Workspace Rules

Workspace rules are used to pull in external dependencies, typically source code located outside the main repository.

Note: besides the native workspace rules, Bazel also embeds various Starlark workspace rules, in particular those to deal with git repositories or archives hosted on the web.

bind

bind(name, actual, compatible_with, deprecation, distribs, features, licenses, restricted_to, tags, testonly, visibility)

Warning: use of bind() is not recommended. See "Consider removing bind" for a long discussion of its issues and alternatives.

Warning: select() cannot be used in bind(). See the Configurable Attributes FAQ for details.

Gives a target an alias in the //external package.

The //external package is not a "normal" package: there is no external/ directory, so it can be thought of as a "virtual package" that contains all bound targets.

Examples

To give a target an alias, bind it in the WORKSPACE file. For example, suppose there is a java_library target called //third_party/javacc-v2. This can be aliased by adding the following to the WORKSPACE file:

bind(
    name = "javacc-latest",
    actual = "//third_party/javacc-v2",
)

Now targets can depend on //external:javacc-latest instead of //third_party/javacc-v2. If javacc-v3 is released, the bind rule can be updated and all of the BUILD files depending on //external:javacc-latest will now depend on javacc-v3 without needing to be edited.

Bind can also be used to make targets in external repositories available to your workspace. For example, if there is a remote repository named @my-ssl imported in the WORKSPACE file and it has a cc_library target //src:openssl-lib, you can create an alias for this target using bind:

bind(
    name = "openssl",
    actual = "@my-ssl//src:openssl-lib",
)

Then, in a BUILD file in your workspace, the bound target can be used as follows:

cc_library(
    name = "sign-in",
    srcs = ["sign_in.cc"],
    hdrs = ["sign_in.h"],
    deps = ["//external:openssl"],
)

Within sign_in.cc and sign_in.h, the header files exposed by //external:openssl can be referred to using their path relative to their repository root. For example, if the rule definition for @my-ssl//src:openssl-lib looks like this:

cc_library(
    name = "openssl-lib",
    srcs = ["openssl.cc"],
    hdrs = ["openssl.h"],
)

Then sign_in.cc's includes might look like this:

#include "sign_in.h"
#include "src/openssl.h"

Arguments

Attributes
name

Name; required

A unique name for this target.

actual

Label; optional

The target to be aliased.

This target must exist, but can be any type of rule (including bind).

If this attribute is omitted, rules referring to this target in //external will simply not see this dependency edge. Note that this is different from omitting the bind rule completely: it is an error if an //external dependency does not have an associated bind rule.

local_repository

local_repository(name, path)

Allows targets from a local directory to be bound. This means that the current repository can use targets defined in this other directory. See the bind section for more details.

Examples

Suppose the current repository is a chat client, rooted at the directory ~/chat-app. It would like to use an SSL library which is defined in a different repository: ~/ssl. The SSL library has a target //src:openssl-lib.

The user can add a dependency on this target by adding the following lines to ~/chat-app/WORKSPACE:

local_repository(
    name = "my-ssl",
    path = "/home/user/ssl",
)

Targets would specify @my-ssl//src:openssl-lib as a dependency to depend on this library.

Arguments

Attributes
name

Name; required

A unique name for this target.

path

String; required

The path to the local repository's directory.

This must be a path to the directory containing the repository's WORKSPACE file. The path can be either absolute or relative to the main repository's WORKSPACE file.

maven_jar

maven_jar(name, artifact, repository, server, sha1, sha1_src, sha256, sha256_src)

Downloads a jar from Maven and makes it available to be used as a Java dependency.

Naming

Note that the maven_jar name is used as a repository name, so it is limited by the rules governing workspace names: it cannot contain dashes nor dots (see the documentation on workspace names for the exact specification). By convention, maven_jar names should match the artifact name, replacing illegal characters with underscores and leaving off the version. For example, a rule with artifact = "org.apache.commons:commons-lang3:3.4" should have name = "org_apache_commons_commons_lang3".

