SERVER-89304 SERVER-89305 enable remote cache on windows and macos (#26401)

GitOrigin-RevId: d0e25409250b3984bd160c583a392a223bc91227

.bazelrc

@@ -39,10 +39,6 @@ build:windows --//bazel/config:compiler_type=msvc
 build:macos --cxxopt=-std=c++20
 build:windows --cxxopt=/std:c++20
 
-# EngFlow remote execution is not available on MacOS and Windows, default to local execution.
-common:macos --config=local
-common:windows --config=local
-
 # Set the windows version to win10 by default
 # TODO(SERVER-87654): We may want to add support for other Windows versions in the future.
 build:windows --cxxopt=-D_WIN32_WINNT=0x0A00
@@ -55,7 +51,7 @@ build:windows --cxxopt=-UCOMPILER_MSVC
 # remote execution is the default, but only mongodb employees will be able to access
 # the engflow cluster. External builders should use the local option below
 # remote execution configs
-build --remote_executor=grpcs://sodalite.cluster.engflow.com
+build:linux --remote_executor=grpcs://sodalite.cluster.engflow.com
 build --remote_cache=grpcs://sodalite.cluster.engflow.com
 build --bes_backend=grpcs://sodalite.cluster.engflow.com
 build --bes_results_url=https://sodalite.cluster.engflow.com/invocation/

buildscripts/setup_engflow_creds.sh

@@ -7,18 +7,31 @@ set -o verbose
 REMOTE_USER=$1
 REMOTE_HOST=$2
 ZIP_FILE=$3
+LOCAL=$4
 
 if [ -z "$REMOTE_USER" ] || [ -z "$REMOTE_HOST" ] || [ -z "$ZIP_FILE" ]; then
   echo "Usage: $0 <remote_user> <remote_host> <zip_file>"
   exit 1
 fi
 
-ssh ${REMOTE_USER}@${REMOTE_HOST} "mkdir -p ~/.engflow/creds"
-scp ${ZIP_FILE} ${REMOTE_USER}@${REMOTE_HOST}:~/.engflow/creds
-ssh ${REMOTE_USER}@${REMOTE_HOST} "cd ~/.engflow/creds; unzip -o engflow-mTLS.zip; rm engflow-mTLS.zip"
+if [ -z "$LOCAL" ]; then
+  ssh ${REMOTE_USER}@${REMOTE_HOST} "mkdir -p ~/.engflow/creds"
+  scp ${ZIP_FILE} ${REMOTE_USER}@${REMOTE_HOST}:~/.engflow/creds
+  ssh ${REMOTE_USER}@${REMOTE_HOST} "cd ~/.engflow/creds; unzip -o engflow-mTLS.zip; rm engflow-mTLS.zip"
 
-ssh ${REMOTE_USER}@${REMOTE_HOST} "sudo chown ${REMOTE_USER}:${REMOTE_USER} /home/${REMOTE_USER}/.engflow/creds/engflow.crt /home/${REMOTE_USER}/.engflow/creds/engflow.key"
-ssh ${REMOTE_USER}@${REMOTE_HOST} "sudo chmod 600 /home/${REMOTE_USER}/.engflow/creds/engflow.crt /home/${REMOTE_USER}/.engflow/creds/engflow.key"
+  ssh ${REMOTE_USER}@${REMOTE_HOST} "chown ${REMOTE_USER}:${REMOTE_USER} /home/${REMOTE_USER}/.engflow/creds/engflow.crt /home/${REMOTE_USER}/.engflow/creds/engflow.key"
+  ssh ${REMOTE_USER}@${REMOTE_HOST} "chmod 600 /home/${REMOTE_USER}/.engflow/creds/engflow.crt /home/${REMOTE_USER}/.engflow/creds/engflow.key"
 
-ssh ${REMOTE_USER}@${REMOTE_HOST} "echo \"build --tls_client_certificate=/home/${REMOTE_USER}/.engflow/creds/engflow.crt\" >> ~/.bazelrc"
-ssh ${REMOTE_USER}@${REMOTE_HOST} "echo \"build --tls_client_key=/home/${REMOTE_USER}/.engflow/creds/engflow.key\" >> ~/.bazelrc"
+  ssh ${REMOTE_USER}@${REMOTE_HOST} "echo \"build --tls_client_certificate=/home/${REMOTE_USER}/.engflow/creds/engflow.crt\" >> ~/.bazelrc"
+  ssh ${REMOTE_USER}@${REMOTE_HOST} "echo \"build --tls_client_key=/home/${REMOTE_USER}/.engflow/creds/engflow.key\" >> ~/.bazelrc"
+else
+  mkdir -p $HOME/.engflow/creds
+  unzip -o "$ZIP_FILE"
+  rm "$ZIP_FILE"
+  mv engflow.crt $HOME/.engflow/creds
+  mv engflow.key $HOME/.engflow/creds
+  chown $USER $HOME/.engflow/creds/engflow.crt $HOME/.engflow/creds/engflow.key 
+  chmod 600 $HOME/.engflow/creds/engflow.crt $HOME/.engflow/creds/engflow.key 
+  echo "build --tls_client_certificate=$HOME/.engflow/creds/engflow.crt" >> $HOME/.bazelrc
+  echo "build --tls_client_key=$HOME/.engflow/creds/engflow.key" >> $HOME/.bazelrc
+fi

evergreen/bazel_RBE_supported.sh

@@ -3,7 +3,7 @@ bazel_rbe_supported() {
   OS="$(uname)"
   ARCH="$(uname -m)"
 
