carverauto/serviceradar

Fork 0

Bazel/intro #2227

Merged

mfreeman451 merged 23 commits from refs/pull/2227/head into main

2025-09-19 01:57:10 +00:00

mfreeman451 commented

2025-09-18 04:20:19 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #1646
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/1646
Original created: 2025-09-18T04:20:19Z
Original updated: 2025-09-19T01:57:18Z
Original head: carverauto/serviceradar:bazel/intro
Original base: main
Original merged: 2025-09-19T01:57:10Z by @mfreeman451

PR Type

Enhancement

Description

Initialize Bazel build system for monorepo migration
Configure multi-language toolchains (Go, Rust, Node.js, OCaml)
Set up remote caching and build configuration
Add comprehensive implementation plan documentation

Diagram Walkthrough

flowchart LR
  A["Implementation Plan"] --> B["Bazel Configuration"]
  B --> C["Go Toolchain"]
  B --> D["Rust Toolchain"]
  B --> E["Node.js Toolchain"]
  B --> F["OCaml Toolchain"]
  C --> G["Build Tools"]
  D --> G
  E --> G
  F --> G

File Walkthrough

Relevant files

Documentation

2 files

bazel_implementation_plan.md `Comprehensive Bazel migration roadmap and strategy`	+130/-0
README.md `Documentation for Bazel tooling helpers`	+11/-0

Configuration changes

7 files

MODULE.bazel `Multi-language toolchain and dependency configuration`	+138/-0
.bazelrc `Global build and test configuration settings`	+31/-0
WORKSPACE.bazel `Minimal workspace configuration with bzlmod reference`	+4/-0
BUILD.bazel `Placeholder build file for Next.js app`	+5/-0
.npmrc `NPM registry configuration for Bazel integration`	+2/-1
BUILD.bazel `Root package placeholder build file`	+1/-0
.bazelversion `Pin Bazel version to 8.4.1`	+1/-0

