dockerfiles: windows: Remove zydis and zycore from flb-wasm dependencies on Windows

[cosmo0920]

This is for containerized environment patch especially for Windows containers.
This is because we sometimes don't install git package for containerized environments.
So, we need to remove such dependencies.

---

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

• Example configuration file for the change
• Debug log output from testing the change

• Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

• Run local packaging test showing all targets (including any new ones) build.
• Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

• Documentation required for this feature

Backporting

• Backport to latest stable release.

---

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

Summary by CodeRabbit

• Chores
  • Updated Windows build configuration to default to disabling hardware-bound checks when not explicitly configured. This change applies only to Windows environments and aims to provide a more stable out-of-the-box experience.
  • No impact to behavior on other platforms.
  • No changes to public APIs or user-facing functionality.
  • Build-time only adjustment; runtime features remain unchanged.

[coderabbitai]

Walkthrough

Introduces a Windows-specific CMake condition to set WAMR_DISABLE_HW_BOUND_CHECK=1 by default when WAMR_ENABLE_HW_BOUND_CHECK is not defined, guarded by FLB_SYSTEM_WINDOWS. No other files or public APIs are modified.

Changes

Cohort / File(s)	Summary
WASM CMake (Windows-specific default) src/wasm/CMakeLists.txt	Adds conditional: on Windows (FLB_SYSTEM_WINDOWS), if WAMR_ENABLE_HW_BOUND_CHECK is undefined, sets WAMR_DISABLE_HW_BOUND_CHECK to 1. No changes for non-Windows builds.

Sequence Diagram(s)

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

ci/integration-docker-ok

Suggested reviewers

• edsiper
• niedbalski
• patrick-stephens
• koleini
• fujimotos
• celalettin1286

Poem

A toggle flips in Windows breeze,
Bound-checks nap with gentle ease.
CMake whispers, “defaults set,”
Tiny flags, no grand duet.
I thump approval—hop and grin,
Build burrows tidy, changes thin. 🐇✨

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch cosmo0920-remove-zydis-zycore-from-dependencies-when-git-is-absent

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

src/wasm/CMakeLists.txt (1)

112-131: Optional: make detection cross‑platform and cache-friendly.

Consider moving Git detection outside the Windows guard and using a cached BOOL option for overrides:

• option(FLB_GIT_AVAILABLE "Git available for build-time features" ${Git_FOUND})
• Use if (NOT DEFINED WAMR_DISABLE_HW_BOUND_CHECK) before setting.
• Prefer ON/OFF over 1/0 for CMake booleans.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between f27ac1f and 8e7d365.

📒 Files selected for processing (1)

• src/wasm/CMakeLists.txt (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-08-31T12:46:11.940Z

Learnt from: ThomasDevoogdt
PR: fluent/fluent-bit#9277
File: .github/workflows/pr-compile-check.yaml:147-151
Timestamp: 2025-08-31T12:46:11.940Z
Learning: In fluent-bit CMakeLists.txt, the system library preference flags are defined as FLB_PREFER_SYSTEM_LIB_ZSTD and FLB_PREFER_SYSTEM_LIB_KAFKA with the FLB_ prefix.

Applied to files:

• src/wasm/CMakeLists.txt

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (20)

• GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_ADDRESS=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_UNDEFINED=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_ADDRESS=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_ARROW=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=Off, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_THREAD=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_COVERAGE=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_THREAD=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_MEMORY=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=Off, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_MEMORY=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=Off, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_UNDEFINED=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SMALL=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=Off, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SMALL=On, 3.31.6, clang, clang++)

🔇 Additional comments (1)

src/wasm/CMakeLists.txt (1)

111-131: zydis/zycore gating is a no-op; WAMR boundary-check flag is consumed

• Only the comment at src/wasm/CMakeLists.txt:111 references zydis/zycore; there are no add_subdirectory or target_link_libraries calls for them in the flb-wasm plugin.
• The WAMR_DISABLE_HW_BOUND_CHECK variable set in src/wasm/CMakeLists.txt is picked up by build-scripts/config_common.cmake (around line 363) to inject -DWASM_DISABLE_HW_BOUND_CHECK into the WAMR build.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

src/wasm/CMakeLists.txt (1)

110-115: PR objective not implemented here; add Git check and gate zydis/zycore accordingly.

This block only defaults WAMR_DISABLE_HW_BOUND_CHECK on Windows. The PR title/description say “remove zydis/zycore from flb-wasm deps when git is absent,” but there is no Git detection here and no gating of those deps in this file. If the gating is done elsewhere, please point to it; otherwise, consider implementing Git detection (treating Git as a command) and wiring a flag that downstream logic can use to skip zydis/zycore.

Apply this focused replacement to add robust detection and a visible default, aligned with the “Git is a command” preference:

-if (FLB_SYSTEM_WINDOWS)
-  if (NOT DEFINED WAMR_ENABLE_HW_BOUND_CHECK)
-    set (WAMR_DISABLE_HW_BOUND_CHECK 1)
-  endif ()
-endif()
+if (FLB_SYSTEM_WINDOWS)
+  # Detect Git as a command (no pkg-config). Prefer find_program per maintainer preference.
+  find_program(GIT_EXECUTABLE NAMES git)
+  if (GIT_EXECUTABLE)
+    set(FLB_GIT_AVAILABLE_WINDOWS ON)
+    message(STATUS "Git found: ${GIT_EXECUTABLE}")
+  else()
+    set(FLB_GIT_AVAILABLE_WINDOWS OFF)
+    message(STATUS "Git not found; zydis/zycore will be disabled for flb-wasm")
+  endif()
+
+  # Default: when neither ENABLE nor DISABLE was provided, choose a sane Windows default.
+  if (NOT DEFINED WAMR_DISABLE_HW_BOUND_CHECK AND NOT DEFINED WAMR_ENABLE_HW_BOUND_CHECK)
+    if (FLB_GIT_AVAILABLE_WINDOWS)
+      set(WAMR_DISABLE_HW_BOUND_CHECK 0 CACHE BOOL "Default HW bound check on Windows when Git is present")
+    else()
+      set(WAMR_DISABLE_HW_BOUND_CHECK 1 CACHE BOOL "Default HW bound check on Windows when Git is absent")
+    endif()
+  endif()
+  message(STATUS "WAMR_DISABLE_HW_BOUND_CHECK=${WAMR_DISABLE_HW_BOUND_CHECK}")
+endif()

Follow-up: wherever zydis/zycore are added/linked, guard them with if(FLB_GIT_AVAILABLE_WINDOWS) (or invert) so they’re skipped when Git is missing.

To verify repo-wide gating points, run:

#!/bin/bash
# Locate all references to zydis/zycore and their surrounding conditions.
rg -nC3 -i '\b(zydis|zycore)\b' --type cmake

🧹 Nitpick comments (1)

src/wasm/CMakeLists.txt (1)

112-114: Don’t override user-provided flags; respect both ENABLE and DISABLE.

If you intend to keep this minimal Windows default without adding Git detection here, at least avoid clobbering WAMR_DISABLE_HW_BOUND_CHECK when callers already set it, and cache it for visibility.

-  if (NOT DEFINED WAMR_ENABLE_HW_BOUND_CHECK)
-    set (WAMR_DISABLE_HW_BOUND_CHECK 1)
-  endif ()
+  if (NOT DEFINED WAMR_DISABLE_HW_BOUND_CHECK AND NOT DEFINED WAMR_ENABLE_HW_BOUND_CHECK)
+    set(WAMR_DISABLE_HW_BOUND_CHECK 1 CACHE BOOL "Disable WAMR HW bound check by default on Windows")
+  endif()

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 6f9246c and a7727fd.

📒 Files selected for processing (1)

• src/wasm/CMakeLists.txt (1 hunks)

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2025-09-04T07:28:37.062Z

Learnt from: cosmo0920
PR: fluent/fluent-bit#10832
File: src/wasm/CMakeLists.txt:112-131
Timestamp: 2025-09-04T07:28:37.062Z
Learning: In fluent-bit CMake files, the user cosmo0920 prefers treating Git as a command rather than a package, emphasizing that Git is not a pkg-config retrievable package but just a command.

Applied to files:

• src/wasm/CMakeLists.txt

📚 Learning: 2025-08-31T12:46:11.940Z

Learnt from: ThomasDevoogdt
PR: fluent/fluent-bit#9277
File: .github/workflows/pr-compile-check.yaml:147-151
Timestamp: 2025-08-31T12:46:11.940Z
Learning: In fluent-bit CMakeLists.txt, the system library preference flags are defined as FLB_PREFER_SYSTEM_LIB_ZSTD and FLB_PREFER_SYSTEM_LIB_KAFKA with the FLB_ prefix.

