Tutorial: how to write Scala rules for Bazel

Bazel comes with built-in support for several languages and allows you to write your own support for any other languages in Python.

Although you could probably get more abstract, let’s define a rule as something that takes some files, does something to them, and then gives you some output files. Specifically, for this example, we want a scala_binary rule where we can give it a Scala source file and it turns it into an executable binary.

Part 1: Creating a Scala source file

Let’s create a simple example of a Scala source file (mercilessly ripped from the Scala hello world example):

// HelloWorld.scala
object HelloWorld {
  def main(args: Array[String]) {
    println("Hello, world!")

Note that I’ve never used Scala before today, so please let me know in the comments if I’ve made an mistakes.

Before proceeding, I think it’s a good idea to try building this without bazel (especially if you’re not too familiar with the language’s build tool… ahem) as a sanity check:

$ scalac HelloWorld.scala
$ scala HelloWorld
Hello, world!

Looking good! Now, let’s try to get bazel building that.

Adding a BUILD file and dummy scala_binary rule

We’ll create a BUILD file that references our (currently non-existent) scala_binary rule. This lets us plan out what we’ll need our rule to look like:

load('/scala', 'scala_binary')

    name = "hello-world",
    src = "HelloWorld.scala",

The load() statement means that we’ll declare the scala_binary rule in a file called scala.bzl in the root of the workspace (due to the ‘/’ prefix on ‘/scala’). Let’s create that file now:

# scala.bzl
def impl(ctx):

scala_binary = rule(
    attrs = {
        'src': attr.label(
    outputs = {'sh': "%{name}.sh"},
    implementation = impl,

scala_binary‘s definition says that rules can have one attribute (other than name), src, which is a single file. The rule is supposed to output a file called name.sh, so for our example we should end up with hello-world.sh. The implementation of our rule should be happening in the function impl. The rule implementation doesn’t do anything yet, but we can at least try building now:

$ touch WORKSPACE # if you haven't already...
$ bazel build :hello-world
ERROR: /Users/kchodorow/blerg/BUILD:4:1: in scala_binary rule //:hello-world: 
: The following files have no generating action:
ERROR: Analysis of target '//:hello-world' failed; build aborted.
INFO: Elapsed time: 0.286s

The error is expected: our rule definition says that hello-world.sh should be an output, but there’s no code creating it yet. Let’s add some functionality to the implementation function by replacing existing function with the following:

def impl(ctx):
        inputs = [ctx.file.src],
        command = "echo %s > %s" % (ctx.file.src.path, ctx.outputs.sh.path),
        outputs = [ctx.outputs.sh]

This adds an action to the build. It says that, if the inputs have changed (the src file), run the command (which right now is just echoing src‘s path) to the output file. Note that ctx.action(...) doesn’t actually run the action, it just adds that action to “things that need to be run in the future” for the rule.

Now if we build :hello-world again, we get:

$ bazel build -s :hello-world
INFO: Found 1 target...
>>>>> # //:hello-world [action 'Unknown hello-world.sh']
(cd /private/var/tmp/_bazel_kchodorow/92df5f72e3c78c053575a1a42537d8c3/blerg && 
  exec env - 
  /bin/bash -c 'echo HelloWorld.scala > bazel-out/local_darwin-fastbuild/bin/hello-world.sh')
Target //:hello-world up-to-date:
INFO: Elapsed time: 0.605s, Critical Path: 0.02s

I used bazel’s -s option here, which is very helpful for debugging what your rule is doing. It prints all of the subcommands a build is running. As you can see, now our rule has an action (>>>>> # //:hello-world [action 'Unknown hello-world.sh']) that creates bazel-bin/hello-world.sh by echoing the source file name. You can verify this by cating bazel-bin/hello-world.sh.

Adding a dependency on the scala compiler

We want our rule to actually call scalac. Even if you have the scala compiler installed on your system, you cannot simply create an action with a command = 'scalac MySourceFile.scala' line, as actions are run in a “clean room” environment: nothing* is there that you don’t specify.

As you probably don’t want to add the scala compiler to your workspace, open up your WORKSPACE file and add it as an external dependency:

    name = "scala",
    url = "http://downloads.typesafe.com/scala/2.11.7/scala-2.11.7.tgz",
    sha256 = "ffe4196f13ee98a66cf54baffb0940d29432b2bd820bd0781a8316eec22926d0",
    build_file = "scala.BUILD",

Also create the scala.BUILD file in the root of your workspace:

# scala.BUILD

Now add a dependency on scalac to your scala_binary rule by adding a “hidden attribute.” Add calling scalac in your impl, so your scala.bzl file looks something like this:

def impl(ctx):
        inputs = [ctx.file.src],
        command = "%s %s; echo 'blah' > %s" % (
            ctx.file._scalac.path, ctx.file.src.path, ctx.outputs.sh.path),
        outputs = [ctx.outputs.sh]

scala_binary = rule(
    attrs = {
        'src': attr.label(
        '_scalac': attr.label(
    outputs = {'sh': "%{name}.sh"},
    implementation = impl,

Building now shows that scalac is successfully being run on our source file!

