Restructure bazelrc for reproducible builds (#2492)
Moves the bulk of our bazelrc to a separate directory and then imports
it in the workspace bazelrc. This allows us to remove the workspace rc
from CI build scripts, which means that when running them locally we're
actually running with the same flags for reproducible builds and cache
hits.
diff --git a/.bazelrc b/.bazelrc
index 27a05f2..2fbdb6f 100644
--- a/.bazelrc
+++ b/.bazelrc
@@ -12,276 +12,10 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-###############################################################################
-# Common flags that apply to all configurations.
-# Use sparingly for things common to all compilers and platforms.
-###############################################################################
-# Prevent invalid caching if input files are modified during a build.
-build --experimental_guard_against_concurrent_changes
-# Default to optimized builds
-# Override via: "-c dbg" or --compilation_mode=dbg
-build --compilation_mode=opt
-# Used in TensorFlow, so we have to enable it here as well.
-common --experimental_repo_remote_exec
-# Actually printing output on errors is... a useful default
-test --test_output=errors
-
-# TODO: Transition to the explicit init_py mechanism. See #2405
-# This is commented out while considering transition path but left as a
-# breadcrumb.
-# build --incompatible_default_to_explicit_init_py
-
-# TensorFlow always sets these in OSS which makes it impossible to build TF
-# without them...
-build --define open_source_build=true
-
-###############################################################################
-# Options for "generic_clang" builds: these options should generally apply to
-# either clang or gcc and are curated based on need.
-###############################################################################
-
-# C++14 standard version is required.
-build:generic_clang --cxxopt=-std=c++14 --host_cxxopt=-std=c++14
-
-# Default to adding back asserts in optimized builds.
-# This is a good compromise between runtime and debugability.
-build:generic_clang --copt=-UNDEBUG
-
-# Treat warnings in-workspace as errors.
-build:generic_clang --per_file_copt=-external/.*@-Werror
-# ...and silence them outside of the workspace.
-build:generic_clang --per_file_copt=external/.*@-w
-
-# LINT.IfChange(clang_diagnostics)
-# Set clang diagnostics. These largely match the set of warnings used within
-# Google. They have not been audited super carefully by the IREE team but are
-# generally thought to be a good set and consistency with those used internally
-# is very useful when importing. If you feel hat some of these should be
-# different, please raise an issue!
-
-build:generic_clang --copt=-Wall
-
-# Disable warnings we don't care about or that generally have a low signal/noise
-# ratio.
-build:generic_clang --copt=-Wno-ambiguous-member-template
-build:generic_clang --copt=-Wno-char-subscripts
-build:generic_clang --copt=-Wno-error=deprecated-declarations
-build:generic_clang --copt=-Wno-extern-c-compat # Matches upstream. Cannot impact due to extern C inclusion method.
-build:generic_clang --copt=-Wno-gnu-alignof-expression
-build:generic_clang --copt=-Wno-gnu-variable-sized-type-not-at-end
-build:generic_clang --copt=-Wno-ignored-optimization-argument
-build:generic_clang --copt=-Wno-invalid-offsetof # Technically UB but needed for intrusive ptrs
-build:generic_clang --copt=-Wno-invalid-source-encoding
-build:generic_clang --copt=-Wno-mismatched-tags
-build:generic_clang --copt=-Wno-pointer-sign
-build:generic_clang --copt=-Wno-reserved-user-defined-literal
-build:generic_clang --copt=-Wno-return-type-c-linkage
-build:generic_clang --copt=-Wno-self-assign-overloaded
-build:generic_clang --copt=-Wno-sign-compare
-build:generic_clang --copt=-Wno-signed-unsigned-wchar
-build:generic_clang --copt=-Wno-strict-overflow
-build:generic_clang --copt=-Wno-trigraphs
-build:generic_clang --copt=-Wno-unknown-pragmas
-build:generic_clang --copt=-Wno-unknown-warning-option
-build:generic_clang --copt=-Wno-unused-command-line-argument
-build:generic_clang --copt=-Wno-unused-const-variable
-build:generic_clang --copt=-Wno-unused-function
-build:generic_clang --copt=-Wno-unused-local-typedef
-build:generic_clang --copt=-Wno-unused-private-field
-build:generic_clang --copt=-Wno-user-defined-warnings
-build:generic_clang --copt=-Wno-macro-redefined # TODO(GH-2556): Re-enable (IREE and TF both define LOG)
-
-# Explicitly enable some additional warnings.
-# Some of these aren't on by default, or under -Wall, or are subsets of warnings
-# turned off above.
