Open alexeagle opened 2 years ago
+@comius, I don't really know much about stamp so maybe you can comment?
Ping @comius for triage.
You mention --stamp
, but --embed_label
should also be supported, right?
Yes, I think anything that produces non-deterministic outputs has to be user-controlled rather than rule-author-controlled.
cc @buildbreaker2021
Trying to keep things simple, I'd prefer if it's possible not to introduce additional flag. That would mean if --stamp
is False
, ctx.info_file
and ctx.version_file
should just return a "constant" file. Returning a constant file wouldn't break rules that are already using the functions and would still generate hermetic builds.
Assigning to @buildbreaker2021, because he's handling BuildInfo in Java and C++ Starlark rules atm.
Returning a constant file wouldn't break rules that are already using the functions and would still generate hermetic builds.
I don't think that's true, since it wouldn't be possible to know what a valid constant file would be in the presence of user defined keys, so the constant file could be missing keys that user defined rules expect, and break the rules.
The built in workspace status keys already come with a redacted value, (though there's a comment saying they should be removed https://github.com/bazelbuild/bazel/blob/037368017b5cde7bf99187271f3d139b9fca7d14/src/main/java/com/google/devtools/build/lib/rules/cpp/CppBuildInfo.java#L42-L43), but supporting redacted values for user defined keys would require changing the format of the output of the workspace status script, for example instead of being KEY1<space>VALUE1[\nKEYN<space>VALUEN...]
it could be KEY1<space>VALUE1<space>REDACTED_VALUE1[\nKEYN<space>VALUEN<space>REDACTED_VALUEN...]
. That would allow users to upgrade bazel while keeping their build compatible with the current version of rule sets, until they upgrade their rule sets to versions that support the new constant files.
I agree with this request. It's a pain now for Starlark to even read the --stamp
value (#11164).
Returning a constant file wouldn't break rules that are already using the functions and would still generate hermetic builds.
Unfortunately, there are some caveats with that approach:
--stamp
can be altered through transitions(How I have used stamp transitions: I can get both a stamped artifact for deployment, and the digest of the unstamped artifact to detect if a deployment is actually necessary.)
Just got bit by this this week.
In working on rules_docker, I found that regardless of any configuration of the build, actions were non-deterministic because the presence of a
{
character in certain attributes caused rules likecontainer_image
to always stamp outputs, and since the stable-status.txt file is an input to the action, it was non-deterministic and caused cache misses.Since there's no real contract between Bazel and rulesets regarding the meaning of
--stamp
and how rules should present a non-deterministic stamping facility to users, there's a lot of inconsistency. (For starters, ctx.info_file and ctx.status_file are undocumented) I think we'd benefit from an--incompatible
flag on Bazel itself.As a strawman, call it
--incompatible_prevent_status_files_without_stamp
which, unless--stamp
is also present, would either prevent the *-status.txt files from being passed as inputs to actions, or would error the build and point to the rule implementation that is including those files as inputs.Related: