Google Git
Sign in
bazel / bazel / 01407ce75841295543878f10bddb22d5e178c6ca
commit01407ce75841295543878f10bddb22d5e178c6ca[log] [tgz]
authorFabian Meumertzheim <fabian@meumertzhe.im>Fri Jan 09 09:43:28 2026 -0800
committerCopybara-Service <copybara-worker@google.com>Fri Jan 09 09:44:38 2026 -0800
tree85e3e0dd58c0ecc000a15dce7e811a23e79e310a
parent96deebfa1046254ada6b45ba3702406301c9e919 [diff]
Fix and consolidate repo env handling

The current invalidation logic didn't take `--incompatible_repo_env_ignores_action_env` and `--experimental_strict_repo_env` into account, which resulted in incorrect invalidation of repo rules and module extensions.

This is addressed by a larger refactoring that consolidates the logic that computes the effective environment for repository rules and module extensions in `CommandEnvironment`. This environment is then read and sliced by a new `RepoEnvironmentFunction` that operates analogously to `ClientEnvironmentFunction`.

Along the way, the variety of terminology in `CommandEnvironment` and various `SkyFunction`s is cleaned up to consistently use:
* `repoEnv` to refer to the environment seen by repo rules and module extensions, which may or may not see the full client env based on the value of `--experimental_strict_repo_env` and
* `nonstrictRepoEnv`, which refers to same environment with, conceptually, `--experimental_strict_repo_env` forced to `false`. This is used for certain non-hermetic operations such as downloader and credential helper logic.

Closes #28168.

PiperOrigin-RevId: 854228202
Change-Id: I900f260dd5d0c6e20dcc32eaee0821567e60d5d1
38 files changed
tree: 85e3e0dd58c0ecc000a15dce7e811a23e79e310a
  1. .bazelci/
  2. .devcontainer/
  3. .gemini/
  4. .github/
  5. docs/
  6. examples/
  7. scripts/
  8. site/
  9. src/
  10. third_party/
  11. tools/
  12. .bazelrc
  13. .bazelversion
  14. .gitattributes
  15. .gitignore
  16. AUTHORS
  17. bazel_downloader.cfg
  18. BUILD
  19. CHANGELOG.md
  20. CODE_OF_CONDUCT.md
  21. CODEOWNERS
  22. combine_distfiles.py
  23. combine_distfiles_to_tar.sh
  24. compile.sh
  25. CONTRIBUTING.md
  26. CONTRIBUTORS
  27. distdir.bzl
  28. extensions.bzl
  29. LICENSE
  30. maven_install.json
  31. MODULE.bazel
  32. MODULE.bazel.lock
  33. pyproject.toml
  34. README.md
  35. repositories.bzl
  36. requirements.txt
  37. SECURITY.md
README.md

Bazel

{Fast, Correct} - Choose two

Build and test software of any size, quickly and reliably.

  • Speed up your builds and tests: Bazel rebuilds only what is necessary. With advanced local and distributed caching, optimized dependency analysis and parallel execution, you get fast and incremental builds.

  • One tool, multiple languages: Build and test Java, C++, Android, iOS, Go, and a wide variety of other language platforms. Bazel runs on Windows, macOS, and Linux.

  • Scalable: Bazel helps you scale your organization, codebase, and continuous integration solution. It handles codebases of any size, in multiple repositories or a huge monorepo.

  • Extensible to your needs: Easily add support for new languages and platforms with Bazel's familiar extension language. Share and re-use language rules written by the growing Bazel community.

Getting Started

Documentation

Reporting a Vulnerability

To report a security issue, please email security@bazel.build with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue. Our vulnerability management team will respond within 3 working days of your email. If the issue is confirmed as a vulnerability, we will open a Security Advisory. This project follows a 90 day disclosure timeline.

Contributing to Bazel

See CONTRIBUTING.md

Build status