[Release] Synchronize for release

.bazelignore

@@ -6,7 +6,11 @@ submodules/
 # Required for npm_translate_lock.verify_node_modules_ignored.
 node_modules/
 rbt/v1alpha1/node_modules/
+rbt/std/node_modules/
 reboot/inspect/node_modules/
 reboot/nodejs/node_modules/
 reboot/react/node_modules/
+reboot/std/node_modules/
+reboot/std/react/node_modules/
+reboot/web/node_modules/
 tests/reboot/node_modules/

.clang-format

@@ -0,0 +1,35 @@
+---
+# Based on Google style with project-specific overrides.
+#
+# Matches the formatting style of `dev-tools`, but with an 80-character
+# column limit, required for sane output by clang 20.
+#
+# TODO(rjh): update the `dev-tools/.clang-format`, and go back to
+#            sharing that.
+
+Language: Cpp
+BasedOnStyle: Google
+AlignAfterOpenBracket: AlwaysBreak
+AlignEscapedNewlines: Right
+AlignOperands: DontAlign
+AlignTrailingComments: false
+AllowAllArgumentsOnNextLine: false
+AllowAllParametersOfDeclarationOnNextLine: false
+AllowShortBlocksOnASingleLine: Empty
+AllowShortCaseLabelsOnASingleLine: true
+AllowShortFunctionsOnASingleLine: Empty
+AllowShortIfStatementsOnASingleLine: Never
+AllowShortLoopsOnASingleLine: false
+BinPackArguments: false
+BinPackParameters: false
+BreakBeforeBinaryOperators: NonAssignment
+ConstructorInitializerIndentWidth: 2
+DerivePointerAlignment: false
+MaxEmptyLinesToKeep: 2
+SpaceAfterCStyleCast: true
+Standard: c++17
+
+---
+# Proto files use default Google style.
+Language: Proto
+BasedOnStyle: Google

.devcontainer/README.md

@@ -0,0 +1,11 @@
+This directory configures devcontainers for this repository. Devcontainers are
+used by GitHub Codespaces; they can also be launched locally (e.g., via VS
+Code).
+
+Devcontainers are built for the local machine architecture (i.e., they are
+Linux/amd64 containers when built on amd64 hosts, and linux/arm64 when built on
+arm64 hosts).
+
+Any changes to files within this directory will be tested via the regular
+`.github/workflows/*.yml` workflows; they'll be run in a devcontainer that'll
+have been (re-)built based on the changes in the `Dockerfile`.

