Rust/bazel: Port to bzlmod.

This gets rid of our last workspace dependency.
In particular, this change also gets rid of the checked-in extra
lock files that took forever to generate.

MODULE.bazel

@@ -26,9 +26,32 @@ bazel_dep(name = "rules_kotlin", version = "1.9.4-codeql.1")
 bazel_dep(name = "gazelle", version = "0.36.0")
 bazel_dep(name = "rules_dotnet", version = "0.15.1")
 bazel_dep(name = "googletest", version = "1.14.0.bcr.1")
+bazel_dep(name = "rules_rust", version = "0.46.0")
 
 bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True)
 
+crate = use_extension(
+    "@rules_rust//crate_universe:extension.bzl",
+    "crate",
+)
+crate.from_cargo(
+    name = "py_deps",
+    cargo_lockfile = "//python/extractor/tsg-python:Cargo.lock",
+    manifests = [
+        "//python/extractor/tsg-python:Cargo.toml",
+        "//python/extractor/tsg-python/tsp:Cargo.toml",
+    ],
+)
+crate.from_cargo(
+    name = "ruby_deps",
+    cargo_lockfile = "//ruby/extractor:Cargo.lock",
+    manifests = [
+        "//ruby/extractor:Cargo.toml",
+        "//ruby/extractor/codeql-extractor-fake-crate:Cargo.toml",
+    ],
+)
+use_repo(crate, "py_deps", "ruby_deps")
+
 dotnet = use_extension("@rules_dotnet//dotnet:extensions.bzl", "dotnet")
 dotnet.toolchain(dotnet_version = "8.0.101")
 use_repo(dotnet, "dotnet_toolchains")

misc/bazel/rust.bzl

@@ -0,0 +1,23 @@
+load("@rules_rust//rust:defs.bzl", "rust_binary")
+load("@semmle_code//buildutils-internal:glibc_symbols_check.bzl", "glibc_symbols_check")
+load("@semmle_code//buildutils-internal:lipo.bzl", "universal_binary")
+
+def codeql_rust_binary(
+        name,
+        target_compatible_with = None,
+        visibility = None,
+        symbols_test = True,
+        **kwargs):
+    rust_label_name = name + "_single_arch"
+    universal_binary(
+        name = name,
+        dep = ":" + rust_label_name,
+        target_compatible_with = target_compatible_with,
+        visibility = visibility,
+    )
+    rust_binary(
+        name = rust_label_name,
+        **kwargs
+    )
+    if symbols_test:
+        glibc_symbols_check(name = name + "symbols-test", binary = name)

python/extractor/tsg-python/BUILD.bazel

@@ -1,5 +1,5 @@
 load("@py_deps//:defs.bzl", "aliases", "all_crate_deps")
-load("@semmle_code//:common.bzl", "codeql_rust_binary")
+load("//misc/bazel:rust.bzl", "codeql_rust_binary")
 
 codeql_rust_binary(
     name = "tsg-python",

python/extractor/tsg-python/Cargo.toml

@@ -6,15 +6,6 @@ version = "0.1.0"
 authors = ["Taus Brock-Nannestad <tausbn@github.com>"]
 edition = "2021"
 
-# When changing/updating these, the `Cargo.Bazel.lock` file has to be regenerated.
-# Run `CARGO_BAZEL_REPIN=true CARGO_BAZEL_REPIN_ONLY=py_deps ./tools/bazel sync --only=py_deps`
-# in the `semmle-code` repository to do so.
-# For more information, check out the documentation at
-# https://bazelbuild.github.io/rules_rust/crate_universe.html#repinning--updating-dependencies
-# In the future, the hope is to move this handling of the dependencies entirely into the `codeql` repository,
-# but that depends on `rules_rust` being fully compatible with bzlmod, which they aren't yet
-# (c.f. https://github.com/bazelbuild/rules_rust/issues/2452).
-# Warning: The process takes >5min on my M1 mac, so do wait for a while.
 [dependencies]
 anyhow = "1.0"
 regex = "1"

ruby/extractor/BUILD.bazel

@@ -1,5 +1,5 @@
 load("@ruby_deps//:defs.bzl", "aliases", "all_crate_deps")
-load("@semmle_code//:common.bzl", "codeql_rust_binary")
+load("//misc/bazel:rust.bzl", "codeql_rust_binary")
 
 codeql_rust_binary(
     name = "extractor",

ruby/extractor/Cargo.toml

@@ -6,15 +6,6 @@ version = "0.1.0"
 authors = ["GitHub"]
 edition = "2021"
 
-# When changing/updating these, the `cargo-bazel-lock.json` file has to be regenerated.
-# Run `CARGO_BAZEL_REPIN=true CARGO_BAZEL_REPIN_ONLY=ruby_deps ./tools/bazel sync --only=ruby_deps`
-# in the `semmle-code` repository to do so.
-# For more information, check out the documentation at
-# https://bazelbuild.github.io/rules_rust/crate_universe.html#repinning--updating-dependencies
-# In the future, the hope is to move this handling of the dependencies entirely into the `codeql` repository,
-# but that depends on `rules_rust` being fully compatible with bzlmod, which they aren't yet
-# (c.f. https://github.com/bazelbuild/rules_rust/issues/2452).
-# Warning: The process takes >5min on my M1 mac, so do wait for a while.
 [dependencies]
 tree-sitter = ">= 0.22.6"
 tree-sitter-embedded-template = { git = "https://github.com/tree-sitter/tree-sitter-embedded-template.git", rev = "38d5004a797298dc42c85e7706c5ceac46a3f29f" }