constellation/bazel/ci/BUILD.bazel
Daniel Weiße 5b1e3627c9
ci: run memory intensive check targets sequentially (#3513)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-12-02 09:25:45 +01:00

588 lines
17 KiB
Python

load("@buildifier_prebuilt//:rules.bzl", "buildifier", "buildifier_test")
load("@com_github_ash2k_bazel_tools//multirun:def.bzl", "multirun")
load("@gazelle//:def.bzl", "gazelle")
load("@io_bazel_rules_go//go/private/rules:go_bin_for_host.bzl", "go_bin_for_host")
load("//bazel/ci:proto_targets.bzl", "proto_targets")
load("//bazel/sh:def.bzl", "noop_warn", "repo_command", "sh_template")
required_tags = [
"e2e",
"integration",
]
gazelle(
name = "gazelle_generate",
build_tags = required_tags,
)
gazelle(
name = "gazelle_check",
build_tags = required_tags,
command = "fix",
mode = "diff",
)
buildifier_test(
name = "buildifier_check",
timeout = "short",
lint_mode = "warn",
lint_warnings = ["all"],
mode = "diff",
no_sandbox = True,
tags = ["no-remote-exec"],
verbose = True,
workspace = "//:WORKSPACE.bzlmod",
)
buildifier(
name = "buildifier_fix",
lint_mode = "fix",
lint_warnings = ["all"],
mode = "fix",
tags = ["no-remote-exec"],
verbose = True,
)
sh_template(
name = "keep_sorted",
data = [
"@com_github_google_keep_sorted//:keep-sorted",
],
substitutions = {
"@@KEEP_SORTED@@": "$(rootpath @com_github_google_keep_sorted//:keep-sorted)",
},
template = "keep_sorted.sh.in",
)
sh_template(
name = "go_mod_tidy",
data = [
":go_bin_for_host",
],
substitutions = {
"@@GO@@": "$(rootpath :go_bin_for_host)",
},
template = "go_tidy.sh.in",
)
sh_template(
name = "shfmt",
data = [
"@com_github_katexochen_sh_v3//cmd/shfmt",
],
substitutions = {
"@@SHFMT@@": "$(rootpath @com_github_katexochen_sh_v3//cmd/shfmt)",
},
template = "shfmt.sh.in",
)
noop_warn(
name = "shellcheck_noop_warning",
warning = "Shellcheck should have been executed, but is currently not available for your platform.",
)
alias(
name = "com_github_koalaman_shellcheck",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_koalaman_shellcheck_darwin_amd64//:shellcheck",
"@io_bazel_rules_go//go/platform:darwin_arm64": ":shellcheck_noop_warning",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_koalaman_shellcheck_linux_amd64//:shellcheck",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_koalaman_shellcheck_linux_arm64//:shellcheck",
}),
)
sh_template(
name = "shellcheck",
data = [
":com_github_koalaman_shellcheck",
"@com_github_katexochen_sh_v3//cmd/shfmt",
],
substitutions = {
"@@SHELLCHECK@@": "$(rootpath :com_github_koalaman_shellcheck)",
"@@SHFMT@@": "$(rootpath @com_github_katexochen_sh_v3//cmd/shfmt)",
},
template = "shellcheck.sh.in",
)
alias(
name = "com_github_rhysd_actionlint",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_rhysd_actionlint_darwin_amd64//:actionlint",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_rhysd_actionlint_darwin_arm64//:actionlint",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_rhysd_actionlint_linux_amd64//:actionlint",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_rhysd_actionlint_linux_arm64//:actionlint",
}),
)
sh_template(
name = "actionlint",
data = [
":com_github_koalaman_shellcheck",
":com_github_rhysd_actionlint",
],
substitutions = {
"@@ACTIONLINT@@": "$(rootpath :com_github_rhysd_actionlint)",
"@@SHELLCHECK@@": "$(rootpath :com_github_koalaman_shellcheck)",
},
template = "actionlint.sh.in",
)
repo_command(
name = "actionlint_no_shellcheck",
command = ":com_github_rhysd_actionlint",
)
alias(
