First version of static verification tool.
The current state of the tool:
- Reads DAR files.
- Partially evaluates the code.
- Generates constraints for the field and choice to be verified.
- Passes the constraints to an SMT solver.
- Some basic tests.
* update rules_nixpkgs
* Use hermetic nixpkgs cc toolchain
CHANGELOG_BEGIN
CHANGELOG_END
* Work around Bazel's cc toolchain autodetection
* Use --crosstool_top for hermetic cc toolchain
When using --incompatible_enable_cc_toolchain_resolution instead
cc actions still depend on
`external/local_config_cc/builtin_include_directory_paths`
as well as
`external/nixpkgs_cc_toolchain_config/builtin_include_directory_paths`.
* override local_config_cc
* remove unused attribute
* Fix posix toolchain on Windows
* nixpkgs cc toolchain not on Windows
* Fix nixpkgs cc toolchain on MacOS
* nixpkgs cc toolchain uses bin/cc
* Use darwin.binutils on MacOS
* Remove clang(++) and gcc (g++) symlinks
The toolchain only considers `bin/cc` and having the other symlinks
around could lead to confusion
* Use hermetic toolchain in compatibility workspace
* Avoid empty linker flags
Co-authored-by: Andreas Herrmann <andreas.herrmann@tweag.io>
* postgresql-testing: Store the JDBC URL separately.
* postgresql-testing: Expose the username and password.
* postgresql-testing: Get the caller to create the database.
And make sure it's a random one, not "test".
CHANGELOG_BEGIN
CHANGELOG_END
* postgresql-testing: Only store the JDBC URL for tests.
Less mutable state, innit.
* postgresql-testing: Capture the individual JDBC URL parameters.
* Bazel: Fix PostgreSQL binary paths.
* postgresql-testing: Just recreate the database in PostgresAroundEach.
There's no need to restart the process with a different data directory.
This should fix the following issue that we see constantly on CI:
```
ld: warning: object file _ was built for newer OSX version (10.15) than being linked (10.14)
```
The issue was that the CC toolchain was not fully used in
haskell_cabal_package. --with-gcc (which is really --with-cc) only
applies when Cabal is calling the C compiler. However, in most cases
it is actually GHC itself which calls the C compiler. To make sure
that the right compiler is used in those cases, we have to pass
`-pgmc` and friends to GHC. This matches what rules_haskell does for
non cabal targets.
changelog_begin
changelog_end
* docs: publish daml-cheat-sheet on docs.daml.com
* separate cheat sheet rule
* Fixed `@daml-cheat-sheet`
* Uses `_config.yml` to determine the source directory root.
* Uses `tar h` to resolve symbolic links. Otherwise the tarball just
contains symbolic links to the execroot.
* Uses flags to make `tar` and `gzip` reproducible, i.e. avoid
timestamps and the like.
* cleanup
Co-authored-by: Andreas Herrmann <andreas.herrmann@tweag.io>
* Upgrade scala compiler silencer to 1.6.0
CHANGELOG_BEGIN
CHANGELOG_END
* Adapt build bazel file to new targets
* Switch to silencer plugin scala 2.12.11 per Samir's feedback
rather than 2.12.8
* Add missed bazel files
* Review feedback from Leo
* Diff with messaging feature and some noise manually removed
* Bazel target to use patch file in other build targets
* Patch file as data dep for integration tests
* Attempt to patch and test messaging feature in create-daml-app test
changelog_begin
changelog_end
* Use exports_files instead of filegroup
* Remove file existence checks that don't make sense
* Add patch to dev_env and reference it from integration tests
* Include patch on windows for later
* Set up yarn env again after codegen
* Restore file check
* Fix typo in comment on util function
* Add Tasty steps to make process explicit
* Use messaging patch for code snippets in GSG
* Use messaging code from template instead of copy
* Remove copied message code
* Refactor script to copy template code with messaging patch
* No need to retry second yarn install (only local deps should be updated)
* sdk-release-tarball: zip is unused
* daml-lf/archive: Use bazel_tools zipper
@bazel_tools//tools/zip:zipper avoids timestamps and sources of
indeterminism when creating an archive, so that the result is
reproducible.
CHANGELOG_BEGIN
CHANGELOG_END
* Remove unused @zip_dev_env
zip is fully replaced by @bazel_tools//tools/zip:zipper.
Co-authored-by: Andreas Herrmann <andreas.herrmann@tweag.io>
changelog_begin
changelog_end
For now this is only used for the daml-helper tests. I’ll shuffle
things around and use it for all tests in a separate PR.
