mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
5c8136f48a
## Why We want to make it possible for an app-server orchestrator on one OS to control an exec-server on another host running a different OS. In practice this kinda already works if you get lucky and the two hosts have the same path format, but we mangle quite a lot of operations if either end is Windows. We should be able to test the cross-platform interactions for exec-server, but we want to do this fairly soon and need a lightweight option for testing. Using Wine to run the Windows side is far from perfect, but it should give us a decent measure of how well we're handling the basics of paths, process spawning, shell interaction, etc. Future changes will add actual exec-server tests and possibly extensions to the Wine testing environment. ## What To make the cross-target-triple build easy, these tests are added only to the Bazel build. This change adds an x86_64 Wine prebuilt managed by Bazel and some build rules that can set up the needed toolchain transition. The support library for running Wine in a test environment created by the Bazel rules comes with its own basic unit and integration tests. Their primary priority is to make sure we don't leak child processes on developer machines and that we can build and launch a basic hello world binary. ## Validation Confirmed these new tests are running on the [x86_64 bazel ubuntu jobs](https://github.com/openai/codex/actions/runs/27446432302/job/81132356855?pr=27937): ``` //bazel/rules/testing/wine:wine-smoke-test (cached) PASSED in 3.7s //bazel/rules/testing/wine:wine-test-support-unit-tests (cached) PASSED in 15.8s ```
509 lines
16 KiB
Python
509 lines
16 KiB
Python
module(name = "codex")
|
|
|
|
bazel_dep(name = "bazel_skylib", version = "1.9.0")
|
|
bazel_dep(name = "platforms", version = "1.0.0")
|
|
bazel_dep(name = "llvm", version = "0.7.1")
|
|
# The upstream LLVM archive contains a few unix-only symlink entries and is
|
|
# missing a couple of MinGW compatibility archives that windows-gnullvm needs
|
|
# during extraction and linking, so patch it until upstream grows native support.
|
|
single_version_override(
|
|
module_name = "llvm",
|
|
patch_strip = 1,
|
|
patches = [
|
|
"//patches:llvm_rusty_v8_custom_libcxx.patch",
|
|
"//patches:llvm_windows_arm64_powl.patch",
|
|
"//patches:llvm_windows_symlink_extract.patch",
|
|
],
|
|
)
|
|
# Abseil picks a MinGW pthread TLS path that does not match our hermetic
|
|
# windows-gnullvm toolchain; force it onto the portable C++11 thread-local path.
|
|
single_version_override(
|
|
module_name = "abseil-cpp",
|
|
patch_strip = 1,
|
|
patches = [
|
|
"//patches:abseil_windows_gnullvm_thread_identity.patch",
|
|
],
|
|
)
|
|
|
|
register_toolchains("@llvm//toolchain:all")
|
|
|
|
osx = use_extension("@llvm//extensions:osx.bzl", "osx")
|
|
osx.from_archive(
|
|
sha256 = "1bde70c0b1c2ab89ff454acbebf6741390d7b7eb149ca2a3ca24cc9203a408b7",
|
|
strip_prefix = "Payload/Library/Developer/CommandLineTools/SDKs/MacOSX26.4.sdk",
|
|
type = "pkg",
|
|
urls = [
|
|
"https://swcdn.apple.com/content/downloads/32/53/047-96692-A_OAHIHT53YB/ybtshxmrcju8m2qvw3w5elr4rajtg1x3y3/CLTools_macOSNMOS_SDK.pkg",
|
|
],
|
|
)
|
|
osx.frameworks(names = [
|
|
"ApplicationServices",
|
|
"AppKit",
|
|
"ColorSync",
|
|
"CoreFoundation",
|
|
"CoreGraphics",
|
|
"CoreImage",
|
|
"CoreMedia",
|
|
"CoreMIDI",
|
|
"CoreServices",
|
|
"CoreText",
|
|
"CoreVideo",
|
|
"DiskArbitration",
|
|
"AudioToolbox",
|
|
"AVFoundation",
|
|
"AVFAudio",
|
|
"AVRouting",
|
|
"CFNetwork",
|
|
"FontServices",
|
|
"AudioUnit",
|
|
"CoreAudio",
|
|
"CoreAudioTypes",
|
|
"Foundation",
|
|
"ImageIO",
|
|
"IOSurface",
|
|
"IOKit",
|
|
"Kernel",
|
|
"Metal",
|
|
"MetalKit",
|
|
"OpenGL",
|
|
"OSLog",
|
|
"QuartzCore",
|
|
"ScreenCaptureKit",
|
|
"Security",
|
|
"SystemConfiguration",
|
|
"UniformTypeIdentifiers",
|
|
"VideoToolbox",
|
|
])
|
|
use_repo(osx, "macos_sdk")
