commit 6c851e2f8270e2a08077a5d35cc5d7869e2c9188
author Tim Windelschmidt <tim@monogon.tech> Thu Jan 11 15:23:48 2024 +0100
committer Tim Windelschmidt <tim@monogon.tech> Wed Feb 28 13:35:30 2024 +0000
tree debb29dddd190d930e45a7a29cc960eba88206e5
parent 7006cafc58cbff6765726447d84df1cd1531d346

workspace: add additional sandbox hermeticity flags

Closes monogon-dev/monogon#176

Change-Id: Icc303a235bc441585301eab4f6a68035bb0c7fee
Reviewed-on: https://review.monogon.dev/c/monogon/+/2700
Reviewed-by: Serge Bazanski <serge@monogon.tech>
Tested-by: Jenkins CI

build/ci/jenkins-presubmit.groovy

diff --git a/build/ci/jenkins-presubmit.groovy b/build/ci/jenkins-presubmit.groovy
index 4df1116..7e7e5b6 100644
--- a/build/ci/jenkins-presubmit.groovy
+++ b/build/ci/jenkins-presubmit.groovy
@@ -21,10 +21,10 @@
                         gerritCheck checks: ['jenkins:test': 'RUNNING'], message: "Running on ${env.NODE_NAME}"
                         echo "Gerrit change: ${GERRIT_CHANGE_URL}"
                         sh "git clean -fdx -e '/bazel-*'"
-                        sh "JENKINS_NODE_COOKIE=dontKillMe tools/bazel test //..."
-                        sh "JENKINS_NODE_COOKIE=dontKillMe tools/bazel build  --//metropolis/cli/metroctl:buildkind=lite --platforms=@io_bazel_rules_go//go/toolchain:darwin_arm64 //metropolis/cli/metroctl"
-                        sh "JENKINS_NODE_COOKIE=dontKillMe tools/bazel build  --//metropolis/cli/metroctl:buildkind=lite --platforms=@io_bazel_rules_go//go/toolchain:darwin_amd64 //metropolis/cli/metroctl"
-                        sh "JENKINS_NODE_COOKIE=dontKillMe tools/bazel test --config dbg //..."
+                        sh "JENKINS_NODE_COOKIE=dontKillMe tools/bazel --bazelrc=.bazelrc.ci test //..."
+                        sh "JENKINS_NODE_COOKIE=dontKillMe tools/bazel --bazelrc=.bazelrc.ci build  --//metropolis/cli/metroctl:buildkind=lite --platforms=@io_bazel_rules_go//go/toolchain:darwin_arm64 //metropolis/cli/metroctl"
+                        sh "JENKINS_NODE_COOKIE=dontKillMe tools/bazel --bazelrc=.bazelrc.ci build  --//metropolis/cli/metroctl:buildkind=lite --platforms=@io_bazel_rules_go//go/toolchain:darwin_amd64 //metropolis/cli/metroctl"
+                        sh "JENKINS_NODE_COOKIE=dontKillMe tools/bazel --bazelrc=.bazelrc.ci test --config dbg //..."
                     }
                     post {
                         success {
@@ -47,9 +47,9 @@
                         gerritCheck checks: ['jenkins:gazelle': 'RUNNING'], message: "Running on ${env.NODE_NAME}"
                         echo "Gerrit change: ${GERRIT_CHANGE_URL}"
                         sh "git clean -fdx -e '/bazel-*'"
-                        sh "JENKINS_NODE_COOKIE=dontKillMe tools/bazel run //:gazelle-update-repos"
-                        sh "JENKINS_NODE_COOKIE=dontKillMe tools/bazel run //:gazelle -- update"
-                        sh "JENKINS_NODE_COOKIE=dontKillMe tools/bazel run //:go -- mod tidy"
+                        sh "JENKINS_NODE_COOKIE=dontKillMe tools/bazel --bazelrc=.bazelrc.ci run //:gazelle-update-repos"
+                        sh "JENKINS_NODE_COOKIE=dontKillMe tools/bazel --bazelrc=.bazelrc.ci run //:gazelle -- update"
+                        sh "JENKINS_NODE_COOKIE=dontKillMe tools/bazel --bazelrc=.bazelrc.ci run //:go -- mod tidy"
 
                         script {
                             def diff = sh script: "git status --porcelain", returnStdout: true