.devcontainer/devcontainer.json

@@ -0,0 +1,123 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
+// https://github.com/microsoft/vscode-dev-containers/tree/v0.209.6/containers/ubuntu
+{
+  "name": "Codespace Workstation",
+  "build": {
+    "dockerfile": "../Dockerfile",
+    "target": "codespace-workstation",
+    // NOTE: by using 'cacheFrom' here we will be able to reuse
+    // the Docker layers from previous devcontainer builds!
+    "cacheFrom": "ghcr.io/reboot-dev/mono/workstation"
+  },
+  "customizations": {
+    "vscode": {
+      // Set *default* container specific settings.json values on container create.
+      "settings": {},
+
+      // Add the IDs of extensions you want installed when the container is created.
+      "extensions": [
+        // Bazel makes VS Code aware of BUILD file syntax and tools.
+        "BazelBuild.vscode-bazel",
+        // Make VS Code respect .editorconfig files.
+        "EditorConfig.EditorConfig",
+        // Enable GitHub Copilot.
+        "GitHub.copilot",
+        // GitHub Pull Requests allows PR reviewers and authors to see and reply
+        // to review comment in VS Code.
+        "GitHub.vscode-pull-request-github",
+        // Python support.
+        "ms-python.python",
+        // Python type checking.
+        "ms-python.mypy-type-checker",
+        // Automatically do import sorting in Python.
+        "ms-python.isort",
+        // C++ support.
+        "ms-vscode.cpptools",
+        // Additional C++ support.
+        "ms-vscode.cpptools-extension-pack",
+        // Use clang-format to format files.
+        "xaver.clang-format",
+        // Open in GitHub: provides links to open the current file + line number in GitHub.
+        "ziyasal.vscode-open-in-github",
+        // Protocol buffer support.
+        "zxh404.vscode-proto3",
+        // Spell checker.
+        "streetsidesoftware.code-spell-checker",
+        // Add autotmatic line/comment wrapper.
+        "stkb.rewrap",
+        // Prettier code formatter.
+        "esbenp.prettier-vscode",
+        // YAPF code formatter.
+        "eeyore.yapf"
+      ]
+    }
+  },
+  // Use 'forwardPorts' to make a list of ports inside the container available locally.
+  "forwardPorts": [
+    // The HTTP port exposed by default in examples.
+    3000,
+    // The gRPC backend port exposed by default in examples.
+    9991
+  ],
+  // Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
+  "remoteUser": "vscode",
+  "features": {
+    // We need to be able to run docker-in-docker. Docker-on-docker is not enough; that would mean we
+    // need to completely change the paths that we use for volume bindings.
+    //
+    // Keeping this feature here would increase the first boot time of our
+    // Codespaces, but that's not user-visible since this happens during
+    // Codespace Prebuilds: see
+    // https://github.com/reboot-dev/mono/issues/107 . It would be even
+    // better to move this installation functionality to the Dockerfile,
+    // but that's complicated.
+    //   https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/docker-in-docker.md
+    "ghcr.io/devcontainers/features/docker-in-docker:2": {
+      "version": "latest"
+    },
+    // GitHub recently changed their default to no longer install sshd by default.
+    // See: https://github.com/cli/cli/issues/5739. We now need to add it in
+    // explicitly.
+    "ghcr.io/devcontainers/features/sshd:1": {
+      "version": "latest"
+    }
+  },
+  // Specify a minimum machine size for Codespaces to work reasonably:
+  // https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/setting-a-minimum-specification-for-codespace-machines#setting-a-minimum-machine-specification
+  "hostRequirements": {
+    // k3d commands easily run out of disk with only 64GB of storage:
+    // request at least 128GB. As of Apr 2022, the only machines with this
+    // much storage are the expensive 16-core machines, but only specify
+    // storage because that's our only hard constraint.
+    // TODO(alexmc): Can we reduce disk usage to reduce machine
+    // requirements? See https://github.com/reboot-dev/mono/issues/134 .
+    "storage": "128gb"
+  },
+  "containerEnv": {
+    // Pass on variable 'RESPECT_DEVCONTAINER_YML' so that
+    // we can skip steps that we intend only when using Codespaces.
+    "RESPECT_DEVCONTAINER_YML": "${localEnv:RESPECT_DEVCONTAINER_YML:false}",
+    // Pass on 'GCP_REMOTE_CACHE_CREDENTIALS_BASE64' so that we
+    // can run any builds that might need the remote cache.
+    "GCP_REMOTE_CACHE_CREDENTIALS_BASE64": "${localEnv:GCP_REMOTE_CACHE_CREDENTIALS_BASE64}",
+    // Export a file path that contains credentials that can be used to
+    // access a Google Cloud Storage bucket which we use as a remote
+    // `bazel` cache to speed up builds.
+    // The credentials file will be populated using a combination of secrets
+    // and the `updateContentCommand` below.
+    // As it turns out, we can not export this variable inside the script
+    // or on the "command line", so we do it here.
+    "GOOGLE_APPLICATION_CREDENTIALS": "/home/vscode/google_application_credentials.json"
+  },
+  // The below lifecycle hooks refer to lifecycle events documented here:
+  //   https://code.visualstudio.com/docs/remote/devcontainerjson-reference#_lifecycle-scripts
+  //   https://docs.github.com/en/codespaces/developing-in-codespaces/codespaces-lifecycle
+  //   https://docs.github.com/en/codespaces/prebuilding-your-codespaces/configuring-prebuilds#configuring-time-consuming-tasks-to-be-included-in-the-prebuild
+  // oncreateCommand runs inside the container after the Codespace template
+  // is created: this happens only once, well before a user is assigned.
+  "onCreateCommand": ".devcontainer/on_create.sh",
+  // updateContent runs inside the container after repo content is updated
+  // with new commits. We use it to build new content so users' builds are
+  // mostly incremental.
+  "updateContentCommand": ".devcontainer/update_content.sh"
+}

