bazel: remote/correctness: Bazel doesn't track system libraries.
Bazel currently does not track tools outside a workspace. This can be a problem if, for example, an action uses a compiler from /usr/bin/. Then, two users with different
compilers installed will wrongly share cache hits because the outputs are different but they have the same action hash.
About this issue
- Original URL
- State: open
- Created 6 years ago
- Reactions: 17
- Comments: 22 (12 by maintainers)
Commits related to this issue
- add option to mangle AC keys with (non-empty) instance names In some client setups, untracked local files can be used by an action without being included in the Action message, which causes action ca... — committed to mostynb/bazel-remote by mostynb 4 years ago
- add option to mangle AC keys with (non-empty) instance names In some client setups, untracked local files can be used by an action without being included in the Action message, which causes action ca... — committed to buchgr/bazel-remote by mostynb 4 years ago
- Add cache-version input to bazel-build-test action. This allows for manually invalidating prior cache results when there are incompatible changes that Bazel doesn't handle. For example, changing the ... — committed to world-federation-of-advertisers/actions by SanjayVas 3 years ago
- Add cache-version input to bazel-build-test action. (#8) This allows for manually invalidating prior cache results when there are incompatible changes that Bazel doesn't handle. For example, changing... — committed to world-federation-of-advertisers/actions by SanjayVas 3 years ago
Following back up on this after a while, FWIW we’ve been working around this for kubernetes for a while now by hashing the toolchains ourselves (since we run in debian container(s) we can do this pretty easily) and using this to key our cache.
So far this has worked well enough as a stopgap.
@BenTheElder ohh I apologize for the misinformation - it was my understanding that
--action_envis supported by all actions. Please use the platform override then - I shall document it on our website.Essentially, you can pass it the following protobuf:
This is passed through to the computation of the action key for remote caching.
@BenTheElder Yep exactly. It’s not just compilers though it’s any tools that your build uses from your system that you did not explicitly specify really. So you might want to include some more info than just your compiler.
@HackAttack correct. however, the local cache affects only a single user while the remote cache can do quite a bit of harm.
See #3320. 😕