feat: uv lock rule instead of genrule

This change implements the uv pip compile as a rule.

In order to also make things easier to debug we provide
a runnable rule that has the same arguments and updates
the source tree output file automatically.

The main design is to have a regular lock rule and then
it returns a custom provider that has all of the recipe
ingredients to construct an executable rule. The execution
depends on having bash or powershell, however the
powershell script is not yet complete and requires some
help from the community.

Work towards #1975.

Address all of the comments

Author: aignas

docs/BUILD.bazel

@@ -176,8 +176,12 @@ lock(
     name = "requirements",
     srcs = ["pyproject.toml"],
     out = "requirements.txt",
-    upgrade = True,
-    visibility = ["//private:__pkg__"],
+    args = [
+        "--emit-index-url",
+        "--universal",
+        "--upgrade",
+    ],
+    visibility = ["//:__subpackages__"],
 )
 
 # Temporary compatibility aliases for some other projects depending on the old

examples/BUILD.bazel

@@ -21,5 +21,8 @@ lock(
     name = "bzlmod_requirements_3_9",
     srcs = ["bzlmod/requirements.in"],
     out = "bzlmod/requirements_lock_3_9.txt",
+    args = [
+        "--emit-index-url",
+    ],
     python_version = "3.9.19",
 )

examples/bzlmod/requirements_lock_3_9.txt

@@ -26,10 +26,7 @@ chardet==4.0.0 \
 colorama==0.4.6 \
     --hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \
     --hash=sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6
-    # via
-    #   -r examples/bzlmod/requirements.in
-    #   pylint
-    #   sphinx
+    # via -r examples/bzlmod/requirements.in
 dill==0.3.6 \
     --hash=sha256:a07ffd2351b8c678dfc4a856a3005f8067aea51d6ba6c700796a4d9e280f39f0 \
     --hash=sha256:e5db55f3687856d8fbdab002ed78544e1c4559a130302693d839dfe8f93f2373
@@ -46,7 +43,7 @@ imagesize==1.4.1 \
     --hash=sha256:0d8d18d08f840c19d0ee7ca1fd82490fdc3729b7ac93f49870406ddde8ef8d8b \
     --hash=sha256:69150444affb9cb0d5cc5a92b3676f0b2fb7cd9ae39e947a5e11a36b4497cd4a
     # via sphinx
-importlib-metadata==8.4.0 ; python_version < '3.10' \
+importlib-metadata==8.4.0 \
     --hash=sha256:66f342cc6ac9818fc6ff340576acd24d65ba0b3efabb2b4ac08b598965a4a2f1 \
     --hash=sha256:9a547d3bc3608b025f93d403fdd1aae741c24fbb8314df4b155675742ce303c5
     # via sphinx
@@ -265,9 +262,7 @@ s3cmd==2.1.0 \
 setuptools==65.6.3 \
     --hash=sha256:57f6f22bde4e042978bcd50176fdb381d7c21a9efa4041202288d3737a0c6a54 \
     --hash=sha256:a7620757bf984b58deaf32fc8a4577a9bbc0850cf92c20e1ce41c38c19e5fb75
-    # via
-    #   babel
-    #   yamllint
+    # via yamllint
 six==1.16.0 \
     --hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 \
     --hash=sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254
@@ -316,15 +311,15 @@ tabulate==0.9.0 \
     --hash=sha256:0095b12bf5966de529c0feb1fa08671671b3368eec77d7ef7ab114be2c068b3c \
     --hash=sha256:024ca478df22e9340661486f85298cff5f6dcdba14f3813e8830015b9ed1948f
     # via -r examples/bzlmod/requirements.in
-tomli==2.0.1 ; python_version < '3.11' \
+tomli==2.0.1 \
     --hash=sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc \
     --hash=sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f
     # via pylint
 tomlkit==0.11.6 \
     --hash=sha256:07de26b0d8cfc18f871aec595fda24d95b08fef89d147caa861939f37230bf4b \
     --hash=sha256:71b952e5721688937fb02cf9d354dbcf0785066149d2855e44531ebdd2b65d73
     # via pylint
-typing-extensions==4.12.2 ; python_version < '3.10' \
+typing-extensions==4.12.2 \
     --hash=sha256:04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d \
     --hash=sha256:1a7ead55c7e559dd4dee8856e3a88b41225abfe1ce8df57b7c13915fe121ffb8
     # via
@@ -480,7 +475,7 @@ yamllint==1.28.0 \
     --hash=sha256:89bb5b5ac33b1ade059743cf227de73daa34d5e5a474b06a5e17fc16583b0cf2 \
     --hash=sha256:9e3d8ddd16d0583214c5fdffe806c9344086721f107435f68bad990e5a88826b
     # via -r examples/bzlmod/requirements.in
-zipp==3.20.0 ; python_version < '3.10' \
+zipp==3.20.0 \
     --hash=sha256:0145e43d89664cfe1a2e533adc75adafed82fe2da404b4bbb6b026c0157bdb31 \
     --hash=sha256:58da6168be89f0be59beb194da1250516fdaa062ccebd30127ac65d30045e10d
     # via importlib-metadata