.devcontainer/gh_auth_for_all_repos.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+#
+# Make it possible for us to push commits to all repos that we have access to as
+# our GitHub user, not just to `reboot-dev/mono`. Our default GitHub
+# Codespaces git authentication mechanism (based on `GITHUB_TOKEN`) only has
+# permissions to push to the repository the codespace is created for, not the
+# submodules or anything else. See:
+#   https://github.com/reboot-dev/mono/issues/100
+#
+# To authenticate our codespace to be able to push elsewhere, we...
+#  * Set up `gh` as a credential helper once (during setup in `git_config.sh`).
+#  * Unset `GITHUB_TOKEN`, so it uses the credential helper instead (for every
+#    terminal start, in this script).
+#  * Tells the user to run `gh auth login` if they haven't yet (for every
+#    terminal start, in this script).
+
+# NOTE: do NOT use `set -e` or `set -u` here, as this script is expected to be
+#       `source`d every time a new terminal starts, and the setting will persist
+#       for the entire lifetime of the terminal.
+
+# In every terminal we DON'T want to have `GITHUB_TOKEN` set, as it will
+# override any authentication we may have done with `gh auth login`.
+unset GITHUB_TOKEN
+
+# Now check that we've authenticated to GitHub.
+RED='\033[0;31m'
+NC='\033[0m' # No Color
+gh auth status > /dev/null 2>&1 || {
+  echo -e "${RED}ATTENTION:${NC} you haven't authenticated to GitHub yet. Please run:"
+  echo "  gh auth login"
+}

.devcontainer/git_config.sh

@@ -0,0 +1,72 @@
+#!/bin/bash
+#
+# Set common git config settings. Unfortunately, git can't be configured to use
+# a default config file that's checked into a repository: see
+# https://stackoverflow.com/a/18330114.
+
+set -e # Exit if a command exits with an error.
+set -u # Treat expanding an unset variable as an error.
+
+# When Copilot edits our repo, it checks out our code as one user, then
+# edits it as another. We need to tell git that this is okay.
+git config --global --add safe.directory $(pwd)
+
+# Avoid having to type `git push --set-upstream my_branch origin/my_branch`
+# every time we create a new branch that we want to push to GitHub, by making
+# the upstream default to the same name as the local branch. That way, we
+# can simply type `git push -u` and it will set the upstream if needed.
+git config --global push.default current
+
+# When doing `git pull`, default to `git pull --recurse-submodules`. We use
+# submodules liberally in Respect, and having to type `--recurse-submodules`
+# is a penguin we have to keep track of all the time. In the unlikely event
+# that we don't want to pull the latest submodules we can still pass
+# `--no-recurse-submodules` to `git pull`.
+git config --global submodule.recurse true
+
+# Use diff3 as our conflict resolution strategy, following recommendations such as:
+#  https://blog.nilbus.com/take-the-pain-out-of-git-conflict-resolution-use-diff3/
+# and
+#  https://stackoverflow.com/questions/27417656/should-diff3-be-default-conflictstyle-on-git
+git config --global merge.conflictstyle diff3
+
+# When force-pushing (e.g. a rebased branch), check that the upstream
+# branch is still exactly the way it was when it was last fetched. This
+# prevents force-pushes to the same branch from two different machines
+# (or developers) from accidentally wiping out the first pushed changes.
+git config --global push.forceWithLease true
+
+# Do some extra work to pre-configure GitHub authentication when running
+# in a codespace. Skip this for a local devcontainer.
+if [[ "${CODESPACES:-}" == "true" ]]; then
+  # Use HTTPS instead of SSH for git operations on this workstation: in
+  # Codespaces we have credentials ONLY for HTTPS. See:
+  #   https://docs.github.com/en/codespaces/codespaces-reference/security-in-codespaces#authentication
+  #   https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#using-a-token-on-the-command-line
+  git config --global url."https://github.com/".insteadOf "git@github.com:"
+
+  # Make it possible for us to push commits to all repos, not just to
+  # `reboot-dev/mono`. To do so, we...
+  # 1. Set the `gh` (GitHub CLI) tool as a `git` credential helper.
+  gh auth setup-git
+
+  # 2. Set up a script that on every terminal start:
+  #    * Unsets `GITHUB_TOKEN`, so it uses the credential helper instead.
+  #    * Tells the user to run `gh auth login` if they haven't yet.
+  grep -q "gh_auth_for_all_repos.sh" ~/.bashrc \
+    || { \
+      echo "" >> ~/.bashrc \
+        && echo "# Installed by .devcontainer/git_config.sh" >> ~/.bashrc \
+        && echo "source .devcontainer/gh_auth_for_all_repos.sh" >> ~/.bashrc \
+    ;}
+
+fi
+
+# Install a script that on every terminal start checks if the precommit
+# hook is installed, and if not installs it.
+grep -q "install_precommit_hook.sh" ~/.bashrc \
+  || { \
+    echo "" >> ~/.bashrc \
+      && echo "# Installed by .devcontainer/git_config.sh" >> ~/.bashrc \
+      && echo "source .devcontainer/install_precommit_hook.sh" >> ~/.bashrc \
+  ;}

