Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions .bazelrc
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,28 @@ build:ci --color=no
build:ci --curses=no
build:ci --show_progress_rate_limit=30
build:ci --noshow_loading_progress
# Empty the disk cache in CI so a remote cache hit proves the SHARED remote
# cache, not an incidental local disk hit. The cache-backed lane layers
# ci-cached on top of this base (cache-first, TIN-1997 Option D / TIN-2110).
build:ci --disk_cache=
test:ci --test_output=errors
test:ci --test_summary=detailed

# Shared-cache-backed lane (cache-first, TIN-1997 Option D / TIN-2110).
# Endpoint-free by contract: the ci-templates cache-backed path validates
# BAZEL_REMOTE_CACHE via scripts/cache-attachment-contract.sh and then supplies
# --remote_cache=$BAZEL_REMOTE_CACHE at invocation. NEVER bake an endpoint here.
# Mirrors the proven MassageIthaca / ci-templates bazelrc/ci-cached.bazelrc shape;
# executor lines are intentionally omitted (cache-first only, no REAPI/executor).
build:ci-cached --config=ci
build:ci-cached --remote_upload_local_results=false
build:ci-cached --remote_download_minimal
build:ci-cached --remote_timeout=60

# Explicit read-only and disable knobs for proof/debug lanes.
build:cache-readonly --remote_upload_local_results=false
build:no-remote-cache --remote_cache=

# Local development (bazel build --config=local //...)
build:local --disk_cache=~/.cache/bazel-scheduling-kit

Expand Down
8 changes: 7 additions & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ concurrency:

jobs:
package:
uses: tinyland-inc/ci-templates/.github/workflows/js-bazel-package.yml@61cd1338ca9dae8a25985c0a36ff7beb111449be
uses: tinyland-inc/ci-templates/.github/workflows/js-bazel-package.yml@v2.3.0
with:
runner_mode: repo_owned
runner_labels_json: ${{ vars.PRIMARY_LINUX_RUNNER_LABELS_JSON }}
Expand All @@ -37,6 +37,12 @@ jobs:
build_command: pnpm build
package_check_command: pnpm check:package
bazel_targets: "//:typecheck //:pkg //:test"
# Cache-first shared-cache-backed Bazel validation (TIN-2110 pilot).
# Routes the Bazel validation through the fail-closed cache-attachment
# contract + --config=ci-cached --remote_cache=$BAZEL_REMOTE_CACHE
# (read-only, no executor). Endpoint is injected at runtime by the
# in-cluster nix-setup; nothing is baked. Cache-first only.
cache_backed: true
package_dir: ./bazel-bin/pkg
npm_access: public
github_package_name: "@jesssullivan/scheduling-kit"
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ concurrency:

jobs:
package:
uses: tinyland-inc/ci-templates/.github/workflows/js-bazel-package.yml@61cd1338ca9dae8a25985c0a36ff7beb111449be
uses: tinyland-inc/ci-templates/.github/workflows/js-bazel-package.yml@v2.3.0
with:
runner_mode: repo_owned
runner_labels_json: ${{ vars.PRIMARY_LINUX_RUNNER_LABELS_JSON }}
Expand All @@ -42,6 +42,9 @@ jobs:
build_command: pnpm build
package_check_command: pnpm check:package
bazel_targets: "//:typecheck //:pkg //:test"
# Cache-first shared-cache-backed Bazel validation (TIN-2110 pilot).
# Same opt-in lane as CI; endpoint injected at runtime, no executor.
cache_backed: true
package_dir: ./bazel-bin/pkg
npm_access: public
github_package_name: "@jesssullivan/scheduling-kit"
Expand Down
27 changes: 27 additions & 0 deletions AGENTS.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,33 @@

This file is the operating brief for AI agents and LLMs working in `@tummycrypt/scheduling-kit`.

## GloriousFlywheel Cache Enrollment (cache-first)

`scheduling-kit` enrolls in the GloriousFlywheel shared Bazel cache (cache-first,
TIN-1997 Option D; pilot tracked as TIN-2110).