$ bazel build -s :hello-world
INFO: Found 1 target...
>>>>> # //:hello-world [action 'Unknown hello-world.sh']
(cd /private/var/tmp/_bazel_kchodorow/92df5f72e3c78c053575a1a42537d8c3/blerg && 
  exec env - 
  /bin/bash -c 'external/scala/bin/scalac HelloWorld.scala; echo '''blah''' > bazel-out/local_darwin-fastbuild/bin/hello-world.sh')
Target //:hello-world up-to-date:
INFO: Elapsed time: 4.634s, Critical Path: 4.11s

There are still many issues with this implementation:

  • The output from calling scalac doesn’t actually go anywhere, hello-world.sh is still a dummy file.
  • No support for multiple source files, never mind dependencies.
  • [action 'Unknown hello-world.sh'] is pretty ugly.
  • You can’t call bazel run //hello-world, even though the output should be executable.

However, this post is already running long, so let’s wrap it up here and get to some of these issue in the next post. Until next time!


* Obviously there are some commands there (our original rule uses echo, for instance) and you can see what’s in the empty environment by writing env to an output file in an action. This can actually cause issues: sometimes commands in the default PATH have different behavior on different systems. To get a completely hermetic build, you should really provide every command your rule uses. However, we’re just using echo for debugging here anyway, so we’ll let it slide.

Trimming the (build) tree with Bazel

Jonathan Lange wrote a great blog post about how Bazel caches tests. Basically: if you run a test, change your code, then run a test again, the test will only be rerun if you changed something that could actually change the outcome of the test. Bazel takes this concept pretty far to minimize the work your build needs to do, in some ways that aren’t immediately obvious.

Let’s take an example. Say you’re using Bazel to “build” rigatoni arrabiata, which could be represented as having the following dependencies:


Each food is a library which depends on the libraries below it. Suppose you change a dependency, like the garlic:


Bazel will stat the files of the “garlic” library and notice this change, and then make a note that the things that depend on “garlic” may have also changed:


The fancy term for this is “invalidating the upward transitive closure” of the build graph, aka “everything that depends on a thing might be dirty.” Note that Bazel already knows that this change doesn’t affect several of the libraries (rigatoni, tomato-puree, and red-pepper), so they definitely don’t have to be rebuilt.

Bazel will then evaluate the “sauce” node and figures out if its output has changed. This is where the secret sauce (ha!) happens: if the output of the “sauce” node hasn’t changed, Bazel knows that it doesn’t have to recompile rigatoni-arrabiata (the top node), because none of its direct dependencies changed!

The sauce node is no longer "maybe dirty" and so its reverse dependencies (rigatoni-arrabiata) can also be marked as clean.
The sauce node is no longer “maybe dirty” and so its reverse dependencies (rigatoni-arrabiata) can also be marked as clean.

In general, of course, changing the code for a library will change its compiled form, so the “maybe dirty” node will end up being marked as “yes, dirty” and re-evaluated (and so on up the tree). However, Bazel’s build graph lets you compile the bare minimum for a well-structured library, and in some cases avoid compilations altogether.

Positive reinforcement learning through barbacoa

Domino hanging out at the beach over July 4th weekend.
Domino hanging out at the beach over July 4th weekend.

Yesterday I had some extra barbacoa that Domino was super excited about and Andrew suggested I use it to teach him (Domino, not Andrew) how to lie down on command. I waited until he lay down on his own, said “yes!” and gave him a piece of barbacoa. He leapt up and ate the barbacoa and then stood there, waiting for more. After a minute or so, he gave up and lay down again. I said “yes!” and held out another piece. This repeated ~10 times, at which point I was starting to think that he would never figure it out, when something changed. Domino seemed to realize that there was something he was doing that was turning me into a barbacoa vending machine, he just had to figure out what. He tried grabbing his bone (which he had happened to be playing with one time while laying down), sitting, moving away, and finally got it after another few repetitions. Then he lay down like a champ for the last ~5 pieces of barbacoa.

About an hour later, Andrew made a late-night snack and Domino came over, made meaningful eye contact, and then flopped down like a rug. It was adorable, and amazing to see the actual moment learning happened.

Now I just need to attach a cue to it!

Pain-free OAuth with AppEngine


I do a lot of side projects (or at least start them) and implementing authentication is always like chewing on razor blades. I started another project recently using AppEngine and, bracing myself with a lot of caffeine and “suck it up, princess” attitude, I started doing “oauth appengine” searches.

After digging through some documentation, I realized that AppEngine actually does OAuth right. All you have to do is add the following to your src/main/webapp/WEB-INF/web.xml file:


The <url-pattern>/members-only/*</url-pattern> means that when someone goes to any page under members-only/, they’ll have to go through the “login with Google” flow.

On the server side, there’s no annoying URL encodings to get right or tokens to keep track of. You can just access the logged-in person’s username, e.g., in Java:

public class DemoServlet extends HttpServlet {
    public void doGet(HttpServletRequest req, HttpServletResponse resp)
            throws IOException {
    	String account = req.getUserPrincipal().getName();


That’s it! This is such a killer feature to me, I can’t believe I never knew about about it before.

