carverauto/serviceradar

Fork 0

adding missing deps for timescale #2438

Merged

mfreeman451 merged 1 commit from refs/pull/2438/head into main

2025-11-20 16:14:09 +00:00

mfreeman451 commented

2025-11-20 16:13:48 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #1970
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/1970
Original created: 2025-11-20T16:13:48Z
Original updated: 2025-11-20T16:15:20Z
Original head: carverauto/serviceradar:bazel/timescale_fix
Original base: main
Original merged: 2025-11-20T16:14:09Z by @mfreeman451

User description

IMPORTANT: Please sign the Developer Certificate of Origin

Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include
a DCO sign-off statement indicating the DCO acceptance in one commit message. Here
is an example DCO Signed-off-by line in a commit message:

Signed-off-by: J. Doe <j.doe@domain.com>

Describe your changes

Issue ticket number and link

Code checklist before requesting a review

I have signed the DCO?
The build completes without errors?
All tests are passing when running make test?

PR Type

Enhancement

Description

Add CMake 3.30.4 prebuilt binary as Bazel dependency
Include CMake in TimescaleDB extension build tools
Update PATH to include CMake binary directory
Enable CMake availability during Docker image build

Diagram Walkthrough

flowchart LR
  A["MODULE.bazel"] -- "defines cmake_linux_amd64_prebuilt" --> B["CMake 3.30.4 archive"]
  B -- "provides cmake binary" --> C["BUILD.bazel genrule"]
  C -- "uses cmake in PATH" --> D["TimescaleDB extension layer"]

File Walkthrough

Relevant files

Dependencies

MODULE.bazel

Add CMake prebuilt binary Bazel dependency

MODULE.bazel

Add http_archive rule for CMake 3.30.4 prebuilt binary
Configure archive to extract from GitHub releases
Define cmake_bin filegroup pointing to bin/cmake
Set public visibility for CMake binary access

+16/-0

Configuration changes

BUILD.bazel

Include CMake in TimescaleDB extension build process

docker/images/BUILD.bazel

Add @cmake_linux_amd64_prebuilt//:cmake_bin to tools list
Extract CMake binary location and make it executable
Prepend CMake directory to PATH environment variable
Enable CMake availability during TimescaleDB bootstrap build

+5/-1

Imported from GitHub pull request. Original GitHub pull request: #1970 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/1970 Original created: 2025-11-20T16:13:48Z Original updated: 2025-11-20T16:15:20Z Original head: carverauto/serviceradar:bazel/timescale_fix Original base: main Original merged: 2025-11-20T16:14:09Z by @mfreeman451 --- ### **User description** ## IMPORTANT: Please sign the Developer Certificate of Origin Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include a [DCO sign-off statement]( https://developercertificate.org/) indicating the DCO acceptance in one commit message. Here is an example DCO Signed-off-by line in a commit message: ``` Signed-off-by: J. Doe <j.doe@domain.com> ``` ## Describe your changes ## Issue ticket number and link ## Code checklist before requesting a review - [ ] I have signed the DCO? - [ ] The build completes without errors? - [ ] All tests are passing when running make test? ___ ### **PR Type** Enhancement ___ ### **Description** - Add CMake 3.30.4 prebuilt binary as Bazel dependency - Include CMake in TimescaleDB extension build tools - Update PATH to include CMake binary directory - Enable CMake availability during Docker image build ___ ### Diagram Walkthrough ```mermaid flowchart LR A["MODULE.bazel"] -- "defines cmake_linux_amd64_prebuilt" --> B["CMake 3.30.4 archive"] B -- "provides cmake binary" --> C["BUILD.bazel genrule"] C -- "uses cmake in PATH" --> D["TimescaleDB extension layer"] ``` <details> <summary><h3> File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td>Dependencies</td><td><table> <tr> <td> <details> <summary>MODULE.bazel<dd><code>Add CMake prebuilt binary Bazel dependency</code>                              </dd></summary> <hr> MODULE.bazel <ul><li>Add <code>http_archive</code> rule for CMake 3.30.4 prebuilt binary <li> Configure archive to extract from GitHub releases <li> Define <code>cmake_bin</code> filegroup pointing to <code>bin/cmake</code> <li> Set public visibility for CMake binary access</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1970/files#diff-6136fc12446089c3db7360e923203dd114b6a1466252e71667c6791c20fe6bdc">+16/-0</a>    </td> </tr> </table></td></tr><tr><td>Configuration changes</td><td><table> <tr> <td> <details> <summary>BUILD.bazel<dd><code>Include CMake in TimescaleDB extension build process</code>          </dd></summary> <hr> docker/images/BUILD.bazel <ul><li>Add <code>@cmake_linux_amd64_prebuilt//:cmake_bin</code> to tools list <li> Extract CMake binary location and make it executable <li> Prepend CMake directory to PATH environment variable <li> Enable CMake availability during TimescaleDB bootstrap build</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1970/files#diff-0e4db31c224a8f72ae8e870a849e38a59d74a2c7f7b04347b0b3eb07e20c5a80">+5/-1</a>      </td> </tr> </table></td></tr></tr></tbody></table> </details> ___