|
|
|
|
# Needed to disable xcode...
|
|
bazel_dep(name = "apple_support", version = "2.1.0")
|
|
bazel_dep(name = "rules_cc", version = "0.2.16")
|
|
single_version_override(
|
|
module_name = "rules_cc",
|
|
patch_strip = 1,
|
|
patches = [
|
|
"//patches:rules_cc_rusty_v8_custom_libcxx.patch",
|
|
],
|
|
)
|
|
bazel_dep(name = "rules_platform", version = "0.1.0")
|
|
bazel_dep(name = "rules_rs", version = "0.0.58")
|
|
# `rules_rs` still does not model `windows-gnullvm` as a distinct Windows exec
|
|
# platform, so patch it until upstream grows that support for both x86_64 and
|
|
# aarch64.
|
|
single_version_override(
|
|
module_name = "rules_rs",
|
|
patch_strip = 1,
|
|
patches = [
|
|
"//patches:rules_rs_build_script_deps_annotation.patch",
|
|
"//patches:rules_rs_windows_gnullvm_exec.patch",
|
|
"//patches:rules_rs_windows_exec_linker.patch",
|
|
],
|
|
version = "0.0.58",
|
|
)
|
|
|
|
rules_rust = use_extension("@rules_rs//rs/experimental:rules_rust.bzl", "rules_rust")
|
|
# Build-script probe binaries inherit CFLAGS/CXXFLAGS from Bazel's C++
|
|
# toolchain. On `windows-gnullvm`, llvm-mingw does not ship
|
|
# `libssp_nonshared`, so strip the forwarded stack-protector flags there.
|
|
rules_rust.patch(
|
|
patches = [
|
|
"//patches:rules_rust_windows_gnullvm_build_script.patch",
|
|
"//patches:rules_rust_windows_exec_msvc_build_script_env.patch",
|
|
"//patches:rules_rust_windows_bootstrap_process_wrapper_linker.patch",
|
|
"//patches:rules_rust_windows_build_script_runner_paths.patch",
|
|
"//patches:rules_rust_windows_msvc_direct_link_args.patch",
|
|
"//patches:rules_rust_windows_process_wrapper_skip_temp_outputs.patch",
|
|
"//patches:rules_rust_windows_exec_bin_target.patch",
|
|
"//patches:rules_rust_windows_exec_std.patch",
|
|
"//patches:rules_rust_windows_exec_rustc_dev_rlib.patch",
|
|
],
|
|
strip = 1,
|
|
)
|
|
use_repo(rules_rust, "rules_rust")
|
|
|
|
nightly_rust = use_extension(
|
|
"@rules_rs//rs/experimental:rules_rust_reexported_extensions.bzl",
|
|
"rust",
|
|
)
|
|
nightly_rust.toolchain(
|
|
versions = ["nightly/2025-09-18"],
|
|
dev_components = True,
|
|
edition = "2024",
|
|
)