Enhancement

1 files

bazel
Bazelisk wrapper script for repository commands +7/-0

Additional files

1 files

pnpm-lock.yaml

+4615/-0

Imported from GitHub pull request. Original GitHub pull request: #1646 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/1646 Original created: 2025-09-18T04:20:19Z Original updated: 2025-09-19T01:57:18Z Original head: carverauto/serviceradar:bazel/intro Original base: main Original merged: 2025-09-19T01:57:10Z by @mfreeman451 --- ### **PR Type** Enhancement ___ ### **Description** - Initialize Bazel build system for monorepo migration - Configure multi-language toolchains (Go, Rust, Node.js, OCaml) - Set up remote caching and build configuration - Add comprehensive implementation plan documentation ___ ### Diagram Walkthrough ```mermaid flowchart LR A["Implementation Plan"] --> B["Bazel Configuration"] B --> C["Go Toolchain"] B --> D["Rust Toolchain"] B --> E["Node.js Toolchain"] B --> F["OCaml Toolchain"] C --> G["Build Tools"] D --> G E --> G F --> G ``` <details> <summary><h3> File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Documentation</strong></td><td><details><summary>2 files</summary><table> <tr> <td><strong>bazel_implementation_plan.md</strong><dd><code>Comprehensive Bazel migration roadmap and strategy</code>              </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1646/files#diff-d5238d7315f2485aa072f2dd0eabaec82e13a5e564bbaf40219dee882e0687e6">+130/-0</a>  </td> </tr> <tr> <td><strong>README.md</strong><dd><code>Documentation for Bazel tooling helpers</code>                                    </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1646/files#diff-370c960b9b12d1a1eb11d17a35a17a8bdc54aee370c15db36ef539994054788e">+11/-0</a>    </td> </tr> </table></details></td></tr><tr><td><strong>Configuration changes</strong></td><td><details><summary>7 files</summary><table> <tr> <td><strong>MODULE.bazel</strong><dd><code>Multi-language toolchain and dependency configuration</code>        </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1646/files#diff-6136fc12446089c3db7360e923203dd114b6a1466252e71667c6791c20fe6bdc">+138/-0</a>  </td> </tr> <tr> <td><strong>.bazelrc</strong><dd><code>Global build and test configuration settings</code>                          </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1646/files#diff-544556920c45b42cbfe40159b082ce8af6bd929e492d076769226265f215832f">+31/-0</a>    </td> </tr> <tr> <td><strong>WORKSPACE.bazel</strong><dd><code>Minimal workspace configuration with bzlmod reference</code>        </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1646/files#diff-c1cd91dcb8c0e4d98df4a71cadc376c93c59cab9a9c30b742695ec7f87647bf5">+4/-0</a>      </td> </tr> <tr> <td><strong>BUILD.bazel</strong><dd><code>Placeholder build file for Next.js app</code>                                      </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1646/files#diff-1d59088f07bd1569a5a928ec3d13f6a85f7277c23483e5b7fa05a12d5fcaa394">+5/-0</a>      </td> </tr> <tr> <td><strong>.npmrc</strong><dd><code>NPM registry configuration for Bazel integration</code>                  </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1646/files#diff-586bd717b47ee72437b28aa702285175e654e2dec291e946834964cf753f0d98">+2/-1</a>      </td> </tr> <tr> <td><strong>BUILD.bazel</strong><dd><code>Root package placeholder build file</code>                                            </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1646/files#diff-7fc57714ef13c3325ce2a1130202edced92fcccc0c6db34a72f7b57f60d552a3">+1/-0</a>      </td> </tr> <tr> <td><strong>.bazelversion</strong><dd><code>Pin Bazel version to 8.4.1</code>                                                              </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1646/files#diff-c3633fb973fb6f3cf898f53da86fa77e9310338a7c2933143709d5e226f05f75">+1/-0</a>      </td> </tr> </table></details></td></tr><tr><td><strong>Enhancement</strong></td><td><details><summary>1 files</summary><table> <tr> <td><strong>bazel</strong><dd><code>Bazelisk wrapper script for repository commands</code>                    </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1646/files#diff-a93512a96f59705d6d94444b257a757158130b0dac6828a8dc77900fed2f87f9">+7/-0</a>      </td> </tr> </table></details></td></tr><tr><td><strong>Additional files</strong></td><td><details><summary>1 files</summary><table> <tr> <td><strong>pnpm-lock.yaml</strong></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1646/files#diff-f11bfba22b3604b3a7b52e44e10f4eae265b030b5682714833ba689eda12a27b">+4615/-0</a></td> </tr> </table></details></td></tr></tr></tbody></table> </details> ___

qodo-code-review[bot] commented

2025-09-18 04:20:54 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1646#issuecomment-3305368441
Original created: 2025-09-18T04:20:54Z

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review

Toolchain Registration

Node.js toolchains are explicitly registered for multiple targets; ensure these labels exist for the selected rules_nodejs version and that only the correct toolchain targets (not both target and toolchain labels) are registered to avoid duplicate or invalid toolchain registrations across platforms.

register_toolchains(
    "@nodejs_toolchains//:darwin_amd64_toolchain_target",
    "@nodejs_toolchains//:darwin_amd64_toolchain",
    "@nodejs_toolchains//:darwin_arm64_toolchain_target",
    "@nodejs_toolchains//:darwin_arm64_toolchain",
    "@nodejs_toolchains//:linux_amd64_toolchain_target",
    "@nodejs_toolchains//:linux_amd64_toolchain",
    "@nodejs_toolchains//:linux_arm64_toolchain_target",
    "@nodejs_toolchains//:linux_arm64_toolchain",
)

Integrity Pinning

The archive_override for rules_ocaml pins a SHA256; verify the hash and source URL match the intended release and document why archive_override is needed to avoid supply-chain drift or mismatch when updating.

archive_override(
    module_name = "rules_ocaml",
    integrity = "sha256-tLySsR7GfBvk49b3kLRa8h0YYxAjKlHHzs1ox4BKVTI=",
    strip_prefix = "rules_ocaml-2.1.0",
    urls = [
        "https://github.com/obazl/rules_ocaml/archive/refs/tags/2.1.0.tar.gz",
    ],
)

bazel_dep(name = "rules_ocaml", version = "2.1.0")

Lockfile Mismatch

The repo uses pnpm (pnpm-lock.yaml) for npm_translate_lock, but the BUILD exports package-lock.json; consider aligning to pnpm files only to prevent confusion and accidental divergence in dependency graphs.

