feat: stop using chmod on Bazel 8.6+

[aignas]

Summary

Add an extract_needs_chmod config flag that controls whether chmod
is run after extracting wheel files. The flag is False for Bazel

= 8.6 (where the fix for file permissions is built into Bazel) and
True for older versions.

Move _maybe_fix_permissions from whl_extract.bzl into
repo_utils.bzl and have _extract call it conditionally based
on the config flag. This ensures both whl_extract and patch_whl
benefit from the chmod fix when needed.

Fixes #3585

[gemini-code-assist]

Code Review

This pull request introduces basic support for generating and importing uv.lock files via the lock rule, allowing uv.lock to be used as a primary source for package metadata. It also refactors wheel extraction permission fixes to be conditional on the Bazel version. The review feedback highlights several critical issues: missing Starlark loads for evaluate and select_whl in parse_requirements.bzl, a missing logger argument in repo_utils.bzl that could cause a failure during extraction, a recommendation to forward the logger in whl_extract.bzl, and a potential runtime crash in uv_lock_to_requirements.bzl if the source field in the lockfile is explicitly null.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

I am having trouble creating individual review comments. Click here to see my feedback.

python/private/pypi/parse_requirements.bzl (31-34)

The newly added _parse_uv_lock_json function references evaluate and select_whl, but these functions are not loaded in this file. This will cause a runtime Starlark evaluation error when parsing uv.lock files. Please load them from :markers.bzl and :select_whl.bzl respectively.

load("//python/uv/private:uv_lock_to_requirements.bzl", "uv_lock_extras_map")  # buildifier: disable=bzl-visibility
load(":argparse.bzl", "argparse")
load(":index_sources.bzl", "index_sources")
load(":markers.bzl", "evaluate")
load(":parse_requirements_txt.bzl", "parse_requirements_txt")
load(":select_whl.bzl", "select_whl")

python/private/repo_utils.bzl (536-537)

The _maybe_fix_permissions function expects a logger when mrctx is a module_ctx (which is what mrctx is designed to support). However, _extract calls it without passing logger, which will result in a guaranteed fail error if extract_needs_chmod is True and mrctx is a module_ctx. Please forward the logger from kwargs if available.

    if extract_needs_chmod:
        _maybe_fix_permissions(mrctx, whl_path = archive, logger = kwargs.get("logger"))

python/private/pypi/whl_extract.bzl (18-22)

It is highly recommended to pass the logger parameter to repo_utils.extract to ensure that the same logger is reused and to prevent potential failures if extract is ever called in a context where a logger is required.

        archive = whl_path,
        output = install_dir_path,
        supports_whl_extraction = rp_config.supports_whl_extraction,
        extract_needs_chmod = rp_config.extract_needs_chmod,
        logger = logger,
    )

python/uv/private/uv_lock_to_requirements.bzl (70)

In Starlark/Python, if the "source" key is explicitly set to null in the JSON, pkg.get("source", {}) will return None instead of the default {}. This can cause a runtime crash when calling source.get("registry"). Using pkg.get("source") or {} is a safer and more robust defensive programming pattern.

        source = pkg.get("source") or {}