Examples

Suppose that the current repostory contains a java_library target that needs to depend on Guava. Using Maven, this dependency would be defined in the pom.xml file as:
<dependency>
    <groupId>com.google.guava</groupId>
    <artifactId>guava</artifactId>
    <version>18.0</version>
</dependency>
With Bazel, add the following lines to the WORKSPACE file:
maven_jar(
    name = "com_google_guava_guava",
    artifact = "com.google.guava:guava:18.0",
    sha1 = "cce0823396aa693798f8882e64213b1772032b09",
    sha1_src = "ad97fe8faaf01a3d3faacecd58e8fa6e78a973ca",
)

Targets can specify @com_google_guava_guava//jar as a dependency to depend on this jar.

Arguments

Attributes
name

Name; required

A unique name for this target.

artifact

String; optional

A description of a Maven artifact using Maven coordinates.

These descriptions are of the form <groupId>:<artifactId>:<version>, see the documentation below for an example.

repository

String; optional

A URL for a Maven repository to fetch the jar from.

Either this or server can be specified. Defaults to Maven Central ("central.maven.org").

server

String; optional

A maven_server to use for this artifact.

Either this or repository can be specified.

sha1

String; optional

A SHA-1 hash of the desired jar.

If the downloaded jar does not match this hash, Bazel will error out. It is a security risk to download a file without verifying cryptographic secure hash. Note that SHA-1 is no longer considered a secure cryptographic hash function, but specifying the hash is still marginally better than no check at all. This attribute is kept here for legacy support purposes. Please either use the 'sha256' attribute or migrate to rules_jvm_external and pin your Maven artifacts with their SHA-256 checksums.

sha1_src

String; optional

A SHA-1 hash of the desired jar source file. Please consider using 'sha256_src' instead.

If the downloaded source jar does not match this hash, Bazel will error out. It is a security risk to download a file without verifying cryptographic secure hash.

sha256

String; optional

A SHA-256 hash of the desired jar.

If the downloaded jar does not match this hash, Bazel will error out. It is a security risk to download a file without verifying cryptographic secure hash.

sha256_src

String; optional

A SHA-256 hash of the desired jar source file.

If the downloaded source jar does not match this hash, Bazel will error out. It is a security risk to download a file without verifying cryptographic secure hash.

maven_server

maven_server(name, settings_file, url)

How to access a Maven repository.

This is a combination of a <repository> definition from a pom.xml file and a <server> definition from a settings.xml file.

Using maven_server

maven_jar rules can specify the name of a maven_server in their server field. For example, suppose we have the following WORKSPACE file:

maven_jar(
    name = "junit",
    artifact = "junit:junit-dep:4.10",
    server = "my_server",
)

maven_server(
    name = "my_server",
    url = "http://intranet.mycorp.net",
)
This specifies that junit should be downloaded from http://intranet.mycorp.net using the authentication information found in ~/.m2/settings.xml (specifically, the settings for the server with the id my_server).

Specifying a default server

If you create a maven_server with the name "default" it will be used for any maven_jar that does not specify a server nor repository. If there is no maven_server named default, the default will be fetching from Maven Central with no authentication enabled.

Arguments

Attributes
name

Name; required

A unique name for this target.

settings_file

String; optional

A path to a settings.xml file. Used for testing. If unspecified, this defaults to using $M2_HOME/conf/settings.xml for the global settings and $HOME/.m2/settings.xml for the user settings.
url

String; optional

A URL for accessing the server.

For example, Maven Central (which is the default and does not need to be defined) would be specified as url = "http://central.maven.org/maven2/".

new_local_repository

new_local_repository(name, build_file, build_file_content, path, workspace_file, workspace_file_content)

Allows a local directory to be turned into a Bazel repository. This means that the current repository can define and use targets from anywhere on the filesystem.

This rule creates a Bazel repository by creating a WORKSPACE file and subdirectory containing symlinks to the BUILD file and path given. The build file should create targets relative to the path. For directories that already contain a WORKSPACE file and a BUILD file, the local_repository rule can be used.