|
|
# Keep Windows exec tools on MSVC so Bazel helper binaries link correctly, but
|
|
# lint crate targets as `windows-gnullvm` to preserve the repo's actual cfgs.
|
|
nightly_rust.repository_set(
|
|
name = "rust_windows_x86_64",
|
|
dev_components = True,
|
|
edition = "2024",
|
|
exec_triple = "x86_64-pc-windows-msvc",
|
|
exec_compatible_with = [
|
|
"@platforms//cpu:x86_64",
|
|
"@platforms//os:windows",
|
|
"@rules_rs//rs/experimental/platforms/constraints:windows_msvc",
|
|
],
|
|
target_compatible_with = [
|
|
"@platforms//cpu:x86_64",
|
|
"@platforms//os:windows",
|
|
"@rules_rs//rs/experimental/platforms/constraints:windows_msvc",
|
|
],
|
|
target_triple = "x86_64-pc-windows-msvc",
|
|
versions = ["nightly/2025-09-18"],
|
|
)
|
|
nightly_rust.repository_set(
|
|
name = "rust_windows_x86_64",
|
|
target_compatible_with = [
|
|
"@platforms//cpu:x86_64",
|
|
"@platforms//os:windows",
|
|
"@rules_rs//rs/experimental/platforms/constraints:windows_gnullvm",
|
|
],
|
|
target_triple = "x86_64-pc-windows-gnullvm",
|
|
)
|
|
use_repo(nightly_rust, "rust_toolchains")
|
|
|
|
toolchains = use_extension("@rules_rs//rs/experimental/toolchains:module_extension.bzl", "toolchains")
|
|
toolchains.toolchain(
|
|
edition = "2024",
|
|
version = "1.95.0",
|
|
)
|
|
use_repo(toolchains, "default_rust_toolchains")
|
|
|
|
register_toolchains("@default_rust_toolchains//:all")
|
|
register_toolchains("@rust_toolchains//:all")
|
|
|
|
crate = use_extension("@rules_rs//rs:extensions.bzl", "crate")
|
|
crate.from_cargo(
|
|
cargo_lock = "//codex-rs:Cargo.lock",
|
|
cargo_toml = "//codex-rs:Cargo.toml",
|
|
platform_triples = [
|
|
"aarch64-unknown-linux-gnu",
|
|
"aarch64-unknown-linux-musl",
|
|
"aarch64-apple-darwin",
|
|
# Keep both Windows ABIs in the generated Cargo metadata: the V8
|
|
# experiment still consumes release assets that only exist under the
|
|
# MSVC names while targeting the GNU toolchain.
|
|
"aarch64-pc-windows-msvc",
|
|
"aarch64-pc-windows-gnullvm",
|
|
"x86_64-unknown-linux-gnu",
|
|
"x86_64-unknown-linux-musl",
|
|
"x86_64-apple-darwin",
|
|
"x86_64-pc-windows-msvc",
|
|
"x86_64-pc-windows-gnullvm",
|
|
],
|
|
use_experimental_platforms = True,
|
|
)
|
|
crate.from_cargo(
|
|
name = "argument_comment_lint_crates",
|
|
cargo_lock = "//tools/argument-comment-lint:Cargo.lock",
|
|
cargo_toml = "//tools/argument-comment-lint:Cargo.toml",
|
|
platform_triples = [
|
|
"aarch64-unknown-linux-gnu",
|
|
"aarch64-unknown-linux-musl",
|
|
"aarch64-apple-darwin",
|
|
"aarch64-pc-windows-msvc",
|
|
"aarch64-pc-windows-gnullvm",
|
|
"x86_64-unknown-linux-gnu",
|
|
"x86_64-unknown-linux-musl",
|
|
"x86_64-apple-darwin",
|
|
"x86_64-pc-windows-msvc",
|
|
"x86_64-pc-windows-gnullvm",
|
|
],
|
|
use_experimental_platforms = True,
|
|
)
|
|
|
|
bazel_dep(name = "zstd", version = "1.5.7")
|
|
|
|
crate.annotation(
|
|
crate = "zstd-sys",
|
|
gen_build_script = "on",
|
|
patch_args = ["-p1"],
|
|
patches = [
|
|
"//patches:zstd-sys_windows_msvc_include_dirs.patch",
|
|
],
|
|
)
|
|
crate.annotation(
|
|
crate = "ring",
|
|
patch_args = ["-p1"],
|
|
patches = [
|
|
"//patches:ring_windows_msvc_include_dirs.patch",
|
|
],
|
|
)
|
|
crate.annotation(
|
|
build_script_env = {
|
|
"AWS_LC_SYS_NO_JITTER_ENTROPY": "1",
|
|
},
|
|
crate = "aws-lc-sys",
|
|
patch_args = ["-p1"],
|
|
patches = [
|
|
"//patches:aws-lc-sys_memcmp_check.patch",
|
|
"//patches:aws-lc-sys_windows_msvc_prebuilt_nasm.patch",
|
|
"//patches:aws-lc-sys_windows_msvc_memcmp_probe.patch",
|
|
],
|
|
)
