From 547552cf3a73ff49f46f233e6d7b476df37371b6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Nov 2025 01:37:35 +0000 Subject: [PATCH 01/18] Bump golang.org/x/crypto from 0.35.0 to 0.45.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.35.0 to 0.45.0. - [Commits](https://github.com/golang/crypto/compare/v0.35.0...v0.45.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.45.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- go.mod | 17 +++++++++-------- go.sum | 34 ++++++++++++++++++---------------- 2 files changed, 27 insertions(+), 24 deletions(-) diff --git a/go.mod b/go.mod index e88456ffa57..282ee39f405 100644 --- a/go.mod +++ b/go.mod @@ -78,12 +78,12 @@ require ( go.etcd.io/etcd/server/v3 v3.5.8 go.uber.org/zap v1.24.0 golang.org/x/exp v0.0.0-20230307190834-24139beb5833 - golang.org/x/mod v0.20.0 - golang.org/x/net v0.36.0 + golang.org/x/mod v0.29.0 + golang.org/x/net v0.47.0 golang.org/x/oauth2 v0.6.0 - golang.org/x/sync v0.11.0 - golang.org/x/sys v0.30.0 - golang.org/x/term v0.29.0 + golang.org/x/sync v0.18.0 + golang.org/x/sys v0.38.0 + golang.org/x/term v0.37.0 golang.org/x/time v0.3.0 gonum.org/v1/gonum v0.11.0 google.golang.org/api v0.111.0 @@ -269,10 +269,11 @@ require ( go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect go.uber.org/atomic v1.10.0 // indirect go.uber.org/multierr v1.6.0 // indirect - golang.org/x/crypto v0.35.0 // indirect + golang.org/x/crypto v0.45.0 // indirect golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect - golang.org/x/text v0.22.0 // indirect - golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect + golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8 // indirect + golang.org/x/text v0.31.0 // indirect + golang.org/x/tools v0.38.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/go.sum b/go.sum index 734a4e36ba3..17766df68bd 100644 --- a/go.sum +++ b/go.sum @@ -1059,8 +1059,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= -golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs= -golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ= +golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q= +golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= @@ -1087,8 +1087,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= -golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA= +golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w= golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1134,8 +1134,8 @@ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.36.0 h1:vWF2fRbw4qslQsQzgFqZff+BItCvGFQqKzKIzx1rmoA= -golang.org/x/net v0.36.0/go.mod h1:bFmbeoIPfrw4sMHNhb4J9f6+tPziuGjq7Jk/38fxi1I= +golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= +golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1157,8 +1157,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w= -golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= +golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1238,14 +1238,16 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= -golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= +golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8 h1:LvzTn0GQhWuvKH/kVRS3R3bVAsdQWI7hvfLHGgh9+lU= +golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8/go.mod h1:Pi4ztBfryZoJEkyFTI5/Ocsu2jXyDr6iSdgJiYE/uwE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= -golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU= -golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s= +golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU= +golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -1254,8 +1256,8 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM= -golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= +golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM= +golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= @@ -1302,8 +1304,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ= +golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From bd0a8ca7a9f1c2678e8a14e37aaab787f5691294 Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Thu, 20 Nov 2025 03:55:06 +0000 Subject: [PATCH 02/18] Update go_deps.bzl Signed-off-by: Dom Del Nano --- go_deps.bzl | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/go_deps.bzl b/go_deps.bzl index 1a3ebade451..6c976a196a5 100644 --- a/go_deps.bzl +++ b/go_deps.bzl @@ -4434,8 +4434,8 @@ def pl_go_dependencies(): name = "org_golang_x_crypto", build_directives = ["gazelle:map_kind go_binary pl_go_binary @px//bazel:pl_build_system.bzl", "gazelle:map_kind go_test pl_go_test @px//bazel:pl_build_system.bzl"], importpath = "golang.org/x/crypto", - sum = "h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=", - version = "v0.35.0", + sum = "h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=", + version = "v0.45.0", ) go_repository( name = "org_golang_x_exp", @@ -4469,15 +4469,15 @@ def pl_go_dependencies(): name = "org_golang_x_mod", build_directives = ["gazelle:map_kind go_binary pl_go_binary @px//bazel:pl_build_system.bzl", "gazelle:map_kind go_test pl_go_test @px//bazel:pl_build_system.bzl"], importpath = "golang.org/x/mod", - sum = "h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0=", - version = "v0.20.0", + sum = "h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA=", + version = "v0.29.0", ) go_repository( name = "org_golang_x_net", build_directives = ["gazelle:map_kind go_binary pl_go_binary @px//bazel:pl_build_system.bzl", "gazelle:map_kind go_test pl_go_test @px//bazel:pl_build_system.bzl"], importpath = "golang.org/x/net", - sum = "h1:vWF2fRbw4qslQsQzgFqZff+BItCvGFQqKzKIzx1rmoA=", - version = "v0.36.0", + sum = "h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=", + version = "v0.47.0", ) go_repository( name = "org_golang_x_oauth2", @@ -4490,36 +4490,36 @@ def pl_go_dependencies(): name = "org_golang_x_sync", build_directives = ["gazelle:map_kind go_binary pl_go_binary @px//bazel:pl_build_system.bzl", "gazelle:map_kind go_test pl_go_test @px//bazel:pl_build_system.bzl"], importpath = "golang.org/x/sync", - sum = "h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=", - version = "v0.11.0", + sum = "h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=", + version = "v0.18.0", ) go_repository( name = "org_golang_x_sys", build_directives = ["gazelle:map_kind go_binary pl_go_binary @px//bazel:pl_build_system.bzl", "gazelle:map_kind go_test pl_go_test @px//bazel:pl_build_system.bzl"], importpath = "golang.org/x/sys", - sum = "h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=", - version = "v0.30.0", + sum = "h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=", + version = "v0.38.0", ) go_repository( name = "org_golang_x_telemetry", build_directives = ["gazelle:map_kind go_binary pl_go_binary @px//bazel:pl_build_system.bzl", "gazelle:map_kind go_test pl_go_test @px//bazel:pl_build_system.bzl"], importpath = "golang.org/x/telemetry", - sum = "h1:IRJeR9r1pYWsHKTRe/IInb7lYvbBVIqOgsX/u0mbOWY=", - version = "v0.0.0-20240228155512-f48c80bd79b2", + sum = "h1:LvzTn0GQhWuvKH/kVRS3R3bVAsdQWI7hvfLHGgh9+lU=", + version = "v0.0.0-20251008203120-078029d740a8", ) go_repository( name = "org_golang_x_term", build_directives = ["gazelle:map_kind go_binary pl_go_binary @px//bazel:pl_build_system.bzl", "gazelle:map_kind go_test pl_go_test @px//bazel:pl_build_system.bzl"], importpath = "golang.org/x/term", - sum = "h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=", - version = "v0.29.0", + sum = "h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=", + version = "v0.37.0", ) go_repository( name = "org_golang_x_text", build_directives = ["gazelle:map_kind go_binary pl_go_binary @px//bazel:pl_build_system.bzl", "gazelle:map_kind go_test pl_go_test @px//bazel:pl_build_system.bzl"], importpath = "golang.org/x/text", - sum = "h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=", - version = "v0.22.0", + sum = "h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=", + version = "v0.31.0", ) go_repository( name = "org_golang_x_time", @@ -4532,8 +4532,8 @@ def pl_go_dependencies(): name = "org_golang_x_tools", build_directives = ["gazelle:map_kind go_binary pl_go_binary @px//bazel:pl_build_system.bzl", "gazelle:map_kind go_test pl_go_test @px//bazel:pl_build_system.bzl"], importpath = "golang.org/x/tools", - sum = "h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=", - version = "v0.21.1-0.20240508182429-e35e4ccd0d2d", + sum = "h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=", + version = "v0.38.0", ) go_repository( name = "org_golang_x_xerrors", From 0c12e768be03a5efd556cb43a17e172454dfab9d Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Sat, 22 Nov 2025 02:56:41 +0000 Subject: [PATCH 03/18] Use GHA oracle vm runners Signed-off-by: Dom Del Nano --- .github/workflows/build_and_test.yaml | 8 ++++---- ci/bes.bazelrc | 3 ++- ci/github/bazelrc | 3 --- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml index 4e29338249a..f96ef029fc8 100644 --- a/.github/workflows/build_and_test.yaml +++ b/.github/workflows/build_and_test.yaml @@ -36,7 +36,7 @@ jobs: image-base-name: "dev_image_with_extras" ref: ${{ needs.env-protect-setup.outputs.ref }} clang-tidy: - runs-on: oracle-16cpu-64gb-x86-64 + runs-on: oracle-vm-16cpu-64gb-x86-64 needs: [authorize, env-protect-setup, get-dev-image] container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} @@ -64,7 +64,7 @@ jobs: code-coverage: if: github.event_name == 'push' needs: [authorize, env-protect-setup, get-dev-image] - runs-on: oracle-16cpu-64gb-x86-64 + runs-on: oracle-vm-16cpu-64gb-x86-64 container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} steps: @@ -88,7 +88,7 @@ jobs: ./ci/collect_coverage.sh -u -b main -c "$(git rev-parse HEAD)" -r pixie-io/pixie generate-matrix: needs: [authorize, env-protect-setup, get-dev-image] - runs-on: oracle-16cpu-64gb-x86-64 + runs-on: oracle-vm-16cpu-64gb-x86-64 container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} outputs: @@ -120,7 +120,7 @@ jobs: bazel_tests_* build-and-test: needs: [authorize, env-protect-setup, get-dev-image, generate-matrix] - runs-on: oracle-16cpu-64gb-x86-64 + runs-on: oracle-vm-16cpu-64gb-x86-64 permissions: contents: read actions: read diff --git a/ci/bes.bazelrc b/ci/bes.bazelrc index 9c27dbf6b32..0ad13f49dc5 100644 --- a/ci/bes.bazelrc +++ b/ci/bes.bazelrc @@ -1,3 +1,4 @@ build --bes_results_url=https://app.buildbuddy.io/invocation/ build --bes_backend=grpcs://remote.buildbuddy.io -build --remote_cache=grpcs://remote.buildbuddy.io +# For now, our CI isn't using remote caching +# build --remote_cache=grpcs://remote.buildbuddy.io diff --git a/ci/github/bazelrc b/ci/github/bazelrc index f4b0cdb5ac0..8de37643b0c 100644 --- a/ci/github/bazelrc +++ b/ci/github/bazelrc @@ -5,9 +5,6 @@ common --color=yes # a given run. common --keep_going -# Always use remote exec -build --config=remote - build --build_metadata=HOST=github-actions build --build_metadata=USER=github-actions build --build_metadata=REPO_URL=https://github.com/pixie-io/pixie From 7da4504f00e03f202d7971a4d3c49aa2555d7cdf Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Wed, 26 Nov 2025 12:49:43 +0000 Subject: [PATCH 04/18] Find out how much disk space is available Signed-off-by: Dom Del Nano --- .github/workflows/build_and_test.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml index f96ef029fc8..d3f8afd56e3 100644 --- a/.github/workflows/build_and_test.yaml +++ b/.github/workflows/build_and_test.yaml @@ -5,6 +5,7 @@ on: push: branches: - 'main' + - 'dependabot/go_modules/golang.org/x/crypto-0.45.0' schedule: # Run at 23:09 PST (07:09 UTC) every sunday. Github suggests not running actions on the hour. - cron: '9 7 * * 0' @@ -150,6 +151,8 @@ jobs: - name: Build ${{ matrix.name }} shell: bash run: | + echo "Finding out available disk space before build:" + df -h ./scripts/bazel_ignore_codes.sh build \ ${{ matrix.args }} \ --target_pattern_file=target_files/${{ matrix.buildables }} \ From 103a3e05a26db166a80c4ded367a435adad564e5 Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Thu, 27 Nov 2025 13:53:55 +0000 Subject: [PATCH 05/18] Use golang.org/x/net compatible with go 1.23 Signed-off-by: Dom Del Nano --- go.mod | 11 +++++------ go.sum | 22 ++++++++++------------ go_deps.bzl | 24 ++++++++++++------------ 3 files changed, 27 insertions(+), 30 deletions(-) diff --git a/go.mod b/go.mod index 282ee39f405..4224503b9c1 100644 --- a/go.mod +++ b/go.mod @@ -78,8 +78,8 @@ require ( go.etcd.io/etcd/server/v3 v3.5.8 go.uber.org/zap v1.24.0 golang.org/x/exp v0.0.0-20230307190834-24139beb5833 - golang.org/x/mod v0.29.0 - golang.org/x/net v0.47.0 + golang.org/x/mod v0.28.0 + golang.org/x/net v0.43.0 golang.org/x/oauth2 v0.6.0 golang.org/x/sync v0.18.0 golang.org/x/sys v0.38.0 @@ -269,11 +269,10 @@ require ( go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect go.uber.org/atomic v1.10.0 // indirect go.uber.org/multierr v1.6.0 // indirect - golang.org/x/crypto v0.45.0 // indirect + golang.org/x/crypto v0.42.0 // indirect golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect - golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8 // indirect - golang.org/x/text v0.31.0 // indirect - golang.org/x/tools v0.38.0 // indirect + golang.org/x/text v0.29.0 // indirect + golang.org/x/tools v0.36.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/go.sum b/go.sum index 17766df68bd..b8697cb4add 100644 --- a/go.sum +++ b/go.sum @@ -1059,8 +1059,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= -golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q= -golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4= +golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI= +golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= @@ -1087,8 +1087,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA= -golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w= +golang.org/x/mod v0.28.0 h1:gQBtGhjxykdjY9YhZpSlZIsbnaE2+PgjfLWUQTnoZ1U= +golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI= golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1134,8 +1134,8 @@ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= -golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= +golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= +golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1240,8 +1240,6 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8 h1:LvzTn0GQhWuvKH/kVRS3R3bVAsdQWI7hvfLHGgh9+lU= -golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8/go.mod h1:Pi4ztBfryZoJEkyFTI5/Ocsu2jXyDr6iSdgJiYE/uwE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= @@ -1256,8 +1254,8 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM= -golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM= +golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk= +golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= @@ -1304,8 +1302,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ= -golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs= +golang.org/x/tools v0.36.0 h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg= +golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/go_deps.bzl b/go_deps.bzl index 6c976a196a5..6590dff5052 100644 --- a/go_deps.bzl +++ b/go_deps.bzl @@ -4434,8 +4434,8 @@ def pl_go_dependencies(): name = "org_golang_x_crypto", build_directives = ["gazelle:map_kind go_binary pl_go_binary @px//bazel:pl_build_system.bzl", "gazelle:map_kind go_test pl_go_test @px//bazel:pl_build_system.bzl"], importpath = "golang.org/x/crypto", - sum = "h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=", - version = "v0.45.0", + sum = "h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=", + version = "v0.42.0", ) go_repository( name = "org_golang_x_exp", @@ -4469,15 +4469,15 @@ def pl_go_dependencies(): name = "org_golang_x_mod", build_directives = ["gazelle:map_kind go_binary pl_go_binary @px//bazel:pl_build_system.bzl", "gazelle:map_kind go_test pl_go_test @px//bazel:pl_build_system.bzl"], importpath = "golang.org/x/mod", - sum = "h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA=", - version = "v0.29.0", + sum = "h1:gQBtGhjxykdjY9YhZpSlZIsbnaE2+PgjfLWUQTnoZ1U=", + version = "v0.28.0", ) go_repository( name = "org_golang_x_net", build_directives = ["gazelle:map_kind go_binary pl_go_binary @px//bazel:pl_build_system.bzl", "gazelle:map_kind go_test pl_go_test @px//bazel:pl_build_system.bzl"], importpath = "golang.org/x/net", - sum = "h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=", - version = "v0.47.0", + sum = "h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=", + version = "v0.43.0", ) go_repository( name = "org_golang_x_oauth2", @@ -4504,8 +4504,8 @@ def pl_go_dependencies(): name = "org_golang_x_telemetry", build_directives = ["gazelle:map_kind go_binary pl_go_binary @px//bazel:pl_build_system.bzl", "gazelle:map_kind go_test pl_go_test @px//bazel:pl_build_system.bzl"], importpath = "golang.org/x/telemetry", - sum = "h1:LvzTn0GQhWuvKH/kVRS3R3bVAsdQWI7hvfLHGgh9+lU=", - version = "v0.0.0-20251008203120-078029d740a8", + sum = "h1:3doPGa+Gg4snce233aCWnbZVFsyFMo/dR40KK/6skyE=", + version = "v0.0.0-20250807160809-1a19826ec488", ) go_repository( name = "org_golang_x_term", @@ -4518,8 +4518,8 @@ def pl_go_dependencies(): name = "org_golang_x_text", build_directives = ["gazelle:map_kind go_binary pl_go_binary @px//bazel:pl_build_system.bzl", "gazelle:map_kind go_test pl_go_test @px//bazel:pl_build_system.bzl"], importpath = "golang.org/x/text", - sum = "h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=", - version = "v0.31.0", + sum = "h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=", + version = "v0.29.0", ) go_repository( name = "org_golang_x_time", @@ -4532,8 +4532,8 @@ def pl_go_dependencies(): name = "org_golang_x_tools", build_directives = ["gazelle:map_kind go_binary pl_go_binary @px//bazel:pl_build_system.bzl", "gazelle:map_kind go_test pl_go_test @px//bazel:pl_build_system.bzl"], importpath = "golang.org/x/tools", - sum = "h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=", - version = "v0.38.0", + sum = "h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg=", + version = "v0.36.0", ) go_repository( name = "org_golang_x_xerrors", From 4e140c92e6dfd6be2c5eef2d5c70d00abcb2464b Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Thu, 27 Nov 2025 23:55:30 +0000 Subject: [PATCH 06/18] Use the same bes settings to ensure test logs are preserved in build buddy Signed-off-by: Dom Del Nano --- ci/bes.bazelrc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ci/bes.bazelrc b/ci/bes.bazelrc index 0ad13f49dc5..9c27dbf6b32 100644 --- a/ci/bes.bazelrc +++ b/ci/bes.bazelrc @@ -1,4 +1,3 @@ build --bes_results_url=https://app.buildbuddy.io/invocation/ build --bes_backend=grpcs://remote.buildbuddy.io -# For now, our CI isn't using remote caching -# build --remote_cache=grpcs://remote.buildbuddy.io +build --remote_cache=grpcs://remote.buildbuddy.io From cd34ea30ae8621ee82802b4c1a17ba3d80f5e856 Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Sat, 29 Nov 2025 00:38:58 +0000 Subject: [PATCH 07/18] Fix gcc issues Signed-off-by: Dom Del Nano --- bazel/cc_toolchains/clang.bzl | 21 +++++++++++++++++++++ bazel/cc_toolchains/clang/toolchain.BUILD | 10 +++++----- bazel/cc_toolchains/gcc.bzl | 12 ++++++------ 3 files changed, 32 insertions(+), 11 deletions(-) diff --git a/bazel/cc_toolchains/clang.bzl b/bazel/cc_toolchains/clang.bzl index 7b5dec4b385..22dbe92141b 100644 --- a/bazel/cc_toolchains/clang.bzl +++ b/bazel/cc_toolchains/clang.bzl @@ -46,9 +46,28 @@ def _clang_toolchain_impl(rctx): sysroot_repo = sysroot_repo_name(rctx.attr.target_arch, rctx.attr.libc_version, "build") sysroot_path = "" sysroot_include_prefix = "" + # When not using a sysroot, we need to explicitly tell clang where to find + # the host system's C++ headers since the downloaded clang toolchain doesn't + # have them in its default search paths. + host_system_includes = "" + host_system_lib_dirs = "" if sysroot_repo: sysroot_path = "external/{repo}".format(repo = sysroot_repo) sysroot_include_prefix = "%sysroot%" + else: + # Add explicit -isystem flags for host C++ headers when not using a sysroot. + # These match the paths in the includes list but need to be passed explicitly + # to clang since there's no sysroot to provide them. + host_system_includes = """ + "-isystem", "/usr/include/c++/13", + "-isystem", "/usr/include/x86_64-linux-gnu/c++/13", + "-isystem", "/usr/include/c++/13/backward", + "-isystem", "/usr/local/include", + "-isystem", "/usr/include/x86_64-linux-gnu", + "-isystem", "/usr/include",""" + # Add library search path for libstdc++.a when not using a sysroot. + host_system_lib_dirs = """ + "-L/usr/lib/gcc/x86_64-linux-gnu/13",""" # First combine all of the build file templates into one file. rctx.template( @@ -75,6 +94,8 @@ def _clang_toolchain_impl(rctx): "{clang_version}": rctx.attr.clang_version, "{host_abi}": abi(rctx.attr.host_arch, rctx.attr.host_libc_version), "{host_arch}": rctx.attr.host_arch, + "{host_system_includes}": host_system_includes, + "{host_system_lib_dirs}": host_system_lib_dirs, "{libc_version}": rctx.attr.libc_version, "{libcxx_path}": libcxx_path, "{name}": rctx.attr.name, diff --git a/bazel/cc_toolchains/clang/toolchain.BUILD b/bazel/cc_toolchains/clang/toolchain.BUILD index 85044120979..6ae7cf780cf 100644 --- a/bazel/cc_toolchains/clang/toolchain.BUILD +++ b/bazel/cc_toolchains/clang/toolchain.BUILD @@ -43,9 +43,9 @@ includes = [ "{sysroot_include_prefix}/usr/local/include", "{sysroot_include_prefix}/usr/include/x86_64-linux-gnu", "{sysroot_include_prefix}/usr/include", - "{sysroot_include_prefix}/usr/include/c++/12", - "{sysroot_include_prefix}/usr/include/x86_64-linux-gnu/c++/12", - "{sysroot_include_prefix}/usr/include/c++/12/backward", + "{sysroot_include_prefix}/usr/include/c++/13", + "{sysroot_include_prefix}/usr/include/x86_64-linux-gnu/c++/13", + "{sysroot_include_prefix}/usr/include/c++/13/backward", "{libcxx_path}/include/c++/v1", ] @@ -63,7 +63,7 @@ cc_toolchain_config( "-Wself-assign", "-Wunused-but-set-parameter", "-fcolor-diagnostics", - "-fno-omit-frame-pointer", + "-fno-omit-frame-pointer",{host_system_includes} ], compiler = "clang", coverage_compile_flags = ["--coverage"], @@ -87,7 +87,7 @@ cc_toolchain_config( "-Wl,-no-as-needed", "-Wl,-z,relro,-z,now", "-Bexternal/{this_repo}/{toolchain_path}/bin", - "-lm", + "-lm",{host_system_lib_dirs} ] + (["-no-pie"] if {use_for_host_tools} else []), opt_compile_flags = [ "-g0", diff --git a/bazel/cc_toolchains/gcc.bzl b/bazel/cc_toolchains/gcc.bzl index eebef675688..1a5df6c4eed 100644 --- a/bazel/cc_toolchains/gcc.bzl +++ b/bazel/cc_toolchains/gcc.bzl @@ -22,8 +22,8 @@ def _gcc_x86_64_gnu(): "ar": "/usr/bin/ar", "cpp": "/usr/bin/cpp", "dwp": "/usr/bin/dwp", - "gcc": "/usr/bin/gcc-12", - "gcov": "/usr/bin/gcov-12", + "gcc": "/usr/bin/gcc-13", + "gcov": "/usr/bin/gcov-13", "ld": "/usr/bin/ld.gold", # TODO(zasgar): Fix this or remove this. "llvm-cov": "/opt/clang-15.0/bin/llvm-cov", @@ -44,13 +44,13 @@ def _gcc_x86_64_gnu(): abi_version = "gcc", abi_libc_version = "glibc_unknown", cxx_builtin_include_directories = [ - "/usr/lib/gcc/x86_64-linux-gnu/12/include", + "/usr/lib/gcc/x86_64-linux-gnu/13/include", "/usr/local/include", "/usr/include/x86_64-linux-gnu", "/usr/include", - "/usr/include/c++/12", - "/usr/include/x86_64-linux-gnu/c++/12", - "/usr/include/c++/12/backward", + "/usr/include/c++/13", + "/usr/include/x86_64-linux-gnu/c++/13", + "/usr/include/c++/13/backward", ], tool_paths = tool_paths, compile_flags = [ From 3037420186603b2001dbba1ce89e98de4dfd8969 Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Sat, 29 Nov 2025 00:40:08 +0000 Subject: [PATCH 08/18] Revert "Fix gcc issues" This reverts commit cd34ea30ae8621ee82802b4c1a17ba3d80f5e856. --- bazel/cc_toolchains/clang.bzl | 21 --------------------- bazel/cc_toolchains/clang/toolchain.BUILD | 10 +++++----- bazel/cc_toolchains/gcc.bzl | 12 ++++++------ 3 files changed, 11 insertions(+), 32 deletions(-) diff --git a/bazel/cc_toolchains/clang.bzl b/bazel/cc_toolchains/clang.bzl index 22dbe92141b..7b5dec4b385 100644 --- a/bazel/cc_toolchains/clang.bzl +++ b/bazel/cc_toolchains/clang.bzl @@ -46,28 +46,9 @@ def _clang_toolchain_impl(rctx): sysroot_repo = sysroot_repo_name(rctx.attr.target_arch, rctx.attr.libc_version, "build") sysroot_path = "" sysroot_include_prefix = "" - # When not using a sysroot, we need to explicitly tell clang where to find - # the host system's C++ headers since the downloaded clang toolchain doesn't - # have them in its default search paths. - host_system_includes = "" - host_system_lib_dirs = "" if sysroot_repo: sysroot_path = "external/{repo}".format(repo = sysroot_repo) sysroot_include_prefix = "%sysroot%" - else: - # Add explicit -isystem flags for host C++ headers when not using a sysroot. - # These match the paths in the includes list but need to be passed explicitly - # to clang since there's no sysroot to provide them. - host_system_includes = """ - "-isystem", "/usr/include/c++/13", - "-isystem", "/usr/include/x86_64-linux-gnu/c++/13", - "-isystem", "/usr/include/c++/13/backward", - "-isystem", "/usr/local/include", - "-isystem", "/usr/include/x86_64-linux-gnu", - "-isystem", "/usr/include",""" - # Add library search path for libstdc++.a when not using a sysroot. - host_system_lib_dirs = """ - "-L/usr/lib/gcc/x86_64-linux-gnu/13",""" # First combine all of the build file templates into one file. rctx.template( @@ -94,8 +75,6 @@ def _clang_toolchain_impl(rctx): "{clang_version}": rctx.attr.clang_version, "{host_abi}": abi(rctx.attr.host_arch, rctx.attr.host_libc_version), "{host_arch}": rctx.attr.host_arch, - "{host_system_includes}": host_system_includes, - "{host_system_lib_dirs}": host_system_lib_dirs, "{libc_version}": rctx.attr.libc_version, "{libcxx_path}": libcxx_path, "{name}": rctx.attr.name, diff --git a/bazel/cc_toolchains/clang/toolchain.BUILD b/bazel/cc_toolchains/clang/toolchain.BUILD index 