name = "com_github_mvdan_gofumpt",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_mvdan_gofumpt_darwin_amd64//file",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_mvdan_gofumpt_darwin_arm64//file",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_mvdan_gofumpt_linux_amd64//file",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_mvdan_gofumpt_linux_arm64//file",
}),
)
repo_command(
name = "gofumpt",
args = [
"-l",
"-w",
".",
],
command = ":com_github_mvdan_gofumpt",
)
alias(
name = "com_github_aquasecurity_tfsec",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_aquasecurity_tfsec_darwin_amd64//:tfsec",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_aquasecurity_tfsec_darwin_arm64//:tfsec",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_aquasecurity_tfsec_linux_amd64//:tfsec",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_aquasecurity_tfsec_linux_arm64//:tfsec",
}),
)
sh_template(
name = "tfsec",
data = [
":com_github_aquasecurity_tfsec",
],
substitutions = {
"@@TFSEC@@": "$(rootpath :com_github_aquasecurity_tfsec)",
},
template = "tfsec.sh.in",
)
alias(
name = "com_github_hashicorp_terraform",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_hashicorp_terraform_darwin_amd64//:terraform",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_hashicorp_terraform_darwin_arm64//:terraform",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_hashicorp_terraform_linux_amd64//:terraform",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_hashicorp_terraform_linux_arm64//:terraform",
}),
visibility = ["//visibility:public"],
)
sh_template(
name = "terraform_gen",
data = [
":com_github_hashicorp_terraform",
],
substitutions = {
"@@MODE@@": "generate",
"@@TERRAFORM@@": "$(rootpath :com_github_hashicorp_terraform)",
},
template = "terraform.sh.in",
)
sh_template(
name = "terraform_check",
data = [
":com_github_hashicorp_terraform",
],
substitutions = {
"@@MODE@@": "check",
"@@TERRAFORM@@": "$(rootpath :com_github_hashicorp_terraform)",
},
template = "terraform.sh.in",
)
sh_template(
name = "terraform_fmt",
data = [
":com_github_hashicorp_terraform",
],
substitutions = {
"@@MODE@@": "format",
"@@TERRAFORM@@": "$(rootpath :com_github_hashicorp_terraform)",
},
template = "terraform.sh.in",
)
alias(
name = "com_github_golangci_golangci_lint",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_golangci_golangci_lint_darwin_amd64//:golangci_lint_bin",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_golangci_golangci_lint_darwin_arm64//:golangci_lint_bin",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_golangci_golangci_lint_linux_amd64//:golangci_lint_bin",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_golangci_golangci_lint_linux_arm64//:golangci_lint_bin",
}),
)
sh_template(
name = "golangci_lint",
data = [
":com_github_golangci_golangci_lint",
":go_bin_for_host",
],
substitutions = {
"@@GO@@": "$(rootpath :go_bin_for_host)",
"@@GOLANGCI-LINT@@": "$(rootpath :com_github_golangci_golangci_lint)",
},
template = "golangci_lint.sh.in",
)
alias(
name = "com_github_bufbuild_buf",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_bufbuild_buf_darwin_amd64//:buf",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_bufbuild_buf_darwin_arm64//:buf",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_bufbuild_buf_linux_amd64//:buf",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_bufbuild_buf_linux_arm64//:buf",
}),
)
sh_template(
name = "buf_fmt",
data = [
":com_github_bufbuild_buf",
],
substitutions = {
"@@BUF@@": "$(rootpath :com_github_bufbuild_buf)",
},
template = "buf.sh.in",
)
sh_template(
name = "golicenses_check",
data = [
":go_bin_for_host",
"@com_github_google_go_licenses//:go-licenses",
],
substitutions = {
"@@GO@@": "$(rootpath :go_bin_for_host)",