-build:generic_clang --copt=-Wctad-maybe-unsupported
-build:generic_clang --copt=-Wfloat-overflow-conversion
-build:generic_clang --copt=-Wfloat-zero-conversion
-build:generic_clang --copt=-Wfor-loop-analysis
-build:generic_clang --copt=-Wformat-security
-build:generic_clang --copt=-Wgnu-redeclared-enum
-build:generic_clang --copt=-Wimplicit-fallthrough
-build:generic_clang --copt=-Winfinite-recursion
-build:generic_clang --copt=-Wliteral-conversion
-build:generic_clang --copt=-Wnon-virtual-dtor
-build:generic_clang --copt=-Woverloaded-virtual
-build:generic_clang --copt=-Wself-assign
-build:generic_clang --copt=-Wstring-conversion
-build:generic_clang --copt=-Wtautological-overlap-compare
-build:generic_clang --copt=-Wthread-safety
-build:generic_clang --copt=-Wthread-safety-beta
-build:generic_clang --copt=-Wunused-comparison
-build:generic_clang --copt=-Wunused-variable
-build:generic_clang --copt=-Wvla
-# LINT.ThenChange(https://github.com/google/iree/tree/main/build_tools/cmake/iree_copts.cmake:clang_diagnostics)
-
-###############################################################################
-# Options for building with address sanitizer.
-# https://github.com/google/sanitizers/wiki/AddressSanitizer
-###############################################################################
-
-# Turn on asan. Some toolchains make use of the asan feature and we'll directly
-# set the appropriate opts.
-build:asan --features=asan
-build:asan --copt=-fsanitize=address
-build:asan --linkopt=-fsanitize=address
-
-# Don't strip debug info
-build:asan --strip=never
-# Ignore settings of `linkopts = ["-static"]` which can screw up the sanitizer.
-# We don't use this in IREE (that's what linkstatic is for), but it could show
-# up in dependencies.
-build:asan --force_ignore_dash_static
-# asan tests tend to take longer, so increase the timeouts
-build:asan --test_timeout=120,600,1800,-1
-# Make the outputs easy to find
-build:asan --cc_output_directory_tag=asan
-# Get better stack traces
-build:asan --copt=-fno-omit-frame-pointer
-# This macro define is used by absl
-build:asan --copt=-DADDRESS_SANITIZER
-
-###############################################################################
-# Architecture specific options
-###############################################################################
-
-# Enable some default cpu flags for x86 optimization.
-build:x86opt --copt=-mavx2
-
-###############################################################################
-# Configuration for building remotely using Remote Build Execution (RBE)
-# https://cloud.google.com/remote-build-execution/
-# Based on https://github.com/bazelbuild/bazel-toolchains/blob/master/bazelrc/bazel-1.0.0.bazelrc
-# Currently in development only usable by CI.
-###############################################################################
-
-# Options for connecting to the IREE GCP remote build project. These are
-# repeated separately in each config to avoid warnings about configs being
-# expanded more than once.
-
-# Enable authentication. This will pick up application default credentials by
-# default. You can use --google_credentials=some_file.json to use a service
-# account credential instead.
-build:rbe --google_default_credentials=true
-# Point to the remote instance constructed in the iree-oss project
-build:rbe --remote_instance_name=projects/iree-oss/instances/default_instance
-
-# Depending on how many machines are in the remote execution instance, setting
-# this higher can make builds faster by allowing more jobs to run in parallel.
-# Setting it too high can result in jobs that timeout, however, while waiting
-# for a remote machine to execute them.
-build:rbe --jobs=50
-
-# Flags related to specifying the platform, toolchain and java properties.
-# These flags must be adapted to work with toolchain containers other than
-# rbe-ubuntu16-04
-# References to "rbe_default" matches rbe_autoconfig(name="rbe_default") in
-# WORKSPACE
-build:rbe --host_javabase=@rbe_default//java:jdk
-build:rbe --javabase=@rbe_default//java:jdk
-build:rbe --host_java_toolchain=@bazel_tools//tools/jdk:toolchain_hostjdk8
-build:rbe --java_toolchain=@bazel_tools//tools/jdk:toolchain_hostjdk8
-build:rbe --crosstool_top=@rbe_default//cc:toolchain
-build:rbe --action_env=BAZEL_DO_NOT_DETECT_CPP_TOOLCHAIN=1
-# Platform flags:
-# The toolchain container used for execution is defined in the target indicated
-# by "extra_execution_platforms", "host_platform" and "platforms".
-# More about platforms: https://docs.bazel.build/versions/master/platforms.html
-build:rbe --extra_toolchains=@rbe_default//config:cc-toolchain
-build:rbe --extra_execution_platforms=@rbe_default//config:platform
-build:rbe --host_platform=@rbe_default//config:platform
-build:rbe --platforms=@rbe_default//config:platform
-
-build:rbe --define=EXECUTOR=remote
-
-# Enable remote execution so actions are performed on the remote systems.