# Temporary placeholder until Bazel targets for the Next.js app are added.
exports_files([
    "package.json",
    "package-lock.json",
])

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/1646#issuecomment-3305368441 Original created: 2025-09-18T04:20:54Z --- ## PR Reviewer Guide 🔍 Here are some key observations to aid the review process: <table> <tr><td>⏱️ <strong>Estimated effort to review</strong>: 2 🔵🔵⚪⚪⚪</td></tr> <tr><td>🧪 <strong>No relevant tests</strong></td></tr> <tr><td>🔒 <strong>No security concerns identified</strong></td></tr> <tr><td>⚡ <strong>Recommended focus areas for review</strong><br><br> <details><summary><a href='https://github.com/carverauto/serviceradar/pull/1646/files#diff-6136fc12446089c3db7360e923203dd114b6a1466252e71667c6791c20fe6bdcR111-R120'><strong>Toolchain Registration</strong></a> Node.js toolchains are explicitly registered for multiple targets; ensure these labels exist for the selected rules_nodejs version and that only the correct toolchain targets (not both target and toolchain labels) are registered to avoid duplicate or invalid toolchain registrations across platforms. </summary> ```txt register_toolchains( "@nodejs_toolchains//:darwin_amd64_toolchain_target", "@nodejs_toolchains//:darwin_amd64_toolchain", "@nodejs_toolchains//:darwin_arm64_toolchain_target", "@nodejs_toolchains//:darwin_arm64_toolchain", "@nodejs_toolchains//:linux_amd64_toolchain_target", "@nodejs_toolchains//:linux_amd64_toolchain", "@nodejs_toolchains//:linux_arm64_toolchain_target", "@nodejs_toolchains//:linux_arm64_toolchain", ) ``` </details> <details><summary><a href='https://github.com/carverauto/serviceradar/pull/1646/files#diff-6136fc12446089c3db7360e923203dd114b6a1466252e71667c6791c20fe6bdcR18-R27'><strong>Integrity Pinning</strong></a> The archive_override for rules_ocaml pins a SHA256; verify the hash and source URL match the intended release and document why archive_override is needed to avoid supply-chain drift or mismatch when updating. </summary> ```txt archive_override( module_name = "rules_ocaml", integrity = "sha256-tLySsR7GfBvk49b3kLRa8h0YYxAjKlHHzs1ox4BKVTI=", strip_prefix = "rules_ocaml-2.1.0", urls = [ "https://github.com/obazl/rules_ocaml/archive/refs/tags/2.1.0.tar.gz", ], ) bazel_dep(name = "rules_ocaml", version = "2.1.0") ``` </details> <details><summary><a href='https://github.com/carverauto/serviceradar/pull/1646/files#diff-1d59088f07bd1569a5a928ec3d13f6a85f7277c23483e5b7fa05a12d5fcaa394R1-R5'><strong>Lockfile Mismatch</strong></a> The repo uses pnpm (pnpm-lock.yaml) for npm_translate_lock, but the BUILD exports package-lock.json; consider aligning to pnpm files only to prevent confusion and accidental divergence in dependency graphs. </summary> ```txt # Temporary placeholder until Bazel targets for the Next.js app are added. exports_files([ "package.json", "package-lock.json", ]) ``` </details> </td></tr> </table>

qodo-code-review[bot] commented

2025-09-18 04:21:52 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1646#issuecomment-3305369720
Original created: 2025-09-18T04:21:52Z