-  if [ "$OS" == "Linux" ] && { [ "$ARCH" == "aarch64" ] || [ "$ARCH" == "x86_64" ]; }; then
+  if [ "$ARCH" == "aarch64" ] || [ "$ARCH" == "arm64" ] || [ "$ARCH" == "x86_64" ]; then
     return 0
   else
     return 1

site_scons/site_tools/integrate_bazel.py

@@ -426,6 +426,15 @@ def create_program_builder(env: SCons.Environment.Environment) -> None:
     env["BUILDERS"]["BazelProgram"] = create_bazel_builder(env["BUILDERS"]["Program"])
 
 
+def get_default_cert_dir():
+    if platform.system() == "Windows":
+        return f"C:/cygwin/home/{getpass.getuser()}/.engflow"
+    elif platform.system() == "Linux":
+        return f"/home/{getpass.getuser()}/.engflow"
+    elif platform.system() == "Darwin":
+        return f"{os.path.expanduser('~')}/.engflow"
+
+
 def validate_remote_execution_certs(env: SCons.Environment.Environment) -> bool:
     running_in_evergreen = os.environ.get("CI")
 
@@ -435,8 +444,15 @@ def validate_remote_execution_certs(env: SCons.Environment.Environment) -> bool:
         )
         return False
 
+    if os.name == "nt" and not os.path.exists(f"{os.path.expanduser('~')}/.bazelrc"):
+        with open(f"{os.path.expanduser('~')}/.bazelrc", "a") as bazelrc:
+            bazelrc.write(
+                f"build --tls_client_certificate={get_default_cert_dir()}/creds/engflow.crt\n"
+            )
+            bazelrc.write(f"build --tls_client_key={get_default_cert_dir()}/creds/engflow.key\n")
+
     if not running_in_evergreen and not os.path.exists(
-        f"/home/{getpass.getuser()}/.engflow/creds/engflow.crt"
+        f"{get_default_cert_dir()}/creds/engflow.crt"
     ):
         # Temporary logic to copy over the credentials for users that ran the installation steps using the old directory (/engflow/).
         if os.path.exists("/engflow/creds/engflow.crt") and os.path.exists(
@@ -446,21 +462,21 @@ def validate_remote_execution_certs(env: SCons.Environment.Environment) -> bool:
                 "Moving EngFlow credentials from the legacy directory (/engflow/) to the new directory (~/.engflow/)."
             )
             try:
-                os.makedirs(f"/home/{getpass.getuser()}/.engflow/creds/", exist_ok=True)
+                os.makedirs(f"{get_default_cert_dir()}/creds/", exist_ok=True)
                 shutil.move(
                     "/engflow/creds/engflow.crt",
-                    f"/home/{getpass.getuser()}/.engflow/creds/engflow.crt",
+                    f"{get_default_cert_dir()}/creds/engflow.crt",
                 )
                 shutil.move(
                     "/engflow/creds/engflow.key",
-                    f"/home/{getpass.getuser()}/.engflow/creds/engflow.key",
+                    f"{get_default_cert_dir()}/creds/engflow.key",
                 )
-                with open(f"/home/{getpass.getuser()}/.bazelrc", "a") as bazelrc:
+                with open(f"{get_default_cert_dir()}/.bazelrc", "a") as bazelrc:
                     bazelrc.write(
-                        f"build --tls_client_certificate=/home/{getpass.getuser()}/.engflow/creds/engflow.crt\n"
+                        f"build --tls_client_certificate={get_default_cert_dir()}/creds/engflow.crt\n"
                     )
                     bazelrc.write(
-                        f"build --tls_client_key=/home/{getpass.getuser()}/.engflow/creds/engflow.key\n"
+                        f"build --tls_client_key={get_default_cert_dir()}/creds/engflow.key\n"
                     )
             except OSError as exc:
                 print(exc)
@@ -481,11 +497,11 @@ def validate_remote_execution_certs(env: SCons.Environment.Environment) -> bool:
         if status_code == 200:
             public_hostname = response.text
         else:
-            public_hostname = "{{REPLACE_WITH_WORKSTATION_HOST_NAME}}"
+            public_hostname = "localhost"
         print(
-            f"""\nERROR: ~/.engflow/creds/engflow.crt not found. Please reach out to #ask-devprod-build if you need help with the steps below.
+            f"""\nERROR: {get_default_cert_dir()}/creds/engflow.crt not found. Please reach out to #ask-devprod-build if you need help with the steps below.
 
