diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml index 9d431eec6b3a42..335df6b24bd7bb 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.yml +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -1,12 +1,18 @@ -name: Bug Report +name: Bug report description: File a bug report +labels: ["type: bug", "untriaged"] +assignees: + - pavank1992 + - sgowroji body: - type: markdown attributes: value: > **Attention:** if this is a _question_ about how to build / test / query / deploy using - Bazel, or a _discussion starter_, send it to bazel-discuss@googlegroups.com or discuss on - [Bazel Slack](https://slack.bazel.build/) instead! + Bazel, or a _discussion starter_, please start a new thread at Bazel's + [GitHub Discussions](https://github.com/bazelbuild/bazel/discussions), send it to + bazel-discuss@googlegroups.com, or discuss on [Bazel Slack](https://slack.bazel.build/) + instead! - type: textarea id: desc attributes: @@ -40,6 +46,17 @@ body: label: > What's the output of `git remote get-url origin; git rev-parse master; git rev-parse HEAD` ? render: text + - type: textarea + id: bisect + attributes: + label: > + Is this a regression? If yes, please try to identify the Bazel commit where the bug was + introduced. + description: > + If the problem is specific to the most recent release or the Bazel@HEAD version and it + doesn't occur in earlier versions, you can use the `bazelisk --bisect=..` + command to identify the specific version or commit where the issue was introduced. For more + information, visit https://github.com/bazelbuild/bazelisk#--bisect. - type: textarea id: relevant-info attributes: diff --git a/.github/ISSUE_TEMPLATE/doc_issue.yml b/.github/ISSUE_TEMPLATE/doc_issue.yml new file mode 100644 index 00000000000000..ff69ef3954e778 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/doc_issue.yml @@ -0,0 +1,26 @@ +name: Documentation issue +description: File a documentation issue (through bazel.build's "report an issue" button) +labels: ["type: documentation (cleanup)", "untriaged", "team-Documentation"] +assignees: + - pavank1992 + - sgowroji +body: + - type: input + id: link + attributes: + label: > + Page link: + - type: textarea + id: desc + attributes: + label: > + Problem description (include actual vs expected text, if applicable): + - type: textarea + id: location + attributes: + label: > + Where do you see this issue? (include link to specific section of the page, if applicable) + - type: textarea + id: extras + attributes: + label: Any other information you'd like to share? diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml index 760dc00a075384..8dcd4648533767 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.yml +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -1,12 +1,18 @@ -name: Feature Request +name: Feature request description: Suggest a new feature +labels: ["type: feature request", "untriaged"] +assignees: + - pavank1992 + - sgowroji body: - type: markdown attributes: value: > **Attention:** if this is a _question_ about how to build / test / query / deploy using - Bazel, or a _discussion starter_, send it to bazel-discuss@googlegroups.com or discuss on - [Bazel Slack](https://slack.bazel.build/) instead! + Bazel, or a _discussion starter_, please start a new thread at Bazel's + [GitHub Discussions](https://github.com/bazelbuild/bazel/discussions), send it to + bazel-discuss@googlegroups.com, or discuss on [Bazel Slack](https://slack.bazel.build/) + instead! - type: textarea id: desc attributes: diff --git a/.github/ISSUE_TEMPLATE/mirror_request.yml b/.github/ISSUE_TEMPLATE/mirror_request.yml index 3fd13b1bd486a9..5521cf18d9f937 100644 --- a/.github/ISSUE_TEMPLATE/mirror_request.yml +++ b/.github/ISSUE_TEMPLATE/mirror_request.yml @@ -1,17 +1,19 @@ name: Mirror request description: Request to add new archives to mirror.bazel.build labels: ["mirror request", "type: process", "P2", "team-OSS"] +assignees: + - sgowroji + - pavank1992 title: "[Mirror] " body: - type: markdown attributes: value: > - **Attention:** if the archive you're trying to mirror is a GitHub release archive, - please use URLs of the form `https://github.com/$USER/$REPO/archive/refs/tags/$TAG`, - instead of the form without the `refs/tags/` part. The latter is *not* guaranteed to - have a stable hash (see - https://github.com/bazel-contrib/SIG-rules-authors/issues/11#issuecomment-1029861300 - for more details). + **Attention:** if the archive you're trying to mirror is from GitHub, + please use URLs in the form of `https://github.com/$USER/$REPO/releases/download/...` if available. + If you are the project maintainer, you should create and upload such an release archive. + GitHub doesn't guarantee a stable checksum of source archives in the form of `https://github.com///archive/...`, which are generated on demand. + Check [GitHub Archive Checksum Outage](https://blog.bazel.build/2023/02/15/github-archive-checksum.html) for more details. - type: textarea id: urls attributes: diff --git a/.github/ISSUE_TEMPLATE/release.md b/.github/ISSUE_TEMPLATE/release.md index 8615c438fdff66..d70f193db62722 100644 --- a/.github/ISSUE_TEMPLATE/release.md +++ b/.github/ISSUE_TEMPLATE/release.md @@ -1,32 +1,31 @@ --- name: 'Release issue (For release managers only)' about: Communicate the progress of a release -title: 'Release X.Y - $MONTH $YEAR' +title: 'Release X.Y.Z - $MONTH $YEAR' labels: ['release','team-OSS','P1','type: process'] --- -# Status of Bazel X.Y +# Status of Bazel X.Y.Z - -- Target baseline: [date] +- Expected first release candidate date: [date] - Expected release date: [date] - [List of release blockers](link-to-milestone) To report a release-blocking bug, please add a comment with the text `@bazel-io flag` to the issue. A release manager will triage it and add it to the milestone. -To cherry-pick a mainline commit into X.Y, simply send a PR against the `release-X.Y.0` branch. +To cherry-pick a mainline commit into X.Y.Z, simply send a PR against the `release-X.Y.Z` branch. -Task list: +**Task list:** - + -- [ ] Pick release baseline: -- [ ] Create release candidate: -- [ ] Check downstream projects: -- [ ] [Create draft release announcement](https://docs.google.com/document/d/1wDvulLlj4NAlPZamdlEVFORks3YXJonCjyuQMUQEmB0/edit) -- [ ] Send for review the release announcement PR: -- [ ] Push the release, notify package maintainers: +- [ ] Pick release baseline: [link to base commit] +- [ ] Create release candidate: X.Y.Zrc1 +- [ ] Check downstream projects +- [ ] Create [draft release announcement](https://docs.google.com/document/d/1pu2ARPweOCTxPsRR8snoDtkC9R51XWRyBXeiC6Ql5so/edit) +- [ ] Send the release announcement PR for review: [link to bazel-blog PR] +- [ ] Push the release and notify package maintainers: [link to comment notifying package maintainers] - [ ] Update the documentation -- [ ] Push the blog post +- [ ] Push the blog post: [link to blog post] - [ ] Update the [release page](https://github.com/bazelbuild/bazel/releases/) diff --git a/.github/labeler.yml b/.github/labeler.yml new file mode 100644 index 00000000000000..45f60bce5965dd --- /dev/null +++ b/.github/labeler.yml @@ -0,0 +1,90 @@ +# Based on paths provided in the CODEOWNERS file + +# Add 'awaiting-review' to any PR opened +awaiting-review: +- '**/*' + +team-ExternalDeps: +- src/main/java/com/google/devtools/build/lib/bazel/bzlmod/**/* +- src/test/java/com/google/devtools/build/lib/bazel/bzlmod/**/* +- src/test/py/bazel/bzlmod/**/* +- src/main/java/com/google/devtools/build/lib/bazel/repository/**/* +- src/test/java/com/google/devtools/build/lib/bazel/repository/**/* + +team-Documentation: +- site/**/* + +team-Remote-Exec: +- src/main/java/com/google/devtools/build/lib/remote/**/* +- src/test/java/com/google/devtools/build/lib/remote/**/* +- src/test/py/bazel/remote/**/* +- src/test/shell/bazel/remote/**/* +- src/tools/remote/**/* +- third_party/remoteapis/build/bazel/remote/**/* + +team-Rules-Python: +- src/main/java/com/google/devtools/build/lib/bazel/rules/python/**/* +- src/main/java/com/google/devtools/build/lib/rules/python/**/* + +team-Rules-Java: +- src/java_tools/**/* +- src/main/java/com/google/devtools/build/lib/rules/java/**/* +- src/test/java/com/google/devtools/build/lib/rules/java/**/* +- src/tools/singlejar/**/* +- tools/java/**/* +- tools/jdk/**/* + +team-Android: +- src/tools/android/java/com/google/devtools/build/android/**/* +- src/test/java/com/google/devtools/build/android/**/* +- src/test/shell/bazel/android/**/* + +team-Configurability: +- src/main/java/com/google/devtools/build/lib/analysis/**/* +- src/test/java/com/google/devtools/build/lib/analysis/**/* +- src/main/java/com/google/devtools/build/lib/query2/cquery/**/* +- src/test/java/com/google/devtools/build/lib/query2/cquery/**/* +- src/main/java/com/google/devtools/build/lib/rules/platform/**/* +- src/test/java/com/google/devtools/build/lib/rules/platform/**/* +- tools/platforms/**/* + +team-Performance: +- src/main/java/com/google/devtools/build/lib/profiler/**/* +- src/main/java/com/google/devtools/build/lib/query2/aquery/**/* +- src/main/java/com/google/devtools/build/lib/query2/query/**/* +- src/main/java/com/google/devtools/build/lib/metrics/**/* +- src/main/java/com/google/devtools/build/lib/actions/**/* +- src/main/protobuf/analysis_v2.proto + +team-CLI: +- src/main/java/com/google/devtools/build/lib/runtime/UiStateTracker.java +- src/main/java/com/google/devtools/build/lib/runtime/UiEventHandler.java +- src/main/java/com/google/devtools/build/lib/runtime/SkymeldUiStateTracker.java + +team-Local-Exec: +- src/main/java/com/google/devtools/build/lib/sandbox/**/* +- src/main/java/com/google/devtools/build/lib/worker/**/* +- src/main/java/com/google/devtools/build/lib/dynamic/**/* + +team-Rules-CPP: +- tools/cpp/**/* +- src/test/java/com/google/devtools/build/lib/rules/cpp/**/* +- src/main/java/com/google/devtools/build/lib/rules/cpp/**/* + +# team-Bazel + +# team-OSS + +# team-Rules-Server + +# team-Starlark-Interpreter + +# team-Starlark-Integration + +# team-Rules-API + +# team-Loading-API + +# team-Rules-ObjC + +# team-Core \ No newline at end of file diff --git a/.github/stale.yml b/.github/stale.yml deleted file mode 100644 index f9ccf637d543e0..00000000000000 --- a/.github/stale.yml +++ /dev/null @@ -1,21 +0,0 @@ -# Number of days of inactivity before an Issue becomes stale -daysUntilStale: 14 -# Number of days of inactivity before a stale Issue is closed -daysUntilClose: 14 -# Only issues with all of these labels are checked if stale. Defaults to `[]` (disabled) -onlyLabels: - - awaiting-user-response -# Comment to post when marking as stale. Set to `false` to disable -markComment: > - This issue has been automatically marked as stale because it has no - recent activity. It will be closed if no further activity occurs. Thank you. -# Comment to post when removing the stale label. Set to `false` to disable -unmarkComment: false -closeComment: > - Closing as stale. Please reopen if you'd like to work on this further. -# Throttling how many GitHub API calls the bot makes. -# In practice, this helps repo maintainers by limiting the flood -# of notifications as the stale bot catches up with the repo. -limitPerRun: 30 -# Limit to only `issues` -only: issues diff --git a/.github/workflows/cherry-picker-on-close.yml b/.github/workflows/cherry-picker-on-close.yml new file mode 100644 index 00000000000000..31d9d6fbce40f4 --- /dev/null +++ b/.github/workflows/cherry-picker-on-close.yml @@ -0,0 +1,28 @@ +name: cherry-picker-on-close + +on: + pull_request: + # branches: [master] + types: [closed] + # push: + # branches: [ release_test, 'iancha_test[0-9]' ] + + +jobs: + cherry-picker-on-close: + # if: github.event.pusher.name == 'iancha1992' + # if: github.event.pull_request.merged == true + runs-on: ubuntu-latest + steps: + # - name: Harden Runner + # uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v2.3.1 + # with: + # egress-policy: audit + - name: Logging github event + run: echo '${{ toJSON(github.event) }}' | jq + - name: Run cherrypicker on close + uses: iancha1992/continuous-integration/actions/cherry-picker@feature-cherrypick + with: + token: ${{ secrets.BAZEL_IO_TOKEN }} + triggered-on: closed + pr-number: ${{ github.event.number }} diff --git a/.github/workflows/cherry-picker-on-comment.yml b/.github/workflows/cherry-picker-on-comment.yml new file mode 100644 index 00000000000000..13847b45d61087 --- /dev/null +++ b/.github/workflows/cherry-picker-on-comment.yml @@ -0,0 +1,23 @@ +name: cherry-picker-on-comment + +on: + issues: + types: [milestoned] + +jobs: + cherry-picker-on-comment: + if: startsWith(github.event.issue.body, 'Forked from') && (github.event.issue.user.login == 'iancha1992') + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v2.3.1 + with: + egress-policy: audit + - name: Logging github event + run: echo '${{ toJSON(github.event) }}' | jq + - name: Run cherrypicker on comment + uses: iancha1992/continuous-integration/actions/cherry-picker@feature-cherrypick + with: + token: ${{ secrets.BAZEL_IO_TOKEN }} + triggered-on: commented + pr-number: ${{ github.event.issue.body }} diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml new file mode 100644 index 00000000000000..60accf09d0b9d5 --- /dev/null +++ b/.github/workflows/labeler.yml @@ -0,0 +1,25 @@ +name: "PR Labeler" + +on: + pull_request_target: + types: ["opened", "reopened", "ready_for_review"] + +permissions: + contents: read + +jobs: + triage: + permissions: + contents: read + pull-requests: write + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v2.3.1 + with: + egress-policy: audit + - name: Logging github event + run: echo '${{ toJSON(github.event.pull_request.user.login) }}' | jq + + - uses: actions/labeler@ba790c862c380240c6d5e7427be5ace9a05c754b # v4.0.3 + if: ${{ github.event.pull_request.draft == false && github.event.pull_request.user.login != 'iancha1992'}} diff --git a/.github/workflows/release-helper.yml b/.github/workflows/release-helper.yml index 44a6bf9dd30b69..226c4bb0715965 100644 --- a/.github/workflows/release-helper.yml +++ b/.github/workflows/release-helper.yml @@ -2,6 +2,9 @@ name: release-helper on: issue_comment: types: [created, edited] +permissions: + contents: read + jobs: release-helper: if: startsWith(github.event.comment.body, '@bazel-io ') @@ -9,7 +12,12 @@ jobs: permissions: issues: write steps: + - name: Harden Runner + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v2.3.1 + with: + egress-policy: audit + - name: Run helper - uses: bazelbuild/continuous-integration/actions/release-helper@master + uses: iancha1992/continuous-integration/actions/release-helper@release_test # master with: token: ${{ secrets.BAZEL_IO_TOKEN }} diff --git a/.github/workflows/remove-labels.yml b/.github/workflows/remove-labels.yml new file mode 100644 index 00000000000000..3cf55784860e22 --- /dev/null +++ b/.github/workflows/remove-labels.yml @@ -0,0 +1,23 @@ +name: Remove PR Labels + +on: + pull_request_target: + types: ["closed"] + +jobs: + remove-label: + permissions: + contents: read + pull-requests: write + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v2.3.1 + with: + egress-policy: audit + + - uses: actions-ecosystem/action-remove-labels@v1 + with: + labels: | + awaiting-pr-merge + awaiting-review \ No newline at end of file diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml new file mode 100644 index 00000000000000..e1d7dc11db6383 --- /dev/null +++ b/.github/workflows/scorecard.yml @@ -0,0 +1,77 @@ +# This workflow uses actions that are not certified by GitHub. They are provided +# by a third-party and are governed by separate terms of service, privacy +# policy, and support documentation. + +name: Scorecard supply-chain security +on: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained + schedule: + - cron: '18 9 * * 4' + push: + branches: [ "master" ] + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Needed to publish results and get a badge (see publish_results below). + id-token: write + # Uncomment the permissions below if installing in a private repository. + # contents: read + # actions: read + + steps: + - name: Harden Runner + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v2.3.1 + with: + egress-policy: audit + + - name: "Checkout code" + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 + with: + results_file: results.sarif + results_format: sarif + # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: + # - you want to enable the Branch-Protection check on a *public* repository, or + # - you are installing Scorecard on a *private* repository + # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. + # repo_token: ${{ secrets.SCORECARD_TOKEN }} + + # Public repositories: + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories: + # - `publish_results` will always be set to `false`, regardless + # of the value entered here. + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard. + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4 + with: + sarif_file: results.sarif diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 00000000000000..5fcb5010d3c568 --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,63 @@ +# This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time. +# +# You can adjust the behavior by modifying this file. +# For more information, see: +# https://github.com/actions/stale +name: Mark stale issues and pull requests + +on: + workflow_dispatch: + schedule: + - cron: '0 1 * * *' + +permissions: + contents: read + +jobs: + stale: + permissions: + issues: write + pull-requests: write + name: Track and close stale issues/PRs + runs-on: ubuntu-latest + + steps: + - name: Harden Runner + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v2.3.1 + with: + egress-policy: audit + + - name: Track and close stale issues/PRs + uses: actions/stale@f7176fd3007623b69d27091f9b9d4ab7995f0a06 # v5.2.1 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + days-before-issue-stale: 430 + days-before-pr-stale: 430 + days-before-issue-close: 90 + days-before-pr-close: 90 + stale-issue-message: > + Thank you for contributing to the Bazel repository! + This issue has been marked as stale since it has not had any activity in the last 1+ years. It will be closed in the next 90 + days unless any other activity occurs or one of the following labels is added: "not stale", "awaiting-bazeler". Please reach out + to the triage team (`@bazelbuild/triage`) if you think this issue is still relevant or you are interested in getting the + issue resolved. + close-issue-message: > + This issue has been automatically closed due to inactivity. If you're still interested in pursuing this, please reach out + to the triage team (`@bazelbuild/triage`). Thanks! + stale-pr-message: > + Thank you for contributing to the Bazel repository! + This pull request has been marked as stale since it has not had any activity in the last 1+ years. It will be closed in the next + 90 days unless any other activity occurs or one of the following labels is added: "not stale", "awaiting-review", "awaiting-PR-merge". + Please reach out to the triage team (`@bazelbuild/triage`) if you think this PR is still relevant or you are interested in getting the + PR merged. + close-pr-message: > + This pull request has been automatically closed due to inactivity. If you're still interested in pursuing this, please reach out + to the triage team (`@bazelbuild/triage`). Thanks! + stale-issue-label: 'stale' + exempt-issue-labels: 'not stale,awaiting-bazeler,untriaged,P0,P1,P2,good first issue,help wanted' + close-issue-reason: "not_planned" + stale-pr-label: 'stale' + exempt-pr-labels: 'not stale,awaiting-review,awaiting-PR-merge,P0,P1,P2' + exempt-draft-pr: true + operations-per-run: 500 + ascending: true diff --git a/.github/workflows/test.txt b/.github/workflows/test.txt new file mode 100644 index 00000000000000..e69de29bb2d1d6 diff --git a/README.md b/README.md index de903d6ff3c3f9..28a9e746ffcae7 100644 --- a/README.md +++ b/README.md @@ -56,3 +56,6 @@ disclosure timeline. See [CONTRIBUTING.md](CONTRIBUTING.md) [![Build status](https://badge.buildkite.com/1fd282f8ad98c3fb10758a821e5313576356709dd7d11e9618.svg?status=master)](https://buildkite.com/bazel/bazel-bazel) +a +b +c