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	✅ ~~Fix incorrect lockfile export~~ Suggestion Impact: The committed BUILD.bazel changes now reference pnpm-lock.yaml (included in data for nextjs_standalone_build) instead of package-lock.json, aligning with the suggestion’s intent to use pnpm-lock.yaml. code diff: `+ data = [ + ":node_modules", + "package.json", + "pnpm-lock.yaml", + "postcss.config.mjs", + "tailwind.config.ts", + "tsconfig.json", + ],` In `web/BUILD.bazel`, export `pnpm-lock.yaml` instead of `package-lock.json` to match the file referenced by the `npm_translate_lock` rule in `MODULE.bazel`. web/BUILD.bazel [2-5] `exports_files([ "package.json", - "package-lock.json", + "pnpm-lock.yaml", ])` `[Suggestion processed]` Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies a critical mismatch between the `pnpm-lock.yaml` file required by `npm_translate_lock` in `MODULE.bazel` and the `package-lock.json` file actually exported in `web/BUILD.bazel`, which would cause a build failure.	High
Possible issue	Simplify Node.js toolchain registration Simplify the Node.js toolchain registration by using the `@nodejs_toolchains//:all` target instead of explicitly listing each platform-specific toolchain. MODULE.bazel [111-120] `-register_toolchains( - "@nodejs_toolchains//:darwin_amd64_toolchain_target", - "@nodejs_toolchains//:darwin_amd64_toolchain", - "@nodejs_toolchains//:darwin_arm64_toolchain_target", - "@nodejs_toolchains//:darwin_arm64_toolchain", - "@nodejs_toolchains//:linux_amd64_toolchain_target", - "@nodejs_toolchains//:linux_amd64_toolchain", - "@nodejs_toolchains//:linux_arm64_toolchain_target", - "@nodejs_toolchains//:linux_arm64_toolchain", -) +register_toolchains("@nodejs_toolchains//:all")` Apply / Chat Suggestion importance[1-10]: 6 __ Why: The suggestion correctly identifies redundant toolchain registrations and proposes a simpler, more maintainable approach using the `:all` target, which is a standard Bazel practice.	Low
High-level	Defer Node.js dependency integration Defer the inclusion of `pnpm-lock.yaml` and the `npm_translate_lock` configuration. This is because no Bazel targets currently utilize these Node.js dependencies, and their inclusion adds unnecessary complexity to this initial setup PR. Examples: MODULE.bazel [124-132] `npm = use_extension("@aspect_rules_js//npm:extensions.bzl", "npm") npm.npm_translate_lock( name = "npm", dev = True, npmrc = "//web:.npmrc", pnpm_lock = "//web:pnpm-lock.yaml", root_package = "web", ) use_repo(npm, "npm")` web/pnpm-lock.yaml [1-4615] `lockfileVersion: '9.0' settings: autoInstallPeers: true excludeLinksFromLockfile: false importers: .: dependencies: ... (clipped 4605 lines)` Solution Walkthrough: Before: `# MODULE.bazel ... bazel_dep(name = "aspect_rules_js", version = "2.6.0") ... # --- npm dependency ingestion --- npm = use_extension("@aspect_rules_js//npm:extensions.bzl", "npm") npm.npm_translate_lock( name = "npm", pnpm_lock = "//web:pnpm-lock.yaml", ... ) use_repo(npm, "npm") # web/pnpm-lock.yaml # (A 4000+ line file is added to the repository)` After: `# MODULE.bazel ... bazel_dep(name = "aspect_rules_js", version = "2.6.0") ... # --- npm dependency ingestion --- # The npm_translate_lock call is removed for now. # It will be added back when Node.js targets are created. # web/pnpm-lock.yaml # (This file is removed from this PR and will be added later)` Suggestion importance[1-10]: 6 __ Why: The suggestion correctly identifies that including the large `pnpm-lock.yaml` and its processing is premature, as no Bazel targets use these Node.js dependencies yet, improving the PR's focus.	Low
Update

