amd64_gnu.2.23",
"@zig_sdk//libc_aware/toolchain:linux_arm64_gnu.2.23",
"@zig_sdk//libc_aware/toolchain:linux_amd64_musl",
"@zig_sdk//libc_aware/toolchain:linux_arm64_musl",
"@zig_sdk//toolchain:linux_amd64_gnu.2.23",
"@zig_sdk//toolchain:linux_arm64_gnu.2.23",
"@zig_sdk//toolchain:linux_amd64_musl",
"@zig_sdk//toolchain:linux_arm64_musl",
"@zig_sdk//toolchain:darwin_amd64",
"@zig_sdk//toolchain:darwin_arm64",
"@zig_sdk//toolchain:windows_amd64",
)
load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

View File

@ -410,18 +410,12 @@ repo_command(
sh_template( sh_template(
name = "proto_targets_check", name = "proto_targets_check",
data = select({ data = [
"@rules_nixpkgs_core//constraints:support_nix": [ "@diffutils//:bin/diff",
"@diffutils//:bin/diff", ],
], env = {
"//conditions:default": [], "DIFF": "$(rootpath @diffutils//:bin/diff)",
}), },
env = select({
"@rules_nixpkgs_core//constraints:support_nix": {
"DIFF": "$(rootpath @diffutils//:bin/diff)",
},
"//conditions:default": {},
}),
substitutions = { substitutions = {
"@@PROTO_TARGETS@@": " ".join(proto_targets()), "@@PROTO_TARGETS@@": " ".join(proto_targets()),
}, },

View File

@ -5,9 +5,6 @@ Type: @constellation//bazel/mkosi:toolchain_type
Toolchains: Toolchains:
- mkosi_missing_toolchain: provides a fallback toolchain for exec platforms - mkosi_missing_toolchain: provides a fallback toolchain for exec platforms
where mkosi might not be available. where mkosi might not be available.
- mkosi_auto_toolchain: a toolchain that uses the installed mkosi. See
mkosi_configure.bzl%find_system_mkosi for usage.
""" """
load(":toolchain.bzl", "is_mkosi_available", "mkosi_make_variables", "mkosi_toolchain") load(":toolchain.bzl", "is_mkosi_available", "mkosi_make_variables", "mkosi_toolchain")

View File

@ -1,13 +0,0 @@
# This content is generated by {GENERATOR}
load("@constellation//bazel/mkosi:toolchain.bzl", "mkosi_toolchain")
mkosi_toolchain(
name = "mkosi_auto",
path = "{MKOSI_PATH}",
)
toolchain(
name = "mkosi_auto_toolchain",
toolchain = ":mkosi_auto",
toolchain_type = "@constellation//bazel/mkosi:toolchain_type",
)

View File

@ -1,43 +1,7 @@
"""Repository rule to autoconfigure a toolchain using the system mkosi.""" """Repository rule to configure a toolchain using nixpkgs mkosi."""
def _write_build(rctx, path): def register_mkosi(name):
if not path:
path = ""
rctx.template(
"BUILD",
Label("//bazel/mkosi:BUILD.tpl"),
substitutions = {
"{GENERATOR}": "@constellation//bazel/mkosi/mkosi_configure.bzl%find_system_mkosi",
"{MKOSI_PATH}": str(path),
},
executable = False,
)
def _find_system_mkosi_impl(rctx):
mkosi_path = rctx.which("mkosi")
if rctx.attr.verbose:
if mkosi_path:
print("Found mkosi at '%s'" % mkosi_path) # buildifier: disable=print
else:
print("No system mkosi found.") # buildifier: disable=print
_write_build(rctx = rctx, path = mkosi_path)
_find_system_mkosi = repository_rule(
implementation = _find_system_mkosi_impl,
doc = """Create a repository that defines an mkosi toolchain based on the system mkosi.""",
local = True,
environ = ["PATH"],
attrs = {
"verbose": attr.bool(
doc = "If true, print status messages.",
),
},
)
def find_system_mkosi(name, verbose = False):
_find_system_mkosi(name = name, verbose = verbose)
native.register_toolchains( native.register_toolchains(
"@constellation//bazel/mkosi:mkosi_nix_toolchain", "@constellation//bazel/mkosi:mkosi_nix_toolchain",
"@%s//:mkosi_auto_toolchain" % name,
"@constellation//bazel/mkosi:mkosi_missing_toolchain", "@constellation//bazel/mkosi:mkosi_missing_toolchain",
) )