"@@GO_LICENSES@@": "$(rootpath @com_github_google_go_licenses//:go-licenses)",
},
template = "golicenses.sh.in",
)
sh_template(
name = "license_header_check",
data = [],
substitutions = {},
template = "license_header.sh.in",
)
sh_template(
name = "govulncheck",
data = [
":go_bin_for_host",
"@jq_toolchains//:resolved_toolchain",
"@org_golang_x_vuln//cmd/govulncheck",
],
substitutions = {
"@@GO@@": "$(rootpath :go_bin_for_host)",
"@@GOVULNCHECK@@": "$(rootpath @org_golang_x_vuln//cmd/govulncheck:govulncheck)",
"@@JQ@@": "$(rootpath @jq_toolchains//:resolved_toolchain)",
},
template = "govulncheck.sh.in",
)
alias(
name = "com_github_siderolabs_talos_hack_docgen",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_siderolabs_talos_hack_docgen_darwin_amd64//file",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_siderolabs_talos_hack_docgen_darwin_arm64//file",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_siderolabs_talos_hack_docgen_linux_amd64//file",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_siderolabs_talos_hack_docgen_linux_arm64//file",
}),
)
alias(
name = "com_github_helm_helm",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_helm_helm_darwin_amd64//:helm",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_helm_helm_darwin_arm64//:helm",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_helm_helm_linux_amd64//:helm",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_helm_helm_linux_arm64//:helm",
}),
)
sh_template(
name = "go_generate",
data = [
":com_github_helm_helm",
":com_github_siderolabs_talos_hack_docgen",
":go_bin_for_host",
"//internal/attestation/measurements/measurement-generator",
"//internal/versions/hash-generator",
"@org_golang_x_tools//cmd/stringer",
"@yq_toolchains//:resolved_toolchain",
],
substitutions = {
"@@DOCGEN@@": "$(rootpath :com_github_siderolabs_talos_hack_docgen)",
"@@GO@@": "$(rootpath :go_bin_for_host)",
"@@HASH_GENERATOR@@": "$(rootpath //internal/versions/hash-generator:hash-generator)",
"@@HELM@@": "$(rootpath :com_github_helm_helm)",
"@@MEASUREMENT_GENERATOR@@": "$(rootpath //internal/attestation/measurements/measurement-generator:measurement-generator)",
"@@STRINGER@@": "$(rootpath @org_golang_x_tools//cmd/stringer:stringer)",
"@@YQ@@": "$(rootpath @yq_toolchains//:resolved_toolchain)",
},
template = "go_generate.sh.in",
)
# deps_mirror_fix fixes bazel workspace rules for external dependencies.
# It normalizes the rules and rewrites WORKSPACE and bzl files.
# If files are not in the mirror, it will fail.
# Use deps_mirror_upload to upload missing files.
repo_command(
name = "deps_mirror_fix",
args = [
"fix",
"--unauthenticated",
],
command = "//hack/bazel-deps-mirror",
)
# deps_mirror_upload fixes bazel workspace rules for external dependencies.
# It uploads all dependencies to the mirror, normalizes the rules and rewrites WORKSPACE and bzl files.
repo_command(
name = "deps_mirror_upload",
args = [
"fix",
],
command = "//hack/bazel-deps-mirror",
)
# deps_mirror_upgrade upgrades bazel workspace rules for external dependencies.
# Users are supposed to replace any upstream URLs.
# It replaces the expected hash and uploads the new dep to the mirror.
repo_command(
name = "deps_mirror_upgrade",
args = [
"upgrade",
],
command = "//hack/bazel-deps-mirror",
)
# deps_mirror_check checks bazel workspace rules for external dependencies.
# It checks if all dependency rules have mirror urls and are properly formatted.
# It doesn't check if the mirror has the files.
# Use deps_mirror_check_mirror to check if the mirror has the files.
repo_command(
name = "deps_mirror_check",
args = [
"check",
],
command = "//hack/bazel-deps-mirror",
)