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/1646#issuecomment-3305369720 Original created: 2025-09-18T04:21:52Z --- ## PR Code Suggestions ✨  Explore these optional code suggestions: <table><thead><tr><td><strong>Category</strong></td><td align=left><strong>Suggestion                                                                                                                                    </strong></td><td align=center><strong>Impact</strong></td></tr><tbody><tr><td rowspan=2>Possible issue</td> <td> <details><summary>✅ <s>Fix incorrect lockfile export</s></summary> ___ <details><summary><b>Suggestion Impact:</b></summary>The committed BUILD.bazel changes now reference pnpm-lock.yaml (included in data for nextjs_standalone_build) instead of package-lock.json, aligning with the suggestion’s intent to use pnpm-lock.yaml. code diff: ```diff + data = [ + ":node_modules", + "package.json", + "pnpm-lock.yaml", + "postcss.config.mjs", + "tailwind.config.ts", + "tsconfig.json", + ], ``` </details> ___ **In <code>web/BUILD.bazel</code>, export <code>pnpm-lock.yaml</code> instead of <code>package-lock.json</code> to match <br>the file referenced by the <code>npm_translate_lock</code> rule in <code>MODULE.bazel</code>.** [web/BUILD.bazel [2-5]](https://github.com/carverauto/serviceradar/pull/1646/files#diff-1d59088f07bd1569a5a928ec3d13f6a85f7277c23483e5b7fa05a12d5fcaa394R2-R5) ```diff exports_files([ "package.json", - "package-lock.json", + "pnpm-lock.yaml", ]) ``` `[Suggestion processed]` <details><summary>Suggestion importance[1-10]: 9</summary> __ Why: The suggestion correctly identifies a critical mismatch between the `pnpm-lock.yaml` file required by `npm_translate_lock` in `MODULE.bazel` and the `package-lock.json` file actually exported in `web/BUILD.bazel`, which would cause a build failure. </details></details></td><td align=center>High </td></tr><tr><td> <details><summary>Simplify Node.js toolchain registration</summary> ___ **Simplify the Node.js toolchain registration by using the <br><code>@nodejs_toolchains//:all</code> target instead of explicitly listing each <br>platform-specific toolchain.** [MODULE.bazel [111-120]](https://github.com/carverauto/serviceradar/pull/1646/files#diff-6136fc12446089c3db7360e923203dd114b6a1466252e71667c6791c20fe6bdcR111-R120) ```diff -register_toolchains( - "@nodejs_toolchains//:darwin_amd64_toolchain_target", - "@nodejs_toolchains//:darwin_amd64_toolchain", - "@nodejs_toolchains//:darwin_arm64_toolchain_target", - "@nodejs_toolchains//:darwin_arm64_toolchain", - "@nodejs_toolchains//:linux_amd64_toolchain_target", - "@nodejs_toolchains//:linux_amd64_toolchain", - "@nodejs_toolchains//:linux_arm64_toolchain_target", - "@nodejs_toolchains//:linux_arm64_toolchain", -) +register_toolchains("@nodejs_toolchains//:all") ``` - [ ] **Apply / Chat**  <details><summary>Suggestion importance[1-10]: 6</summary> __ Why: The suggestion correctly identifies redundant toolchain registrations and proposes a simpler, more maintainable approach using the `:all` target, which is a standard Bazel practice. </details></details></td><td align=center>Low </td></tr><tr><td rowspan=1>High-level</td> <td> <details><summary>Defer Node.js dependency integration</summary> ___ **Defer the inclusion of <code>pnpm-lock.yaml</code> and the <code>npm_translate_lock</code> configuration. <br>This is because no Bazel targets currently utilize these Node.js dependencies, <br>and their inclusion adds unnecessary complexity to this initial setup PR.** ### Examples: <details> <summary> <a href="https://github.com/carverauto/serviceradar/pull/1646/files#diff-6136fc12446089c3db7360e923203dd114b6a1466252e71667c6791c20fe6bdcR124-R132">MODULE.bazel [124-132]</a> </summary> ```starlark npm = use_extension("@aspect_rules_js//npm:extensions.bzl", "npm") npm.npm_translate_lock( name = "npm", dev = True, npmrc = "//web:.npmrc", pnpm_lock = "//web:pnpm-lock.yaml", root_package = "web", ) use_repo(npm, "npm") ``` </details> <details> <summary> <a href="https://github.com/carverauto/serviceradar/pull/1646/files#diff-f11bfba22b3604b3a7b52e44e10f4eae265b030b5682714833ba689eda12a27bR1-R4615">web/pnpm-lock.yaml [1-4615]</a> </summary> ```yaml lockfileVersion: '9.0' settings: autoInstallPeers: true excludeLinksFromLockfile: false importers: .: dependencies: ... (clipped 4605 lines) ``` </details> ### Solution Walkthrough: #### Before: ```yaml # MODULE.bazel ... bazel_dep(name = "aspect_rules_js", version = "2.6.0") ... # --- npm dependency ingestion --- npm = use_extension("@aspect_rules_js//npm:extensions.bzl", "npm") npm.npm_translate_lock( name = "npm", pnpm_lock = "//web:pnpm-lock.yaml", ... ) use_repo(npm, "npm") # web/pnpm-lock.yaml # (A 4000+ line file is added to the repository) ``` #### After: ```yaml # MODULE.bazel ... bazel_dep(name = "aspect_rules_js", version = "2.6.0") ... # --- npm dependency ingestion --- # The npm_translate_lock call is removed for now. # It will be added back when Node.js targets are created. # web/pnpm-lock.yaml # (This file is removed from this PR and will be added later) ``` <details><summary>Suggestion importance[1-10]: 6</summary> __ Why: The suggestion correctly identifies that including the large `pnpm-lock.yaml` and its processing is premature, as no Bazel targets use these Node.js dependencies yet, improving the PR's focus. </details></details></td><td align=center>Low </td></tr> <tr><td align="center" colspan="2"> - [ ] Update  </td><td></td></tr></tbody></table>