qodo-code-review[bot] commented

2025-11-20 16:14:11 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1970#issuecomment-3558895378
Original created: 2025-11-20T16:14:11Z

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
⚪	Supply chain risk Description: Remote binary archive pulled via http_archive and executed later (CMake) could allow supply-chain compromise if integrity is not sufficiently pinned to a trusted source; while sha256 is pinned, there is no signature or key verification and the GitHub release URL is mutable by account compromise—consider verifying detached signatures (e.g., GPG) or pinning via immutable fetch (e.g., exact commit with verified signature) and mirroring. MODULE.bazel [718-732] Referred Code `http_archive( name = "cmake_linux_amd64_prebuilt", sha256 = "c959e6d15714f798424960cd296632634f3ef57c2712559a7945170f0bcad205", strip_prefix = "cmake-3.30.4-linux-x86_64", urls = [ "https://github.com/Kitware/CMake/releases/download/v3.30.4/cmake-3.30.4-linux-x86_64.tar.gz", ], build_file_content = """ package(default_visibility = ["//visibility:public"]) filegroup( name = "cmake_bin", srcs = ["bin/cmake"], ) """, )`
	Untrusted binary execution Description: The build script marks an externally fetched CMake binary as executable and prepends its directory to PATH, causing the build to execute that untrusted binary; if the archive is tampered, this yields code execution during build—ensure provenance and verify signatures, restrict PATH changes to a subshell, or vendor a vetted toolchain. BUILD.bazel [1557-1563] Referred Code `CMAKE_BIN="$(location @cmake_linux_amd64_prebuilt//:cmake_bin)" chmod +x "$${CMAKE_BIN}" CMAKE_DIR="$$(dirname "$${CMAKE_BIN}")" export CNPG_ROOT="$${ROOT_DIR}" export CNPG_REAL_PG_CONFIG="$${ROOT_DIR}/usr/lib/postgresql/16/bin/pg_config" export PATH="$${CMAKE_DIR}:$${ROOT_DIR}/usr/lib/postgresql/16/bin:$${ROOT_DIR}/usr/bin:/usr/bin:/bin" export PKG_CONFIG_PATH="$${ROOT_DIR}/usr/lib/pkgconfig:$${ROOT_DIR}/usr/lib/x86_64-linux-gnu/pkgconfig"`
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: No audit logs: The added build/genrule steps introduce use of a bundled CMake during image build without any added logging of critical actions, but this may be acceptable as it is build-time infrastructure rather than runtime application logic. Referred Code CMAKE_BIN="$(location @cmake_linux_amd64_prebuilt//:cmake_bin)" chmod +x "$${CMAKE_BIN}" CMAKE_DIR="$$(dirname "$${CMAKE_BIN}")" export CNPG_ROOT="$${ROOT_DIR}" export CNPG_REAL_PG_CONFIG="$${ROOT_DIR}/usr/lib/postgresql/16/bin/pg_config" export PATH="$${CMAKE_DIR}:$${ROOT_DIR}/usr/lib/postgresql/16/bin:$${ROOT_DIR}/usr/bin:/usr/bin:/bin" export PKG_CONFIG_PATH="$${ROOT_DIR}/usr/lib/pkgconfig:$${ROOT_DIR}/usr/lib/x86_64-linux-gnu/pkgconfig" cd "$${OUT_DIR}/timescaledb" BUILD_FORCE_REMOVE=true ./bootstrap -DREGRESS_CHECKS=OFF -DPROJECT_INSTALL_METHOD=docker -DCMAKE_BUILD_TYPE=RelWithDebInfo -DPG_CONFIG="$${OUT_DIR}/pg_config_wrapper_ts.sh" Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Shell edge cases: The genrule cmd adds path extraction and chmod without explicit checks for missing CMake binary or failed location expansion beyond 'set -euo pipefail', which might be acceptable within Bazel's tool resolution guarantees. Referred Code `CMAKE_BIN="$(location @cmake_linux_amd64_prebuilt//:cmake_bin)" chmod +x "$${CMAKE_BIN}" CMAKE_DIR="$$(dirname "$${CMAKE_BIN}")" export CNPG_ROOT="$${ROOT_DIR}" export CNPG_REAL_PG_CONFIG="$${ROOT_DIR}/usr/lib/postgresql/16/bin/pg_config" export