From c05bf02a856121cdf40f77a21cdb26667d449615 Mon Sep 17 00:00:00 2001
From: Luke Granger-Brown <git@lukegb.com>
Date: Sun, 7 Jul 2024 19:12:28 +0100
Subject: chore(3p/gerrit): create buildBazelPackageNG and migrate gerrit to it

This bumps Gerrit to 3.10.0, and also introduces a new mechanism for
building it that should hopefully have some more stable hashes than the
previous bodgery.

In this world, we only cache what we explicitly want to. There are some
hooks implemented for `rules_java` and `rules_nodejs` (before version
6) that force use of local binaries; this means we can drop the use of
the FHSUserEnv and use the java and nodejs binaries provided by nixpkgs
instead.

detzip is deleted; it hasn't been used in yonks.

We also add https://gerrit-review.googlesource.com/c/gerrit/+/431977,
which bumps the SSHd version so that we can have U2F-based SSH keys.

Change-Id: Ie12a9a33bbb1e4bd96aa252580aca3b8bc4a1205
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11963
Reviewed-by: lukegb <lukegb@tvl.fyi>
Autosubmit: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
---
 .../bazelRulesNodeJS5Hook/default.nix              | 53 ++++++++++++++++++
 .../bazelRulesNodeJS5Hook/local_node/BUILD         | 20 +++++++
 .../bazelRulesNodeJS5Hook/local_node/WORKSPACE     |  1 +
 .../bazelRulesNodeJS5Hook/local_node/bin/node      |  3 ++
 .../bazelRulesNodeJS5Hook/local_node/bin/npm       |  3 ++
 .../bazelRulesNodeJS5Hook/local_yarn/BUILD         |  0
 .../bazelRulesNodeJS5Hook/local_yarn/WORKSPACE     |  1 +
 .../bazelRulesNodeJS5Hook/local_yarn/bin/yarn      |  2 +
 .../bazelRulesNodeJS5Hook/setup-hook.sh            | 63 ++++++++++++++++++++++
 9 files changed, 146 insertions(+)
 create mode 100644 nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/default.nix
 create mode 100644 nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_node/BUILD
 create mode 100644 nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_node/WORKSPACE
 create mode 100644 nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_node/bin/node
 create mode 100644 nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_node/bin/npm
 create mode 100644 nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_yarn/BUILD
 create mode 100644 nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_yarn/WORKSPACE
 create mode 100644 nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_yarn/bin/yarn
 create mode 100644 nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/setup-hook.sh

(limited to 'nix/buildBazelPackageNG/bazelRulesNodeJS5Hook')