- **Do NOT** create runners or a bespoke cache instance. Route everything through
the shared `tinyland-inc/ci-templates` surface and the existing GloriousFlywheel
substrate.
- **Do NOT** run raw `bazel build` as validation enrollment. A green build on the
`tinyland-nix` runner with only `--disk_cache` is **NOT** cache-backed and is
not enrollment.
- Attach to the shared substrate via the cache-backed lane: the ci-templates
`js-bazel-package.yml` `cache_backed: true` input, which runs the fail-closed
contract checker and then `--config=ci-cached --remote_cache=$BAZEL_REMOTE_CACHE
--remote_upload_local_results=false`. The cache endpoint is injected at runtime
by the in-cluster `nix-setup` (resolved from cluster DNS); it is never baked
into `.bazelrc`.
- Self-verify with `scripts/cache-attachment-contract.sh --strict` (or
`nix develop --command just cache-contract-strict`). The checker fails closed
on unset/placeholder/non-grpc endpoints, so a misconfigured lane surfaces the
BLOCKED state instead of silently building local-only.
- REAPI / remote executor is **out of scope** (cache-first only). Never wire
`--remote_executor` or `--config=executor-backed`.
- Cache attach is **not** org-migration closure. A green cache-backed build does
not close GF#412 / TIN-1516; org-migration vs widened-ARC-scope remains a
separate operator decision.

## Repo Role

`scheduling-kit` is the reusable, headless scheduling library.
Expand Down
1 change: 1 addition & 0 deletions flake.nix
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@
bazelWrapper
docsPython
jdk21_headless
just
nodejs_22
pnpm
typescript
Expand Down
70 changes: 70 additions & 0 deletions justfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
# scheduling-kit justfile
#
# Org house-style: invoke recipes through the repo flake devShell, e.g.
# nix develop --command just info
# nix develop --command just cache-contract-strict
#
# Cache-first only (TIN-1997 Option D / TIN-2110). There is intentionally NO
# executor recipe: REAPI / remote execution is out of scope. The shared Bazel
# cache endpoint is supplied at runtime via BAZEL_REMOTE_CACHE (injected in CI by
# the in-cluster nix-setup); it is never baked into .bazelrc.

# FLYWHEEL gates the cache-backed lane. When FLYWHEEL=1 the build/test recipes
# attach to the shared cache (--config=ci-cached --remote_cache=$BAZEL_REMOTE_CACHE,
# read-only). When unset/0 they run the plain local Bazel path (byte-identical to
# the non-opted default), so contributors without cluster cache reachability are
# never blocked.
FLYWHEEL := env_var_or_default("FLYWHEEL", "0")
BAZEL_REMOTE_CACHE := env_var_or_default("BAZEL_REMOTE_CACHE", "")
BAZEL_TARGETS := "//:typecheck //:pkg //:test"

# List available recipes.
default:
@just --list

# Print enrollment + cache posture for this checkout.
info:
@echo "scheduling-kit — GloriousFlywheel cache enrollment (cache-first, TIN-2110)"
@echo "FLYWHEEL: {{FLYWHEEL}}"
@echo "BAZEL_REMOTE_CACHE: {{ if BAZEL_REMOTE_CACHE == '' { 'unset (compatibility-local-only)' } else { BAZEL_REMOTE_CACHE } }}"
@echo "bazel targets: {{BAZEL_TARGETS}}"
@echo "executor: out of scope (cache-first only; no REAPI)"
@echo "endpoint policy: injected at runtime by nix-setup; never baked into .bazelrc"

# Fail-closed cache-attachment contract checker (the enrollment self-verify).
# Asserts a real shared-cache endpoint before any cache-backed Bazel work.
cache-contract-strict:
GF_BAZEL_SUBSTRATE_MODE="${GF_BAZEL_SUBSTRATE_MODE:-shared-cache-backed}" \
bash scripts/cache-attachment-contract.sh --strict

# Bazel build; FLYWHEEL=1 attaches to the shared cache (read-only), else local.
flywheel-build:
#!/usr/bin/env bash
set -euo pipefail
if [ "{{FLYWHEEL}}" = "1" ]; then
GF_BAZEL_SUBSTRATE_MODE="${GF_BAZEL_SUBSTRATE_MODE:-shared-cache-backed}" \
bash scripts/cache-attachment-contract.sh --strict
bazel build {{BAZEL_TARGETS}} \
--config=ci-cached \
--remote_cache="${BAZEL_REMOTE_CACHE}" \
--remote_upload_local_results=false \
--verbose_failures
else
bazel build {{BAZEL_TARGETS}} --verbose_failures
fi

# Bazel test; FLYWHEEL=1 attaches to the shared cache (read-only), else local.
flywheel-test:
#!/usr/bin/env bash
set -euo pipefail
if [ "{{FLYWHEEL}}" = "1" ]; then
GF_BAZEL_SUBSTRATE_MODE="${GF_BAZEL_SUBSTRATE_MODE:-shared-cache-backed}" \
bash scripts/cache-attachment-contract.sh --strict
bazel test //:test \
--config=ci-cached \
--remote_cache="${BAZEL_REMOTE_CACHE}" \
--remote_upload_local_results=false \
--verbose_failures
else
bazel test //:test --verbose_failures
fi
Loading
Loading