.devcontainer/install_precommit_hook.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+#
+function install_precommit_hook() {
+    local repo_top_level="$(git rev-parse --show-toplevel)"
+    # In the mono repo, submodules live under `public/`; in the standalone
+    # public repo they live directly at the top level.
+    local prefix=""
+    if [[ -d "${repo_top_level}/public" ]]; then
+        prefix="public/"
+    fi
+    local dev_tools_commit_hook_path="${repo_top_level}/${prefix}submodules/dev-tools/pre-commit";
+    local local_dev_tools_commit_hook_path="${repo_top_level}/.git/hooks/dev-tools-pre-commit";
+    local rbt_documentation_commit_hook_path="${repo_top_level}/${prefix}documentation/pre-commit";
+    local local_rbt_documentation_commit_hook_path="${repo_top_level}/.git/hooks/rbt-documentation-pre-commit";
+    local local_combined_commit_hook_path="${repo_top_level}/.git/hooks/pre-commit";
+
+    # Check that the dev-tools hook file exists.
+    if [[ ! -f "${dev_tools_commit_hook_path}" ]]; then
+        echo "Commit hook from dev-tools not found at '${dev_tools_commit_hook_path}' Aborting.";
+        return 1
+    fi
+
+    # Check that the rbt documentation hook file exists.
+    if [[ ! -f "${rbt_documentation_commit_hook_path}" ]]; then
+        echo "Commit hook from documentation not found at '${rbt_documentation_commit_hook_path}' Aborting.";
+        return 1
+    fi
+
+    # Create a local symlink for the dev-tools hook. Remove any old ones first,
+    # in case the paths we're working with have changed.
+    rm -f "${local_dev_tools_commit_hook_path}"
+    ln -s -f "${dev_tools_commit_hook_path}" "${local_dev_tools_commit_hook_path}"
+
+    # Create a local symlink for the rbt documentation hook. Remove any old
+    # ones first, in case the paths we're working with have changed.
+    rm -f "${local_rbt_documentation_commit_hook_path}"
+    ln -s -f "${rbt_documentation_commit_hook_path}" "${local_rbt_documentation_commit_hook_path}"
+
+    # Delete any old precommit hook. It's important to explicitly delete (rather
+    # than just overwriting) in case the old version was a symlink pointing to a
+    # file that we don't actually want to overwrite).
+    rm -f "${local_combined_commit_hook_path}"
+
+    # Create a top-level precommit hook that calls the pulled-in files.
+    echo "${local_dev_tools_commit_hook_path}; if [ ! \$? -eq 0 ]; then exit 1; fi; ${local_rbt_documentation_commit_hook_path}; exit \$?" > "${local_combined_commit_hook_path}"
+    chmod +x "${local_combined_commit_hook_path}"
+}
+
+install_precommit_hook

.devcontainer/kustomize_wrapper.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+#
+# When Skaffold runs:
+#   ```
+#   kustomize build ...
+#   ```
+# We'd like it to actually invoke:
+#   ```
+#   kubectl kustomize ...
+#   ```
+# This script is a wrapper that does that.
+# This extra step lets us avoid installing `kustomize` on our workstations; see
+# https://github.com/reboot-dev/mono/issues/1772 for background on why that's
+# a thing we want to avoid.
+
+FIRST_ARG=$1
+if [ "$FIRST_ARG" != "build" ]; then
+  echo "ERROR: kustomize_wrapper.sh only supports 'build' as the first argument"
+  exit 1
+fi
+
+REMAINING_ARGS=${@:2}
+kubectl kustomize ${REMAINING_ARGS}

.devcontainer/on_create.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+#
+# This script is run after a devcontainer has been created. It performs
+# post-creation initialization.
+
+set -e # Exit if a command exits with an error.
+set -u # Treat expanding an unset variable as an error.
+set -x # Echo executed commands to help debug failures.
+
+# Make sure all of the submodules are here.
+git submodule update --init --recursive
+
+# Set up ease-of-use environmental preferences.
+.devcontainer/git_config.sh
+
+# Ensure local git hooks match the current repository layout.
+.devcontainer/install_precommit_hook.sh