diff --git a/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/default.nix b/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/default.nix
new file mode 100644
index 000000000000..c99cc39e9e4c
--- /dev/null
+++ b/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/default.nix
@@ -0,0 +1,53 @@
+{ stdenvNoCC
+, lib
+, makeSetupHook
+, fetchFromGitHub
+, coreutils
+, gnugrep
+, nodejs
+, yarn
+, git
+, cacert
+}:
+let
+  rulesNodeJS = stdenvNoCC.mkDerivation rec {
+    pname = "bazelbuild-rules_nodejs";
+    version = "5.8.5";
+
+    src = fetchFromGitHub {
+      owner = "bazelbuild";
+      repo = "rules_nodejs";
+      rev = version;
+      hash = "sha256-6UbYRrOnS93+pK4VI016gQZv2jLCzkJn6wJ4vZNCNjY=";
+    };
+
+    dontBuild = true;
+
+    postPatch = ''
+      shopt -s globstar
+      for i in **/*.bzl **/*.sh **/*.cjs; do
+        substituteInPlace "$i" \
+          --replace-quiet '#!/usr/bin/env bash' '#!${stdenvNoCC.shell}' \
+          --replace-quiet '#!/bin/bash' '#!${stdenvNoCC.shell}'
+      done
+      sed -i '/^#!/a export PATH=${lib.makeBinPath [ coreutils gnugrep ]}:$PATH' internal/node/launcher.sh
+    '';
+
+    installPhase = ''
+      cp -R . $out
+    '';
+  };
+in makeSetupHook {
+  name = "bazelbuild-rules_nodejs-5-hook";
+  propagatedBuildInputs = [
+    nodejs
+    yarn
+    git
+    cacert
+  ];
+  substitutions = {
+    inherit nodejs yarn cacert rulesNodeJS;
+    local_node = ./local_node;
+    local_yarn = ./local_yarn;
+  };
+} ./setup-hook.sh
diff --git a/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_node/BUILD b/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_node/BUILD
new file mode 100644
index 000000000000..d764d23ffd1a
--- /dev/null
+++ b/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_node/BUILD
@@ -0,0 +1,20 @@
+load("@build_bazel_rules_nodejs//nodejs:toolchain.bzl", _node_toolchain = "node_toolchain")
+
+package(default_visibility = ["//visibility:public"])
+
+exports_files([
+    "bin/node",
+    "bin/npm",
+])
+
+_node_toolchain(
+    name = "node_toolchain",
+    target_tool_path = "__NODEJS__/bin/node",
+    npm_path = "__NODEJS__/bin/npm",
+)
+
+toolchain(
+    name = "nodejs",
+    toolchain = ":node_toolchain",
+    toolchain_type = "@build_bazel_rules_nodejs//nodejs:toolchain_type",
+)
diff --git a/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_node/WORKSPACE b/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_node/WORKSPACE
new file mode 100644
index 000000000000..5bc1698b62d5
--- /dev/null
+++ b/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_node/WORKSPACE
@@ -0,0 +1 @@
+workspace(name = "nodejs")
diff --git a/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_node/bin/node b/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_node/bin/node
new file mode 100644
index 000000000000..ef1f010f0bf3
--- /dev/null
+++ b/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_node/bin/node
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec "__NODEJS__/bin/node" "$@"
diff --git a/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_node/bin/npm b/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_node/bin/npm
new file mode 100644
index 000000000000..63a985dbde20
--- /dev/null
+++ b/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_node/bin/npm
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec "__NODEJS__/bin/npm" "$@"
diff --git a/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_yarn/BUILD b/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_yarn/BUILD
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_yarn/WORKSPACE b/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_yarn/WORKSPACE
new file mode 100644
index 000000000000..2a1b7d4653a1
--- /dev/null
+++ b/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_yarn/WORKSPACE
@@ -0,0 +1 @@
+workspace(name = "yarn")
diff --git a/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_yarn/bin/yarn b/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_yarn/bin/yarn
new file mode 100644
index 000000000000..2009572e4eff
--- /dev/null
+++ b/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/local_yarn/bin/yarn
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec "__YARN__/bin/yarn" "$@"
diff --git a/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/setup-hook.sh b/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/setup-hook.sh
new file mode 100644
index 000000000000..5e3cf1eb94c2
--- /dev/null
+++ b/nix/buildBazelPackageNG/bazelRulesNodeJS5Hook/setup-hook.sh
@@ -0,0 +1,63 @@
+prePatchHooks+=(_setupLocalNodeRepos)
+preBuildHooks+=(_setupYarnCache)
+
+case "$bazelPhase" in
+	cache)
+		postInstallHooks+=(_copyYarnCache)
+		;;
+	build)
+		preBuildHooks+=(_linkYarnCache)
+		;;
+	*)
+		echo "Unexpected bazelPhase '$bazelPhase' (want cache or build)" >&2
+		exit 1
+		;;
+esac
+
+
+_setupLocalNodeRepos() {
+	cp -R @local_node@ $HOME/local_node
+	chmod -R +w $HOME/local_node
+	substituteInPlace $HOME/local_node/bin/node \
+		--replace-fail '__NODEJS__' '@nodejs@'
+	substituteInPlace $HOME/local_node/bin/npm \
+		--replace-fail '__NODEJS__' '@nodejs@'
+	substituteInPlace $HOME/local_node/BUILD \
+		--replace-fail '__NODEJS__' '@nodejs@'
+	chmod -R +x $HOME/local_node/bin/*
+
+	cp -R @local_yarn@ $HOME/local_yarn
+	chmod -R +w $HOME/local_yarn
+	substituteInPlace $HOME/local_yarn/bin/yarn \
+		--replace-fail '__YARN__' '@yarn@'
+	chmod -R +x $HOME/local_yarn/bin/*
+
+	bazelFlagsArray+=(
+		"--override_repository=build_bazel_rules_nodejs=@rulesNodeJS@"
+
+		"--override_repository=nodejs_linux_amd64=$HOME/local_node"
+		"--override_repository=nodejs_linux_arm64=$HOME/local_node"
+		"--override_repository=nodejs_linux_s390x=$HOME/local_node"
+		"--override_repository=nodejs_linux_ppc64le=$HOME/local_node"
+		"--override_repository=nodejs_darwin_amd64=$HOME/local_node"
+		"--override_repository=nodejs_darwin_arm64=$HOME/local_node"
+		"--override_repository=nodejs_windows_amd64=$HOME/local_node"
+		"--override_repository=nodejs_windows_arm64=$HOME/local_node"
+		"--override_repository=nodejs=$HOME/local_node"
+
+		"--override_repository=yarn=$HOME/local_yarn"
+	)
+}
+
+_setupYarnCache() {
+	@yarn@/bin/yarn config set cafile "@cacert@/etc/ssl/certs/ca-bundle.crt"
+	@yarn@/bin/yarn config set yarn-offline-mirror "$HOME/yarn-offline-mirror"
+}
+
+_copyYarnCache() {
+	cp -R "$HOME/yarn-offline-mirror" "$out/yarn-offline-mirror"
+}
+
+_linkYarnCache() {
+	ln -sf "$cache/yarn-offline-mirror" "$HOME/yarn-offline-mirror"
+}
-- 
cgit 1.4.1