Hi,
I'm using Pants in cloud-based CI/CD pipeline...
# generalc
clever-father-91273
06/08/2023, 2:44 PMHi,
I'm using Pants in cloud-based CI/CD pipeline. I also use basel-remote for remote caching of Pants artifacts. I would like to make this remote cache available not only to the cloud build job, but also to the team members' local machines, so that they can use the cache when running pants commands locally (e.g. as pre-commit checks). I have two questions:
1. Is this a good practice to access the remote cache during local development?
2. If so, how can I make the bazel-remote cache address available to our local machine safely, i.e. without exposing it to all the web?
Thanks!
b
bitter-ability-32190
06/08/2023, 2:50 PMCan't answer your specifics, but the general guidance is "allow CI to read/write", and allow developers to read". That avoid a host of issues with cache poisoning.
➕ 1
💯 1
h
happy-kitchen-89482
06/08/2023, 4:18 PMI recently set up bazel-remote for the Pants repo, since Toolchain is now RIP 😞
happy-kitchen-89482
06/08/2023, 4:19 PMWe run it as a sidecar process backed by S3
happy-kitchen-89482
06/08/2023, 4:19 PMSo you could do the same, and have the access controlled by AWS IAM permissions
happy-kitchen-89482
06/08/2023, 4:20 PMAlso note that today the PATH is often mixed in to process cache keys, and developer machines often have unique PATHs (and certainly, ones that are different from the CI machine that wrote the cache)
happy-kitchen-89482
06/08/2023, 4:20 PMthis will affect your cache hits
happy-kitchen-89482
06/08/2023, 4:21 PMWe would like to address this
happy-kitchen-89482
06/08/2023, 4:21 PMbut for now, be aware of it
3 Views