Convert to bzlmod, rules_oci, and add golang support (#17)

Convert to bzlmod, rules_oci, and add golang support
jessecureton · Mar 4, 2024 · d006cc5 · d006cc5
2 parents df1c2ee + 52b6c29
commit d006cc5
Show file tree

Hide file tree

Showing 24 changed files with 8,571 additions and 313 deletions.
diff --git a/.bazelrc b/.bazelrc
@@ -1,6 +1,5 @@
 test --test_output=errors
-
-# The hermetic python interpreter we configure in WORKSPACE 
-# does not work with bzlmod enabled, so we just disable it
-# for now
-common --noenable_bzlmod
+common --enable_platform_specific_config
+build:linux --sandbox_add_mount_pair=/tmp
+build:macos --sandbox_add_mount_pair=/var/tmp
+build:windows --sandbox_add_mount_pair=C:\Temp
diff --git a/.bazelversion b/.bazelversion
@@ -0,0 +1 @@
+7.0.2
diff --git a/BUILD b/BUILD
@@ -1,6 +1,19 @@
+load("@gazelle//:def.bzl", "gazelle")
 load("@rules_python//python:defs.bzl", "py_runtime_pair")
 load("@rules_python//python:pip.bzl", "compile_pip_requirements")
-load("@io_bazel_rules_docker//container:image.bzl", "container_image")
+load("@rules_go//go:def.bzl", "TOOLS_NOGO", "nogo")
+#load("@io_bazel_rules_docker//container:image.bzl", "container_image")
+
+# gazelle:map_kind go_binary ${project}_go_binary //tools/rules/golang:defs.bzl
+# gazelle:map_kind go_library ${project}_go_library //tools/rules/golang:defs.bzl
+# gazelle:map_kind go_test ${project}_go_test //tools/rules/golang:defs.bzl
+gazelle(name = "gazelle")
+
+nogo(
+    name = "nogo",
+    visibility = ["//visibility:public"],
+    deps = TOOLS_NOGO,
+)
 
 # Set up our pip requirements
 compile_pip_requirements(
@@ -9,41 +22,3 @@ compile_pip_requirements(
     requirements_in = "requirements.in",
     requirements_txt = "requirements_lock.txt",
 )
-
-# Set up a container-local interpreter, since our container runtime has its own
-# equivalent hermetic runtime internally.
-py_runtime(
-    name = "container_python3_runtime",
-    interpreter_path = "/usr/local/bin/python3",
-    python_version = "PY3",
-)
-
-py_runtime_pair(
-    name = "container_py_runtime_pair",
-    py2_runtime = None,
-    py3_runtime = ":container_python3_runtime",
-)
-
-toolchain(
-    name = "container_py_toolchain",
-    exec_compatible_with = [
-        "@io_bazel_rules_docker//platforms:run_in_container",
-    ],
-    toolchain = ":container_py_runtime_pair",
-    toolchain_type = "@bazel_tools//tools/python:toolchain_type",
-)
-
-container_image(
-    name = "hermetic_python_base_image",
-    base = "@_hermetic_python_base_image_base//image",
-    # The `py3_image` rules hardcode an entrypoint of `/usr/bin/python`, rather than
-    # accounting for the in-container toolchain. This is dumb, but we can craft a
-    # symlink here manually to make a lightweight container like alpine work. The other
-    # alternative would be using `python3-buster` upstream images, but these roughly 15x
-    # the size of the container.
-    # See https://github.com/bazelbuild/rules_docker/issues/1247
-    symlinks = {
-        "/usr/bin/python": "/usr/local/bin/python",
-    },
-    visibility = ["//visibility:public"],
-)
diff --git a/MODULE.bazel b/MODULE.bazel
@@ -0,0 +1,125 @@
+module(name = "${project}")
+
+########################################
+# Setings
+########################################
+PY_VERSION = "3.11.6"
+
+GO_VERSION = "1.22.0"
+
+########################################
+# Generic deps
+########################################
+bazel_dep(name = "aspect_bazel_lib", version = "2.5.1")
+bazel_dep(name = "platforms", version = "0.0.8")
+
+########################################
+# Set up rules_python and pip
+########################################
+bazel_dep(name = "rules_python", version = "0.31.0")
+
+python = use_extension("@rules_python//python/extensions:python.bzl", "python")
+python.toolchain(
+    is_default = True,
+    python_version = PY_VERSION,
+)
+
+pip = use_extension("@rules_python//python/extensions:pip.bzl", "pip")
+pip.parse(
+    hub_name = "pip",
+    python_version = PY_VERSION,
+    requirements_lock = "//:requirements_lock.txt",
+)
+use_repo(pip, "pip")
+
+########################################
+# Set up rules_go
+########################################
+bazel_dep(name = "rules_go", version = "0.46.0")
+bazel_dep(name = "gazelle", version = "0.35.0")
+
+go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")
+go_sdk.download(version = GO_VERSION)
+go_sdk.nogo(nogo = "//:nogo")
+
+go_deps = use_extension("@gazelle//:extensions.bzl", "go_deps")
+go_deps.from_file(go_mod = "//:go.mod")
+use_repo(
+    go_deps,
+    "com_github_stretchr_testify",
+)
+
+########################################
+# Set up hermetic Buildifier tools
+########################################
+# This is helpful because the old version used an http_archive to fetch the buildtools
+# WORKSPACE, but it is incompatible with bzlmod Go toolchains. Instead let's just use
+# a prebuilt version.
+bazel_dep(
+    name = "buildifier_prebuilt",
+    version = "6.4.0",
+    dev_dependency = True,
+)
+
+########################################
+# Set up rules_pkg
+########################################
+bazel_dep(name = "rules_pkg", version = "0.10.1")
+
+########################################
+# Set up hermetic C/C++ tools
+########################################
+# NOTE: We don't really use/support C/C++ in this repo, and if you need to you'll
+# almost certainly want your own proper toolchains to do so, but rules_oci requires
+# CC toolchains to be registered for packaging python interpreters, so we will cheat a
+# little using zig/hermetic_cc_toolchain to provide cross-compilation toolchains for
+# packaging OCI images.
+bazel_dep(name = "hermetic_cc_toolchain", version = "3.0.1")
+
+toolchains = use_extension("@hermetic_cc_toolchain//toolchain:ext.bzl", "toolchains")
+use_repo(toolchains, "zig_sdk")
+
+register_toolchains(
+    "@zig_sdk//toolchain:linux_amd64_gnu.2.31",
+    "@zig_sdk//toolchain:linux_arm64_gnu.2.31",
+)
+
+########################################
+# Set up rules_oci
+########################################
+bazel_dep(name = "rules_oci", version = "1.7.4")
+
+oci = use_extension("@rules_oci//oci:extensions.bzl", "oci")
+oci.pull(
+    name = "distroless_base",
+    # 'latest' is not reproducible, but it's convenient.
+    # During the build we print a WARNING message that includes recommended 'digest' and 'platforms'
+    # values which you can use here in place of 'tag' to pin for reproducibility.
+    # tag = "latest",
+    digest = "sha256:9d4e5680d67c984ac9c957f66405de25634012e2d5d6dc396c4bdd2ba6ae569f",
+    image = "gcr.io/distroless/base",
+    platforms = [
+        "linux/amd64",
+        "linux/arm64/v8",
+    ],
+)
+
+# See comment in //tools/rules/python:defs.bzl for a note on why we have to use this image
+# instead of the distroless version above for python images.
+oci.pull(
+    name = "python_base",
+    # NOTE: You can't use the `-alpine` version here, because it uses musl ligc, which is
+    # not compatible with the Python interpreter we receive/ship from rules_python. The
+    # `-slim` version uses glibc, which is compatible, and is the smallest glibc-based
+    # image available.
+    #tag = "{0}-slim".format(PY_VERSION),
+    digest = "sha256:cc758519481092eb5a4a5ab0c1b303e288880d59afc601958d19e95b300bc86b",
+    image = "docker.io/library/python",
+    platforms = [
+        "linux/amd64",
+        "linux/arm64/v8",
+    ],
+)
+
+# For each oci.pull call, repeat the "name" here to expose them as dependencies.
+use_repo(oci, "distroless_base", "python_base")