Skip to main content
allfeaturedbazeldebugging
·Dan Stowell

Improved handling of short-lived secrets in remote execution

BuildBuddy has supported passing short-lived secrets to remote actions via the env-overrides platform property, which redacts values from action cache entries. The new secret-env-overrides and secret-env-overrides-base64 properties extend this protection by also redacting values from workflow logs.

Pass secrets via remote exec headers so they're injected at invocation time without affecting the action hash:

bazel build //my:target \
  --remote_exec_header=x-buildbuddy-platform.secret-env-overrides=API_KEY=sk-abc123,OTHER_KEY=val

For values containing commas or special characters, base64-encode each KEY=VALUE pair:

bazel build //my:target \
  --remote_exec_header=x-buildbuddy-platform.secret-env-overrides-base64=$(echo -n 'CREDS={"token": "abc"}' | base64)

See the Secrets docs and RBE platform properties reference for more details.

bazel
·Fabian Meumertzheim

bb explain: understand why your build re-ran actions

bb explain shows a structural diff of two compact execution logs. It helps answer the common questions: "Why did Bazel re-execute that action?" and "What changed between these builds?"

bb explain

It can highlight non-hermetic outputs and differences in inputs, environment variables, and arguments.

It works with your last two builds automatically, or you can point it at any invocation IDs:

bb explain
bb explain --old <OLD_INVOCATION_ID> --new <NEW_INVOCATION_ID>

You can download the bb CLI here. More details in Fabian's BazelCon talk.

bazeldebuggingfeatured
·Siggi Simonarson

Compare invocations: compare two builds side-by-side

The compare invocations view allows you to diff two invocations side-by-side.

It can help debug why two builds produced different results by showing exactly what changed: different flags, startup options, cache/remote execution settings, status, and more.

To compare invocations:

  1. From one invocation link, select Compare -> Select for comparison in the top right corner.
  2. From another invocation link, select Compare -> Compare with selected.
  3. For even more details on differences between the two invocations, click the Run bb explain button on the compare invocations page.
bazeldebuggingfeatured
·Siggi Simonarson

Compare actions: compare two actions side-by-side

The compare actions view allows you to diff two actions side-by-side.

This can help pinpoint why two seemingly similar actions produced different results or didn't result in a cache hit.

To compare actions:

  1. From an invocation link, you can find the desired action either in the Cache or Remote Execution tabs.
  2. Click through to the Action Details view.
  3. Click Compare -> Select for comparison in the top right corner.
  4. Find the other action you want to compare it against.
  5. Click Compare -> Compare with selected in the top right corner of the second action.
bazeldebuggingfeatured