From b192e2d42ac95d9392423670f87d09c7be686c2f Mon Sep 17 00:00:00 2001
From: Martin Medler <medler.martin@gmail.com>
Date: Mon, 1 Jan 2024 14:04:10 +0100
Subject: [PATCH 1/3] Use proper compile_pip_requirements interface

`requirements_in` is deprecated in favor of `src`
---
 third_party/BUILD | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/third_party/BUILD b/third_party/BUILD
index bef325d4..84e75107 100644
--- a/third_party/BUILD
+++ b/third_party/BUILD
@@ -9,7 +9,7 @@ alias(
 
 compile_pip_requirements(
     name = "mypy_requirements",
+    src = "mypy_requirements.in",
     extra_args = ["--resolver=backtracking"],
-    requirements_in = "mypy_requirements.in",
     requirements_txt = "mypy_requirements.txt",
 )

From ea32d5da5d0ac25d3fd61370b837b3464ea5d04e Mon Sep 17 00:00:00 2001
From: Martin Medler <medler.martin@gmail.com>
Date: Tue, 2 Jan 2024 10:25:55 +0100
Subject: [PATCH 2/3] Cleanup bazelrc file

- Proper rationale for disabling the lock file
- bzlmod is the default either way with Bazel 7.0.0
---
 .bazelrc | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/.bazelrc b/.bazelrc
index d3ee43c2..5186a017 100644
--- a/.bazelrc
+++ b/.bazelrc
@@ -1,13 +1,12 @@
 # Always tell why tests fail
 test --test_output=errors
 
-# We use Bazel's modern dependency management system for development.
-build --enable_bzlmod=true
-
-# We are not yet sure if we really want to lock the bzlmod resolution down given we test with various Bazel versions
-# and configurations. It seems the main benefits of the lock file are not having to reanalyze the central registry
-# when working without a cached workspace and being safeguarded against changed or yanked modules in the central
-# registry. Both don't matter much to us right now.
+# The performance gains offered by the lockfile are minimal for us.
+# Pinning the dependencies should be superfluous from a reproducibility perspective as the central registry is supposed
+# to be immutable for a module X in version Y after it has ben registered with the registry (ignoring the possibility of
+# yanking a module). Furthermore, the module resolution is deterministic.
+# However, there are several open issues suggesting the lock file will change in one way or another.
+# Thus, we don't use the bzlmod locking yet.
 build --lockfile_mode=off
 
 # When working with hermetic Python toolchains, supporting the legacy runfiles layout is needlessly wasting resources.

From 072e89b7d1550d636f455405a59cc0ac73323242 Mon Sep 17 00:00:00 2001
From: Martin Medler <medler.martin@gmail.com>
Date: Tue, 2 Jan 2024 10:28:00 +0100
Subject: [PATCH 3/3] Use bazelrc file to set Bazel options in apply_fixes
 integration tests

---
 test/apply_fixes/execution_logic.py | 17 ++++++++++++++++-
 test/apply_fixes/test_case.py       |  2 --
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/test/apply_fixes/execution_logic.py b/test/apply_fixes/execution_logic.py
index 72f9ade4..b271ce19 100644
--- a/test/apply_fixes/execution_logic.py
+++ b/test/apply_fixes/execution_logic.py
@@ -24,6 +24,17 @@
 load("@depend_on_what_you_use//:setup_step_2.bzl", "setup_step_2")
 setup_step_2()
 
+load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
+load("@bazel_tools//tools/build_defs/repo:utils.bzl", "maybe")
+
+maybe(
+    http_archive,
+    name = "rules_python",
+    sha256 = "9acc0944c94adb23fba1c9988b48768b1bacc6583b52a2586895c5b7491e2e31",
+    strip_prefix = "rules_python-0.27.0",
+    urls = ["https://github.com/bazelbuild/rules_python/releases/download/0.27.0/rules_python-0.27.0.tar.gz"],
+)
+
 load("@rules_python//python:repositories.bzl", "python_register_toolchains")
 python_register_toolchains(
     name = "python",
@@ -44,6 +55,8 @@ def setup_test_workspace(
         )
     with open(temporary_workspace / ".bazelversion", mode="w", encoding="utf-8") as ws_file:
         ws_file.write("7.0.0")
+    with open(temporary_workspace / ".bazelrc", mode="w", encoding="utf-8") as ws_file:
+        ws_file.write("common --nolegacy_external_runfiles\ncommon --noenable_bzlmod")
 
 
 def cleanup(test_workspace: Path) -> None:
@@ -60,9 +73,11 @@ def cleanup(test_workspace: Path) -> None:
     )
     output_base = process.stdout.strip()
 
+    # Has to be done before output base cleanup, otherwise the shutdown will create the output base anew
     subprocess.run(["bazel", "shutdown"], cwd=test_workspace, check=True)
 
-    # Has to be done after the shutdown, otherwise the shutdown will create the output base anew
+    # The hermetic Python toolchain contains read oly files which we can't remove without making them writable
+    subprocess.run(["chmod", "-R", "+rw", output_base], check=True)
     rmtree(output_base)
 
 
diff --git a/test/apply_fixes/test_case.py b/test/apply_fixes/test_case.py
index 1a913ea0..d25b95c3 100644
--- a/test/apply_fixes/test_case.py
+++ b/test/apply_fixes/test_case.py
@@ -72,7 +72,6 @@ def _create_reports(
                 "bazel",
                 *cmd_startup_args,
                 "build",
-                "--nolegacy_external_runfiles",
                 f"--aspects=//:aspect.bzl%{aspect}",
                 "--output_groups=dwyu",
                 *cmd_extra_args,
@@ -93,7 +92,6 @@ def _run_automatic_fix(self, extra_args: Optional[List[str]] = None) -> None:
             cmd=[
                 "bazel",
                 "run",
-                "--nolegacy_external_runfiles",
                 "@depend_on_what_you_use//:apply_fixes",
                 "--",
                 f"--workspace={self._workspace}",