• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..--

abseil-cpp/23-Nov-2023-215,550147,110

address_sorting/23-Nov-2023-884579

cares/23-Nov-2023-112,35182,144

istio/security/proto/providers/google/23-Nov-2023-5244

py/23-Nov-2023-464417

rake-compiler-dock/23-Nov-2023-126

re2/23-Nov-2023-41,39531,164

toolchains/23-Nov-2023-2,0561,899

upb/23-Nov-2023-45,29534,932

BUILDD23-Nov-2023291 1615

README.mdD23-Nov-20236.2 KiB10070

constantly.BUILDD23-Nov-2023134 87

cython.BUILDD23-Nov-2023667 3026

enum34.BUILDD23-Nov-2023132 76

futures.BUILDD23-Nov-2023141 76

incremental.BUILDD23-Nov-2023178 1110

libuv.BUILDD23-Nov-20235 KiB200187

protobuf.patchD23-Nov-2023487 1513

six.BUILDD23-Nov-2023254 1512

twisted.BUILDD23-Nov-2023375 1615

yaml.BUILDD23-Nov-2023164 1110

zlib.BUILDD23-Nov-2023635 3736

zope_interface.BUILDD23-Nov-2023241 1413

README.md

1# Third-party libraries
2
3gRPC depends on several third-party libraries, their source code is available
4(usually as a git submodule) in this directory.
5
6## Guidelines on updating submodules
7
8- IMPORTANT: whenever possible, try to only update to a stable release of a library (= not to master / random commit). Depending on unreleased revisions
9  makes gRPC installation harder for users, as it forces them to always build the dependency from source and prevents them from using more
10  convenient installation channels (linux packages, package managers etc.)
11
12- bazel BUILD uses a different dependency model - whenever updating a submodule, also update the revision in `grpc_deps.bzl` so that bazel and
13  non-bazel builds stay in sync (this is actually enforced by a sanity check in some cases)
14
15## Considerations when adding a new third-party dependency
16
17- gRPC C++ needs to stay buildable/installable even if the submodules are not present (e.g. the tar.gz archive with gRPC doesn't contain the submodules),
18  assuming that the dependencies are already installed. This is a requirement for being able to provide a reasonable install process (e.g. using cmake)
19  and to support package managers for gRPC C++.
20
21- Adding a new dependency is a lot of work (both for us and for the users).
22  We currently support multiple build systems (BAZEL, cmake, make, ...) so adding a new dependency usually requires updates in multiple build systems
23  (often not trivial). The installation process also needs to continue to work (we do have distrib tests to test many of the possible installation scenarios,
24  but they are not perfect). Adding a new dependency also usually affects the installation instructions that need to be updated.
25  Also keep in mind that adding a new dependency can be quite disruptive
26  for the users and community - it means that all users will need to update their projects accordingly (for C++ projects often non-trivial) and
27  the community-provided C++ packages (e.g. vcpkg) will need to be updated as well.
28
29## Checklist for adding a new third-party dependency
30
31**READ THIS BEFORE YOU ADD A NEW DEPENDENCY**
32
33- [ ] Make sure you understand the hidden costs of adding a dependency (see section above) and that you understand the     complexities of updating the build files. Maintenance of the build files isn't for free, so expect to be involved in maintenance tasks, cleanup and support (e.g resolving user bugs) of the build files in the future.
34
35- [ ] Once your change is ready, start an [adhoc run of artifact - packages - distribtests flow](https://fusion.corp.google.com/projectanalysis/summary/KOKORO/prod%3Agrpc%2Fcore%2Fexperimental%2Fgrpc_build_artifacts_multiplatform) and make sure everything passes (for technical reasons, not all the distribtests can run on each PR automatically).
36
37- [ ] Check the impact of the new dependency on the size of our distribution packages (compare BEFORE and AFTER) and post the comparison on your PR (it should not be approved without checking the impact sizes of packages first). The package sizes AFTER can be obtained from the adhoc package build from bullet point above.
38
39## Instructions for updating dependencies
40
41Usually the process is
42
431. update the submodule to selected commit (see guidance above)
442. update the dependency in `grpc_deps.bzl` to the same commit
453. update `tools/run_tests/sanity/check_submodules.sh` to make the sanity test pass
464. (when needed) run `tools/buildgen/generate_projects.sh` to regenerate the generated files
475. populate the bazel download mirror by running `bazel/update_mirror.sh`
48
49Updating some dependencies requires extra care.
50
51### Updating third_party/boringssl-with-bazel
52
53- Update the `third_party/boringssl-with-bazel` submodule to the latest [`master-with-bazel`](https://github.com/google/boringssl/tree/master-with-bazel) branch
54```
55git submodule update --init      # just to start in a clean state
56cd third_party/boringssl-with-bazel
57git fetch origin   # fetch what's new in the boringssl repository
58git checkout origin/master-with-bazel  # checkout the current state of master-with-bazel branch in the boringssl repo
59# Note the latest commit SHA on master-with-bazel-branch
60cd ../..   # go back to grpc repo root
61git status   #  will show that there are new commits in third_party/boringssl-with-bazel
62git add  third_party/boringssl-with-bazel     # we actually want to update the changes to the submodule
63git commit -m "update submodule boringssl-with-bazel with origin/master-with-bazel"   # commit
64```
65
66- Update boringssl dependency in `bazel/grpc_deps.bzl` to the same commit SHA as master-with-bazel branch
67    - Update `http_archive(name = "boringssl",` section by updating the sha in `strip_prefix` and `urls` fields.
68    - Also, set `sha256` field to "" as the existing value is not valid. This will be added later once we know what that value is.
69
70- Update `tools/run_tests/sanity/check_submodules.sh` with the same commit
71
72- Commit these changes `git commit -m "update boringssl dependency to master-with-bazel commit SHA"`
73
74- Run `tools/buildgen/generate_projects.sh` to regenerate the generated files
75    - Because `sha256` in `bazel/grpc_deps.bzl` was left empty, you will get a DEBUG msg like this one:
76```
77Rule 'boringssl' indicated that a canonical reproducible form can be obtained by modifying arguments sha256 = "SHA value"
78```
79    - Commit the regenrated files `git commit -m "regenerate files"`
80    - Update `bazel/grpc_deps.bzl` with the SHA value shown in the above debug msg. Commit again `git commit -m "Updated sha256"`
81
82- Run `tools/distrib/generate_boringssl_prefix_header.sh`
83    - Commit again `git commit -m "generate boringssl prefix headers"`
84
85- Increment the boringssl podspec version number in
86  `templates/src/objective-c/BoringSSL-GRPC.podspec.template` and `templates/gRPC-Core.podspec.template`.
87  [example](https://github.com/grpc/grpc/pull/21527/commits/9d4411842f02f167209887f1f3d2b9ab5d14931a)
88    - Commit again `git commit -m "Increment podspec version"`
89
90- Run `tools/buildgen/generate_projects.sh` (yes, again)
91    - Commit again `git commit -m "Second regeneration"`
92
93- Create a PR with all the above commits.
94
95- Run `bazel/update_mirror.sh` to update GCS mirror.
96
97### Updating third_party/protobuf
98
99See http://go/grpc-third-party-protobuf-update-instructions (internal only)
100