Bump grpc from 1.26.0 to 1.31.1

[dmivankov]

Fixes having external dependencies without checksum

• boringssl (each download was timestamped, but otherwise stable)
• bazel_skylark was overriden to be master (sic!)

There doesn't seem to be many breaking/big changes up to grpc 1.31.1

• removal of xds-experimental URI scheme
• removal of MAX_EPOLL_EVENTS_HANDLED_EACH_POLL_CALL
• enable TLS 1.3 in the C-core and all wrapped languages
• some of bazel-related patches got merged in
  https://github.com/grpc/grpc/releases

How to check whether certain dependency has a checksum
bazel query //external:bazel_skylib --output build
bazel query //external:boringssl --output build

How to find (almost?) all problematic dependencies
compare output of
bazel query 'kind(http_archive, //external:all) + kind(http_file, //external:all) + kind(distdir_tar, //external:all)' --output xml | xq '.query.rule[] | ."@name"'
vs
bazel query 'kind(http_archive, //external:all) + kind(http_file, //external:all) + kind(distdir_tar, //external:all)' --output xml | xq '.query.rule[] | select (.string[]."@name" | contains("sha256")) | ."@name"'

Note that it looks for string sha256 and misses dict sha256 for
distdir_tar rules - those are false positive currently.

[meteorcloudy]

Nice, thanks for the update! This PR looks good to me.

But we cannot import a PR with changes both inside and outside of the third_party directory, could you please split it into several PRs? We have to do it in a way that won't break Bazel, an example of changes is:
#11807
#12108
#12139

[dmivankov]

Thanks, will look into that. Do you have more details on what could break with a single PR? As I see there are bootstrapping and other tests in CI

[meteorcloudy]

Yeah, basically I meant the presubmit tests should pass. If it's green, we are fine.

[dmivankov]

I will probably have to add grpc version suffix to
third_party/grpc/BUILD
third_party/grpc/bazel.patch
third_party/grpc/bazel/*
third_party/grpc/compiler/*
otherwise can't simply add new grpc version alongside previous one

[dmivankov]

Ah, nice, so all is good with the current state of PR? :)

[meteorcloudy]

I will probably have to add grpc version suffix to
third_party/grpc/BUILD
third_party/grpc/bazel.patch
third_party/grpc/bazel/*
third_party/grpc/compiler/*
otherwise can't simply add new grpc version alongside previous one

I think the grpc java compiler version doesn't have to exactly match the grpc cpp version. So you probably don't have to do that. It's just the grpc_1.26.0.patch file has to match the version defined in WORKSPACE.
You can do this

• First add the new patch file grpc_1.31.1.patch and upgrade everything under third_party (bazel/ , compiler/ , grpc jars)
• Upgrade the grpc version in WORKSPACE to 1.31.1
• Remove old patch files.

[dmivankov]

• keeping bootstrap jars and protoc java plugin at 1.26.0
• split into 3: [1/3] Bump grpc from 1.26.0 to 1.31.1 #12235 (add grpc 1.31.1 patches), [2/3] Bump grpc from 1.26.0 to 1.31.1 #12236 (switch to 1.31.1) and [3/3] Bump grpc from 1.26.0 to 1.31.1 #12237 (drop 1.26.0 patches)
• keeping this one open for now for full diff overview, PR checks & comments

[meteorcloudy]

Thanks, do you plan to upgrade the jars later?

[dmivankov]

Bootstrap jars seem to have a good amount of bugfixes, so would be good to bump them https://github.com/grpc/grpc-java/releases
But actually there seem to be netty dependency bump there - would need to double-check version and make it a separate PR

[meteorcloudy]

Sounds great!

[meteorcloudy]

split into 3: #12235 (add grpc 1.31.1 patches), #12236 (switch to 1.31.1) and #12237 (drop 1.26.0 patches)

All three PRs have been merged now.