View File

@ -1,69 +0,0 @@
""" A repository rule use either nixpkgs or download a go toolchain / SDK """
def _has_nix(ctx):
return ctx.os.environ.get("BAZEL_NIX_HOST_PLATFORM", "0") == "1"
def _gen_imports_impl(ctx):
ctx.file("BUILD", "")
imports_for_nix = """
load("@io_tweag_rules_nixpkgs//nixpkgs:nixpkgs.bzl", "nixpkgs_cc_configure")
load("@io_tweag_rules_nixpkgs//nixpkgs:toolchains/go.bzl", "nixpkgs_go_configure")
def go_toolchain():
nixpkgs_go_configure(
repository = "@nixpkgs",
attribute_path = "go_1_21",
)
def cc_toolchain():
nixpkgs_cc_configure(repository = "@nixpkgs")
native.register_toolchains(
"@zig_sdk//libc_aware/toolchain:linux_amd64_gnu.2.23",
"@zig_sdk//libc_aware/toolchain:linux_arm64_gnu.2.23",
"@zig_sdk//libc_aware/toolchain:linux_amd64_musl",
"@zig_sdk//libc_aware/toolchain:linux_arm64_musl",
"@zig_sdk//toolchain:linux_amd64_gnu.2.23",
"@zig_sdk//toolchain:linux_arm64_gnu.2.23",
"@zig_sdk//toolchain:linux_amd64_musl",
"@zig_sdk//toolchain:linux_arm64_musl",
"@zig_sdk//toolchain:darwin_amd64",
"@zig_sdk//toolchain:darwin_arm64",
"@zig_sdk//toolchain:windows_amd64",
)
"""
imports_for_non_nix = """
load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains")
def go_toolchain():
go_register_toolchains(version = "1.21.1")
def cc_toolchain():
native.register_toolchains(
"@zig_sdk//libc_aware/toolchain:linux_amd64_gnu.2.23",
"@zig_sdk//libc_aware/toolchain:linux_arm64_gnu.2.23",
"@zig_sdk//libc_aware/toolchain:linux_amd64_musl",
"@zig_sdk//libc_aware/toolchain:linux_arm64_musl",
"@zig_sdk//toolchain:linux_amd64_gnu.2.23",
"@zig_sdk//toolchain:linux_arm64_gnu.2.23",
"@zig_sdk//toolchain:linux_amd64_musl",
"@zig_sdk//toolchain:linux_arm64_musl",
"@zig_sdk//toolchain:darwin_amd64",
"@zig_sdk//toolchain:darwin_arm64",
"@zig_sdk//toolchain:windows_amd64",
)
"""
if _has_nix(ctx):
ctx.file("imports.bzl", imports_for_nix)
else:
ctx.file("imports.bzl", imports_for_non_nix)
_gen_imports = repository_rule(
implementation = _gen_imports_impl,
)
def gen_imports():
_gen_imports(
name = "nixos_support",
)