|
|
|
|
crate.annotation(
|
|
# The build script only validates embedded source/version metadata.
|
|
crate = "rustc_apfloat",
|
|
gen_build_script = "off",
|
|
)
|
|
|
|
inject_repo(crate, "zstd")
|
|
use_repo(crate, "argument_comment_lint_crates")
|
|
|
|
bazel_dep(name = "bzip2", version = "1.0.8.bcr.3")
|
|
single_version_override(
|
|
module_name = "bzip2",
|
|
patch_strip = 1,
|
|
patches = [
|
|
"//patches:bzip2_windows_stack_args.patch",
|
|
],
|
|
)
|
|
|
|
crate.annotation(
|
|
crate = "bzip2-sys",
|
|
gen_build_script = "off",
|
|
deps = ["@bzip2//:bz2"],
|
|
)
|
|
|
|
inject_repo(crate, "bzip2")
|
|
|
|
bazel_dep(name = "zlib", version = "1.3.1.bcr.8")
|
|
|
|
crate.annotation(
|
|
crate = "libz-sys",
|
|
gen_build_script = "on",
|
|
)
|
|
|
|
inject_repo(crate, "zlib")
|
|
|
|
bazel_dep(name = "xz", version = "5.4.5.bcr.8")
|
|
single_version_override(
|
|
module_name = "xz",
|
|
patch_strip = 1,
|
|
patches = [
|
|
"//patches:xz_windows_stack_args.patch",
|
|
],
|
|
)
|
|
|
|
crate.annotation(
|
|
crate = "lzma-sys",
|
|
gen_build_script = "off",
|
|
deps = ["@xz//:lzma"],
|
|
)
|
|
|
|
bazel_dep(name = "openssl", version = "3.5.4.bcr.0")
|
|
|
|
inject_repo(crate, "xz")
|
|
|
|
crate.annotation(
|
|
# Build scripts compile in Bazel's exec configuration, so target-specific
|
|
# optional build deps are otherwise dropped for the musl release platforms.
|
|
build_script_deps = [
|
|
"@crates//:openssl-src-300.5.5+3.5.5",
|
|
],
|
|
build_script_data = [
|
|
"@openssl//:gen_dir",
|
|
],
|
|
build_script_env = {
|
|
"OPENSSL_DIR": "$(execpath @openssl//:gen_dir)",
|
|
"OPENSSL_NO_VENDOR": "1",
|
|
"OPENSSL_STATIC": "1",
|
|
},
|
|
crate = "openssl-sys",
|
|
data = ["@openssl//:gen_dir"],
|
|
gen_build_script = "on",
|
|
)
|
|
|
|
inject_repo(crate, "openssl")
|
|
|
|
crate.annotation(
|
|
crate = "runfiles",
|
|
workspace_cargo_toml = "rust/runfiles/Cargo.toml",
|
|
)
|
|
|
|
http_archive = use_repo_rule("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
|
|
http_file = use_repo_rule("@bazel_tools//tools/build_defs/repo:http.bzl", "http_file")
|
|
new_local_repository = use_repo_rule("@bazel_tools//tools/build_defs/repo:local.bzl", "new_local_repository")
|
|
|
|
include("//bazel/modules:wine.MODULE.bazel")
|
|
|
|
new_local_repository(
|
|
name = "v8_targets",
|
|
build_file = "//third_party/v8:BUILD.bazel",
|
|
path = "third_party/v8",
|
|
)
|
|
|
|
crate.annotation(
|
|
build_script_data = [
|
|
"@v8_targets//:rusty_v8_archive_for_target",
|
|
"@v8_targets//:rusty_v8_binding_for_target",
|
|
],
|
|
build_script_env = {
|
|
"RUSTY_V8_ARCHIVE": "$(execpath @v8_targets//:rusty_v8_archive_for_target)",
|
|
"RUSTY_V8_SRC_BINDING_PATH": "$(execpath @v8_targets//:rusty_v8_binding_for_target)",