On MacOS the `-s` linker flag (`--strip-all`) is obsolete. Instead, one
should pass `-unexported_symbols_list=*` to strip all symbols.
CHANGELOG_BEGIN
CHANGELOG_END
Co-authored-by: Andreas Herrmann <andreash87@gmx.ch>
This reduces the number of GHCs to 2 on Linux (regular and DWARF) and
1 on macOS. Given that each derivation is > 1 GB this should hopefully
help a bit.
changelog_begin
changelog_end
Context
=======
After multiple discussions about our current release schedule and
process, we've come to the conclusion that we need to be able to make a
distinction between technical snapshots and marketing releases. In other
words, we need to be able to create a bundle for early adopters to test
without making it an officially-supported version, and without
necessarily implying everyone should go through the trouble of
upgrading. The underlying goal is to have less frequent but more stable
"official" releases.
This PR is a proposal for a new release process designed under the
following constraints:
- Reuse as much as possible of the existing infrastructure, to minimize
effort but also chances of disruptions.
- Have the ability to create "snapshot"/"nightly"/... releases that are
not meant for general public consumption, but can still be used by savvy
users without jumping through too many extra hoops (ideally just
swapping in a slightly-weirder version string).
- Have the ability to promote an existing snapshot release to "official"
release status, with as few changes as possible in-between, so we can be
confident that the official release is what we tested as a prerelease.
- Have as much of the release pipeline shared between the two types of
releases, to avoid discovering non-transient problems while trying to
promote a snapshot to an official release.
- Triggerring a release should still be done through a PR, so we can
keep the same approval process for SOC2 auditability.
The gist of this proposal is to replace the current `VERSION` file with
a `LATEST` file, which would have the following format:
```
ef5d32b7438e481de0235c5538aedab419682388 0.13.53-alpha.20200214.3025.ef5d32b7
```
This file would be maintained with a script to reduce manual labor in
producing the version string. Other than that, the process will be
largely the same, with releases triggered by changes to this `LATEST`
and the release notes files.
Version numbers
===============
Because one of the goals is to reduce the velocity of our published
version numbers, we need a different version scheme for our snapshot
releases. Fortunately, most version schemes have some support for that;
unfortunately, the SDK sits at the intersection of three different
version schemes that have made incompatible choices. Without going into
too much detail:
- Semantic versioning (which we chose as the version format for the SDK
version number) allows for "prerelease" version numbers as well as
"metadata"; an example of a complete version string would be
`1.2.3-nightly.201+server12.43`. The "main" part of the version string
always has to have 3 numbers separated by dots; the "prerelease"
(after the `-` but before the `+`) and the "metadata" (after the `+`)
parts are optional and, if present, must consist of one or more segments
separated by dots, where a segment can be either a number or an
alphanumeric string. In terms of ordering, metadata is irrelevant and
any version with a prerelease string is before the corresponding "main"
version string alone. Amongst prereleases, segments are compared in
order with purely numeric ones compared as numbers and mixed ones
compared lexicographically. So 1.2.3 is more recent than 1.2.3-1,
which is itself less recent than 1.2.3-2.
- Maven version strings are any number of segments separated by a `.`, a
`-`, or a transition between a number and a letter. Version strings
are compared element-wise, with numeric segments being compared as
numbers. Alphabetic segments are treated specially if they happen to be
one of a handful of magic words (such as "alpha", "beta" or "snapshot"
for example) which count as "qualifiers"; a version string with a
qualifier is "before" its prefix (`1.2.3` is before `1.2.3-alpha.3`,
which is the same as `1.2.3-alpha3` or `1.2.3-alpha-3`), and there is a
special ordering amongst qualifiers. Other alphabetic segments are
compared alphabetically and count as being "after" their prefix
(`1.2.3-really-final-this-time` counts as being released after `1.2.3`).
- GHC package numbers are comprised of any number of numeric segments
separated by `.`, plus an optional (though deprecated) alphanumeric
"version tag" separated by a `-`. I could not find any official
documentation on ordering for the version tag; numeric segments are
compared as numbers.
- npm uses semantic versioning so that is covered already.
After much more investigation than I'd care to admit, I have come up
with the following compromise as the least-bad solution. First,
obviously, the version string for stable/marketing versions is going to
be "standard" semver, i.e. major.minor.patch, all numbers, which works,
and sorts as expected, for all three schemes. For snapshot releases, we
shall use the following (semver) format:
```
0.13.53-alpha.20200214.3025.ef5d32b7
```
where the components are, respectively:
- `0.13.53`: the expected version string of the next "stable" release.