PATH="$${CMAKE_DIR}:$${ROOT_DIR}/usr/lib/postgresql/16/bin:$${ROOT_DIR}/usr/bin:/usr/bin:/bin" export PKG_CONFIG_PATH="$${ROOT_DIR}/usr/lib/pkgconfig:$${ROOT_DIR}/usr/lib/x86_64-linux-gnu/pkgconfig"` Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/1970#issuecomment-3558895378 Original created: 2025-11-20T16:14:11Z --- ## PR Compliance Guide 🔍  Below is a summary of compliance checks for this PR: <table><tbody><tr><td colspan='2'>Security Compliance</td></tr> <tr><td rowspan=2>⚪</td> <td><details><summary>Supply chain risk </summary> Description: Remote binary archive pulled via http_archive and executed later (CMake) could allow supply-chain compromise if integrity is not sufficiently pinned to a trusted source; while sha256 is pinned, there is no signature or key verification and the GitHub release URL is mutable by account compromise—consider verifying detached signatures (e.g., GPG) or pinning via immutable fetch (e.g., exact commit with verified signature) and mirroring. <a href='https://github.com/carverauto/serviceradar/pull/1970/files#diff-6136fc12446089c3db7360e923203dd114b6a1466252e71667c6791c20fe6bdcR718-R732'>MODULE.bazel [718-732]</a> <details open><summary>Referred Code</summary> ```txt http_archive( name = "cmake_linux_amd64_prebuilt", sha256 = "c959e6d15714f798424960cd296632634f3ef57c2712559a7945170f0bcad205", strip_prefix = "cmake-3.30.4-linux-x86_64", urls = [ "https://github.com/Kitware/CMake/releases/download/v3.30.4/cmake-3.30.4-linux-x86_64.tar.gz", ], build_file_content = """ package(default_visibility = ["//visibility:public"]) filegroup( name = "cmake_bin", srcs = ["bin/cmake"], ) """, ) ``` </details></details></td></tr> <tr><td><details><summary>Untrusted binary execution </summary> Description: The build script marks an externally fetched CMake binary as executable and prepends its directory to PATH, causing the build to execute that untrusted binary; if the archive is tampered, this yields code execution during build—ensure provenance and verify signatures, restrict PATH changes to a subshell, or vendor a vetted toolchain. <a href='https://github.com/carverauto/serviceradar/pull/1970/files#diff-0e4db31c224a8f72ae8e870a849e38a59d74a2c7f7b04347b0b3eb07e20c5a80R1557-R1563'>BUILD.bazel [1557-1563]</a> <details open><summary>Referred Code</summary> ```txt CMAKE_BIN="$(location @cmake_linux_amd64_prebuilt//:cmake_bin)" chmod +x "$${CMAKE_BIN}" CMAKE_DIR="$$(dirname "$${CMAKE_BIN}")" export CNPG_ROOT="$${ROOT_DIR}" export CNPG_REAL_PG_CONFIG="$${ROOT_DIR}/usr/lib/postgresql/16/bin/pg_config" export PATH="$${CMAKE_DIR}:$${ROOT_DIR}/usr/lib/postgresql/16/bin:$${ROOT_DIR}/usr/bin:/usr/bin:/bin" export PKG_CONFIG_PATH="$${ROOT_DIR}/usr/lib/pkgconfig:$${ROOT_DIR}/usr/lib/x86_64-linux-gnu/pkgconfig" ``` </details></details></td></tr> <tr><td colspan='2'>Ticket Compliance</td></tr> <tr><td>⚪</td><td><details><summary>🎫 No ticket provided </summary> - [ ] Create ticket/issue  </details></td></tr> <tr><td colspan='2'>Codebase Duplication Compliance</td></tr> <tr><td>⚪</td><td><details><summary>Codebase context is not defined </summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/core-abilities/rag_context_enrichment/'>guide</a> to enable codebase context checks. </details></td></tr> <tr><td colspan='2'>Custom Compliance</td></tr> <tr><td rowspan=4>🟢</td><td> <details><summary>Generic: Meaningful Naming and Self-Documenting Code</summary> **Objective:** Ensure all identifiers clearly