Hey all! Quick question, is the output of

shell_command

supposed to be cached? I'm trying to build a UI and package it into a docker container. It seems like like the

shell_command

is being re-run every time I run

pants package

even though the dependencies have not changed. BUILD file setup looks like:

files(name="sources", sources=[".", "*", "*/**"])

shell_command(
    name="build",
    command="pnpm install && npm run build",
    tools=[
        "pnpm", "npm", "node", "rm", "mv", "mkdir", "cp", "ln", "sed", "sh", "bash", "env", "dirname",],
    extra_env_vars=["CODEARTIFACT_AUTH_TOKEN", "BUILD_PATH=./dist"],
    execution_dependencies=[":sources"],
    output_files=["package.json", ".env", ".nginx.conf"],
    output_directories=["conf", "bin", "dist"],
    timeout=3000,
    root_output_directory=".",
)

docker_image(
    name="ui",
    dependencies=[
        ":build",
    ],
)

It is supposed to be cached, but the caching depends on the exact input, including values of environment variables. Just looking there, I wonder about the auth token: Does it change? If not, do you have other environment variables passed into the command that may change (in your pants.toml)?

Thanks @broad-processor-92400 that was it! That makes perfect sense. Luckily for NPM I don't have a need for the token since all our packages are in the public repo, so taking it out provided the caching behavior I was expecting. I'm guessing the behavior is the same for

python-repos

if I have a token in there that's coming from an environment variable? That would explain why my dependency pex files are rebuilt in every CI run. Any tips for working around that? Unfortunately Code Artifact limits the token ttl to 12 hours

Sorry, I don’t know the best way to manage authentication tokens that need to change regularly. It may be worth asking another question about that specifically, and/or filing a GitHub issue

No worries, thank you! Appreciate the help :))