Examples

Suppose the current repository is a chat client, rooted at the directory ~/chat-app. It would like to use an SSL library which is defined in a different directory: ~/ssl.

The user can add a dependency by creating a BUILD file for the SSL library (~/chat-app/BUILD.my-ssl) containing:

java_library(
    name = "openssl",
    srcs = glob(['*.java'])
    visibility = ["//visibility:public"],
)

Then they can add the following lines to ~/chat-app/WORKSPACE:

new_local_repository(
    name = "my-ssl",
    path = "/home/user/ssl",
    build_file = "BUILD.my-ssl",
)

This will create a @my-ssl repository that symlinks to /home/user/ssl. Targets can depend on this library by adding @my-ssl//:openssl to a target's dependencies.

You can also use new_local_repository to include single files, not just directories. For example, suppose you had a jar file at /home/username/Downloads/piano.jar. You could add just that file to your build by adding the following to your WORKSPACE file:

new_local_repository(
    name = "piano",
    path = "/home/username/Downloads/piano.jar",
    build_file = "BUILD.piano",
)

And creating the following BUILD.piano file:

java_import(
    name = "play-music",
    jars = ["piano.jar"],
    visibility = ["//visibility:public"],
)
Then targets can depend on @piano//:play-music to use piano.jar.

Arguments

Attributes
name

Name; required

A unique name for this target.

build_file

String; optional

A file to use as a BUILD file for this directory.

Either build_file or build_file_content must be specified.

This attribute is a label relative to the main workspace. The file does not need to be named BUILD, but can be. (Something like BUILD.new-repo-name may work well for distinguishing it from the repository's actual BUILD files.)

build_file_content

String; optional

The content for the BUILD file for this repository.

Either build_file or build_file_content must be specified.

path

String; required

A path on the local filesystem.

This must be an absolute path to an existing file or a directory.

workspace_file

String; optional

The file to use as the WORKSPACE file for this repository.

Either workspace_file or workspace_file_content can be specified, but not both.

This attribute is a label relative to the main workspace. The file does not need to be named WORKSPACE, but can be. (Something like WORKSPACE.new-repo-name may work well for distinguishing it from the repository's actual WORKSPACE files.)

workspace_file_content

String; optional

The content for the WORKSPACE file for this repository.

Either workspace_file or workspace_file_content can be specified, but not both.

xcode_config

xcode_config(name, deprecation, distribs, features, licenses, tags, testonly, visibility)

A single target of this rule can be referenced by the --xcode_version_config build flag to translate the --xcode_version flag into an accepted official xcode version. This allows selection of a an official xcode version from a number of registered aliases.

Arguments

Attributes
name

Name; required

A unique name for this target.

xcode_version

xcode_version(name, default_ios_sdk_version, default_macos_sdk_version, default_tvos_sdk_version, default_watchos_sdk_version, deprecation, distribs, features, licenses, tags, testonly, version, visibility)

Represents a single official xcode version with acceptable aliases for that xcode version. See the xcode_config rule.

Arguments

Attributes
name

Name; required

A unique name for this target.

default_ios_sdk_version

String; optional; nonconfigurable

The ios sdk version that is used by default when this version of xcode is being used. The ios_sdk_version build flag will override the value specified here.
default_macos_sdk_version

String; optional; nonconfigurable

The macosx sdk version that is used by default when this version of xcode is being used. The macos_sdk_version build flag will override the value specified here.
default_tvos_sdk_version

String; optional; nonconfigurable

The tvos sdk version that is used by default when this version of xcode is being used. The tvos_sdk_version build flag will override the value specified here.
default_watchos_sdk_version

String; optional; nonconfigurable

The watchos sdk version that is used by default when this version of xcode is being used. The watchos_sdk_version build flag will override the value specified here.
version

String; required; nonconfigurable

The official version number of a version of Xcode.