carverauto/serviceradar

Fork 0

2004 chorebazel fix rbe docker image #2472

Merged

mfreeman451 merged 5 commits from refs/pull/2472/head into main

2025-11-24 18:41:21 +00:00

mfreeman451 commented

2025-11-24 17:06:43 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #2007
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/2007
Original created: 2025-11-24T17:06:43Z
Original updated: 2025-12-08T06:54:37Z
Original head: carverauto/serviceradar:2004-chorebazel-fix-rbe-docker-image
Original base: main
Original merged: 2025-11-24T18:41:21Z by @mfreeman451

User description

IMPORTANT: Please sign the Developer Certificate of Origin

Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include
a DCO sign-off statement indicating the DCO acceptance in one commit message. Here
is an example DCO Signed-off-by line in a commit message:

Signed-off-by: J. Doe <j.doe@domain.com>

Describe your changes

Issue ticket number and link

Code checklist before requesting a review

I have signed the DCO?
The build completes without errors?
All tests are passing when running make test?

PR Type

Enhancement, Bug fix

Description

Update RBE executor Docker image from v1.0.14/v1.0.15 to v1.0.16
Add bison, flex, gperf to RBE and ARC runner Dockerfiles
Remove source-based build toolchain for bison/flex/gperf
Simplify PostgreSQL extension build by using pre-installed tools
Update ARC runner image digest and NATS version to 2.12.2

Diagram Walkthrough

flowchart LR
  A["RBE Executor Image v1.0.14/15"] -->|"Update to v1.0.16"| B["RBE Executor Image v1.0.16"]
  C["Source-based bison/flex/gperf builds"] -->|"Remove & pre-install in Docker"| D["System package tools"]
  E["PostgreSQL extension build"] -->|"Simplified build process"| F["Uses pre-installed tools"]
  B --> F
  D --> F

File Walkthrough

Relevant files

Configuration changes

6 files

BUILD.bazel `Update RBE executor Docker image version`	+1/-1
MODULE.bazel `Update container image and add ARC runner`	+13/-51
BUILD.bazel `Update RBE platform container image versions`	+2/-2
BUILD `Update RBE platform container image version`	+1/-1
buildbuddy.yaml `Update execution config container image version`	+1/-1
runner-values.yaml `Update ARC runner image digest reference`	+1/-1

Enhancement

3 files

Dockerfile.rbe `Add bison, flex, gperf build tools`	+3/-0
Dockerfile `Add gperf to ARC runner dependencies`	+1/-0
Dockerfile.rpm.nats `Update NATS server version to 2.12.2`	+2/-2

Bug fix

1 files

BUILD.bazel
Update ARC runner base image reference +10/-74

Documentation

2 files

README.md `Update ARC runner image digest reference`	+1/-1
README.md `Update RBE image build documentation version`	+1/-1

Miscellaneous

3 files

BUILD.bazel `Remove bison source tree build target`	+0/-10
BUILD.bazel `Remove flex source tree build target`	+0/-10
BUILD.bazel `Remove gperf source tree build target`	+0/-10