mfreeman451 commented

2025-09-18 17:04:04 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR review comment.

Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/1646#discussion_r2360334878
Original created: 2025-09-18T17:04:04Z
Original path: pkg/srql/parser/gen/antlr/pkg/srql/antlr/BUILD.bazel
Original line: 1

probably can get rid of teh pkg/srql at this point

Imported GitHub PR review comment. Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/1646#discussion_r2360334878 Original created: 2025-09-18T17:04:04Z Original path: pkg/srql/parser/gen/antlr/pkg/srql/antlr/BUILD.bazel Original line: 1 --- probably can get rid of teh pkg/srql at this point

github-advanced-security[bot] commented

2025-09-18 18:07:27 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR review comment.

Original author: @github-advanced-security[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1646#discussion_r2360577084
Original created: 2025-09-18T18:07:27Z
Original path: .github/workflows/bazel-bootstrap.yml
Original line: 32

Workflow does not contain permissions

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {{contents: read}}

Show more details

Imported GitHub PR review comment. Original author: @github-advanced-security[bot] Original URL: https://github.com/carverauto/serviceradar/pull/1646#discussion_r2360577084 Original created: 2025-09-18T18:07:27Z Original path: .github/workflows/bazel-bootstrap.yml Original line: 32 --- ## Workflow does not contain permissions Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {{contents: read}} [Show more details](https://github.com/carverauto/serviceradar/security/code-scanning/72)

qodo-code-review[bot] commented

2025-09-18 20:31:07 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1646#issuecomment-3309604519
Original created: 2025-09-18T20:31:07Z

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: build-test

Failed stage: Install dependencies (with tests) [❌]

Failure summary:

The action failed during OPAM dependency resolution due to incompatible OCaml compiler constraints:

- The environment pins ocaml-base-compiler = 5.3.0 (invariant), but dependencies require packages
that only work with OCaml < 5.0.
- Dependency chain deps-of-srql-translator → dream >= 1.0.0alpha5
→ dream-httpaf >= 1.0.0alpha4 → h2 < 0.13.0 → ocaml < 5.0 conflicts with ocaml-base-compiler =
5.3.0, leading OPAM to suggest incompatible compilers (dkml-base-compiler / ocaml-variants) instead.

- Additional missing dependencies are gated by unavailable conditions: ocaml-beta requires
enable-ocaml-beta-repository, and system-msvc requires os = "win32".
- OPAM exited with code 20 due
to the unsatisfiable package set.

Relevant error logs:

1:  ##[group]Runner Image Provisioner
2:  Hosted Compute Agent
...

636:  shell: /usr/bin/bash -e {0}
637:  env:
638:  OPAMCOLOR: always
639:  OPAMCONFIRMLEVEL: unsafe-yes
640:  OPAMDOWNLOADJOBS: 4
641:  OPAMERRLOGLEN: 0
642:  OPAMEXTERNALSOLVER: builtin-0install
643:  OPAMPRECISETRACKING: 1
644:  OPAMRETRIES: 10
645:  OPAMROOT: /home/runner/.opam
646:  OPAMSOLVERTIMEOUT: 600
647:  OPAMYES: 1
648:  DUNE_CACHE_ROOT: /home/runner/.cache/dune
649:  CLICOLOR_FORCE: 1
650:  ##[endgroup]
651:  ^[[31m[ERROR]^[[0m Package conflict!
652:  ^[[31m  * ^[[0mNo agreement on the version of ^[[01mocaml-base-compiler^[[0m:
...