express their purpose and intent, making code self-documenting **Status:** Passed > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary>Generic: Secure Error Handling</summary> **Objective:** To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. **Status:** Passed > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary>Generic: Secure Logging Practices</summary> **Objective:** To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. **Status:** Passed > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary>Generic: Security-First Input Validation and Data Handling</summary> **Objective:** Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities **Status:** Passed > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td rowspan=2>⚪</td> <td><details> <summary>Generic: Comprehensive Audit Trails</summary> **Objective:** To create a detailed and reliable record of critical system actions for security analysis and compliance. **Status:** <a href='https://github.com/carverauto/serviceradar/pull/1970/files#diff-0e4db31c224a8f72ae8e870a849e38a59d74a2c7f7b04347b0b3eb07e20c5a80R1557-R1565'>No audit logs</a>: The added build/genrule steps introduce use of a bundled CMake during image build without any added logging of critical actions, but this may be acceptable as it is build-time infrastructure rather than runtime application logic. <details open><summary>Referred Code</summary> ```txt CMAKE_BIN="$(location @cmake_linux_amd64_prebuilt//:cmake_bin)" chmod +x "$${CMAKE_BIN}" CMAKE_DIR="$$(dirname "$${CMAKE_BIN}")" export CNPG_ROOT="$${ROOT_DIR}" export CNPG_REAL_PG_CONFIG="$${ROOT_DIR}/usr/lib/postgresql/16/bin/pg_config" export PATH="$${CMAKE_DIR}:$${ROOT_DIR}/usr/lib/postgresql/16/bin:$${ROOT_DIR}/usr/bin:/usr/bin:/bin" export PKG_CONFIG_PATH="$${ROOT_DIR}/usr/lib/pkgconfig:$${ROOT_DIR}/usr/lib/x86_64-linux-gnu/pkgconfig" cd "$${OUT_DIR}/timescaledb" BUILD_FORCE_REMOVE=true ./bootstrap -DREGRESS_CHECKS=OFF -DPROJECT_INSTALL_METHOD=docker -DCMAKE_BUILD_TYPE=RelWithDebInfo -DPG_CONFIG="$${OUT_DIR}/pg_config_wrapper_ts.sh" ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary>Generic: Robust Error Handling and Edge Case Management</summary> **Objective:** Ensure comprehensive error handling that provides meaningful context and graceful degradation **Status:** <a href='https://github.com/carverauto/serviceradar/pull/1970/files#diff-0e4db31c224a8f72ae8e870a849e38a59d74a2c7f7b04347b0b3eb07e20c5a80R1557-R1563'>Shell edge cases</a>: The genrule cmd adds path extraction and chmod without explicit checks for missing CMake binary or failed location expansion beyond 'set -euo pipefail', which might be acceptable within Bazel's tool resolution guarantees. <details open><summary>Referred Code</summary> ```txt CMAKE_BIN="$(location @cmake_linux_amd64_prebuilt//:cmake_bin)" chmod +x "$${CMAKE_BIN}" CMAKE_DIR="$$(dirname "$${CMAKE_BIN}")" export CNPG_ROOT="$${ROOT_DIR}" export CNPG_REAL_PG_CONFIG="$${ROOT_DIR}/usr/lib/postgresql/16/bin/pg_config" export PATH="$${CMAKE_DIR}:$${ROOT_DIR}/usr/lib/postgresql/16/bin:$${ROOT_DIR}/usr/bin:/usr/bin:/bin" export PKG_CONFIG_PATH="$${ROOT_DIR}/usr/lib/pkgconfig:$${ROOT_DIR}/usr/lib/x86_64-linux-gnu/pkgconfig" ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td align="center" colspan="2">   </td></tr></tbody></table> <details><summary>Compliance status legend</summary> 🟢 - Fully Compliant 🟡 - Partial Compliant 🔴 - Not Compliant ⚪ - Requires Further Human Verification 🏷️ - Compliance label </details>