-(If the below steps are not working, remote execution can be disabled by passing BAZEL_FLAGS=--config=local at the end of your scons.py invocation)
+(If the below steps are not working or you are an external person to MongoDB, remote execution can be disabled by passing BAZEL_FLAGS=--config=local at the end of your scons.py invocation)
 
 Please complete the following steps to generate a certificate:
 - (If not in the Engineering org) Request access to the MANA group https://mana.corp.mongodbgov.com/resources/659ec4b9bccf3819e5608712
@@ -498,23 +514,23 @@ ZIP_FILE=~/Downloads/engflow-mTLS.zip
 
 curl https://raw.githubusercontent.com/mongodb/mongo/master/buildscripts/setup_engflow_creds.sh -o setup_engflow_creds.sh
 chmod +x ./setup_engflow_creds.sh
-./setup_engflow_creds.sh {getpass.getuser()} {public_hostname} $ZIP_FILE\n"""
+./setup_engflow_creds.sh {getpass.getuser()} {public_hostname} $ZIP_FILE {"local" if public_hostname == "localhost" else ""}\n"""
         )
         return False
 
     if not running_in_evergreen and (
-        not os.access(f"/home/{getpass.getuser()}/.engflow/creds/engflow.crt", os.R_OK)
-        or not os.access(f"/home/{getpass.getuser()}/.engflow/creds/engflow.key", os.R_OK)
+        not os.access(f"{get_default_cert_dir()}/creds/engflow.crt", os.R_OK)
+        or not os.access(f"{get_default_cert_dir()}/creds/engflow.key", os.R_OK)
     ):
         print(
-            "Invalid permissions set on ~/.engflow/creds/engflow.crt or ~/.engflow/creds/engflow.key"
+            f"Invalid permissions set on {get_default_cert_dir()}/creds/engflow.crt or {get_default_cert_dir()}/creds/engflow.key"
         )
         print("Please run the following command to fix the permissions:\n")
         print(
-            f"sudo chown {getpass.getuser()}:{getpass.getuser()} /home/{getpass.getuser()}/.engflow/creds/engflow.crt /home/{getpass.getuser()}/.engflow/creds/engflow.key"
+            f"sudo chown {getpass.getuser()}:{getpass.getuser()} {get_default_cert_dir()}/creds/engflow.crt {get_default_cert_dir()}/creds/engflow.key"
         )
         print(
-            f"sudo chmod 600 /home/{getpass.getuser()}/.engflow/creds/engflow.crt /home/{getpass.getuser()}/.engflow/creds/engflow.key"
+            f"sudo chmod 600 {get_default_cert_dir()}/creds/engflow.crt {get_default_cert_dir()}/creds/engflow.key"
         )
         return False
     return True
@@ -851,13 +867,7 @@ def generate(env: SCons.Environment.Environment) -> None:
         formatted_options = [f"--//bazel/config:{_SANITIZER_MAP[opt]}=True" for opt in options]
         bazel_internal_flags.extend(formatted_options)
 
-    # Disable RE for external developers and when executing on non-linux amd64/arm64 platforms
-    is_external_developer = not os.path.exists("/opt/mongodbtoolchain")
-    if (
-        normalized_os != "linux"
-        or normalized_arch not in ["arm64", "amd64"]
-        or is_external_developer
-    ):
+    if normalized_arch not in ["arm64", "amd64"]:
         bazel_internal_flags.append("--config=local")
 
     # Disable remote execution for public release builds.

src/third_party/tcmalloc/BUILD.bazel

@@ -136,6 +136,7 @@ COPTS = [
         "-Wno-deprecated-volatile",
         "-Wno-implicit-int-float-conversion",
     ],
+    "//conditions:default": [],
 })
 
 # The kernel supported logic is split into 2 select statements to avoid an "ambiguous match" error.
@@ -149,6 +150,8 @@ KERNEL_SUPPORTED = select({
 }) + select({
     "//bazel/config:linux_s390x": ["@platforms//:incompatible"],
     "//bazel/config:linux_ppc64le": ["@platforms//:incompatible"],
+    "@platforms//os:macos": ["@platforms//:incompatible"],
+    "@platforms//os:windows": ["@platforms//:incompatible"],
     "//conditions:default": [],
 })
 
@@ -320,6 +323,7 @@ mongo_cc_library(
     hdrs = TCMALLOC_HEADERS + select({
         "@//bazel/config:linux_aarch64": ["dist/tcmalloc/internal/percpu_rseq_aarch64.S"],
         "@//bazel/config:linux_x86_64": ["dist/tcmalloc/internal/percpu_rseq_x86_64.S"],
+        "//conditions:default": [],
     }),
     copts = COPTS,
     includes = INCLUDES,