Switch to using metadata-based invalidation instead of content-based invalidation for any sources referenced by the workspace_invalidation_sources field.
This is necessary because workspace_invalidation_sources is intended to be used with the experimental_workspace_environment and there is a problem with content-based invalidation in that scenario: There is a potential cache poisoning scenario where Pants computes a content digest but then the user overwrites the digested sources before Pants has executed the applicable adhoc_tool / shell_command process. The cache will now have a result stored under the digest of the original file version even though the file content changed. See https://github.com/pantsbuild/pants/pull/21051#issuecomment-2174995973 for expanded discussion.
Switch to using metadata-based invalidation instead of content-based invalidation for any sources referenced by the
workspace_invalidation_sources
field.This is necessary because
workspace_invalidation_sources
is intended to be used with theexperimental_workspace_environment
and there is a problem with content-based invalidation in that scenario: There is a potential cache poisoning scenario where Pants computes a content digest but then the user overwrites the digested sources before Pants has executed the applicableadhoc_tool
/shell_command
process. The cache will now have a result stored under the digest of the original file version even though the file content changed. See https://github.com/pantsbuild/pants/pull/21051#issuecomment-2174995973 for expanded discussion.