4 Commits

  • build: run buildifier from just fmt (#28125)
    ## Intent
    
    Keep Bazel and Starlark files consistently formatted without requiring
    contributors to install or version buildifier themselves.
    
    ## Implementation
    
    - Add a SHA-256-pinned, cross-platform DotSlash manifest for buildifier
    v8.5.1.
    - Run buildifier from the shared `just fmt` and `just fmt-check` driver,
    with Windows-safe explicit DotSlash invocation.
    - Provision DotSlash in formatting CI and contributor devcontainers, and
    document the source-build prerequisite.
    - Apply the initial mechanical buildifier formatting baseline.
  • chore: install an extension for TOML syntax highlighting in the devcontainer (#1650)
    Small quality-of-life improvement when doing devcontainer development.
  • chore: install just in the devcontainer for Linux development (#1375)
    Apparently `just` was added to `apt` in Ubuntu 24, so this required
    updating the Ubuntu version in the `Dockerfile` to make it so we could
    simply `apt install just`.
    
    Though then that caused a conflict with the custom `dev` user we were
    using, though the end result seems simpler since now we just use the
    default `ubuntu` user provided by Ubuntu 24.
  • fix: support arm64 build for Linux (#1225)
    Users were running into issues with glibc mismatches on arm64 linux. In
    the past, we did not provide a musl build for arm64 Linux because we had
    trouble getting the openssl dependency to build correctly. Though today
    I just tried the same trick in `Cargo.toml` that we were doing for
    `x86_64-unknown-linux-musl` (using `openssl-sys` with `features =
    ["vendored"]`), so I'm not sure what problem we had in the past the
    builds "just worked" today!
    
    Though one tweak that did have to be made is that the integration tests
    for Seccomp/Landlock empirically require longer timeouts on arm64 linux,
    or at least on the `ubuntu-24.04-arm` GitHub Runner. As such, we change
    the timeouts for arm64 in `codex-rs/linux-sandbox/tests/landlock.rs`.
    
    Though in solving this problem, I decided I needed a turnkey solution
    for testing the Linux build(s) from my Mac laptop, so this PR introduces
    `.devcontainer/Dockerfile` and `.devcontainer/devcontainer.json` to
    facilitate this. Detailed instructions are in `.devcontainer/README.md`.
    
    We will update `dotslash-config.json` and other release-related scripts
    in a follow-up PR.