Applied to files:

• src/wasm/CMakeLists.txt

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (62)

• GitHub Check: PR - container builds / Windows container images (2022)
• GitHub Check: PR - container builds / Windows container images (2025)
• GitHub Check: PR - packages build Linux / rockylinux/9 package build and stage to S3
• GitHub Check: PR - packages build Linux / raspbian/bookworm package build and stage to S3
• GitHub Check: PR - packages build Linux / ubuntu/24.04.arm64v8 package build and stage to S3
• GitHub Check: PR - packages build Linux / ubuntu/22.04 package build and stage to S3
• GitHub Check: PR - packages build Linux / debian/bullseye package build and stage to S3
• GitHub Check: PR - packages build Linux / ubuntu/24.04 package build and stage to S3
• GitHub Check: PR - packages build Linux / debian/bullseye.arm64v8 package build and stage to S3
• GitHub Check: PR - packages build Linux / debian/buster.arm64v8 package build and stage to S3
• GitHub Check: PR - packages build Linux / debian/bookworm package build and stage to S3
• GitHub Check: PR - packages build Linux / debian/buster package build and stage to S3
• GitHub Check: PR - packages build Linux / ubuntu/22.04.arm64v8 package build and stage to S3
• GitHub Check: PR - packages build Linux / almalinux/9 package build and stage to S3
• GitHub Check: PR - packages build Linux / almalinux/9.arm64v8 package build and stage to S3
• GitHub Check: PR - packages build Linux / almalinux/8.arm64v8 package build and stage to S3
• GitHub Check: PR - packages build Linux / debian/bookworm.arm64v8 package build and stage to S3
• GitHub Check: PR - packages build Linux / rockylinux/9.arm64v8 package build and stage to S3
• GitHub Check: PR - packages build Linux / rockylinux/8.arm64v8 package build and stage to S3
• GitHub Check: PR - packages build Linux / almalinux/8 package build and stage to S3
• GitHub Check: PR - packages build Linux / amazonlinux/2023.arm64v8 package build and stage to S3
• GitHub Check: PR - packages build Linux / centos/9.arm64v8 package build and stage to S3
• GitHub Check: PR - packages build Linux / rockylinux/8 package build and stage to S3
• GitHub Check: PR - packages build Linux / centos/9 package build and stage to S3
• GitHub Check: PR - packages build Linux / centos/8.arm64v8 package build and stage to S3
• GitHub Check: PR - packages build Linux / centos/8 package build and stage to S3
• GitHub Check: PR - packages build Linux / amazonlinux/2023 package build and stage to S3
• GitHub Check: PR - packages build Linux / centos/7.arm64v8 package build and stage to S3
• GitHub Check: PR - packages build Linux / centos/7 package build and stage to S3
• GitHub Check: PR - packages build Linux / amazonlinux/2.arm64v8 package build and stage to S3
• GitHub Check: PR - packages build Linux / amazonlinux/2 package build and stage to S3
• GitHub Check: PR - container builds / amd64/debug container image build
• GitHub Check: PR - container builds / arm64/debug container image build
• GitHub Check: PR - container builds / arm/v7/production container image build
• GitHub Check: PR - container builds / arm64/production container image build
• GitHub Check: PR - container builds / arm/v7/debug container image build
• GitHub Check: PR - container builds / amd64/production container image build
• GitHub Check: PR - packages build Windows / call-build-windows-package (Windows 32bit, x86, x86-windows-static, 3.31.6)
• GitHub Check: PR - packages build Windows / call-build-windows-package (Windows 64bit, x64, x64-windows-static, 3.31.6)
• GitHub Check: PR - packages build Windows / call-build-windows-package (Windows 64bit (Arm64), amd64_arm64, -DCMAKE_SYSTEM_NAME=Windows -DCMA...
• GitHub Check: PR - packages build MacOS / call-build-macos-package (Intel macOS runner, macos-14-large, 3.31.6)
• GitHub Check: PR - packages build MacOS / call-build-macos-package (Apple Silicon macOS runner, macos-14, 3.31.6)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_THREAD=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_ADDRESS=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_THREAD=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=Off, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_ARROW=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=Off, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=Off, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_UNDEFINED=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_MEMORY=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_COVERAGE=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SMALL=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_MEMORY=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_UNDEFINED=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_ADDRESS=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=Off, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SMALL=On, 3.31.6, gcc, g++)