From 27599665363d8ed13422c4a5b21fd58123722067 Mon Sep 17 00:00:00 2001 From: farcop Date: Fri, 7 Jun 2024 17:35:44 +0200 Subject: [PATCH 1/3] Fix linux_386 platform at toolchains_repo.bzl (#71) --- apko/private/toolchains_repo.bzl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apko/private/toolchains_repo.bzl b/apko/private/toolchains_repo.bzl index 1c27e21..da95b64 100644 --- a/apko/private/toolchains_repo.bzl +++ b/apko/private/toolchains_repo.bzl @@ -32,7 +32,7 @@ PLATFORMS = { "@platforms//cpu:aarch64", ], ), - "linux_i386": struct( + "linux_386": struct( compatible_with = [ "@platforms//os:linux", "@platforms//cpu:x86_32", From 6bb8b3bc88e742d6bda9909e653089acfc1ba97e Mon Sep 17 00:00:00 2001 From: Sahin Yort Date: Fri, 7 Jun 2024 08:35:58 -0700 Subject: [PATCH 2/3] feat: use headers attribute if available (#56) This renders the initial setup step for people using `>=Bazel 7.1`. People who has done the initial setup may do the opposite of what was instructed in the https://github.com/chainguard-dev/rules_apko/blob/main/docs/initial-setup.md --- .bazelrc | 2 - .bazelversion | 2 +- .github/workflows/ci.yaml | 103 ++++++++++++++++++++++++++---- .github/workflows/release_prep.sh | 23 ++++--- MODULE.bazel | 18 ++++-- apko/private/apk.bzl | 40 +++++++++--- docs/initial-setup.md | 5 +- 7 files changed, 147 insertions(+), 46 deletions(-) diff --git a/.bazelrc b/.bazelrc index cc9a804..729982b 100644 --- a/.bazelrc +++ b/.bazelrc @@ -7,8 +7,6 @@ common --enable_bzlmod # Disable lockfile for now. It is unstable. common --lockfile_mode=off -# Required for rules_apko to make range requests -try-import %workspace%/.apko/.bazelrc # Load any settings specific to the current user. # .bazelrc.user should appear in .gitignore so that settings are not shared with team members diff --git a/.bazelversion b/.bazelversion index fb58dfb..8590cbe 100644 --- a/.bazelversion +++ b/.bazelversion @@ -1,4 +1,4 @@ -6.3.0 +7.1.0 # The first line of this file is used by Bazelisk and Bazel to be sure # the right version of Bazel is used to build and test this repo. # This also defines which version is used on CI. diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 66c6f24..e25e556 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,4 +1,4 @@ -name: CI +name: test # Controls when the action will run. on: @@ -16,17 +16,92 @@ concurrency: cancel-in-progress: true jobs: + # matrix-prep-* steps generate JSON used to create a dynamic actions matrix. + # Inspired from + # https://stackoverflow.com/questions/65384420/how-to-make-a-github-action-matrix-element-conditional + + matrix-prep-os: + # Prepares the 'os' axis of the test matrix, to reduce costs since GitHub hosted runners cost more on some platforms. + # https://docs.github.com/en/billing/managing-billing-for-github-actions/about-billing-for-github-actions#included-storage-and-minutes + runs-on: ubuntu-latest + steps: + - id: linux + run: echo "os=ubuntu-latest" >> $GITHUB_OUTPUT + - id: windows + run: echo "os=windows-latest" >> $GITHUB_OUTPUT + # Only run on main branch (or PR branches that contain 'windows') to minimize Windows minutes (billed at 2X) + if: (github.ref == 'refs/heads/main' || contains(github.head_ref, 'windows')) && !inputs.exclude_windows + - id: macos + run: echo "os=macos-latest" >> $GITHUB_OUTPUT + # Only run on main branch (or PR branches that contain 'macos') to minimize macOS minutes (billed at 10X) + if: github.ref == 'refs/heads/main' || contains(github.head_ref, 'macos') + outputs: + # Will look like ["ubuntu-latest", "windows-latest", "macos-latest"] + os: ${{ toJSON(steps.*.outputs.os) }} + + matrix-prep-bazelversion: + # Prepares the 'bazelversion' axis of the test matrix + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + # NB: we assume this is Bazel 7 + - id: bazel_from_bazelversion + run: echo "bazelversion=$(head -n 1 .bazelversion)" >> $GITHUB_OUTPUT + - id: bazel_6 + run: echo "bazelversion=6.3.0" >> $GITHUB_OUTPUT + outputs: + # Will look like ["", "x.y.z"] + bazelversions: ${{ toJSON(steps.