Imported from GitHub pull request. Original GitHub pull request: #2007 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/2007 Original created: 2025-11-24T17:06:43Z Original updated: 2025-12-08T06:54:37Z Original head: carverauto/serviceradar:2004-chorebazel-fix-rbe-docker-image Original base: main Original merged: 2025-11-24T18:41:21Z by @mfreeman451 --- ### **User description** ## IMPORTANT: Please sign the Developer Certificate of Origin Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include a [DCO sign-off statement]( https://developercertificate.org/) indicating the DCO acceptance in one commit message. Here is an example DCO Signed-off-by line in a commit message: ``` Signed-off-by: J. Doe <j.doe@domain.com> ``` ## Describe your changes ## Issue ticket number and link ## Code checklist before requesting a review - [ ] I have signed the DCO? - [ ] The build completes without errors? - [ ] All tests are passing when running make test? ___ ### **PR Type** Enhancement, Bug fix ___ ### **Description** - Update RBE executor Docker image from v1.0.14/v1.0.15 to v1.0.16 - Add bison, flex, gperf to RBE and ARC runner Dockerfiles - Remove source-based build toolchain for bison/flex/gperf - Simplify PostgreSQL extension build by using pre-installed tools - Update ARC runner image digest and NATS version to 2.12.2 ___ ### Diagram Walkthrough ```mermaid flowchart LR A["RBE Executor Image v1.0.14/15"] -->|"Update to v1.0.16"| B["RBE Executor Image v1.0.16"] C["Source-based bison/flex/gperf builds"] -->|"Remove & pre-install in Docker"| D["System package tools"] E["PostgreSQL extension build"] -->|"Simplified build process"| F["Uses pre-installed tools"] B --> F D --> F ``` <details> <summary><h3> File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Configuration changes</strong></td><td><details><summary>6 files</summary><table> <tr> <td><strong>BUILD.bazel</strong><dd><code>Update RBE executor Docker image version</code>                                  </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2007/files#diff-7fc57714ef13c3325ce2a1130202edced92fcccc0c6db34a72f7b57f60d552a3">+1/-1</a>      </td> </tr> <tr> <td><strong>MODULE.bazel</strong><dd><code>Update container image and add ARC runner</code>                                </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2007/files#diff-6136fc12446089c3db7360e923203dd114b6a1466252e71667c6791c20fe6bdc">+13/-51</a>  </td> </tr> <tr> <td><strong>BUILD.bazel</strong><dd><code>Update RBE platform container image versions</code>                          </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2007/files#diff-d7da264d8f13c39aafc9e2343c3f9649ee1b143f653edda46521f21378a8467e">+2/-2</a>      </td> </tr> <tr> <td><strong>BUILD</strong><dd><code>Update RBE platform container image version</code>                            </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2007/files#diff-ac0d5204dc44afc495e4f6899ae668175ade69fa6b3324c94261ae2461586a21">+1/-1</a>      </td> </tr> <tr> <td><strong>buildbuddy.yaml</strong><dd><code>Update execution config container image version</code>                    </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2007/files#diff-455c97ce748484a181e002949dbe70422aedc497a358e023dc162776ce940751">+1/-1</a>      </td> </tr> <tr> <td><strong>runner-values.yaml</strong><dd><code>Update ARC runner image digest reference</code>                                  </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2007/files#diff-931ce6d6c4e9ebfdb0f93007c5e7c9d564a75bc1a4df65054999e59312352ddc">+1/-1</a>      </td> </tr> </table></details></td></tr><tr><td><strong>Enhancement</strong></td><td><details><summary>3 files</summary><table> <tr> <td><strong>Dockerfile.rbe</strong><dd><code>Add bison, flex, gperf build tools</code>                                              </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2007/files#diff-40936cbae5822a0a5fa8016befa08eb3a7836c93328e8043dcdfb3885a6201b2">+3/-0</a>      </td> </tr> <tr> <td><strong>Dockerfile</strong><dd><code>Add gperf to ARC runner dependencies</code>                                          </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2007/files#diff-b503e289d2c65075e70b5a915d6e4b8e8049bfc44d70e85e328046a8942cd0e4">+1/-0</a>      </td> </tr> <tr> <td><strong>Dockerfile.rpm.nats</strong><dd><code>Update NATS server version to 2.12.2</code>                                          </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2007/files#diff-7551629b73d27fac3fe86b9701597b24df984e5566ee051c2fb263fab2929f62">+2/-2</a>      </td> </tr> </table></details></td></tr><tr><td><strong>Bug fix</strong></td><td><details><summary>1 files</summary><table> <tr> <td><strong>BUILD.bazel</strong><dd><code>Update ARC runner base image reference</code>                                      </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2007/files#diff-0e4db31c224a8f72ae8e870a849e38a59d74a2c7f7b04347b0b3eb07e20c5a80">+10/-74</a>  </td> </tr> </table></details></td></tr><tr><td><strong>Documentation</strong></td><td><details><summary>2 files</summary><table> <tr> <td><strong>README.md</strong><dd><code>Update ARC runner image digest reference</code>                                  </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2007/files#diff-698ac6f26030d5e83b9059eabda0f4e004d13c2de9ee56bf16c824e705b071a2">+1/-1</a>      </td> </tr> <tr> <td><strong>README.md</strong><dd><code>Update RBE image build documentation version</code>                          </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2007/files#diff-b9a22507afd694c735354f80d644288a1bad09fcc380eab7e7ca1b5b61e1cd1b">+1/-1</a>      </td> </tr> </table></details></td></tr><tr><td><strong>Miscellaneous</strong></td><td><details><summary>3 files</summary><table> <tr> <td><strong>BUILD.bazel</strong><dd><code>Remove bison source tree build target</code>                                        </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2007/files#diff-fbfc10a476d09ca7991b9f862d8d38af205a28a50675e450c0344ec1361466cf">+0/-10</a>    </td> </tr> <tr> <td><strong>BUILD.bazel</strong><dd><code>Remove flex source tree build target</code>                                          </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2007/files#diff-eaaee0b20fb60e67e510c7f15a7e7ac3677d3457025e052cd94d5b3b81b2f575">+0/-10</a>    </td> </tr> <tr> <td><strong>BUILD.bazel</strong><dd><code>Remove gperf source tree build target</code>                                        </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2007/files#diff-0e60452a6fc2abd7b6e9a189c7d04bd6ba6dfca0048f454653b167169da73ec7">+0/-10</a>    </td> </tr> </table></details></td></tr></tr></tbody></table> </details> ___

qodo-code-review[bot] commented

2025-11-24 17:07:12 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2007#issuecomment-3571836769
Original created: 2025-11-24T17:07:12Z