private/BUILD.bazel

@@ -15,6 +15,7 @@ multirun(
     ] + [
         "//docs:requirements.update",
     ],
+    tags = ["manual"],
 )
 
 # NOTE: The requirements for the pip dependencies may sometimes break the build
@@ -24,4 +25,5 @@ multirun(
 alias(
     name = "whl_library_requirements.update",
     actual = "//tools/private/update_deps:update_pip_deps",
+    tags = ["manual"],
 )

python/private/BUILD.bazel

@@ -361,6 +361,7 @@ bzl_library(
     name = "py_exec_tools_toolchain_bzl",
     srcs = ["py_exec_tools_toolchain.bzl"],
     deps = [
+        ":common_bzl",
         ":py_exec_tools_info_bzl",
         ":sentinel_bzl",
         ":toolchain_types_bzl",

python/private/py_exec_tools_toolchain.bzl

@@ -16,6 +16,7 @@
 
 load("@bazel_skylib//lib:paths.bzl", "paths")
 load("@bazel_skylib//rules:common_settings.bzl", "BuildSettingInfo")
+load(":common.bzl", "runfiles_root_path")
 load(":py_exec_tools_info.bzl", "PyExecToolsInfo")
 load(":sentinel.bzl", "SentinelInfo")
 load(":toolchain_types.bzl", "TARGET_TOOLCHAIN_TYPE")
@@ -82,24 +83,86 @@ See {obj}`PyExecToolsInfo.exec_interpreter` for further docs.
     },
 )
 
+def relative_path(from_, to):
+    """Compute a relative path from one path to another.
+
+    Args:
+        from_: {type}`str` the starting directory. Note that it should be
+            a directory because relative-symlinks are relative to the
+            directory the symlink resides in.
+        to: {type}`str` the path that `from_` wants to point to
+
+    Returns:
+        {type}`str` a relative path
+    """
+    from_parts = from_.split("/")
+    to_parts = to.split("/")
+
+    # Strip common leading parts from both paths
+    n = min(len(from_parts), len(to_parts))
+    for _ in range(n):
+        if from_parts[0] == to_parts[0]:
+            from_parts.pop(0)
+            to_parts.pop(0)
+        else:
+            break
+
+    # Impossible to compute a relative path without knowing what ".." is
+    if from_parts and from_parts[0] == "..":
+        fail("cannot compute relative path from '%s' to '%s'", from_, to)
+
+    parts = ([".."] * len(from_parts)) + to_parts
+    return paths.join(*parts)
+
 def _current_interpreter_executable_impl(ctx):
     toolchain = ctx.toolchains[TARGET_TOOLCHAIN_TYPE]
     runtime = toolchain.py3_runtime
+    direct = []
 
