Remove legacy bazel configurations.

Using the newer bazel rules necessitates a transition from proto1 to
proto2. In order to resolve the incompatibility between proto2 and
gogoproto, the cri runtimeoptions proto must be vendored.

Further, some of the semantics of bazel caching changed during the
transition. It is now necessary to:

- Ensure that :gopath depends only on pure library targets, as the
  propagation of go_binary build attributes (pure, static) will
  affected the generated files (though content remains the same,
  there are conflicts with respect to the gopath).
- Update bazel.mk to include the possibility of binaries in the
  bazel-out directory, as it will now put runsc and others there.
  This required some refinements to the mechanism of extracting
  paths, since some the existing regex resulted in false positives.
- Change nogo rules to prevent escape generation on binary targets.
  For some reason, the newer version of bazel attempted to run the
  nogo analysis on the binary targets, which fails due to the fact
  that objdump does not work on the final binary. This must be due
  to a change in the semantics of aspects in bazel3.

PiperOrigin-RevId: 337958324

2 files changed, 52 insertions, 23 deletions

diff --git a/tools/github/main.go b/tools/github/main.go
index 7a74dc033..681003eef 100644
--- a/tools/github/main.go
+++ b/tools/github/main.go
@@ -20,6 +20,7 @@ import (
 	"flag"
 	"fmt"
 	"io/ioutil"
+	"log"
 	"os"
 	"os/exec"
 	"strings"
@@ -34,21 +35,43 @@ var (
 	owner     string
 	repo      string
 	tokenFile string
-	path      string
+	paths     stringList
 	commit    string
 	dryRun    bool
 )
 
+type stringList []string
+
+func (s *stringList) String() string {
+	return strings.Join(*s, ",")
+}
+
+func (s *stringList) Set(value string) error {
+	*s = append(*s, value)
+	return nil
+}
+
 // Keep the options simple for now. Supports only a single path and repo.
 func init() {
 	flag.StringVar(&owner, "owner", "", "GitHub project org/owner (required, except nogo dry-run)")
 	flag.StringVar(&repo, "repo", "", "GitHub repo (required, except nogo dry-run)")
 	flag.StringVar(&tokenFile, "oauth-token-file", "", "file containing the GitHub token (or GITHUB_TOKEN is set)")
-	flag.StringVar(&path, "path", ".", "path to scan (required for revive and nogo)")
+	flag.Var(&paths, "path", "path(s) to scan (required for revive and nogo)")
 	flag.StringVar(&commit, "commit", "", "commit to associated (required for nogo, except dry-run)")
 	flag.BoolVar(&dryRun, "dry-run", false, "just print changes to be made")
 }
 
+func filterPaths(paths []string) (existing []string) {
+	for _, path := range paths {
+		if _, err := os.Stat(path); err != nil {
+			log.Printf("WARNING: skipping %v: %v", path, err)
+			continue
+		}
+		existing = append(existing, path)
+	}
+	return
+}
+
 func main() {
 	// Set defaults from the environment.
 	repository := os.Getenv("GITHUB_REPOSITORY")
@@ -83,8 +106,9 @@ func main() {
 		flag.Usage()
 		os.Exit(1)
 	}
-	if len(path) == 0 {
-		fmt.Fprintln(flag.CommandLine.Output(), "missing --path option.")
+	filteredPaths := filterPaths(paths)
+	if len(filteredPaths) == 0 {
+		fmt.Fprintln(flag.CommandLine.Output(), "no valid --path options provided.")
 		flag.Usage()
 		os.Exit(1)
 	}
@@ -123,7 +147,7 @@ func main() {
 			os.Exit(1)
 		}
 		// Scan the provided path.
-		rev := reviver.New([]string{path}, []reviver.Bugger{bugger})
+		rev := reviver.New(filteredPaths, []reviver.Bugger{bugger})
 		if errs := rev.Run(); len(errs) > 0 {
 			fmt.Fprintf(os.Stderr, "Encountered %d errors:\n", len(errs))
 			for _, err := range errs {
@@ -145,7 +169,7 @@ func main() {
 		}
 		// Scan all findings.
 		poster := nogo.NewFindingsPoster(client, owner, repo, commit, dryRun)
-		if err := poster.Walk(path); err != nil {
+		if err := poster.Walk(filteredPaths); err != nil {
 			fmt.Fprintln(os.Stderr, "Error finding nogo findings:", err)
 			os.Exit(1)
 		}
diff --git a/tools/github/nogo/nogo.go b/tools/github/nogo/nogo.go
index b70dfe63b..b2bc63459 100644
--- a/tools/github/nogo/nogo.go
+++ b/tools/github/nogo/nogo.go
@@ -53,26 +53,31 @@ func NewFindingsPoster(client *github.Client, owner, repo, commit string, dryRun
 }
 
 // Walk walks the given path tree for findings files.
-func (p *FindingsPoster) Walk(path string) error {
-	return filepath.Walk(path, func(filename string, info os.FileInfo, err error) error {
-		if err != nil {
-			return err
-		}
-		// Skip any directories or files not ending in .findings.
-		if !strings.HasSuffix(filename, ".findings") || info.IsDir() {
+func (p *FindingsPoster) Walk(paths []string) error {
+	for _, path := range paths {
+		if err := filepath.Walk(path, func(filename string, info os.FileInfo, err error) error {
+			if err != nil {
+				return err
+			}
+			// Skip any directories or files not ending in .findings.
+			if !strings.HasSuffix(filename, ".findings") || info.IsDir() {
+				return nil
+			}
+			findings, err := util.ExtractFindingsFromFile(filename)
+			if err != nil {
+				return err
+			}
+			// Add all findings to the list. We use a map to ensure
+			// that each finding is unique.
+			for _, finding := range findings {
+				p.findings[finding] = struct{}{}
+			}
 			return nil
-		}
-		findings, err := util.ExtractFindingsFromFile(filename)
-		if err != nil {
+		}); err != nil {
 			return err
 		}
-		// Add all findings to the list. We use a map to ensure
-		// that each finding is unique.
-		for _, finding := range findings {
-			p.findings[finding] = struct{}{}
-		}
-		return nil
-	})
+	}
+	return nil
 }
 
 // Post posts all results to the GitHub API as a check run.