- `alpha`: a marker that hopefully scares people enough.
- `20200214`: the date of the release commit, which _MUST_ be on
master.
- `3025`: the number of commits in master up to the release commit
(included). Because we have a linear, append-only master branch, this
uniquely identifies the commit.
- `ef5d32b7ù : the first 8 characters of the release commit sha. This is
not strictly speaking necessary, but makes it a lot more convenient to
identify the commit.
The main downsides of this format are:
1. It is not a valid format for GHC packages. We do not publish GHC
packages from the SDK (so far we have instead opted to release our
Haskell code as separate packages entirely), so this should not be an
issue. However, our SDK version currently leaks to `ghc-pkg` as the
version string for the stdlib (and prim) packages. This PR addresses
that by tweaking the compiler to remove the offending bits, so `ghc-pkg`
would see the above version number as `0.13.53.20200214.3025`, which
should be enough to uniquely identify it. Note that, as far as I could
find out, this number would never be exposed to users.
2. It is rather long, which I think is good from a human perspective as
it makes it more scary. However, I have been told that this may be
long enough to cause issues on Windows by pushing us past the max path
size limitation of that "OS". I suggest we try it and see what
happens.
The upsides are:
- It clearly indicates it is an unstable release (`alpha`).
- It clearly indicates how old it is, by including the date.
- To humans, it is immediately obvious which version is "later" even if
they have the same date, allowing us to release same-day patches if
needed. (Note: that is, commits that were made on the same day; the
release date itself is irrelevant here.)
- It contains the git sha so the commit built for that release is
immediately obvious.
- It sorts correctly under all schemes (modulo the modification for
GHC).
Alternatives I considered:
- Pander to GHC: 0.13.53-alpha-20200214-3025-ef5d32b7. This format would
be accepted by all schemes, but will not sort as expected under semantic
versioning (though Maven will be fine). I have no idea how it will sort
under GHC.
- Not having any non-numeric component, e.g. `0.13.53.20200214.3025`.
This is not valid semantic versioning and is therefore rejected by
npm.
- Not having detailed info: just go with `0.13.53-snapshot`. This is
what is generally done in the Java world, but we then lose track of what
version is actually in use and I'm concerned about bug reports. This
would also not let us publish to the main Maven repo (at least not more
than once), as artifacts there are supposed to be immutable.
- No having a qualifier: `0.13.53-3025` would be acceptable to all three
version formats. However, it would not clearly indicate to humans that
it is not meant as a stable version, and would sort differently under
semantic versioning (which counts it as a prerelease, i.e. before
`0.13.53`) than under maven (which counts it as a patch, so after
`0.13.53`).
- Just counting releases: `0.13.53-alpha.1`, where we just count the
number of prereleases in-between `0.13.52` and the next. This is
currently the fallback plan if Windows path length causes issues. It
would be less convenient to map releases to commits, but it could still
be done via querying the history of the `LATEST` file.
Release notes
=============
> Note: We have decided not to have release notes for snapshot releases.
Release notes are a bit tricky. Because we want the ability to make
snapshot releases, then later on promote them to stable releases, it
follows that we want to build commits from the past. However, if we
decide post-hoc that a commit is actually a good candidate for a
release, there is no way that commit can have the appropriate release
notes: it cannot know what version number it's getting, and, moreover,
we now track changes in commit messages. And I do not think anyone wants
to go back to the release notes file being a merge bottleneck.
But release notes need to be published to the releases blog upon
releasing a stable version, and the docs website needs to be updated and
include them.
The only sensible solution here is to pick up the release notes as of
the commit that triggers the release. As the docs cron runs
asynchronously, this means walking down the git history to find the
relevant commit.
> Note: We could probably do away with the asynchronicity at this point.
> It was originally included to cover for the possibility of a release
> failing. If we are releasing commits from the past after they have been
> tested, this should not be an issue anymore. If the docs generation were
> part of the synchronous release step, it would have direct access to the
> correct release notes without having to walk down the git history.
>
> However, I think it is more prudent to keep this change as a future step,
> after we're confident the new release scheme does indeed produce much more
> reliable "stable" releases.
New release process
===================
Just like releases are currently controlled mostly by detecting
changes to the `VERSION` file, the new process will be controlled by
detecting changes to the `LATEST` file. The format of that file will
include both the version string and the corresponding SHA.
