Skip to content

Bump bant dev dependency 0.2.4 → 0.2.5#10102

Closed
oharboe wants to merge 1 commit into
The-OpenROAD-Project:masterfrom
oharboe:upgrade/bazel-dev-deps
Closed

Bump bant dev dependency 0.2.4 → 0.2.5#10102
oharboe wants to merge 1 commit into
The-OpenROAD-Project:masterfrom
oharboe:upgrade/bazel-dev-deps

Conversation

@oharboe

@oharboe oharboe commented Apr 10, 2026

Copy link
Copy Markdown
Collaborator

dev_dependency=True, not propagated to downstream consumers.

verilator, rules_scala, and rules_jvm_external were not upgraded due to tight coupling in the Scala/Chisel/Verilator ecosystem that requires a coordinated upgrade effort.

dev_dependency=True, not propagated to downstream consumers.

verilator, rules_scala, and rules_jvm_external were not upgraded
due to tight coupling in the Scala/Chisel/Verilator ecosystem
that requires a coordinated upgrade effort.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
@github-actions

Copy link
Copy Markdown
Contributor

clang-tidy review says "All clean, LGTM! 👍"

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the 'bant' development dependency to version 0.2.5 in the MODULE.bazel file and synchronizes the MODULE.bazel.lock file. The lock file updates include version increments for apple_support, pybind11_bazel, and re2, the addition of bazel_features and rules_python versions, and the removal of a rules_cc entry. I have no feedback to provide.

@oharboe

oharboe commented Apr 10, 2026

Copy link
Copy Markdown
Collaborator Author

@hzeller Good idea to upgrade?

@hzeller

hzeller commented Apr 10, 2026

Copy link
Copy Markdown
Collaborator

yeah, keeping that fresh is always good.

@maliberty

Copy link
Copy Markdown
Member

update lock

@oharboe

oharboe commented Apr 11, 2026

Copy link
Copy Markdown
Collaborator Author

update lock

@hzeller The pain!

Proposal: Move lint, format, and MODULE.bazel.lock updates to post-merge commits

As an external contributor and maintainer contact, I'd like to raise a CI policy concern that is creating significant and avoidable serialization overhead for anyone submitting multiple independent PRs that touch MODULE.bazel.

The current workflow requires a "update lock" step that can only be completed after the daily pr-merge bump runs — a 1–2 day gate per PR. Since any number of open PRs touching MODULE.bazel will conflict with each other, they cannot be merged in parallel. Each must be merged, verified clean, and only then can the next be rebased and queued. Across N PRs, this compounds into weeks of wall-clock time for what are often routine, independent changes.

The proposed fix: remove linting, formatting, and MODULE.bazel.lock update requirements from PR checks entirely, and instead apply them automatically in a post-merge commit via CI. This is the same approach we adopted internally after hitting this exact wall, and GitHub merge queues make it straightforward to implement cleanly.

On the security question: I anticipate a concern that removing the lock file check from PRs weakens security. I'd argue the opposite. The MODULE.bazel.lock file is auto-generated — a malicious PR doesn't need to manipulate it directly, only MODULE.bazel itself, which human review should catch regardless. More importantly, a lock file generated by a controlled, auditable CI environment after merge is more trustworthy than one generated on a contributor's local machine, which may be compromised or misconfigured. The meaningful security surface is the dependency change in MODULE.bazel, not the generated lock.

Removing this check from PRs reduces friction for legitimate contributors, eliminates a serialization bottleneck that disproportionately impacts high-volume contribution workflows, and arguably improves the integrity of the generated lock file.

And while we are at it — please, the lint, gemini nags and format checks too. We are begging. Every contributor has been there: the code is correct, the change is good, the review is done — and it sits blocked because a line is two spaces wide instead of one, or because the local clang-format version is 14.0.1 instead of 14.0.0. It is death by a thousand papercuts. Auto-applying lint and format in a post-merge commit costs nothing and gives back enormous amounts of contributor goodwill, maintainer time, and CI throughput. The codebase stays clean. The pain goes away.

🥺

@oharboe

oharboe commented Apr 11, 2026

Copy link
Copy Markdown
Collaborator Author

I made the mistake of adding bazel lock

@oharboe oharboe closed this Apr 11, 2026
@oharboe oharboe deleted the upgrade/bazel-dev-deps branch April 11, 2026 18:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants