Merge pull request #20849 from redpanda-data/bazel

bazel: foundation

.bazelignore

@@ -0,0 +1,2 @@
+build
+vbuild

.bazelrc

@@ -0,0 +1,87 @@
+# use a compiler name that doesn't symlink to ccache
+build --action_env=CC=clang-16 --host_action_env=CC=clang-16
+build --action_env=CXX=clang++-16 --host_action_env=CXX=clang++-16
+build --action_env=BAZEL_COMPILER=clang
+build --cxxopt=-std=c++20 --host_cxxopt=-std=c++20
+build --linkopt -fuse-ld=lld
+
+# https://github.com/bazelbuild/rules_foreign_cc/issues/1065
+# https://github.com/bazelbuild/rules_foreign_cc/issues/1186#issuecomment-2053550487
+build --host_action_env=CXXFLAGS=-Wno-int-conversion
+build --action_env=CXXFLAGS=-Wno-int-conversion
+build --host_action_env=CFLAGS=-Wno-int-conversion
+build --action_env=CFLAGS=-Wno-int-conversion
+
+common --registry=https://bcr.bazel.build
+
+# =================================
+# Sanitizer
+# =================================
+build:sanitizer --copt -fsanitize=address,undefined,vptr,function
+build:sanitizer --linkopt -fsanitize=address,undefined,vptr,function
+build:sanitizer --linkopt --rtlib=compiler-rt
+build:sanitizer --linkopt -fsanitize-link-c++-runtime
+build:sanitizer --copt -O1
+# seastar has to be run with system allocator when using sanitizers
+build:sanitizer --@seastar//:system_allocator=True
+
+# =================================
+# Security
+# =================================
+
+# fortify source requires a high optimization level. when using this feature add
+# `--copt -O2` or combine with a compilation mode like `-c opt`. the default
+# bazel toolchain adds _FORTIFY_SOURCE=1 in `-c opt`, so first clear the
+# definition to avoid -Wmacro-redefined warnings.
+build:fortify-source --copt -U_FORTIFY_SOURCE
+build:fortify-source --copt -D_FORTIFY_SOURCE=2
+
+build:stack-clash --copt -fstack-clash-protection
+build:stack-protector --copt -fstack-protector-strong
+build:relro --copt -fno-plt
+build:relro --linkopt -Wl,-z,relro,-z,now
+
+# Use `--config=secure` for all supported security settings
+build:secure --config=fortify-source
+build:secure --config=stack-clash
+build:secure --config=stack-protector
+build:secure --config=relro
+
+# =================================
+# Release
+# =================================
+build:release --compilation_mode opt
+build:release --config=secure
+build:release --copt -mllvm --copt -inline-threshold=2500
+build:release --linkopt=-flto
+
+build --@seastar//:openssl=True
+build --keep_going
+
+# prevent actions and tests from using the network. anything that needs to
+# opt-out (e.g. a network test) can use `tags=["requires-network"]`.
+build --sandbox_default_allow_network=false
+
+# prevent certain environment variables (e.g. PATH and LD_LIBRARY_PATH) from
+# leaking into the build.
+build --incompatible_strict_action_env
+
+# disabling until we are able to address the issue with GHA checkout into
+# container resulting in a Git repository that doesn't seems to cause errors
+# https://github.com/actions/checkout/issues/363
+#build --workspace_status_command=bazel/workspace_status.sh
+
+# =================================
+# Testing
+# =================================
+
+# prints out combined stdout/stderr for failed tests
+test --test_output=errors
+
+# warn if a timeout is much longer than actual runtime
+test --test_verbose_timeout_warnings
+
+test:unit --test_tag_filters=-bench
+test:bench --test_tag_filters=bench
+
+try-import %workspace%/user.bazelrc

.bazelversion

@@ -0,0 +1 @@
+7.2.0

.github/workflows/build-bazel.yml

@@ -0,0 +1,76 @@
+# Copyright 2024 Redpanda Data, Inc.
+#
+# Use of this software is governed by the Business Source License
+# included in the file licenses/BSL.md
+#
+# As of the Change Date specified in that file, in accordance with
+# the Business Source License, use of this software will be governed
+# by the Apache License, Version 2.0
+
+name: build-bazel
+on:
+  push:
+    branches:
+      - dev
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - ready_for_review
+    paths:
+      - 'src/v/**'
+      - 'bazel/**'
+      - 'MODULE.bazel'
+      - '.bazelrc'
+      - '.bazelversion'
+      - 'BUILD'
+      - '.github/workflows/build-bazel.yml'
+
+jobs:
+  build:
+    name: build redpanda with bazel
+    runs-on: ubuntu-latest-16
+    timeout-minutes: 30
+    strategy:
+      matrix:
+        os: ["fedora:38", "ubuntu:noble"]
+    container:
+      image: ${{ matrix.os }}
+    steps:
+        - name: checkout
+          uses: actions/checkout@v4
+        - name: configure aws credentials
+          uses: aws-actions/configure-aws-credentials@v4
+          with:
+            aws-access-key-id: ${{ secrets.AWS_SM_READONLY_ACCESS_KEY_ID }}
+            aws-secret-access-key: ${{ secrets.AWS_SM_READONLY_SECRET_ACCESS_KEY }}
+            aws-region: us-west-2
+        - name: get secrets from aws sm
+          uses: aws-actions/aws-secretsmanager-get-secrets@v2
+          with:
+            secret-ids: |
+              ,sdlc/prod/github/bazel_cacher_gcp
+            parse-json-secrets: true
+        - name: setup user bazelrc
+          run: |
+            echo ${{ env.BAZEL_CACHER_GCP_SECRET_KEY }} | base64 --decode > ${HOME}/gcp.key.json
+            echo build --remote_cache=https://storage.googleapis.com/${{ env.BAZEL_CACHER_GCP_BUCKET_NAME }} > user.bazelrc
+            echo build --google_credentials=${HOME}/gcp.key.json >> user.bazelrc
+        - name: dependencies
+          run: bazel/install-deps.sh
+        - name: install baselisk
+          run: |
+            dnf install -y wget || apt install -y wget
+            wget -O /usr/local/bin/bazel https://github.com/bazelbuild/bazelisk/releases/latest/download/bazelisk-linux-amd64
+            chmod +x /usr/local/bin/bazel
+        - name: buildifier check
+          run: bazel run //tools:buildifier.check
+        - name: build thirdparty
+          run: |
+            bazel build @ada @avro @base64 @c-ares @hdrhistogram \
+            @hwloc @krb5 @libpciaccess @libxml2 @lksctp @numactl @openssl \
+            @openssl-fips @rapidjson @roaring @seastar @snappy \
+            @unordered_dense @wasmtime @xz
+        - name: build
+          run: bazel build //...