# deps_mirror_check_mirror checks bazel workspace rules for external dependencies.
# It checks if all dependency rules are correctly mirrored and checks that the rules are properly formatted.
repo_command(
name = "deps_mirror_check_mirror",
args = [
"check",
"--mirror",
],
command = "//hack/bazel-deps-mirror",
)
sh_template(
name = "proto_targets_check",
data = [
"@diffutils//:bin/diff",
],
env = {
"DIFF": "$(rootpath @diffutils//:bin/diff)",
},
substitutions = {
"@@PROTO_TARGETS@@": " ".join(proto_targets()),
},
template = "proto_targets_check.sh.in",
)
multirun(
name = "proto_generate",
commands = proto_targets(),
jobs = 0, # execute concurrently
)
sh_template(
name = "cli_docgen",
data = [
"//hack/clidocgen",
],
substitutions = {
"@@CLIDOCGEN@@": "$(rootpath //hack/clidocgen:clidocgen)",
},
template = "cli_docgen.sh.in",
)
sh_template(
name = "terraform_docgen",
data = [
":com_github_hashicorp_terraform",
"//terraform-provider-constellation:tf_provider",
"@terraform-plugin-docs//:bin/tfplugindocs",
],
substitutions = {
"@@TERRAFORM@@": "$(rootpath :com_github_hashicorp_terraform)",
"@@TFPLUGINDOCS@@": "$(rootpath @terraform-plugin-docs//:bin/tfplugindocs)",
},
template = "terraform_docgen.sh.in",
)
sh_template(
name = "version_info_gen",
data = [
"//hack/versioninfogen",
],
substitutions = {
"@@VERSIONINFOGEN@@": "$(rootpath //hack/versioninfogen:versioninfogen)",
},
template = "version_info_gen.sh.in",
)
alias(
name = "com_github_katexochen_ghh",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_katexochen_ghh_darwin_amd64//:ghh",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_katexochen_ghh_darwin_arm64//:ghh",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_katexochen_ghh_linux_amd64//:ghh",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_katexochen_ghh_linux_arm64//:ghh",
}),
)
repo_command(
name = "ghh",
args = [],
command = ":com_github_katexochen_ghh",
)
sh_template(
name = "unused_gh_actions",
data = [],
substitutions = {},
template = "unused_gh_actions.sh.in",
)
go_bin_for_host(
name = "go_bin_for_host",
visibility = ["//visibility:private"],
)
sh_template(
name = "gocoverage_diff",
data = [
":go_bin_for_host",
"//hack/gocoverage",
],
substitutions = {
"@@GO@@": "$(rootpath :go_bin_for_host)",
"@@GOCOVERAGE@@": "$(rootpath //hack/gocoverage:gocoverage)",
},
template = "gocoverage_diff.sh.in",
)
multirun(
name = "tidy",
commands = [
":shfmt",
":gofumpt",
":go_mod_tidy",
":gazelle_generate",
":buildifier_fix",
":terraform_fmt",
":buf_fmt",
":deps_mirror_fix",
":keep_sorted",
],
jobs = 1, # execute sequentially
visibility = ["//visibility:public"],
)
multirun(
name = "parallel_checks",
testonly = True,
commands = [
":gazelle_check",
":buildifier_check",
":terraform_check",
":golicenses_check",
":license_header_check",
":deps_mirror_check",
":proto_targets_check",
":unused_gh_actions",
] + select({
"@io_bazel_rules_go//go/platform:darwin_arm64": [
":shellcheck_noop_warning",
":actionlint_no_shellcheck",
],
"//conditions:default": [
":shellcheck",
":actionlint",
],
}),
jobs = 0, # execute concurrently
stop_on_error = False,
visibility = ["//visibility:public"],
)
multirun(
name = "check",
testonly = True,
commands = [
":parallel_checks",
":golangci_lint",
":govulncheck",
],
jobs = 1, # execute sequentially to avoid running into memory issues on our CI runners
stop_on_error = False,
visibility = ["//visibility:public"],
)
multirun(
name = "generate_files",
commands = [
":terraform_gen",
"//3rdparty/bazel/com_github_medik8s_node_maintainance_operator:pull_files",
":go_generate",
":proto_generate",
],
jobs = 0, # execute concurrently
visibility = ["//visibility:public"],
)
multirun(
name = "generate_docs",
commands = [
":cli_docgen",
":terraform_docgen",
],
jobs = 0, # execute concurrently
visibility = ["//visibility:public"],
)
multirun(
name = "generate",
commands = [
":generate_files",
":generate_docs",
":version_info_gen",
],
jobs = 1, # execute sequentially
visibility = ["//visibility:public"],
)