rules_graalvm

Hermetic GraalVM rules

Full hermeticity can be a challenge with Bazel, because the native-image tool uses several environment variables to resolve tooling, based on the host platform you execute your build on. This guide can help you troubleshoot these problems; please read on based on the platform you use.

Note on hermetic downloads

Most downloads performed by these rules are hermetic and fingerprinted. However, in certain cases, there is no easy way to determine these fingerprints ahead of time:

All other downloads are performed through Bazel.

Linux

On Linux no specific action is needed.

macOS

Bazel on macOS uses Xcode to build native code by default. You can opt to keep this behavior, or you can use the non-Xcode “pure C++ toolchain” by setting BAZEL_USE_CPP_ONLY_TOOLCHAIN=1.

Building via Xcode: When building via Xcode (the default behavior), you may need to open Xcode and accept terms to complete installation. In some cases this can be performed via the command line:

sudo xcodebuild -license [accept]

Note Pass the accept parameter in headless scripts.

Pure C++ toolchain:

For example:

build --repo_env BUILD_USE_CPP_ONLY_TOOLCHAIN=1
build --action_env BAZEL_DO_NOT_DETECT_CPP_TOOLCHAIN=1

Windows

Bazel on Windows involves some setup. You will need a recent copy of Visual Studio as documented in the Windows usage guide. You can build binaries with native-image even if Bazel isn’t correctly set up to use Visual Studio, but in this case the rules fallback to using the PATH to resolve cl.exe.

Troubleshooting Windows builds: These settings have been observed to help when building on Windows. These flags are included both here and in the usage guide for Windows because native-image itself uses these environment variables to complete a build.

build --action_env=INCLUDE
build --action_env=MSVC
build --action_env=LIB