Upon detecting a change to the `LATEST` file, CI will run the entire
release process, just like it does now with the VERSION file. The main
differences are:
1. Before running the release step, CI will checkout the commit
specified in the LATEST file. This requires separating the release
step from the build step, which in my opinion is cleaner anyway.
2. The `//:VERSION` Bazel target is replaced by a repository rule
that gets the version to build from an environment variable, with a
default of `0.0.0` to remain consistent with the current `daml-head`
behaviour.
Some of the manual steps will need to be skipped for a snapshot release.
See amended `release/RELEASE.md` in this commit for details.
The main caveat of this approach is that the official release will be a
different binary from the corresponding snapshot. It will have been
built from the same source, but with a different version string. This is
somewhat mitigated by Bazel caching, meaning any build step that does
not depend on the version string should use the cache and produce
identical results. I do not think this can be avoided when our artifact
includes its own version number.
I must note, though, that while going through the changes required after
removing the `VERSION` file, I have been quite surprised at the sheer number of
things that actually depend on the SDK version number. I believe we should
look into reducing that over time.
CHANGELOG_BEGIN
CHANGELOG_END
* Build commonjs format for npm packaging
CHANGELOG_BEGIN
CHANGELOG_END
* Custom commonjs typescript library rule
The npm packages generated by rules_nodejs' native ts_library rule use
the UMD package format. This breaks webpack which attempts to determine
dependencies by static code analysis and fails on UMD. To avoid this we
call `tsc` directly to ensure generation of commonjs modules.
* Enable module mapping on ts_commonjs_library
* Replace ts_library by da_ts_library
* Add dummy typescript/index.bzl on Windows
Co-authored-by: Andreas Herrmann <andreash87@gmx.ch>
* ledger-api-test-tool-on-canton: Upgrade Canton to v0.7.0.
CHANGELOG_BEGIN
CHANGELOG_END
* ledger-api-test-tool-on-canton: Use the health endpoint instead of `nc`.
Netty prints a warning when kicking it with `nc -z` from Nix's
netcat-gnu. Not other netcats though… don't know why.
* ledger-api-test-tool-on-canton: Let IntelliJ format the shell script.
* ledger-api-test-tool-on-canton: Stop Canton with SIGINT.
For some reason, Canton doesn't print out a load of errors if it's
stopped with SIGINT (Ctrl+C). SIGTERM, on the other hand…
* ledger-api-test-tool-on-canton: Write Canton logs to STDOUT.
Now the logs are no longer noisy, we can just pump them to STDOUT. This
should make debugging any transient issues on CI a lot easier.
* Remove language-support/ts/packages/yarn.lock
That file is for local development exclusively.
CHANGELOG_BEGIN
CHANGELOG_END
* yarn args --frozen-lockfile
Co-authored-by: Andreas Herrmann <andreash87@gmx.ch>
* Disable all the TS stuff on Windows
changelog_begin
changelog_end
* disable jest explicitly
* more disabling
* :sadpanda:
* Replace @language_support_ts_deps on Windows
Provides dummy content so that `load` commands are still valid on
Windows without `yarn_install`.
* disable daml-ledger-fetch on windows
* shut up buildifier
Co-authored-by: Andreas Herrmann <andreash87@gmx.ch>
* added a package.json to work with yarn workspaces
This adds a package.json files on top of our typescript libraries so
that we can develop locally via yarn workspaces. The package.json that
describes the bazel managed dependencies is moved into a subfolder.
CHANGELOG_BEGIN
CHANGELOG_END
* updated bazelignore
* SDK_VERSION -> SDKVERSION
* Remove unused npm_nix
* Use node_nix directly on Unix
rules_nodejs requires a vendored node to contain the node distribution
in a subdirectory of the provided external repository. With the default
node Nix package this is not the case. The nodejs_dev_env workspace used
an intermediate repository rule to fulfill these requirements.
Occasionally, this caused flakiness on CI.
This change fulfills this requirement on the Nix side, so that Bazel can
consume the provided Nix derivation directly.
CHANGELOG_BEGIN
CHANGELOG_END
* Avoid collision with dev-env tools like license-checker
* buildifier-fix
* Add comment motivating use of `@node_nix` on Unix.
* Document npm-cli patch
Co-authored-by: Andreas Herrmann <andreash87@gmx.ch>
* language: put sdk versions into package.json
The typescript library versions of our support libraries are now given
by the sdk version.
