Remove legacy bazel configurations.

Using the newer bazel rules necessitates a transition from proto1 to
proto2. In order to resolve the incompatibility between proto2 and
gogoproto, the cri runtimeoptions proto must be vendored.

Further, some of the semantics of bazel caching changed during the
transition. It is now necessary to:

- Ensure that :gopath depends only on pure library targets, as the
  propagation of go_binary build attributes (pure, static) will
  affected the generated files (though content remains the same,
  there are conflicts with respect to the gopath).
- Update bazel.mk to include the possibility of binaries in the
  bazel-out directory, as it will now put runsc and others there.
  This required some refinements to the mechanism of extracting
  paths, since some the existing regex resulted in false positives.
- Change nogo rules to prevent escape generation on binary targets.
  For some reason, the newer version of bazel attempted to run the
  nogo analysis on the binary targets, which fails due to the fact
  that objdump does not work on the final binary. This must be due
  to a change in the semantics of aspects in bazel3.

PiperOrigin-RevId: 337958324

5 files changed, 9 insertions, 32 deletions

diff --git a/tools/nogo/config.go b/tools/nogo/config.go
index 8079618ab..0853f03cf 100644
--- a/tools/nogo/config.go
+++ b/tools/nogo/config.go
@@ -473,6 +473,7 @@ func init() {
 			"pkg/shim/v2/options/options.go:24",
 			"pkg/shim/v2/options/options.go:26",
 			"pkg/shim/v2/runtimeoptions/runtimeoptions.go:16",
+			"pkg/shim/v2/runtimeoptions/runtimeoptions_cri.go", // Generated: exempt all.
 			"pkg/shim/v2/runtimeoptions/runtimeoptions_test.go:22",
 			"pkg/shim/v2/service.go:15",
 			"pkg/shim/v2/service_linux.go:18",
diff --git a/tools/nogo/defs.bzl b/tools/nogo/defs.bzl
index 29898cfda..543598b52 100644
--- a/tools/nogo/defs.bzl
+++ b/tools/nogo/defs.bzl
@@ -151,8 +151,8 @@ NogoInfo = provider(
         "findings": "package findings (if relevant)",
         "importpath": "package import path",
         "binaries": "package binary files",
-        "srcs": "original source files (for go_test support)",
-        "deps": "original deps (for go_test support)",
+        "srcs": "srcs (for go_test support)",
+        "deps": "deps (for go_test support)",
     },
 )
 
@@ -162,7 +162,7 @@ def _nogo_aspect_impl(target, ctx):
     # All work is done in the shadow properties for go rules. For a proto
     # library, we simply skip the analysis portion but still need to return a
     # valid NogoInfo to reference the generated binary.
-    if ctx.rule.kind in ("go_library", "go_binary", "go_test", "go_tool_library"):
+    if ctx.rule.kind in ("go_library", "go_tool_library", "go_binary", "go_test"):
         srcs = ctx.rule.files.srcs
         deps = ctx.rule.attr.deps
     elif ctx.rule.kind in ("go_proto_library", "go_wrap_cc"):
diff --git a/tools/nogo/gentest.sh b/tools/nogo/gentest.sh
index 033da11ad..0a762f9f6 100755
--- a/tools/nogo/gentest.sh
+++ b/tools/nogo/gentest.sh
@@ -34,6 +34,7 @@ for filename in "$@"; do
     continue
   fi
   while read -r line; do
+    line="${line@Q}"
     violations=$((${violations}+1));
     echo "echo -e '\\033[0;31m${line}\\033[0;31m\\033[0m'" >> "${output}"
   done < "${filename}"
diff --git a/tools/nogo/io_bazel_rules_go-visibility.patch b/tools/nogo/io_bazel_rules_go-visibility.patch
deleted file mode 100644
index 6b64b2e85..000000000
--- a/tools/nogo/io_bazel_rules_go-visibility.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-diff --git a/third_party/org_golang_x_tools-extras.patch b/third_party/org_golang_x_tools-extras.patch
-index 133fbccc..5f0d9a47 100644
---- a/third_party/org_golang_x_tools-extras.patch
-+++ b/third_party/org_golang_x_tools-extras.patch
-@@ -32,7 +32,7 @@ diff -urN c/go/analysis/internal/facts/BUILD.bazel d/go/analysis/internal/facts/
-  
-  go_library(
-      name = "go_default_library",
--@@ -14,6 +14,23 @@
-+@@ -14,6 +14,20 @@
-      ],
-  )
-  
-@@ -43,10 +43,7 @@ diff -urN c/go/analysis/internal/facts/BUILD.bazel d/go/analysis/internal/facts/
- +        "imports.go",
- +    ],
- +    importpath = "golang.org/x/tools/go/analysis/internal/facts",
--+    visibility = [
--+        "//go/analysis:__subpackages__",
--+        "@io_bazel_rules_go//go/tools/builders:__pkg__",
--+    ],
-++    visibility = ["//visibility:public"],
- +    deps = [
- +        "//go/analysis:go_tool_library",
- +        "//go/types/objectpath:go_tool_library",
diff --git a/tools/nogo/nogo.go b/tools/nogo/nogo.go
index b178f63ab..e19e3c237 100644
--- a/tools/nogo/nogo.go
+++ b/tools/nogo/nogo.go
@@ -536,15 +536,15 @@ func Main() {
 		findings, factData, err = checkPackage(c, analyzerConfig, nil)
 		// Do we need to do escape analysis?
 		if *escapesOutput != "" {
-			escapes, _, err := checkPackage(c, escapesConfig, nil)
-			if err != nil {
-				log.Fatalf("error performing escape analysis: %v", err)
-			}
 			f, err := os.OpenFile(*escapesOutput, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
 			if err != nil {
 				log.Fatalf("unable to open output %q: %v", *escapesOutput, err)
 			}
 			defer f.Close()
+			escapes, _, err := checkPackage(c, escapesConfig, nil)
+			if err != nil {
+				log.Fatalf("error performing escape analysis: %v", err)
+			}
 			for _, escape := range escapes {
 				fmt.Fprintf(f, "%s\n", escape)
 			}