     # NOTE: We name the output filename after the underlying file name
     # because of things like pyenv: they use $0 to determine what to
     # re-exec. If it's not a recognized name, then they fail.
     if runtime.interpreter:
-        executable = ctx.actions.declare_file(runtime.interpreter.basename)
-        ctx.actions.symlink(output = executable, target_file = runtime.interpreter, is_executable = True)
+        # Even though ctx.actions.symlink() could be used, we bump into the issue
+        # with RBE where bazel is making a copy to the file instead of symlinking
+        # to the hermetic toolchain repository. This means that we need to employ
+        # a similar strategy to how the `py_executable` venv is created where the
+        # file in the `runfiles` is a dangling symlink into the hermetic toolchain
+        # repository. This smells like a bug in RBE, but I would not be surprised
+        # if it is not one.
+
+        # Create a dangling symlink in `bin/python3` to the real interpreter
+        # in the hermetic toolchain.
+        interpreter_basename = runtime.interpreter.basename
+        executable = ctx.actions.declare_symlink("bin/" + interpreter_basename)
+        direct.append(executable)
+        interpreter_actual_path = runfiles_root_path(ctx, runtime.interpreter.short_path)
+        target_path = relative_path(
+            # dirname is necessary because a relative symlink is relative to
+            # the directory the symlink resides within.
+            from_ = paths.dirname(runfiles_root_path(ctx, executable.short_path)),
+            to = interpreter_actual_path,
+        )
+        ctx.actions.symlink(output = executable, target_path = target_path)
+
+        # Create a dangling symlink into the runfiles and use that as the
+        # entry point.
+        interpreter_actual_path = runfiles_root_path(ctx, executable.short_path)
+        executable = ctx.actions.declare_symlink(interpreter_basename)
+        target_path = interpreter_basename + ".runfiles/" + interpreter_actual_path
+        ctx.actions.symlink(output = executable, target_path = target_path)
     else:
-        executable = ctx.actions.declare_symlink(paths.basename(runtime.interpreter_path))
-        ctx.actions.symlink(output = executable, target_path = runtime.interpreter_path)
+        interpreter_basename = paths.basename(runtime.interpreter.interpreter_path)
+        executable = ctx.actions.declare_symlink(interpreter_basename)
+        direct.append(executable)
+        target_path = runtime.interpreter_path
+        ctx.actions.symlink(output = executable, target_path = target_path)
+
     return [
         toolchain,
         DefaultInfo(
             executable = executable,
-            runfiles = ctx.runfiles([executable], transitive_files = runtime.files),
+            runfiles = ctx.runfiles(direct, transitive_files = runtime.files),
         ),
     ]
 

python/uv/lock.bzl

@@ -14,6 +14,32 @@
 
 """The `uv` locking rule.
 
+Differences with the legacy {obj}`compile_pip_requirements` rule:
+- This is implemented as a rule that performs locking in a build action.
+- Additionally one can use the runnable target.
+- Uses `uv`.
+- This does not error out if the output file does not exist yet.
+- Supports transitions out of the box.
+
+Note, this does not provide a `test` target, if you would like to add a test
+target that always does the locking automatically to ensure that the
+`requirements.txt` file is up-to-date, add something similar to:
+
+```starlark
+load("@bazel_skylib//rules:native_binary.bzl", "native_test")
+load("@rules_python//python/uv:lock.bzl", "lock")
+
+lock(
+    name = "requirements",
+    srcs = ["pyproject.toml"],
+)
+
+native_test(
+    name = "requirements_test",
+    src = "requirements.update",
+)
+```
+
 EXPERIMENTAL: This is experimental and may be removed without notice
 """
 

python/uv/private/BUILD.bazel

@@ -13,6 +13,15 @@
 # limitations under the License.
 
 load("@bazel_skylib//:bzl_library.bzl", "bzl_library")
+load("//python/private:bzlmod_enabled.bzl", "BZLMOD_ENABLED")  # buildifier: disable=bzl-visibility
+
+exports_files(
+    srcs = [
+        "lock_copier.py",
+    ],
+    # only because this is used from a macro to template
+    visibility = ["//visibility:public"],
+)
 
 filegroup(
     name = "distribution",
@@ -31,9 +40,13 @@ bzl_library(
     srcs = ["lock.bzl"],
     visibility = ["//python/uv:__subpackages__"],
     deps = [
+        ":toolchain_types_bzl",
         "//python:py_binary_bzl",
         "//python/private:bzlmod_enabled_bzl",
-        "@bazel_skylib//rules:write_file",
+        "//python/private:full_version_bzl",
+        "//python/private:toolchain_types_bzl",
+        "@bazel_skylib//lib:shell",
+        "@pythons_hub//:versions_bzl",
     ],
 )
 
@@ -81,3 +94,13 @@ bzl_library(
         "//python/private:text_util_bzl",
     ],
 )
+
+filegroup(
+    name = "lock_template",
+    srcs = select({
+        "@platforms//os:windows": ["lock.bat"],
+        "//conditions:default": ["lock.sh"],
+    }),
+    target_compatible_with = [] if BZLMOD_ENABLED else ["@platforms//:incompatible"],
+    visibility = ["//visibility:public"],
+)

python/uv/private/lock.bat

@@ -0,0 +1,7 @@
+if defined BUILD_WORKSPACE_DIRECTORY (
+    set "out=%BUILD_WORKSPACE_DIRECTORY%\{{src_out}}"
+) else (
+    exit /b 1
+)
+
+"{{args}}" --output-file "%out%" %*