-build:rbe --remote_executor=grpcs://remotebuildexecution.googleapis.com
-
-# Enforce stricter environment rules, which eliminates some non-hermetic
-# behavior and therefore improves both the remote cache hit rate and the
-# correctness and repeatability of the build.
-build:rbe --incompatible_strict_action_env=true
-
-# Set a higher timeout value, just in case.
-build:rbe --remote_timeout=3600
-
-# Local disk cache is incompatible with remote execution (for obvious reasons).
-build:rbe --disk_cache=""
-
-###############################################################################
-# Configuration for uploading build results to Result Store UI
-# https://cloud.google.com/remote-build-execution/docs/results-ui/getting-started-results-ui
-# Can be used either with or without --config=rbe.
-###############################################################################
-
-# Options for connecting to the IREE GCP remote build project. These are
-# repeated separately in each config to avoid warnings about configs being
-# expanded more than once.
-
-# Enable authentication. This will pick up application default credentials by
-# default. You can use --google_credentials=some_file.json to use a service
-# account credential instead.
-build:rs --google_default_credentials=true
-# Point to the remote instance constructed in the iree-oss project
-build:rs --remote_instance_name=projects/iree-oss/instances/default_instance
-
-build:rs --bes_backend="buildeventservice.googleapis.com"
-build:rs --bes_results_url="https://source.cloud.google.com/results/invocations/"
-build:rs --project_id=iree-oss
-
-###############################################################################
-# Windows specific flags for building with VC.
-###############################################################################
-
-build:windows --define=iree_is_msvc=true
-build:windows --copt=/wd4624 # destructor was implicitly defined as deleted
-build:windows --copt=/wd4244 # possible loss of data
-build:windows --copt=/wd4005 # macro redefinition
-build:windows --copt=/wd4267 # initializing: possible loss of data
-build:windows --copt=/wd4141 # inline used more than once
-build:windows --per_file_copt=mkl_dnn@/wd4551 # missing argument list
-build:windows --per_file_copt=mkl_dnn@/wd4068 # unknown pragma
-build:windows --per_file_copt=farmhash@/wd4319 # zero extending to T of greater size
-
-build:windows --linkopt=/IGNORE:4217 # mismatch import/export declspec
-
-# Enables unix-style runfiles link trees (requires symlink permission).
-# See: https://blogs.windows.com/windowsdeveloper/2016/12/02/symlinks-windows-10/
-# Generally: Enable Developer Mode in the Developer Settings page of the
-# system settings.
-build:windows --experimental_enable_runfiles
-# Flags to make tensorflow build.
-# Some of these are also of general use and fine to enable globally for windows.
-build:windows --copt=/arch:AVX
-# Host and target are the same in windows so don't waste time building both.
-build:windows --distinct_host_configuration=false
-# Avoids incompatible versions of winsock and other badness.
-build:windows --copt=/DWIN32_LEAN_AND_MEAN --host_copt=/DWIN32_LEAN_AND_MEAN
-# That is one way to have less warnings :(
-build:windows --per_file_copt=tensorflow@-w
-build:windows --per_file_copt=protobuf@-w
-# Why are min/max macros? No one knows.
-build:windows --copt=/DNOMINMAX --host_copt=/DNOMINMAX
-# Yay for security warnings. Boo for non-standard.
-build:windows --copt=/D_CRT_SECURE_NO_WARNINGS --host_copt=/D_CRT_SECURE_NO_WARNINGS
-# TensorFlow requires the "monolithic" build mode for now on Windows.
-build:windows --define framework_shared_object=false
-# Necessary for M_* math constants.
-build:windows --copt=/D_USE_MATH_DEFINES --host_copt=/D_USE_MATH_DEFINES
-
-# Workaround WinGDI.h defining `ERROR`, which conflicts with logging macros.
-# Note that IREE and TensorFlow both `#undef ERROR` and define their own
-# separate logging constants with the same name, but IREE needs the Windows
-# "graphics device interface" (GDI) for certain GUI sample projects.
-build:windows --per_file_copt=tensorflow@-DNOGDI
-
-# Disables TensorFlow eigen bloat and reduces compile times.
-build:windows --define=override_eigen_strong_inline=true
-
-# Another TensorFlow flag from their config script.
-build:windows --define with_default_optimizations=true
-
-###############################################################################
+# Import the main bazelrc config. This is in a separate file so that it's
+# possible to turn off all user bazelrc options by specifying
+# `--nosystem_rc --nohome_rc --noworkspace_rc --bazelrc=build_tools/bazel/iree.bazelrc`
+try-import %workspace%/build_tools/bazel/iree.bazelrc
# Run the configure_bazel.py script to generate.
try-import %workspace%/configured.bazelrc
