summaryrefslogtreecommitdiffhomepage
path: root/tools/BUILD
diff options
context:
space:
mode:
authorKevin Krakauer <krakauer@google.com>2021-04-14 10:23:58 -0700
committergVisor bot <gvisor-bot@google.com>2021-04-14 10:26:02 -0700
commit36dbd3b97dbc455c6d710f4530ec8a07474dee64 (patch)
treea73d2a1fe91af59210514758c67fe13287f1c0e4 /tools/BUILD
parente83cc06f1b79dcbae3a0217384985ab32138ca9a (diff)
Automatically enforce limited netstack dependencies
Netstack is supposed to be somewhat independent of the rest of gVisor, and others should be able to use it without pulling in excessive dependencies. Currently, there is no way to fight dependency creep besides careful code review. This change introduces a test rule `netstack_deps_check` that ensures the target only relies on gVisor targets and a short allowlist of external dependencies. Users who add a dependency will see an error and have to manually update the allowlist. The set of packages to test comes from //runsc, as it uses packages we would expect users to commonly rely on. It was generated via: $ find ./runsc -name BUILD | xargs grep tcpip | awk '{print $2}' | sort | uniq (Note: We considered giving //pkg/tcpip it's own go.mod, but this breaks go tooling.) PiperOrigin-RevId: 368456711
Diffstat (limited to 'tools/BUILD')
-rw-r--r--tools/BUILD8
1 files changed, 8 insertions, 0 deletions
diff --git a/tools/BUILD b/tools/BUILD
index faf310676..3861ff2a5 100644
--- a/tools/BUILD
+++ b/tools/BUILD
@@ -9,3 +9,11 @@ bzl_library(
"//:sandbox",
],
)
+
+bzl_library(
+ name = "deps_bzl",
+ srcs = ["deps.bzl"],
+ visibility = [
+ "//:sandbox",
+ ],
+)