6ae7cf780cf..85044120979 100644 --- a/bazel/cc_toolchains/clang/toolchain.BUILD +++ b/bazel/cc_toolchains/clang/toolchain.BUILD @@ -43,9 +43,9 @@ includes = [ "{sysroot_include_prefix}/usr/local/include", "{sysroot_include_prefix}/usr/include/x86_64-linux-gnu", "{sysroot_include_prefix}/usr/include", - "{sysroot_include_prefix}/usr/include/c++/13", - "{sysroot_include_prefix}/usr/include/x86_64-linux-gnu/c++/13", - "{sysroot_include_prefix}/usr/include/c++/13/backward", + "{sysroot_include_prefix}/usr/include/c++/12", + "{sysroot_include_prefix}/usr/include/x86_64-linux-gnu/c++/12", + "{sysroot_include_prefix}/usr/include/c++/12/backward", "{libcxx_path}/include/c++/v1", ] @@ -63,7 +63,7 @@ cc_toolchain_config( "-Wself-assign", "-Wunused-but-set-parameter", "-fcolor-diagnostics", - "-fno-omit-frame-pointer",{host_system_includes} + "-fno-omit-frame-pointer", ], compiler = "clang", coverage_compile_flags = ["--coverage"], @@ -87,7 +87,7 @@ cc_toolchain_config( "-Wl,-no-as-needed", "-Wl,-z,relro,-z,now", "-Bexternal/{this_repo}/{toolchain_path}/bin", - "-lm",{host_system_lib_dirs} + "-lm", ] + (["-no-pie"] if {use_for_host_tools} else []), opt_compile_flags = [ "-g0", diff --git a/bazel/cc_toolchains/gcc.bzl b/bazel/cc_toolchains/gcc.bzl index 1a5df6c4eed..eebef675688 100644 --- a/bazel/cc_toolchains/gcc.bzl +++ b/bazel/cc_toolchains/gcc.bzl @@ -22,8 +22,8 @@ def _gcc_x86_64_gnu(): "ar": "/usr/bin/ar", "cpp": "/usr/bin/cpp", "dwp": "/usr/bin/dwp", - "gcc": "/usr/bin/gcc-13", - "gcov": "/usr/bin/gcov-13", + "gcc": "/usr/bin/gcc-12", + "gcov": "/usr/bin/gcov-12", "ld": "/usr/bin/ld.gold", # TODO(zasgar): Fix this or remove this. "llvm-cov": "/opt/clang-15.0/bin/llvm-cov", @@ -44,13 +44,13 @@ def _gcc_x86_64_gnu(): abi_version = "gcc", abi_libc_version = "glibc_unknown", cxx_builtin_include_directories = [ - "/usr/lib/gcc/x86_64-linux-gnu/13/include", + "/usr/lib/gcc/x86_64-linux-gnu/12/include", "/usr/local/include", "/usr/include/x86_64-linux-gnu", "/usr/include", - "/usr/include/c++/13", - "/usr/include/x86_64-linux-gnu/c++/13", - "/usr/include/c++/13/backward", + "/usr/include/c++/12", + "/usr/include/x86_64-linux-gnu/c++/12", + "/usr/include/c++/12/backward", ], tool_paths = tool_paths, compile_flags = [ From 7da9f9f76873351f9877c34c5c0a5e556cf3a50c Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Sat, 29 Nov 2025 00:45:51 +0000 Subject: [PATCH 09/18] Ensure sysroot toolchain is transitioned to Signed-off-by: Dom Del Nano --- bazel/toolchain_transitions.bzl | 1 + 1 file changed, 1 insertion(+) diff --git a/bazel/toolchain_transitions.bzl b/bazel/toolchain_transitions.bzl index 65caa6e6c7b..5578af5dada 100644 --- a/bazel/toolchain_transitions.bzl +++ b/bazel/toolchain_transitions.bzl @@ -29,6 +29,7 @@ cc_clang_binary = meta.wrap_with_transition( native.cc_binary, { "@//bazel/cc_toolchains:compiler": meta.replace_with("clang"), + "@//bazel/cc_toolchains:libc_version": meta.replace_with("glibc2_36"), }, executable = True, ) From 64a203e48add153ea490e085633cd38fbe81ee8c Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Sat, 29 Nov 2025 08:52:53 +0000 Subject: [PATCH 10/18] Use elasticsearch container IP instead of gateway IP to fix github action docker access issues Signed-off-by: Dom Del Nano --- src/utils/testingutils/docker/elastic.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/utils/testingutils/docker/elastic.go b/src/utils/testingutils/docker/elastic.go index a098add6a2d..e0f59d4d3ea 100644 --- a/src/utils/testingutils/docker/elastic.go +++ b/src/utils/testingutils/docker/elastic.go @@ -101,12 +101,12 @@ func SetupElastic() (*elastic.Client, func(), error) { return nil, cleanup, err } - clientPort := resource.GetPort("9200/tcp") + clientPort := "9200" var client *elastic.Client err = pool.Retry(func() error { var err error client, err = connectElastic(fmt.Sprintf("http://%s:%s", - resource.Container.NetworkSettings.Gateway, clientPort), "elastic", esPass) + resource.Container.NetworkSettings.IPAddress, clientPort), "elastic", esPass) if err != nil { log.WithError(err).Errorf("Failed to connect to elasticsearch.") } From 7061abf933d846ea1ad20707ef7df3d2b94fe4a0 Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Sun, 30 Nov 2025 03:45:43 +0000 Subject: [PATCH 11/18] Increase retry timeout, print container logs on failure Signed-off-by: Dom Del Nano --- src/utils/testingutils/docker/elastic.go | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/src/utils/testingutils/docker/elastic.go b/src/utils/testingutils/docker/elastic.go index e0f59d4d3ea..41a247025bb 100644 --- a/src/utils/testingutils/docker/elastic.go +++ b/src/utils/testingutils/docker/elastic.go @@ -19,7 +19,9 @@ package docker import ( + "bytes" "fmt" + "time" "github.com/olivere/elastic/v7" "github.com/ory/dockertest/v3" @@ -101,6 +103,9 @@ func SetupElastic() (*elastic.Client, func(), error) { return nil, cleanup, err } + // Increase retry timeout to 3 minutes (default is 1 minute) + pool.MaxWait = 3 * time.Minute + clientPort := "9200" var client *elastic.Client err = pool.Retry(func() error { @@ -113,6 +118,23 @@ func SetupElastic() (*elastic.Client, func(), error) { return err }) if err != nil { + // Dump container logs on failure for debugging + var stdout, stderr bytes.Buffer + logsErr := pool.Client.Logs(docker.LogsOptions{ + Container: resource.Container.ID, + OutputStream: &stdout, + ErrorStream: &stderr, + Stdout: true, + Stderr: true, + Tail: "100", + }) + if logsErr != nil { + log.WithError(logsErr).Error("Failed to get container logs") + } else { + log.Errorf("Elasticsearch container stdout:\n%s", stdout.String()) + log.Errorf("Elasticsearch container stderr:\n%s", stderr.String()) + } + purgeErr := pool.Purge(resource) if purgeErr != nil { log.WithError(err).Error("Failed to purge pool") From 458c262536a57d884bb350ed59be9cef03e7dd71 Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Sun, 30 Nov 2025 09:18:44 +0000 Subject: [PATCH 12/18] Disable auto remove, add debugging output Signed-off-by: Dom Del Nano --- src/utils/testingutils/docker/elastic.go | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/src/utils/testingutils/docker/elastic.go b/src/utils/testingutils/docker/elastic.go index 41a247025bb..632cdc638d9 100644 --- a/src/utils/testingutils/docker/elastic.go +++ b/src/utils/testingutils/docker/elastic.go @@ -63,7 +63,7 @@ func SetupElastic() (*elastic.Client, func(), error) { "ES_HEAP_SIZE=128m", }, }, func(config *docker.HostConfig) { - config.AutoRemove = true + config.AutoRemove = false config.RestartPolicy = docker.RestartPolicy{Name: "no"} // Tmpfs is much faster than the default docker mounts. config.Mounts = []docker.HostMount{ @@ -103,17 +103,29 @@ func SetupElastic() (*elastic.Client, func(), error) { return nil, cleanup, err } - // Increase retry timeout to 3 minutes (default is 1 minute) - pool.MaxWait = 3 * time.Minute + // Increase retry timeout (default is 1 minute) + pool.MaxWait = 1 * time.Minute + + // Log network debugging info + log.Infof("Container ID: %s", resource.Container.ID) + log.Infof("Container IPAddress: %s", resource.Container.NetworkSettings.IPAddress) + log.Infof("Container Gateway: %s", resource.Container.NetworkSettings.Gateway) + log.Infof("Mapped port 9200/tcp: %s", resource.GetPort("9200/tcp")) + for netName, netSettings := range resource.Container.NetworkSettings.Networks { + log.Infof("Network %s: Gateway=%s, IPAddress=%s", netName, netSettings.Gateway, netSettings.IPAddress) + } clientPort := "9200" + esHost := resource.Container.NetworkSettings.IPAddress + esURL := fmt.Sprintf("http://%s:%s", esHost, clientPort) + log.Infof("Will attempt to connect to Elasticsearch at: %s", esURL) + var client *elastic.Client err = pool.Retry(func() error { var err error - client, err = connectElastic(fmt.Sprintf("http://%s:%s", - resource.Container.NetworkSettings.IPAddress, clientPort), "elastic", esPass) + client, err = connectElastic(esURL, "elastic", esPass) if err != nil { - log.WithError(err).Errorf("Failed to connect to elasticsearch.") + log.WithError(err).Errorf("Failed to connect to elasticsearch at %s", esURL) } return err }) From d7a818240cf9a5f7b1fe0d4fa5b3680f2147fbf2 Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Sun, 30 Nov 2025 10:17:33 +0000 Subject: [PATCH 13/18] Remove tmpfs bind mount that might be causing permission issues Signed-off-by: Dom Del Nano --- src/utils/testingutils/docker/elastic.go | 26 ------------------------ 1 file changed, 26 deletions(-) diff --git a/src/utils/testingutils/docker/elastic.go b/src/utils/testingutils/docker/elastic.go index 632cdc638d9..cacc7b59ea3 100644 --- a/src/utils/testingutils/docker/elastic.go +++ b/src/utils/testingutils/docker/elastic.go @@ -57,38 +57,12 @@ func SetupElastic() (*elastic.Client, func(), error) { "xpack.security.http.ssl.enabled=false", "xpack.security.transport.ssl.enabled=false", "indices.lifecycle.poll_interval=5s", - "path.data=/opt/elasticsearch/volatile/data", - "path.logs=/opt/elasticsearch/volatile/logs", "ES_JAVA_OPTS=-Xms128m -Xmx128m -server", "ES_HEAP_SIZE=128m", }, }, func(config *docker.HostConfig) { config.AutoRemove = false config.RestartPolicy = docker.RestartPolicy{Name: "no"} - // Tmpfs is much faster than the default docker mounts. - config.Mounts = []docker.HostMount{ - { - Target: "/opt/elasticsearch/volatile/data", - Type: "tmpfs", - TempfsOptions: &docker.TempfsOptions{ - SizeBytes: 100 * 1024 * 1024, - }, - }, - { - Target: "/opt/elasticsearch/volatile/logs", - Type: "tmpfs", - TempfsOptions: &docker.TempfsOptions{ - SizeBytes: 100 * 1024 * 1024, - }, - }, - { - Target: "/tmp", - Type: "tmpfs", - TempfsOptions: &docker.TempfsOptions{ - SizeBytes: 100 * 1024 * 1024, - }, - }, - } config.CPUCount = 1 config.Memory = 1024 * 1024 * 1024 config.MemorySwap = 0 From 31db35dda1d7b3117620662f32b70469b6c5afa0 Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Sun, 30 Nov 2025 15:21:39 +0000 Subject: [PATCH 14/18] Ensure correct IP is used to connect to ES Signed-off-by: Dom Del Nano --- src/utils/testingutils/docker/elastic.