View File

@ -7,35 +7,21 @@ Prerequisites:
* 20GB (minimum), better 40 GB disk space (required if you want to cross compile for all platforms) * 20GB (minimum), better 40 GB disk space (required if you want to cross compile for all platforms)
* [Latest version of Go](https://go.dev/doc/install). * [Latest version of Go](https://go.dev/doc/install).
* Unless you use Nix / NixOS: [Bazelisk installed as `bazel` in your path](https://github.com/bazelbuild/bazelisk/releases). * Unless you use Nix / NixOS: [Bazelisk installed as `bazel` in your path](https://github.com/bazelbuild/bazelisk/releases).
* We recommend Nix installed via [determinate systems installer](https://github.com/DeterminateSystems/nix-installer) (or NixOS as host system). * We require Nix to be installed. It is recommended to install nix using the [determinate systems installer](https://github.com/DeterminateSystems/nix-installer) (or to use NixOS as host system).
* [Docker](https://docs.docker.com/engine/install/). Can be installed with these commands on Ubuntu 22.04: `sudo apt update && sudo apt install docker.io`. As the build spawns docker containers your user account either needs to be in the `docker` group (Add with `sudo usermod -a -G docker $USER`) or you have to run builds with `sudo`. When using `sudo` remember that your root user might (depending on your distro and local config) not have the go binary in it's PATH. The current PATH can be forwarded to the root env with `sudo env PATH=$PATH <cmd>`. * [Docker](https://docs.docker.com/engine/install/). Can be installed with these commands on Ubuntu 22.04: `sudo apt update && sudo apt install docker.io`. As the build spawns docker containers your user account either needs to be in the `docker` group (Add with `sudo usermod -a -G docker $USER`) or you have to run builds with `sudo`. When using `sudo` remember that your root user might (depending on your distro and local config) not have the go binary in it's PATH. The current PATH can be forwarded to the root env with `sudo env PATH=$PATH <cmd>`.
## Prequisites ## Prequisites
### Linux ### Linux
* Packages on NixOS or with Nix installed (use flake.nix in this repo): * If you don't want to perform any setup, you can get a shell with Bazel and all required dependencies by running:
```sh ```sh
# add "common --config=nix" to your .bazeloverwriterc if you want to get nix compatible toolchains
echo "common --config=nix" >> .bazeloverwriterc
# better would be: nix develop -i # better would be: nix develop -i
# but this doesn't play nice with bashrc, colored output and non-hermetic tools # but this doesn't play nice with bashrc, colored output and non-hermetic tools
nix develop nix develop
``` ```
* Packages on Ubuntu:
```sh
sudo apt install build-essential cmake libssl-dev pkg-config libcryptsetup12 libcryptsetup-dev
```
* Packages on Fedora:
```sh
sudo dnf install @development-tools pkg-config cmake openssl-devel cryptsetup-libs cryptsetup-devel
```
### Mac ### Mac
* To fix unsupported shell options used in some build script: * To fix unsupported shell options used in some build script:

View File

@ -1,9 +1,8 @@
## Setup ## Setup
Ensure you have Nix installed. This is recommended in general but a requirement for the following steps. Ensure you have Nix installed. This is a requirement for the following steps.
Consult the [developer docs](/dev-docs/workflows/build-develop-deploy.md) for more info. Consult the [developer docs](/dev-docs/workflows/build-develop-deploy.md) for more info.
At the very least, `nix` should be in your PATH and either `common --config=nix` At the very least, `nix` should be in your PATH.
has to be set in the `.bazelrc` or you need to append `--config=nix` to each Bazel command.
## Build ## Build

View File

@ -16,19 +16,13 @@ go_library(
go_binary( go_binary(
name = "cmd", name = "cmd",
# keep # keep
data = select({ data = [
"@rules_nixpkgs_core//constraints:support_nix": [ "@systemd//:bin/systemd-dissect",
"@systemd//:bin/systemd-dissect", ],
],
"//conditions:default": [],
}),
embed = [":cmd_lib"], embed = [":cmd_lib"],
# keep # keep
env = select({ env = {
"@rules_nixpkgs_core//constraints:support_nix": { "DISSECT_TOOLCHAIN": "$(rootpath @systemd//:bin/systemd-dissect)",
"DISSECT_TOOLCHAIN": "$(rootpath @systemd//:bin/systemd-dissect)", },
},
"//conditions:default": {},
}),
visibility = ["//visibility:public"], visibility = ["//visibility:public"],
) )