.gitignore

@@ -263,3 +263,6 @@ vbuild/
 
 #asdf tool version file
 .tool-versions
+
+# bazel
+user.bazelrc

MODULE.bazel

@@ -0,0 +1,86 @@
+module(
+    name = "redpanda",
+    repo_name = "com_github_redpanda_data_redpanda",
+)
+
+bazel_dep(name = "hedron_compile_commands", dev_dependency = True)
+git_override(
+    module_name = "hedron_compile_commands",
+    commit = "a14ad3a64e7bf398ab48105aaa0348e032ac87f8",
+    remote = "https://github.com/hedronvision/bazel-compile-commands-extractor.git",
+)
+
+bazel_dep(name = "rules_boost", repo_name = "com_github_nelhage_rules_boost")
+archive_override(
+    module_name = "rules_boost",
+    integrity = "sha256-PcGxb6Ffi1CajH1PIqlAJ6mgqQ5/XW3NNL7TLZvlSBs=",
+    strip_prefix = "rules_boost-64bf4814222a6782fd0e7536532a257d7fdc9d80",
+    urls = "https://github.com/nelhage/rules_boost/archive/64bf4814222a6782fd0e7536532a257d7fdc9d80.tar.gz",
+)
+
+non_module_boost_repositories = use_extension("@com_github_nelhage_rules_boost//:boost/repositories.bzl", "non_module_dependencies")
+use_repo(
+    non_module_boost_repositories,
+    "boost",
+)
+
+bazel_dep(name = "abseil-cpp", version = "20240116.1")
+bazel_dep(name = "bazel_skylib", version = "1.7.1")
+bazel_dep(name = "crc32c", version = "1.1.0")
+bazel_dep(name = "fmt", version = "8.1.1")
+bazel_dep(name = "googletest", version = "1.14.0.bcr.1")
+bazel_dep(name = "liburing", version = "2.5")
+bazel_dep(name = "lz4", version = "1.9.4")
+bazel_dep(name = "platforms", version = "0.0.10")
+bazel_dep(name = "protobuf", version = "26.0")
+bazel_dep(name = "re2", version = "2023-09-01")
+bazel_dep(name = "rules_foreign_cc", version = "0.10.1")
+bazel_dep(name = "rules_proto", version = "6.0.2")
+bazel_dep(name = "yaml-cpp", version = "0.8.0")
+bazel_dep(name = "zlib", version = "1.3")
+bazel_dep(name = "zstd", version = "1.5.6")
+
+bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True)
+bazel_dep(name = "rules_python", version = "0.33.2", dev_dependency = True)
+
+python = use_extension("@rules_python//python/extensions:python.bzl", "python", dev_dependency = True)
+python.toolchain(
+    ignore_root_user_error = True,
+    is_default = True,
+    python_version = "3.12",
+)
+
+pip = use_extension("@rules_python//python/extensions:pip.bzl", "pip")
+pip.parse(
+    extra_pip_args = ["--require-hashes"],
+    hub_name = "python_deps",
+    python_version = "3.12",
+    requirements_lock = "//bazel/thirdparty:requirements.txt",
+)
+use_repo(pip, "python_deps")
+
+non_module_dependencies = use_extension("//bazel:extensions.bzl", "non_module_dependencies")
+use_repo(non_module_dependencies, "ada")
+use_repo(non_module_dependencies, "avro")
+use_repo(non_module_dependencies, "base64")
+use_repo(non_module_dependencies, "c-ares")
+use_repo(non_module_dependencies, "hdrhistogram")
+use_repo(non_module_dependencies, "hwloc")
+use_repo(non_module_dependencies, "krb5")
+use_repo(non_module_dependencies, "libpciaccess")
+use_repo(non_module_dependencies, "libxml2")
+use_repo(non_module_dependencies, "lksctp")
+use_repo(non_module_dependencies, "numactl")
+use_repo(non_module_dependencies, "openssl")
+use_repo(non_module_dependencies, "openssl-fips")
+
+# non-BCR rapidjson is used because BCR publishes v1.1.0 from 2016, and Redpanda
+# depends on newer changes since the last tagged upstream version.
+use_repo(non_module_dependencies, "rapidjson")
+use_repo(non_module_dependencies, "roaring")
+use_repo(non_module_dependencies, "seastar")
+use_repo(non_module_dependencies, "snappy")
+use_repo(non_module_dependencies, "unordered_dense")
+use_repo(non_module_dependencies, "wasmtime")
+use_repo(non_module_dependencies, "xxhash")
+use_repo(non_module_dependencies, "xz")