|
|
},
|
|
crate = "v8",
|
|
# Keep the Rust feature aligned with the source-built Bazel artifacts.
|
|
# Windows MSVC still consumes upstream non-sandboxed prebuilts.
|
|
crate_features_select = {
|
|
"aarch64-apple-darwin": ["v8_enable_sandbox"],
|
|
"aarch64-pc-windows-gnullvm": ["v8_enable_sandbox"],
|
|
"aarch64-unknown-linux-gnu": ["v8_enable_sandbox"],
|
|
"aarch64-unknown-linux-musl": ["v8_enable_sandbox"],
|
|
"x86_64-apple-darwin": ["v8_enable_sandbox"],
|
|
"x86_64-pc-windows-gnullvm": ["v8_enable_sandbox"],
|
|
"x86_64-unknown-linux-gnu": ["v8_enable_sandbox"],
|
|
"x86_64-unknown-linux-musl": ["v8_enable_sandbox"],
|
|
},
|
|
gen_build_script = "on",
|
|
patch_args = ["-p1"],
|
|
patches = [
|
|
"//patches:rusty_v8_prebuilt_out_dir.patch",
|
|
],
|
|
)
|
|
|
|
inject_repo(crate, "v8_targets")
|
|
|
|
llvm = use_extension("@llvm//extensions:llvm.bzl", "llvm")
|
|
use_repo(llvm, "llvm-project")
|
|
|
|
crate.annotation(
|
|
# Provide the hermetic SDK path so the build script doesn't try to invoke an unhermetic `xcrun --show-sdk-path`.
|
|
build_script_data = [
|
|
"@macos_sdk//sysroot",
|
|
],
|
|
build_script_env = {
|
|
"BINDGEN_EXTRA_CLANG_ARGS": "-Xclang -internal-isystem -Xclang $(location @llvm//:builtin_resource_dir)/include",
|
|
"COREAUDIO_SDK_PATH": "$(location @macos_sdk//sysroot)",
|
|
"LIBCLANG_PATH": "$(location @llvm-project//clang:libclang_interface_output)",
|
|
},
|
|
build_script_tools = [
|
|
"@llvm-project//clang:libclang_interface_output",
|
|
"@llvm//:builtin_resource_dir",
|
|
],
|
|
crate = "coreaudio-sys",
|
|
gen_build_script = "on",
|
|
)
|
|
|
|
inject_repo(crate, "llvm", "llvm-project", "macos_sdk")
|
|
|
|
crate.annotation(
|
|
# Provide the hermetic SDK path so the build script doesn't try to invoke an unavailable `xcrun --show-sdk-path`.
|
|
build_script_data = [
|
|
"@macos_sdk//sysroot",
|
|
],
|
|
build_script_env = {
|
|
"WEBRTC_SYS_DARWIN_SDK_PATH": "$(location @macos_sdk//sysroot)",
|
|
"WEBRTC_SYS_LINK_OUT_DIR": "1",
|
|
},
|
|
crate = "webrtc-sys",
|
|
gen_build_script = "on",
|
|
patch_args = ["-p1"],
|
|
patches = [
|
|
"//patches:webrtc-sys_hermetic_darwin_sysroot.patch",
|
|
],
|
|
)
|
|
|
|
# Fix readme inclusions
|
|
crate.annotation(
|
|
crate = "windows-link",
|
|
patch_args = ["-p1"],
|
|
patches = [
|
|
"//patches:windows-link.patch",
|
|
],
|
|
)
|
|
|
|
bazel_dep(name = "alsa_lib", version = "1.2.9.bcr.4")
|
|
|
|
crate.annotation(
|
|
crate = "alsa-sys",
|
|
gen_build_script = "off",
|
|
deps = ["@alsa_lib"],
|
|
)
|
|
|
|
inject_repo(crate, "alsa_lib")
|
|
|
|
bazel_dep(name = "v8", version = "14.9.207.2")
|
|
archive_override(
|
|
module_name = "v8",
|
|
integrity = "sha256-tflbZE5srqal6leMxJjK/ZQtwpF96OMGJ6avd5lice4=",
|
|
patch_strip = 3,
|
|
patches = [
|
|