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance

⚪

Unpinned toolchain versions

Description: The build step relies on host/executor PATH tools (flex, bison, gperf) without pinning
versions, which can lead to non-reproducible builds and potential supply chain risk if the
executor image changes unexpectedly.
BUILD.bazel [1578-1583]

Referred Code

for tool in flex bison gperf; do
  if ! command -v "$${tool}" >/dev/null 2>&1; then
    echo "Missing required build tool: $${tool} (expected in the RBE executor image or host toolchain)" >&2
    exit 1
  fi
done

Ticket Compliance

🟡

🎫 #2004

🟢	Bake bison, flex, and gperf into the RBE Docker image instead of building them from source during builds.
	Update build/configuration to use the new RBE image that contains these tools.
	Remove source-based toolchain and references for bison/flex/gperf from the repository and build steps.
⚪	Verify the published RBE image v1.0.16 indeed contains bison, flex, and gperf at compatible versions in the runtime PATH.
⚪	Validate end-to-end builds in CI using the updated image without relying on removed source toolchains.

Codebase Duplication Compliance

⚪

Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance

🟢

Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

⚪

Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status:
Build tool checks: The new genrule relies on host-provided tools (flex/bison/gperf) and only checks their
presence, which may still fail at runtime if versions are incompatible or PATH/PKG_CONFIG
paths are insufficient, lacking fallback handling.

Referred Code

for tool in flex bison gperf; do
  if ! command -v "$${tool}" >/dev/null 2>&1; then
    echo "Missing required build tool: $${tool} (expected in the RBE executor image or host toolchain)" >&2
    exit 1
  fi
done

export CNPG_ROOT="$${ROOT_DIR}"
export CNPG_REAL_PG_CONFIG="$${ROOT_DIR}/usr/lib/postgresql/16/bin/pg_config"
export PATH="$${ROOT_DIR}/usr/lib/postgresql/16/bin:$${ROOT_DIR}/usr/bin:/usr/bin:/bin:$${PATH:-}"
export PKG_CONFIG_PATH="$${ROOT_DIR}/usr/lib/pkgconfig:$${ROOT_DIR}/usr/lib/x86_64-linux-gnu/pkgconfig:$${PKG_CONFIG_PATH:-}"
cd "$${OUT_DIR}/age"
make PG_CONFIG="$${OUT_DIR}/pg_config_wrapper_age.sh" FLEX=flex LEX=flex BISON=bison YACC="bison -y" -j4
mkdir -p "$${OUT_DIR}/install_age"
make PG_CONFIG="$${OUT_DIR}/pg_config_wrapper_age.sh" FLEX=flex LEX=flex BISON=bison YACC="bison -y" DESTDIR="$${OUT_DIR}/install_age" install

Learn more about managing compliance generic rules or creating your own custom rules

Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2007#issuecomment-3571836769 Original created: 2025-11-24T17:07:12Z --- ## PR Compliance Guide 🔍  Below is a summary of compliance checks for this PR:<br> <table><tbody><tr><td colspan='2'><strong>Security Compliance</strong></td></tr> <tr><td rowspan=1>⚪</td> <td><details><summary><strong>Unpinned toolchain versions</strong></summary><br> <b>Description:</b> The build step relies on host/executor PATH tools (flex, bison, gperf) without pinning <br>versions, which can lead to non-reproducible builds and potential supply chain risk if the <br>executor image changes unexpectedly.<br> <strong><a href='https://github.com/carverauto/serviceradar/pull/2007/files#diff-0e4db31c224a8f72ae8e870a849e38a59d74a2c7f7b04347b0b3eb07e20c5a80R1578-R1583'>BUILD.bazel [1578-1583]</a></strong><br> <details open><summary>Referred Code</summary> ```txt for tool in flex bison gperf; do if ! command -v "$${tool}" >/dev/null 2>&1; then echo "Missing required build tool: $${tool} (expected in the RBE executor image or host toolchain)" >&2 exit 1 fi done ``` </details></details></td></tr> <tr><td colspan='2'><strong>Ticket Compliance</strong></td></tr> <tr><td>🟡</td> <td> <details> <summary>🎫 <a href=https://github.com/carverauto/serviceradar/issues/2004>#2004</a></summary> <table width='100%'><tbody> <tr><td rowspan=3>🟢</td> <td>Bake bison, flex, and gperf into the RBE Docker image instead of building them from source <br>during builds.</td></tr> <tr><td>Update build/configuration to use the new RBE image that contains these tools.</td></tr> <tr><td>Remove source-based toolchain and references for bison/flex/gperf from the repository and <br>build steps.</td></tr> <tr><td rowspan=2>⚪</td> <td>Verify the published RBE image v1.0.16 indeed contains bison, flex, and gperf at <br>compatible versions in the runtime PATH.</td></tr> <tr><td>Validate end-to-end builds in CI using the updated image without relying on removed source <br>toolchains.</td></tr> </tbody></table> </details> </td></tr> <tr><td colspan='2'><strong>Codebase Duplication Compliance</strong></td></tr> <tr><td>⚪</td><td><details><summary><strong>Codebase context is not defined </strong></summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/core-abilities/rag_context_enrichment/'>guide</a> to enable codebase context checks. </details></td></tr> <tr><td colspan='2'><strong>Custom Compliance</strong></td></tr> <tr><td rowspan=5>🟢</td><td> <details><summary><strong>Generic: Comprehensive Audit Trails</strong></summary><br> **Objective:** To create a detailed and reliable record of critical system actions for security analysis <br>and compliance.<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Meaningful Naming and Self-Documenting Code</strong></summary><br> **Objective:** Ensure all identifiers clearly express their purpose and intent, making code <br>self-documenting<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Secure Error Handling</strong></summary><br> **Objective:** To prevent the leakage of sensitive system information through error messages while <br>providing sufficient detail for internal debugging.<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Secure Logging Practices</strong></summary><br> **Objective:** To ensure logs are useful for debugging and auditing without exposing sensitive <br>information like PII, PHI, or cardholder data.<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Security-First Input Validation and Data Handling</strong></summary><br> **Objective:** Ensure all data inputs are validated, sanitized, and handled securely to prevent <br>vulnerabilities<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td rowspan=1>⚪</td> <td><details> <summary><strong>Generic: Robust Error Handling and Edge Case Management</strong></summary><br> **Objective:** Ensure comprehensive error handling that provides meaningful context and graceful <br>degradation<br> **Status:** <br><a href='https://github.com/carverauto/serviceradar/pull/2007/files#diff-0e4db31c224a8f72ae8e870a849e38a59d74a2c7f7b04347b0b3eb07e20c5a80R1578-R1592'><strong>Build tool checks</strong></a>: The new genrule relies on host-provided tools (flex/bison/gperf) and only checks their <br>presence, which may still fail at runtime if versions are incompatible or PATH/PKG_CONFIG <br>paths are insufficient, lacking fallback handling.<br> <details open><summary>Referred Code</summary> ```txt for tool in flex bison gperf; do if ! command -v "$${tool}" >/dev/null 2>&1; then echo "Missing required build tool: $${tool} (expected in the RBE executor image or host toolchain)" >&2 exit 1 fi done export CNPG_ROOT="$${ROOT_DIR}" export CNPG_REAL_PG_CONFIG="$${ROOT_DIR}/usr/lib/postgresql/16/bin/pg_config" export PATH="$${ROOT_DIR}/usr/lib/postgresql/16/bin:$${ROOT_DIR}/usr/bin:/usr/bin:/bin:$${PATH:-}" export PKG_CONFIG_PATH="$${ROOT_DIR}/usr/lib/pkgconfig:$${ROOT_DIR}/usr/lib/x86_64-linux-gnu/pkgconfig:$${PKG_CONFIG_PATH:-}" cd "$${OUT_DIR}/age" make PG_CONFIG="$${OUT_DIR}/pg_config_wrapper_age.sh" FLEX=flex LEX=flex BISON=bison YACC="bison -y" -j4 mkdir -p "$${OUT_DIR}/install_age" make PG_CONFIG="$${OUT_DIR}/pg_config_wrapper_age.sh" FLEX=flex LEX=flex BISON=bison YACC="bison -y" DESTDIR="$${OUT_DIR}/install_age" install ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td align="center" colspan="2"> - [ ] Update  </td></tr></tbody></table> <details><summary>Compliance status legend</summary> 🟢 - Fully Compliant<br> 🟡 - Partial Compliant<br> 🔴 - Not Compliant<br> ⚪ - Requires Further Human Verification<br> 🏷️ - Compliance label<br> </details>

qodo-code-review[bot] commented

2025-11-24 17:08:11 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2007#issuecomment-3571841324
Original created: 2025-11-24T17:08:11Z

PR Code Suggestions ✨

No code suggestions found for the PR.

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2007#issuecomment-3571841324 Original created: 2025-11-24T17:08:11Z --- ## PR Code Suggestions ✨ No code suggestions found for the PR.