.bazelrc - monogon - Gitiles

 # Enable strict_action_env (use static PATH and do not inherit environment variables).
 # This avoids unnecessary cache invalidations.
 build --incompatible_strict_action_env=true

 # TODO: Enable hermetic sandbox on Bazel 5.x
 # build --experimental_use_hermetic_linux_sandbox

 build --action_env=MONOGON_SANDBOX_DIGEST
 import %workspace%/.bazelrc.sandbox

 # Build resources
 startup --batch_cpu_scheduling --io_nice_level 7
 test --test_output=errors

 # selinux:
 #     build with SELinux (containerd, kubelet)
 # no_zfs,no_aufs,no_devicemapper:
 #     disable containerd features we don't need
 # providerless,dockerless:
 #     build k8s without cloud provider and docker support
 # nowasm:
 #     disable wasm plugin support in sqlc
 build --define gotags=selinux,seccomp,no_zfs,no_aufs,no_devicemapper,providerless,dockerless,nowasm

 # Build with C++17.
 build --cxxopt=-std=c++17

 # Set workspace status file and stamp
 build --stamp --workspace_status_command=./build/print-workspace-status.sh

 # Use our custom-configured host C++ toolchain.
 build --crosstool_top=//build/toolchain:host_cc_suite
 build --host_crosstool_top=//build/toolchain:host_cc_suite
 build --cpu=k8

 # Load CI bazelrc if present.
 try-import %workspace%/ci.bazelrc

 # Load custom per-user settings.
 try-import %workspace%/.bazelrc.user
	# Enable strict_action_env (use static PATH and do not inherit environment variables).
	# This avoids unnecessary cache invalidations.
	build --incompatible_strict_action_env=true

	# TODO: Enable hermetic sandbox on Bazel 5.x
	# build --experimental_use_hermetic_linux_sandbox

	build --action_env=MONOGON_SANDBOX_DIGEST
	import %workspace%/.bazelrc.sandbox

	# Build resources
	startup --batch_cpu_scheduling --io_nice_level 7
	test --test_output=errors

	# selinux:
	# build with SELinux (containerd, kubelet)
	# no_zfs,no_aufs,no_devicemapper:
	# disable containerd features we don't need
	# providerless,dockerless:
	# build k8s without cloud provider and docker support
	# nowasm:
	# disable wasm plugin support in sqlc
	build --define gotags=selinux,seccomp,no_zfs,no_aufs,no_devicemapper,providerless,dockerless,nowasm

	# Build with C++17.
	build --cxxopt=-std=c++17

	# Set workspace status file and stamp
	build --stamp --workspace_status_command=./build/print-workspace-status.sh

	# Use our custom-configured host C++ toolchain.
	build --crosstool_top=//build/toolchain:host_cc_suite
	build --host_crosstool_top=//build/toolchain:host_cc_suite
	build --cpu=k8

	# Load CI bazelrc if present.
	try-import %workspace%/ci.bazelrc

	# Load custom per-user settings.
	try-import %workspace%/.bazelrc.user