"//patches:v8_module_deps.patch",
|
|
"//patches:v8_bazel_rules.patch",
|
|
"//patches:v8_source_portability.patch",
|
|
],
|
|
strip_prefix = "v8-14.9.207.2",
|
|
urls = ["https://github.com/v8/v8/archive/refs/tags/14.9.207.2.tar.gz"],
|
|
)
|
|
|
|
http_archive(
|
|
name = "v8_crate_146_4_0",
|
|
build_file = "//third_party/v8:v8_crate.BUILD.bazel",
|
|
sha256 = "d97bcac5cdc5a195a4813f1855a6bc658f240452aac36caa12fd6c6f16026ab1",
|
|
strip_prefix = "v8-146.4.0",
|
|
type = "tar.gz",
|
|
urls = ["https://static.crates.io/crates/v8/v8-146.4.0.crate"],
|
|
)
|
|
|
|
http_archive(
|
|
name = "v8_crate_149_2_0",
|
|
build_file = "//third_party/v8:v8_crate.BUILD.bazel",
|
|
sha256 = "46dccf61a364b61bbaac70a8ba64a1a1006e87123b7d62eaeec999a3ba31ecdb",
|
|
strip_prefix = "v8-149.2.0",
|
|
type = "tar.gz",
|
|
urls = ["https://static.crates.io/crates/v8/v8-149.2.0.crate"],
|
|
)
|
|
|
|
git_repository = use_repo_rule("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository")
|
|
|
|
git_repository(
|
|
name = "rusty_v8_libcxx",
|
|
build_file = "//third_party/v8:libcxx.BUILD.bazel",
|
|
commit = "99457fa555797f8c5ac3c076ca288d8481d3b23a",
|
|
remote = "https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxx.git",
|
|
)
|
|
|
|
git_repository(
|
|
name = "rusty_v8_libcxxabi",
|
|
build_file = "//third_party/v8:libcxxabi.BUILD.bazel",
|
|
commit = "8f11bb1d4438d0239d0dfc1bd9456a9f31629dda",
|
|
remote = "https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi.git",
|
|
)
|
|
|
|
git_repository(
|
|
name = "rusty_v8_llvm_libc",
|
|
build_file = "//third_party/v8:llvm_libc.BUILD.bazel",
|
|
commit = "cb952785ccee13811f293f3c419958d1e3ddafbf",
|
|
remote = "https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libc.git",
|
|
)
|
|
|
|
http_file(
|
|
name = "rusty_v8_149_2_0_aarch64_pc_windows_msvc_archive",
|
|
downloaded_file_path = "rusty_v8_release_aarch64-pc-windows-msvc.lib.gz",
|
|
sha256 = "923f2b6ccdc14526b814e171e34c9aafd7969f12304948857c6696d022f0fb3c",
|
|
urls = [
|
|
"https://github.com/denoland/rusty_v8/releases/download/v149.2.0/rusty_v8_release_aarch64-pc-windows-msvc.lib.gz",
|
|
],
|
|
)
|
|
|
|
http_file(
|
|
name = "rusty_v8_149_2_0_x86_64_pc_windows_msvc_archive",
|
|
downloaded_file_path = "rusty_v8_release_x86_64-pc-windows-msvc.lib.gz",
|
|
sha256 = "12b5a791b54e92f748738ad8d0d12dad8d281a2d836638ad1aa6678e3b855d9a",
|
|
urls = [
|
|
"https://github.com/denoland/rusty_v8/releases/download/v149.2.0/rusty_v8_release_x86_64-pc-windows-msvc.lib.gz",
|
|
],
|
|
)
|
|
|
|
use_repo(crate, "crates")
|
|
|
|
bazel_dep(name = "libcap", version = "2.27.bcr.1")
|
|
|
|
rbe_platform_repository = use_repo_rule("//:rbe.bzl", "rbe_platform_repository")
|
|
|
|
rbe_platform_repository(
|
|
name = "rbe_platform",
|
|
)
|