Hey everyone, TLDR: I would like a way of allowing network access during builds on a per-element basis, to ease transition into BuildStream.
I realize this has a potential to be highly controversial, but I think that the benefits in terms of ease of adoption makes it worth it. Problem ----------- In some cases, it is very hard to completely sandbox a build, with some build systems absolutely wanting to go to the network. There are workaround to go over those, however, having to completely fix them before moving sizeable projects to BuildStream makes it very hard to adopt. In other cases, you might want access to network resources for testing elements that would require some network access I know and fully understand that having network access during a sandbox build removes many of the benefits of BuildStream (source caching, repeatable builds), but those can be addressed at an infrastructure level before being moved to work as it should in BuildStream. How would that look like? -------------------------- I would envision a new variable option, similar to 'max-jobs', that would be transparent to the plugin, but used by BuildStream to open network access. How much work would we need to do for this? ------------------------------------------ We already have mechanisms to open the sandbox when running a shell. We would need to make this possible for regular builds. This would also mean we need to be able to be able to set it on platform properties for remote execution. Mitigations ----------- Some potential mitigations around this being 'bad' could be: - Optionally disable by default the pushing of such artifacts to remote caches, like we currently handle workspaces, with the ability to enable it either at the project level or the element level. Any thoughts? Thanks! Ben