qodo-code-review[bot] commented

2025-11-20 16:15:20 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1970#issuecomment-3558901177
Original created: 2025-11-20T16:15:20Z

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Add multi-architecture support for CMake To enable multi-architecture builds, add an `http_archive` for the `aarch64` CMake binary to `MODULE.bazel`, complementing the existing `amd64` dependency. MODULE.bazel [718-732] http_archive( name = "cmake_linux_amd64_prebuilt", sha256 = "c959e6d15714f798424960cd296632634f3ef57c2712559a7945170f0bcad205", strip_prefix = "cmake-3.30.4-linux-x86_64", urls = [ "https://github.com/Kitware/CMake/releases/download/v3.30.4/cmake-3.30.4-linux-x86_64.tar.gz", ], build_file_content = """ package(default_visibility = ["//visibility:public"]) filegroup( name = "cmake_bin", srcs = ["bin/cmake"], ) """, ) +http_archive( + name = "cmake_linux_aarch64_prebuilt", + sha256 = "1221703a45e4b659fe6929a4a3219d3f5454639f7f43501160330633a18a56f0", + strip_prefix = "cmake-3.30.4-linux-aarch64", + urls = [ + "https://github.com/Kitware/CMake/releases/download/v3.30.4/cmake-3.30.4-linux-aarch64.tar.gz", + ], + build_file_content = """ +package(default_visibility = ["//visibility:public"]) +filegroup( + name = "cmake_bin", + srcs = ["bin/cmake"], +) +""", +) + Apply / Chat Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies that hardcoding the `amd64` CMake dependency will break builds on other architectures like `aarch64`, and proposes a valid solution to enable multi-arch support.	Medium
Possible issue	Use architecture-aware dependency selection Replace the hardcoded `@cmake_linux_amd64_prebuilt` dependency in `docker/images/BUILD.bazel` with a platform-agnostic alias using `select` to enable multi-architecture builds. docker/images/BUILD.bazel [1527-1557] +# In a new BUILD file at the root of the repository, e.g., BUILD.bazel +# This filegroup will select the correct cmake binary based on the architecture. +filegroup( + name = "cmake", + srcs = select({ + "@platforms//cpu:x86_64": ["@cmake_linux_amd64_prebuilt//:cmake_bin"], + "@platforms//cpu:aarch64": ["@cmake_linux_aarch64_prebuilt//:cmake_bin"], + "//conditions:default": [], + }), + visibility = ["//visibility:public"], +) + +# In docker/images/BUILD.bazel tools = [ "//docker/images:extract_rootfs.py", "//docker/images:overlay_deb_packages.py", "//docker/images:pg_config_rewrite.py", - "@cmake_linux_amd64_prebuilt//:cmake_bin", + "//:cmake", ], cmd = """ ... cp "$(location //docker/images:pg_config_rewrite.py)" "$${OUT_DIR}/pg_config_rewrite.py" -CMAKE_BIN="$(location @cmake_linux_amd64_prebuilt//:cmake_bin)" +CMAKE_BIN="$(location //:cmake)" chmod +x "$${CMAKE_BIN}" CMAKE_DIR="$$(dirname "$${CMAKE_BIN}")" export CNPG_ROOT="$${ROOT_DIR}" ... """ `[To ensure code accuracy, apply this suggestion manually]` Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies that the hardcoded `@cmake_linux_amd64_prebuilt` dependency will break multi-architecture builds and proposes a robust solution using `select` to make the build rule platform-agnostic.	Medium
More