669:  ^[[31m  * ^[[0mIncompatible packages:
670:  - (invariant)^[[33m → ^[[0m^[[31;01mocaml-base-compiler = 5.3.0^[[0m
671:  - deps-of-srql-translator^[[33m → ^[[0mdream >= 1.0.0~alpha5^[[33m → ^[[0mdream-httpaf >= 1.0.0~alpha4^[[33m → ^[[0mh2 < 0.13.0^[[33m → ^[[0mocaml < 5.0^[[33m → ^[[0m^[[31;01mdkml-base-compiler^[[0m
672:  ^[[31m  * ^[[0mIncompatible packages:
673:  - (invariant)^[[33m → ^[[0m^[[31;01mocaml-base-compiler = 5.3.0^[[0m
674:  - deps-of-srql-translator^[[33m → ^[[0mdream >= 1.0.0~alpha5^[[33m → ^[[0mdream-httpaf >= 1.0.0~alpha4^[[33m → ^[[0mh2 < 0.13.0^[[33m → ^[[0mocaml < 5.0^[[33m → ^[[0m^[[31;01mocaml-variants^[[0m
675:  ^[[31m  * ^[[0mIncompatible packages:
676:  - deps-of-srql-translator^[[33m → ^[[0mdream >= 1.0.0~alpha5^[[33m → ^[[0mdream-httpaf >= 1.0.0~alpha4^[[33m → ^[[0m^[[31;01mh2-lwt-unix^[[0m
677:  - deps-of-srql-translator^[[33m → ^[[0mproton >= 1.0.15^[[33m → ^[[0mtls-lwt^[[33m → ^[[0m^[[31;01mtls (= 1.0.4 | = 2.0.1 | >= 2.0.2)^[[0m
678:  ^[[31m  * ^[[0mMissing dependency:
679:  - deps-of-srql-translator^[[33m → ^[[0mdream >= 1.0.0~alpha5^[[33m → ^[[0mdream-httpaf >= 1.0.0~alpha4^[[33m → ^[[0mh2 < 0.13.0^[[33m → ^[[0mocaml < 5.0^[[33m → ^[[0mocaml-variants^[[33m → ^[[0m^[[31;01mocaml-beta^[[0m
680:  unmet availability conditions: 'enable-ocaml-beta-repository'
681:  ^[[31m  * ^[[0mMissing dependency:
682:  - deps-of-srql-translator^[[33m → ^[[0mdream >= 1.0.0~alpha5^[[33m → ^[[0mdream-httpaf >= 1.0.0~alpha4^[[33m → ^[[0mh2 < 0.13.0^[[33m → ^[[0mocaml < 5.0^[[33m → ^[[0mocaml-variants^[[33m → ^[[0m^[[31;01msystem-msvc^[[0m
683:  unmet availability conditions: 'os = "win32"'
684:  ##[error]Process completed with exit code 20.
685:  Post job cleanup.

