MODULE.bazel

"""Attic IaC - Bazel Module Configuration

Generic infrastructure-as-code modules, SvelteKit app, and build rules.
Bazel handles validation, artifact bundling, and toolchain management.
Nix handles binary builds and container images via rules_nixpkgs.

This module can be consumed by downstream Bazel modules via bazel_dep().
"""

module(
    name = "attic-iac",
    version = "0.1.0",
)

# =============================================================================
# Core Bazel Rules
# =============================================================================

bazel_dep(name = "bazel_skylib", version = "1.8.2")
bazel_dep(name = "rules_pkg", version = "1.1.0")
bazel_dep(name = "rules_python", version = "1.4.1")
bazel_dep(name = "rules_shell", version = "0.6.0")
bazel_dep(name = "platforms", version = "0.0.10")

# Allow rules_python hermetic interpreter to run as root (CI containers)
python = use_extension("@rules_python//python/extensions:python.bzl", "python")
python.toolchain(
    ignore_root_user_error = True,
    python_version = "3.11",
)

# =============================================================================
# JavaScript / TypeScript Rules (aspect_rules_js)
# =============================================================================
# SvelteKit app build pipeline via pnpm + Vite

bazel_dep(name = "aspect_rules_js", version = "2.9.2")
bazel_dep(name = "aspect_rules_ts", version = "3.8.3")
bazel_dep(name = "aspect_bazel_lib", version = "2.22.5")
bazel_dep(name = "rules_nodejs", version = "6.7.3")

# =============================================================================
# pnpm / npm Integration
# =============================================================================
# Translate pnpm-lock.yaml into Bazel-managed node_modules

npm = use_extension("@aspect_rules_js//npm:extensions.bzl", "npm", dev_dependency = True)
npm.npm_translate_lock(
    name = "npm",
    pnpm_lock = "//:pnpm-lock.yaml",
    verify_node_modules_ignored = ".bazelignore",
)
use_repo(npm, "npm")

# Node.js toolchain (from rules_nodejs)
node = use_extension("@rules_nodejs//nodejs:extensions.bzl", "node", dev_dependency = True)
node.toolchain(
    name = "nodejs",
    node_version = "22.13.1",
)

# =============================================================================
# Container Image Rules (rules_img)
# =============================================================================
# OCI container image building: layer creation, manifest assembly, and push.
# Used alongside Nix container builds (nix2container) for the Dashboard image.

bazel_dep(name = "rules_img", version = "0.3.4")

img = use_extension("@rules_img//img:extensions.bzl", "img")
img.pull(
    name = "node22_alpine",
    registry = "docker.io",
    repository = "library/node",
    tag = "22-alpine",
    platforms = ["linux/amd64"],
)
use_repo(img, "node22_alpine")

# =============================================================================
# rules_nixpkgs - Nix Toolchain Integration
# =============================================================================
# Provides reproducible toolchains from Nix for Bazel builds.
# All build tools come from the flake.nix, ensuring consistency with
# NixOS/nix-darwin/devShell environments.

bazel_dep(name = "rules_nixpkgs_core", version = "0.13.0")

# Language-specific Nix toolchain rules (add as needed)
# bazel_dep(name = "rules_nixpkgs_cc", version = "0.13.0")
# bazel_dep(name = "rules_nixpkgs_go", version = "0.13.0")
# bazel_dep(name = "rules_nixpkgs_python", version = "0.13.0")
# bazel_dep(name = "rules_nixpkgs_rust", version = "0.13.0")

# =============================================================================
# Nix Repository Configuration
# =============================================================================
# Configure nixpkgs from the flake.lock for reproducibility

nix_repo = use_extension("@rules_nixpkgs_core//nixpkgs:extensions.bzl", "nix_repo")

# Use the project's flake.lock as the Nix source
nix_repo.file(
    name = "nixpkgs",
    file = "//:flake.lock",
    file_deps = ["//:flake.nix"],
)
use_repo(nix_repo, "nixpkgs")

# =============================================================================
# Nix Package Imports
# =============================================================================
# Import specific packages from nixpkgs for use in Bazel rules

nix_pkg = use_extension("@rules_nixpkgs_core//nixpkgs:extensions.bzl", "nix_pkg")

# OpenTofu for module validation
nix_pkg.package(
    name = "tofu",
    attribute_path = "opentofu",
    repository = "@nixpkgs",
)

# kubectl for K8s manifest validation
nix_pkg.package(
    name = "kubectl",
    attribute_path = "kubectl",
    repository = "@nixpkgs",
)

# yq for YAML processing
nix_pkg.package(
    name = "yq",
    attribute_path = "yq-go",
    repository = "@nixpkgs",
)
use_repo(nix_pkg, "kubectl", "tofu", "yq")

# =============================================================================
# Build Configuration Notes
# =============================================================================
#
# This module supports both IaC validation and the Runner Dashboard app.
# Binary builds (Attic server) are handled by Nix:
#   - nix build .#attic
#   - nix build .#container
#
# Container images can be built via rules_img (OCI) or Nix (nix2container):
#   - bazel build //app:image     (rules_img)
#   - bazel run //app:push        (push to GHCR)
#   - nix build .#runner-dashboard-image
#
# Bazel focuses on:
# 1. Validating OpenTofu modules (//tofu/modules:all_validate)
# 2. Checking file formatting (//tofu/modules:all_fmt_test)
# 3. Bundling deployment artifacts (//:deployment_bundle)
# 4. Running configuration tests (//tests:*)
# 5. Building the Runner Dashboard SvelteKit app (//app:build)
# 6. Building OCI container images (//app:image)
#
# Remote caching via bazel-remote (when deployed):
#   bazel build --config=ci-cached //...