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/1970#issuecomment-3558901177 Original created: 2025-11-20T16:15:20Z --- ## PR Code Suggestions ✨  Explore these optional code suggestions: <table><thead><tr><td>Category</td><td align=left>Suggestion                                                                                                                                    </td><td align=center>Impact</td></tr><tbody><tr><td rowspan=2>Possible issue</td> <td> <details><summary>Add multi-architecture support for CMake</summary> ___ **To enable multi-architecture builds, add an <code>http_archive</code> for the <code>aarch64</code> CMake binary to <code>MODULE.bazel</code>, complementing the existing <code>amd64</code> dependency.** [MODULE.bazel [718-732]](https://github.com/carverauto/serviceradar/pull/1970/files#diff-6136fc12446089c3db7360e923203dd114b6a1466252e71667c6791c20fe6bdcR718-R732) ```diff http_archive( name = "cmake_linux_amd64_prebuilt", sha256 = "c959e6d15714f798424960cd296632634f3ef57c2712559a7945170f0bcad205", strip_prefix = "cmake-3.30.4-linux-x86_64", urls = [ "https://github.com/Kitware/CMake/releases/download/v3.30.4/cmake-3.30.4-linux-x86_64.tar.gz", ], build_file_content = """ package(default_visibility = ["//visibility:public"]) filegroup( name = "cmake_bin", srcs = ["bin/cmake"], ) """, ) +http_archive( + name = "cmake_linux_aarch64_prebuilt", + sha256 = "1221703a45e4b659fe6929a4a3219d3f5454639f7f43501160330633a18a56f0", + strip_prefix = "cmake-3.30.4-linux-aarch64", + urls = [ + "https://github.com/Kitware/CMake/releases/download/v3.30.4/cmake-3.30.4-linux-aarch64.tar.gz", + ], + build_file_content = """ +package(default_visibility = ["//visibility:public"]) +filegroup( + name = "cmake_bin", + srcs = ["bin/cmake"], +) +""", +) + ``` - [ ] **Apply / Chat**  <details><summary>Suggestion importance[1-10]: 8</summary> __ Why: The suggestion correctly identifies that hardcoding the `amd64` CMake dependency will break builds on other architectures like `aarch64`, and proposes a valid solution to enable multi-arch support. </details></details></td><td align=center>Medium </td></tr><tr><td> <details><summary>Use architecture-aware dependency selection</summary> ___ **Replace the hardcoded <code>@cmake_linux_amd64_prebuilt</code> dependency in <code>docker/images/BUILD.bazel</code> with a platform-agnostic alias using <code>select</code> to enable multi-architecture builds.** [docker/images/BUILD.bazel [1527-1557]](https://github.com/carverauto/serviceradar/pull/1970/files#diff-0e4db31c224a8f72ae8e870a849e38a59d74a2c7f7b04347b0b3eb07e20c5a80R1527-R1557) ```diff +# In a new BUILD file at the root of the repository, e.g., BUILD.bazel +# This filegroup will select the correct cmake binary based on the architecture. +filegroup( + name = "cmake", + srcs = select({ + "@platforms//cpu:x86_64": ["@cmake_linux_amd64_prebuilt//:cmake_bin"], + "@platforms//cpu:aarch64": ["@cmake_linux_aarch64_prebuilt//:cmake_bin"], + "//conditions:default": [], + }), + visibility = ["//visibility:public"], +) + +# In docker/images/BUILD.bazel tools = [ "//docker/images:extract_rootfs.py", "//docker/images:overlay_deb_packages.py", "//docker/images:pg_config_rewrite.py", - "@cmake_linux_amd64_prebuilt//:cmake_bin", + "//:cmake", ], cmd = """ ... cp "$(location //docker/images:pg_config_rewrite.py)" "$${OUT_DIR}/pg_config_rewrite.py" -CMAKE_BIN="$(location @cmake_linux_amd64_prebuilt//:cmake_bin)" +CMAKE_BIN="$(location //:cmake)" chmod +x "$${CMAKE_BIN}" CMAKE_DIR="$$(dirname "$${CMAKE_BIN}")" export CNPG_ROOT="$${ROOT_DIR}" ... """ ``` `[To ensure code accuracy, apply this suggestion manually]` <details><summary>Suggestion importance[1-10]: 8</summary> __ Why: The suggestion correctly identifies that the hardcoded `@cmake_linux_amd64_prebuilt` dependency will break multi-architecture builds and proposes a robust solution using `select` to make the build rule platform-agnostic. </details></details></td><td align=center>Medium </td></tr> <tr><td align="center" colspan="2"> - [ ] More  </td><td></td></tr></tbody></table>