CHANGELOG_BEGIN
CHANGELOG_END
* removed local field
* better placeholders
* consistent SDK_VERSION
* sed sdkversion in test script
* language: bazel rules for daml-json-types/daml-ledger-fetch
This moves the daml-json-types/daml-ledger-fetch libraries out of the
tests directory and builds them with bazel. We'll rename these libraries
in a follow up PR.
CHANGELOG_BEGIN
CHANGELOG_END
* Update deps.bzl
Co-Authored-By: Andreas Herrmann <42969706+aherrmann-da@users.noreply.github.com>
* updated package.json
* rename nodejs patch
* update yarn.lock
* update @bazel/bazel dependency
* wrong typescript version in toplevel package.json
Co-authored-by: Andreas Herrmann <42969706+aherrmann-da@users.noreply.github.com>
* Remove manual stack update
* Update rules_haskell
* rules_haskell_worker_dependencies after bazel-haskell-deps
* Update rules_haskell Windows patch
* make cabal haddock optional
* Don't generate Haddocks on stack_snapshot
Fails with ghc-lib and takes more time to build.
Co-authored-by: Andreas Herrmann <andreash87@gmx.ch>
* Revert "Remove docker bazel target for sandbox (#3802)"
This reverts commit 48a381ca49.
* sandbox: Use the public `openjdk` Docker image rather than GCR's.
Turns out you need to authenticate with Google Container Registry
regardless of whether the image is public or not. We don't want people
to have to bother logging in to GCR just to get Bazel working.
* ledger: Document the health checks.
* sandbox: Build a Docker image.
* sandbox: Create a sample Kubernetes YAML file.
* sandbox: Add health probes to the sample Kubernetes configuration file.
Startup and liveness are tested with a simple TCP connection to port
6865. Readiness checks are done with `grpc-health-probe`, which is added
to the Sandbox container image.
* sandbox: Link to kubernetes.yaml in the README and provide a disclaimer.
// changelog removed as it's not actually relevant to users
* sandbox: Don't try and build `sandbox-image-base` on Windows.
* Apply suggestions from code review
Co-Authored-By: Stefano Baghino <43749967+stefanobaghino-da@users.noreply.github.com>
This release contains a canton flakiness fix to prevent the
occurrence of `Disputed: Failed to select first domain: The
following parti(es) are not available on any connected domain`
during SemanticTest runs.
* Get grpc from nix on unix
The one from Bazel seems to cause linking issues when trying to run
things in GHCi. I’ve spent some time trying to use rules_foreign_cc to
build gRPC using CMake but decided that for my own sanity it’s better
to not pursue that further.
* Address review comments
* Add missing module load
* Cleanup GHCI_SCRIPT
* use the correct file ending on macos
* Import is_linux
* Switch back to grpc-1.23
The newer version seems to cause issues in combination with the java libraries.
* Try to fix package_app on macos
* more debugging
* Maybe this is not necessary, we will never know
* linkers are the worst
* Remove debugging output again
* readd rpaths
* treat libdispatch specially
* remove hack
* more fooling around
* lalala
rules_haskell looks for stack in PATH. On Windows it is provided by
dadew (i.e. scoop). rules_haskell then symlinks (copies on Windows) the
stack binary. Unfortunately, this breaks with scoop as the shim file is
then not found.
* Fix pip and pipenv
Since the latest nixpkgs update pip is no longer contained in the python
derivation but instead in its own `python37Packages.pip` derivation.
Additionally the pipenv version in nixpkgs is incompatible with the pip
version, as pipenv expects a module to be present which is only
available in later versions. This change overrides pip with a version
update to fix this issue.
Upstream nixpkgs has already updated pip accordingly
* Update nixpkgs
The versions of `pipenv` and `pip` contained in `nixpkgs` where
previously incompatible. They are compatible in the new `nixpkgs`
revision.
Just overriding the pip version caused too many uncached rebuilds and
timed out on CI.
* Update nixpkgs further
To incorporate
efce3c1367
* Try to build fewer GHCs
* nix: drop sass override
nixpkgs-unstable is on the same page.
* nix: use upstream chromedriver
* nix: remove pex override
* nix: drop pypi2nix override
* Fix bazel-watcher
* try upgrading rules go
* Remove overrides for ibazel
* Upgrade rules_go
* Remove references to sass overrides
* ledger-api-test-tool-on-canton: Upgrade Canton to v0.4.0.
* workspace: Expose a Java library from the Canton external dependency.`
* workspace: Use double quotes for multiline strings too.