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/1646#issuecomment-3309604519 Original created: 2025-09-18T20:31:07Z --- ## CI Feedback 🧐 A test triggered by this PR failed. Here is an AI-generated analysis of the failure: <table><tr><td> **Action:** build-test</td></tr> <tr><td> **Failed stage:** [Install dependencies (with tests)](https://github.com/carverauto/serviceradar/actions/runs/17840579433/job/50728743689) [❌] </td></tr> <tr><td> **Failure summary:** The action failed during OPAM dependency resolution due to incompatible OCaml compiler constraints:<br> <br>- The environment pins <code>ocaml-base-compiler = 5.3.0</code> (invariant), but dependencies require packages <br>that only work with OCaml < 5.0.<br> - Dependency chain <code>deps-of-srql-translator → dream >= 1.0.0~alpha5 </code><br><code>→ dream-httpaf >= 1.0.0~alpha4 → h2 < 0.13.0 → ocaml < 5.0</code> conflicts with <code>ocaml-base-compiler = </code><br><code>5.3.0</code>, leading OPAM to suggest incompatible compilers (<code>dkml-base-compiler</code> / <code>ocaml-variants</code>) instead.<br> <br>- Additional missing dependencies are gated by unavailable conditions: <code>ocaml-beta</code> requires <br><code>enable-ocaml-beta-repository</code>, and <code>system-msvc</code> requires <code>os = "win32"</code>.<br> - OPAM exited with code 20 due <br>to the unsatisfiable package set.<br> </td></tr> <tr><td> <details><summary>Relevant error logs:</summary> ```yaml 1: ##[group]Runner Image Provisioner 2: Hosted Compute Agent ... 636: shell: /usr/bin/bash -e {0} 637: env: 638: OPAMCOLOR: always 639: OPAMCONFIRMLEVEL: unsafe-yes 640: OPAMDOWNLOADJOBS: 4 641: OPAMERRLOGLEN: 0 642: OPAMEXTERNALSOLVER: builtin-0install 643: OPAMPRECISETRACKING: 1 644: OPAMRETRIES: 10 645: OPAMROOT: /home/runner/.opam 646: OPAMSOLVERTIMEOUT: 600 647: OPAMYES: 1 648: DUNE_CACHE_ROOT: /home/runner/.cache/dune 649: CLICOLOR_FORCE: 1 650: ##[endgroup] 651: ^[[31m[ERROR]^[[0m Package conflict! 652: ^[[31m * ^[[0mNo agreement on the version of ^[[01mocaml-base-compiler^[[0m: ... 669: ^[[31m * ^[[0mIncompatible packages: 670: - (invariant)^[[33m → ^[[0m^[[31;01mocaml-base-compiler = 5.3.0^[[0m 671: - deps-of-srql-translator^[[33m → ^[[0mdream >= 1.0.0~alpha5^[[33m → ^[[0mdream-httpaf >= 1.0.0~alpha4^[[33m → ^[[0mh2 < 0.13.0^[[33m → ^[[0mocaml < 5.0^[[33m → ^[[0m^[[31;01mdkml-base-compiler^[[0m 672: ^[[31m * ^[[0mIncompatible packages: 673: - (invariant)^[[33m → ^[[0m^[[31;01mocaml-base-compiler = 5.3.0^[[0m 674: - deps-of-srql-translator^[[33m → ^[[0mdream >= 1.0.0~alpha5^[[33m → ^[[0mdream-httpaf >= 1.0.0~alpha4^[[33m → ^[[0mh2 < 0.13.0^[[33m → ^[[0mocaml < 5.0^[[33m → ^[[0m^[[31;01mocaml-variants^[[0m 675: ^[[31m * ^[[0mIncompatible packages: 676: - deps-of-srql-translator^[[33m → ^[[0mdream >= 1.0.0~alpha5^[[33m → ^[[0mdream-httpaf >= 1.0.0~alpha4^[[33m → ^[[0m^[[31;01mh2-lwt-unix^[[0m 677: - deps-of-srql-translator^[[33m → ^[[0mproton >= 1.0.15^[[33m → ^[[0mtls-lwt^[[33m → ^[[0m^[[31;01mtls (= 1.0.4 | = 2.0.1 | >= 2.0.2)^[[0m 678: ^[[31m * ^[[0mMissing dependency: 679: - deps-of-srql-translator^[[33m → ^[[0mdream >= 1.0.0~alpha5^[[33m → ^[[0mdream-httpaf >= 1.0.0~alpha4^[[33m → ^[[0mh2 < 0.13.0^[[33m → ^[[0mocaml < 5.0^[[33m → ^[[0mocaml-variants^[[33m → ^[[0m^[[31;01mocaml-beta^[[0m 680: unmet availability conditions: 'enable-ocaml-beta-repository' 681: ^[[31m * ^[[0mMissing dependency: 682: - deps-of-srql-translator^[[33m → ^[[0mdream >= 1.0.0~alpha5^[[33m → ^[[0mdream-httpaf >= 1.0.0~alpha4^[[33m → ^[[0mh2 < 0.13.0^[[33m → ^[[0mocaml < 5.0^[[33m → ^[[0mocaml-variants^[[33m → ^[[0m^[[31;01msystem-msvc^[[0m 683: unmet availability conditions: 'os = "win32"' 684: ##[error]Process completed with exit code 20. 685: Post job cleanup. ``` </details></td></tr></table>