Merge pull request #112 from privacysandbox/release-0.78.0

Release 0.78.0
privacysandbox · Jan 31, 2025 · 62184c2 · 62184c2
2 parents bf14632 + ac94af6
commit 62184c2
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,13 @@
 
 All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines.
 
+## 0.78.0 (2025-01-31)
+
+
+### Features
+
+* Run bazel in privileged container
+
 ## 0.77.0 (2025-01-13)
 
 

diff --git a/tools/bazel-debian b/tools/bazel-debian
@@ -64,8 +64,11 @@ declare -a APP_ARGS
 declare -r -a ARGLIST=("$@")
 partition_array ARGLIST BAZEL_ARGS APP_ARGS
 
+# run bazel without sandboxing
+BAZEL_ARGS+=("--spawn_strategy=local")
+
 # shellcheck disable=SC2086
-"${CBUILD}" ${EXTRA_CBUILD_ARGS} --seccomp-unconfined --image "${IMAGE}" --cmd "
+"${CBUILD}" ${EXTRA_CBUILD_ARGS} --seccomp-unconfined --privileged --image "${IMAGE}" --cmd "
 printf 'bazel output_base: [%s]\n' \"\$(bazel info output_base 2>/dev/null)\"
 bazel ${BAZEL_STARTUP_ARGS} ${BAZEL_ARGS[*]@Q} ${BAZEL_EXTRA_ARGS} ${APP_ARGS[*]@Q}
 "
diff --git a/tools/cbuild b/tools/cbuild
@@ -54,6 +54,7 @@ USAGE
     --without-embedded-docker  Disable docker client within container
     --docker-network <value>   Specify docker network type or name, value passed to docker run --network. Default: ${DOCKER_NETWORK}
     --seccomp-unconfined       Run docker container without a seccomp profile
+    --privileged               Run in a privileged docker container
     --verbose                  Enable verbose output
 
   Profiler flags:
@@ -81,6 +82,7 @@ declare -i WITH_DOCKER_SOCK=1
 declare -i WITH_CMD_PROFILER=0
 DOCKER_NETWORK="${DOCKER_NETWORK:-bridge}"
 declare -i DOCKER_SECCOMP_UNCONFINED=0
+declare -i DOCKER_PRIVILEGED=0
 declare -i ONE_TIME_CONTAINER=0
 declare -i KEEP_CONTAINER_RUNNING=0
 declare LONG_RUNNING_CONTAINER_TIMEOUT=8h
@@ -133,6 +135,10 @@ while [[ $# -gt 0 ]]; do
       DOCKER_SECCOMP_UNCONFINED=1
       shift
       ;;
+    --privileged)
+      DOCKER_PRIVILEGED=1
+      shift
+      ;;
     --verbose)
       VERBOSE=1
       shift
@@ -211,6 +217,10 @@ if [[ ${DOCKER_SECCOMP_UNCONFINED} -eq 1 ]]; then
   DOCKER_RUN_ARGS+=("--security-opt=seccomp=unconfined")
 fi
 
+if [[ ${DOCKER_PRIVILEGED} -eq 1 ]]; then
+  DOCKER_RUN_ARGS+=("--privileged")
+fi
+
 if [[ ${WITH_CMD_PROFILER} -eq 1 ]]; then
   if [[ ${IMAGE} != build-debian ]]; then
     printf "error: --cmd-profiler is only compatible with build-debian\n" &>/dev/stderr

diff --git a/version.txt b/version.txt
@@ -1 +1 @@
-0.77.0
+0.78.0