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/utils/testingutils/docker/elastic.go b/src/utils/testingutils/docker/elastic.go index cacc7b59ea3..ac6b1de2b16 100644 --- a/src/utils/testingutils/docker/elastic.go +++ b/src/utils/testingutils/docker/elastic.go @@ -79,6 +79,8 @@ func SetupElastic() (*elastic.Client, func(), error) { // Increase retry timeout (default is 1 minute) pool.MaxWait = 1 * time.Minute + clientPort := resource.GetPort("9200/tcp") + var esHost string // Log network debugging info log.Infof("Container ID: %s", resource.Container.ID) @@ -86,11 +88,11 @@ func SetupElastic() (*elastic.Client, func(), error) { log.Infof("Container Gateway: %s", resource.Container.NetworkSettings.Gateway) log.Infof("Mapped port 9200/tcp: %s", resource.GetPort("9200/tcp")) for netName, netSettings := range resource.Container.NetworkSettings.Networks { - log.Infof("Network %s: Gateway=%s, IPAddress=%s", netName, netSettings.Gateway, netSettings.IPAddress) + esHost = netSettings.Gateway + log.Infof("Setting ES host to gateway %s for network %s", esHost, netName) + break } - clientPort := "9200" - esHost := resource.Container.NetworkSettings.IPAddress esURL := fmt.Sprintf("http://%s:%s", esHost, clientPort) log.Infof("Will attempt to connect to Elasticsearch at: %s", esURL) From 0cab755c569b96ad808bf3d32557cbdab89db8c3 Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Tue, 2 Dec 2025 19:42:58 +0000 Subject: [PATCH 15/18] Enable kernel.unprivileged_userns_clone to see if that fixes bpf build permission issues Signed-off-by: Dom Del Nano --- .github/workflows/build_and_test.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml index d3f8afd56e3..041529dd7f7 100644 --- a/.github/workflows/build_and_test.yaml +++ b/.github/workflows/build_and_test.yaml @@ -163,6 +163,7 @@ jobs: run: | # Github actions container runner creates a docker network without IPv6 support. We enable it manually. sysctl -w net.ipv6.conf.lo.disable_ipv6=0 + sysctl -w kernel.unprivileged_userns_clone=1 ./scripts/bazel_ignore_codes.sh test ${{ matrix.args }} --target_pattern_file=target_files/${{ matrix.tests }} \ 2> >(tee bazel_stderr) - name: Parse junit reports From 9e1da429263bf6888d9667c1752ad4a3c9c7d79b Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Tue, 2 Dec 2025 22:49:16 +0000 Subject: [PATCH 16/18] Print out linux lsms. Try disabling apparmor's protction Signed-off-by: Dom Del Nano --- .github/workflows/build_and_test.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml index 041529dd7f7..fb0c6453c2f 100644 --- a/.github/workflows/build_and_test.yaml +++ b/.github/workflows/build_and_test.yaml @@ -163,6 +163,8 @@ jobs: run: | # Github actions container runner creates a docker network without IPv6 support. We enable it manually. sysctl -w net.ipv6.conf.lo.disable_ipv6=0 + cat /sys/kernel/security/lsm + echo 0 > /proc/sys/kernel/apparmor_restrict_unprivileged_userns sysctl -w kernel.unprivileged_userns_clone=1 ./scripts/bazel_ignore_codes.sh test ${{ matrix.args }} --target_pattern_file=target_files/${{ matrix.tests }} \ 2> >(tee bazel_stderr) From ead69f78feb0b0e748d1d4321ca7b432a9323d32 Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Tue, 2 Dec 2025 22:59:37 +0000 Subject: [PATCH 17/18] Ensure it can access file system that isn't bind mounted Signed-off-by: Dom Del Nano --- .github/workflows/build_and_test.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml index fb0c6453c2f..c95670b488d 100644 --- a/.github/workflows/build_and_test.yaml +++ b/.github/workflows/build_and_test.yaml @@ -163,8 +163,8 @@ jobs: run: | # Github actions container runner creates a docker network without IPv6 support. We enable it manually. sysctl -w net.ipv6.conf.lo.disable_ipv6=0 - cat /sys/kernel/security/lsm - echo 0 > /proc/sys/kernel/apparmor_restrict_unprivileged_userns + cat /proc/1/root/sys/kernel/security/lsm + echo 0 > /proc/1/root/proc/sys/kernel/apparmor_restrict_unprivileged_userns sysctl -w kernel.unprivileged_userns_clone=1 ./scripts/bazel_ignore_codes.sh test ${{ matrix.args }} --target_pattern_file=target_files/${{ matrix.tests }} \ 2> >(tee bazel_stderr) From feaccd5787fcdeb6a1aa10acf25afdbd083e0cf9 Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Wed, 3 Dec 2025 06:53:15 +0000 Subject: [PATCH 18/18] Use non procfs file path and use host pid namespace Signed-off-by: Dom Del Nano --- .github/workflows/build_and_test.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml index c95670b488d..b49907744d9 100644 --- a/.github/workflows/build_and_test.yaml +++ b/.github/workflows/build_and_test.yaml @@ -128,7 +128,7 @@ jobs: checks: write container: image: ${{ needs.get-dev-image.outputs.image-with-tag }} - options: --privileged + options: --privileged --pid=host if: ${{ needs.generate-matrix.outputs.matrix && (toJson(fromJson(needs.generate-matrix.outputs.matrix)) != '[]') }} strategy: matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }} @@ -163,9 +163,8 @@ jobs: run: | # Github actions container runner creates a docker network without IPv6 support. We enable it manually. sysctl -w net.ipv6.conf.lo.disable_ipv6=0 - cat /proc/1/root/sys/kernel/security/lsm - echo 0 > /proc/1/root/proc/sys/kernel/apparmor_restrict_unprivileged_userns sysctl -w kernel.unprivileged_userns_clone=1 + bash -c "echo 0 > /proc/sys/kernel/apparmor_restrict_unprivileged_userns" ./scripts/bazel_ignore_codes.sh test ${{ matrix.args }} --target_pattern_file=target_files/${{ matrix.tests }} \ 2> >(tee bazel_stderr) - name: Parse junit reports