Full hermeticity can be a challenge with Bazel, because the native-image
tool uses several environment variables to
resolve tooling, based on the host platform you execute your build on. This guide can help you troubleshoot these
problems; please read on based on the platform you use.
Most downloads performed by these rules are hermetic and fingerprinted. However, in certain cases, there is no easy way to determine these fingerprints ahead of time:
Components which don’t ship with GraalVM: There is no rule-side support for these yet. You may be able to get these to work with regular library dependencies or data
attributes.
Oracle GraalVM components: These are installed via gu
directly because this tool accesses Oracle’s GDS (Global Download Service) APIs.
All other downloads are performed through Bazel.
On Linux no specific action is needed.
Bazel on macOS uses Xcode to build native code by default. You can opt to keep this behavior, or you can use the
non-Xcode “pure C++ toolchain” by setting BAZEL_USE_CPP_ONLY_TOOLCHAIN=1
.
Building via Xcode: When building via Xcode (the default behavior), you may need to open Xcode and accept terms to complete installation. In some cases this can be performed via the command line:
sudo xcodebuild -license [accept]
Note Pass the
accept
parameter in headless scripts.
Pure C++ toolchain:
BAZEL_USE_CPP_ONLY_TOOLCHAIN=1
in your Bazel repository invocation environmentBAZEL_DO_NOT_DETECT_CPP_TOOLCHAIN=1
in your Bazel invocation environmentFor example:
build --repo_env BUILD_USE_CPP_ONLY_TOOLCHAIN=1
build --action_env BAZEL_DO_NOT_DETECT_CPP_TOOLCHAIN=1
Bazel on Windows involves some setup. You will need a recent copy of Visual Studio as documented in the
Windows usage guide. You can build binaries with native-image
even if Bazel isn’t correctly set up to use Visual
Studio, but in this case the rules fallback to using the PATH
to resolve cl.exe
.
Troubleshooting Windows builds:
These settings have been observed to help when building on Windows. These flags are included both here and in the usage
guide for Windows because native-image
itself uses these environment variables to complete a build.
build --action_env=INCLUDE
build --action_env=MSVC
build --action_env=LIB