*.outputs.bazelversion) }} + test: - uses: bazel-contrib/.github/.github/workflows/bazel.yaml@29e53247c6366e30acbedfc767f58f79fc05836c - with: - folders: | - [ - ".", - "e2e/smoke" - ] - exclude: | - [ - {"bazelversion": "5.4.0"}, - {"os": "windows-latest"}, - {"os": "macos-latest"} - ] + # The type of runner that the job will run on + runs-on: ${{ matrix.os }} + + needs: + - matrix-prep-bazelversion + - matrix-prep-os + + # Run bazel test in each workspace with each version of Bazel supported + strategy: + fail-fast: false + matrix: + os: ${{ fromJSON(needs.matrix-prep-os.outputs.os) }} + bazelversion: ${{ fromJSON(needs.matrix-prep-bazelversion.outputs.bazelversions) }} + folder: + - . + - e2e/smoke + bzlmodEnabled: [true, false] + exclude: + # Root module is BZLMOD only, do not test it without bzlmod enabled. + - bzlmodEnabled: false + folder: . + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: actions/checkout@v4 + + - uses: bazel-contrib/setup-bazel@0.8.0 + with: + repository-cache: true + bazelrc: | + common --announce_rc --color=yes --enable_bzlmod=${{ matrix.bzlmodEnabled }} + ${{ (matrix.bazelversion == '6.4.0' && 'try-import %workspace%/.apko/.bazelrc') || '' }} + + - name: Configure Bazel version + working-directory: ${{ matrix.folder }} + run: echo "${{ matrix.bazelversion }}" > .bazelversion + + # See https://github.com/bazel-contrib/publish-to-bcr#including-patches + - name: verify bcr patches + if: matrix.bzlmodEnabled && hashFiles('.bcr/patches/*.patch') != '' + run: patch --dry-run -p1 < .bcr/patches/*.patch + + # Required for rules_apko to make range requests + - name: Add bazel 6 workaround + if: ${{ matrix.bazelversion == '6.3.0' }} + run: echo 'try-import %workspace%/.apko/.bazelrc' >> .bazelrc + + - name: Test + working-directory: ${{ matrix.folder }} + run: bazel test //... diff --git a/.github/workflows/release_prep.sh b/.github/workflows/release_prep.sh index 265b7c1..9b492c9 100755 --- a/.github/workflows/release_prep.sh +++ b/.github/workflows/release_prep.sh @@ -12,7 +12,17 @@ git archive --format=tar --prefix=${PREFIX}/ ${TAG} | gzip > $ARCHIVE SHA=$(shasum -a 256 $ARCHIVE | awk '{print $1}') cat << EOF -## Using Bzlmod with Bazel 6 + +## Initial setup (when using with Bazel < 7.1) + +rules_apko requires a one-time setup to configure bazel to be able to make partial fetches. + +Follow https://github.com/chainguard-dev/rules_apko/blob/main/docs/initial-setup.md for the setup. + +EOF + +cat << EOF +## Using Bzlmod 1. Enable with \`common --enable_bzlmod\` in \`.bazelrc\`. 2. Add to your \`MODULE.bazel\` file: @@ -37,14 +47,3 @@ EOF awk 'f;/--SNIP--/{f=1}' e2e/smoke/WORKSPACE.bazel echo "\`\`\`" - - -cat << EOF - -## Initial setup - -rules_apko requires a one-time setup to configure bazel to be able to make partial fetches. - -Follow https://github.com/chainguard-dev/rules_apko/blob/main/docs/initial-setup.md for the setup. - -EOF \ No newline at end of file diff --git a/MODULE.bazel b/MODULE.bazel index ef3e0f5..cd9be0b 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -6,16 +6,22 @@ module( compatibility_level = 1, ) -bazel_dep(name = "bazel_skylib", version = "1.4.2") -bazel_dep(name = "platforms", version = "0.0.5") -bazel_dep(name = "aspect_bazel_lib", version = "1.34.5") +bazel_dep(name = "bazel_skylib", version = "1.5.0") +bazel_dep(name = "platforms", version = "0.0.8") +bazel_dep(name = "aspect_bazel_lib", version = "1.40.3") + +# We need this fix https://github.com/aspect-build/bazel-lib/pull/713 to be able to generate docs +single_version_override( + module_name = "aspect_bazel_lib", + version = "2.5.3", +) bazel_dep(name = "container_structure_test", version = "1.15.0", dev_dependency = True) bazel_dep(name = "rules_pkg", version = "0.7.0", dev_dependency = True) bazel_dep(name = "rules_oci", version = "1.3.3", dev_dependency = True) -bazel_dep(name = "gazelle", version = "0.29.0", dev_dependency = True, repo_name = "bazel_gazelle") -bazel_dep(name = "bazel_skylib_gazelle_plugin", version = "1.4.1", dev_dependency = True) -bazel_dep(name = "buildifier_prebuilt", version = "6.1.0", dev_dependency = True) +bazel_dep(name = "gazelle", version = "0.34.0", dev_dependency = True, repo_name = "bazel_gazelle") +bazel_dep(name = "bazel_skylib_gazelle_plugin", version = "1.5.0", dev_dependency = True) +bazel_dep(name = "buildifier_prebuilt", version = "6.1.2", dev_dependency = True) toolchain = use_extension("//apko:extensions.bzl", "apko") toolchain.toolchain(apko_version = "v0.14.2") diff --git a/apko/private/apk.bzl b/apko/private/apk.bzl index de5cb58..8a7357d 100644 --- a/apko/private/apk.bzl +++ b/apko/private/apk.bzl @@ -1,5 +1,6 @@ "Repository rules for importing remote apk packages" +load("@bazel_skylib//lib:versions.bzl", "versions") load(":util.bzl", "util") APK_IMPORT_TMPL = """\ @@ -19,8 +20,10 @@ def _range(url, range): def _check_initial_setup(rctx): output = rctx.path(".rangecheck/output") - rctx.download( - url = [_range(rctx.attr.url, "bytes=0-0")], + _download( + rctx, + url = rctx.attr.url, + rng = "bytes=0-0", output = output, ) r = rctx.execute(["wc", "-c", output]) @@ -42,6 +45,19 @@ To resolve this issue and enable partial package fetching, please follow the ste """.format(bytes[0])) +def _download(rctx, url, rng, **kwargs): + if versions.is_at_least("7.1.0", native.bazel_version): + return rctx.download( + url = [url], + headers = {"Range": [rng]}, + **kwargs + ) + else: + return rctx.download( + url = [_range(url, rng)], + **kwargs + ) + def _apk_import_impl(rctx): repo = util.repo_url(rctx.attr.url, rctx.attr.architecture) repo_escaped = util.url_escape(repo) @@ -56,19 +72,25 @@ def _apk_import_impl(rctx): data_output = "{}/{}.dat.tar.gz".format(output, data_sha256) apk_output = "{}/{}/{}-{}.apk".format(repo_escaped, rctx.attr.architecture, rctx.attr.package_name, rctx.attr.version) - rctx.download( - url = [_range(rctx.attr.url, rctx.attr.signature_range)], + _download( + rctx, + url = rctx.attr.url, + rng = rctx.attr.signature_range, output = sig_output, # TODO: signatures does not have stable checksums. find a way to fail gracefully. - integrity = rctx.attr.signature_checksum, + # integrity = rctx.attr.signature_checksum, ) - rctx.download( - url = [_range(rctx.attr.url, rctx.attr.control_range)], + _download( + rctx, + url = rctx.attr.url, + rng = rctx.attr.control_range, output = control_output, integrity = rctx.attr.control_checksum, ) - rctx.download( - url = [_range(rctx.attr.url, rctx.attr.data_range)], + _download( + rctx, + url = rctx.attr.url, + rng = rctx.attr.data_range, output = data_output, integrity = rctx.attr.data_checksum, ) diff --git a/docs/initial-setup.md b/docs/initial-setup.md index b01b100..fbec31e 100644 --- a/docs/initial-setup.md +++ b/docs/initial-setup.md @@ -1,8 +1,9 @@ # Initial setup -rules_apko requires a one-time setup to configure bazel to be able to make partial fetches. +You can skip initial setup if you are using Bazel 7.1 or above. Users who are still Bazel 6.x should perform this one time initial setup. +If you have already performed this initial setup but have already upgraded to Bazel >=7.1, you can revert changes proposed by this document. -> See the issue: https://github.com/bazelbuild/bazel/issues/17829 +rules_apko requires a one-time setup to configure bazel to be able to make partial fetches. Paste this into your root BUILD file From 5d30a2dfb5d747538e5c3c6604bcd1b3bf54c93d Mon Sep 17 00:00:00 2001 From: Dmitry Ivankov Date: Fri, 7 Jun 2024 17:36:16 +0200 Subject: [PATCH 3/3] README typo: than->then (#46) Signed-off-by: Dmitry Ivankov --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8252cef..e9b5d06 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ Apko usage begins with an `apko.yaml` configuration file. The `apko lock` tool w Assuming `apko_rules` are already loaded in your `MODULE.bazel` or `WORKSPACE` file one can call: `bazel run @rules_apko//apko lock ./apko.yaml` to lock the dependencies and generate `apko.lock.json` file. -Than you import these base layers into Bazel: +Then you import these base layers into Bazel: - With Bazel 6 and [bzlmod], call `apk.translate_lock` in `MODULE.bazel` - Otherwise, call `translate_apko_lock` in `WORKSPACE`