search

pybind / pybind11_bazel

Bazel wrapper around the pybind11 repository
Other
100 stars 54 forks source link

Missing integrity attr on pybind11 http_archive #102

Closed lalten closed 1 week ago

lalten commented 1 month ago

Getting this a lot:

DEBUG: Rule 'pybind11_bazel~~internal_configure_extension~pybind11' indicated that a canonical reproducible form can be obtained by modifying arguments integrity = "sha256-QR93OAxDeYUGs57FlPx/K1MqE8TbZ0/PKxyjRO+u+2g="
DEBUG: Repository pybind11_bazel~~internal_configure_extension~pybind11 instantiated at:
  <builtin>: in <toplevel>
Repository rule http_archive defined at:
  /mnt/data/bazel-user-root/27884f8c6ca1cf5fd7f4e20c15176f40/external/bazel_tools/tools/build_defs/repo/http.bzl:382:31: in <toplevel>

The reason is that https://github.com/pybind/pybind11_bazel/blob/0cded485dcedb5659423f9d9fa121357eccdf192/internal_configure.bzl#L19-L25 doesn't pass a sha256 or integrity attr.

Would be nice to improve this :)

drigz commented 1 week ago

Thanks for fixing this, I just looked into the warning today so perfect timing. Will you also issue a new release with the fixed internal_configure.bzl?

jiawen commented 1 week ago

Thanks for fixing this, I just looked into the warning today so perfect timing. Will you also issue a new release with the fixed internal_configure.bzl?

I'll try to find some cycles on Monday? I have never cut a release before, nor have I submitted anything to BCR. It should be straightforward but will probably take an hour or two.

drigz commented 6 days ago

I'll try to find some cycles on Monday? I have never cut a release before, nor have I submitted anything to BCR. It should be straightforward but will probably take an hour or two.

If you only have time to create the pybind11_bazel release that's still helpful as anyone can bump the BCR version. Since there's a Release GitHub action I think you'd just need to:

git checkout main
git pull
git tag v2.13.6
git push origin v2.13.6

~I expect the BCR update is slightly more involved as it requires calculation of the archive hash and duplication of the 2.12.0 directory, so~ let me know if you don't find time for that: https://github.com/bazelbuild/bazel-central-registry/tree/9b307de274431f4ee27fd1b787c12c19cebbc518/modules/pybind11_bazel/2.12.0

EDIT: there are instructions here to bump the version: https://github.com/bazelbuild/bazel-central-registry/blob/main/docs/README.md#contribute-a-bazel-module which says:

If you are the project owner, you can set up the Publish to BCR Github App for your repository to automatically send a PR to the BCR when cutting a new release.