(One other thing that I can’t believe I never knew about is SimpleHTTPServer. python -m SimpleHTTPServer will serve static files from the current directory. I’m pretty sure everyone already knows about this, but just in case there’s someone else out there…)

API changes with extra cheese, hold the fear

Rihanna's dress

When you make a change, how do you know what tests to run? If you’re lucky, no one else depends on your code so you can just run your own tests and you’re done. However, if you’re writing useful code, other people are probably going to start depending on it. Once that happens, it becomes difficult to make changes without breaking them. Bazel can make this easier, by letting you figure out all of the targets that are depending on your code.

Suppose we are working on the pizza library and we need some cheese, so we create a cheese library and depend on it from pizza. If we look at our build graph, it will look something like this:


//italian:pizza is depending on //ingredients:cheese, as expected.

A few weeks later, the macaroni team discovers that it could also use cheese, so it starts depending on our library. Now our build graph looks like this:


Both our team’s pizza target and the macaroni team’s mac_lib target are depending on //ingredients:cheese. However, Team Macaroni never told us that they’re depending on cheese, so as far as we know, we’re still its only users. Suppose we decide to make a backwards-breaking change (e.g., make Cheese::setMilkfat() private). We make our change, run all of the pizza– and cheese-related tests, submit it… and break //american:mac_and_cheese as well as a dozen other projects who were calling setMilkfat() (that we didn’t know about).

If we had known that other people were depending on our code, we could have let them know that they needed to update their API usage. But how could we find out? With Bazel, we can query for everyone depending on our library:

$ bazel query 'rdeps(//..., //ingredients:cheese)'

This means: “query for every target in our workspace that depends on //ingredients:cheese.”

Now we can check that everything in our code base still builds with our cheese changes by running:

$ bazel build $(bazel query 'rdeps(//..., //ingredients:cheese)')

Just because they built doesn’t mean they work correctly! We can then find all of the tests that depend on cheese and run them:

$ bazel test $(bazel query 'kind(test, rdeps(//..., //ingredients:cheese))')

Unpacking that from the innermost parentheses, that means: “find the targets depending on //ingredients:cheese (rdeps(...)), search those for targets that are tests (kind(test, ...)), and run all of those targets (bazel test ...).”

Running that set of builds and tests is a pretty good check that everything that depends on cheese still works. I mean, if they didn’t write a test for it, it can’t matter too much, right?



Have you ever looked at your build? I mean, really looked at your build?

Bazel has a feature that lets you see a graph of your build dependencies. It could help you debug things, but honestly it’s just really cool to see what your build is doing.

To try it out, you’ll need a project that uses Bazel to build. If you don’t have one handy, here’s a tiny workspace you can use:

$ git clone https://github.com/kchodorow/tiny-workspace.git
$ cd tiny-workspace

Now run bazel query in your tiny-workspace/ directory, asking it to search for all dependencies of //:main and format the output as a graph:

$ bazel query 'deps(//:main)' --output graph > graph.in

This creates a file called graph.in, which is a text representation of the build graph. You can use dot (install with sudo apt-get install graphviz) to create a png from this:

$ dot -Tpng  graph.png

If you open up graph.png, you should see something like this:


You can see //:main depends on one file (//:main.cc) and four targets (//:x, //tools/cpp:stl, //tools/default:crosstool, and //tools/cpp:malloc). All of the //tools targets are implicit dependencies of any C++ target: every C++ build you do needs the right compiler, flags, and libraries available, but it crowds your result graph. You can exclude these implicit dependencies by removing them from your query results:

$ bazel query --noimplicit_deps 'deps(//:main)' --output graph > simplified_graph.in

Now the resulting graph is just:


Much neater!

If you’re interested in further refining your query, check out the docs on querying.

Hello, Bazel

Bazel Logo

Yesterday, my team open-sourced Bazel, the build system Google uses for most of its software. We have been working on open-sourcing Bazel for over a year, extricating dependencies, renaming and refactoring, and jumping through legal and political hoops. We were still missing a lot of stuff we wanted to add, but we thought it would be useful to get a less complete project out there and start getting some feedback from “friends and family.” So we hit the “make public” button on Github and IM-ed some friends. “We on Hacker News yet?” someone joked. We checked. We were. Over the next half-hour, we rose to #1 on Hacker News and stayed there all day. Twitter exploded with hundreds of tweets about Bazel and we started getting a constant stream of issues and pull requests. Our “press the button on GitHub” meeting turned into an all-day war room, responding to users and fixing documentation and setup issues.

It was exhilarating and amazing. I knew that a lot of people were excited to try Bazel, but this response has exceeded all of my expectations.

I hope that everyone will bear with us as we work the kinks out. Hugely important missing pieces that I can think of off the top of my head:

  • No binaries available – you have to compile from source.
  • No externally available continuous integration – no guarantee the code is actually compiling.
  • Terrible setup process – you have to manually add a WORKSPACE file and symlink the tools/ directory to make your project buildable with Bazel.

Please do give Bazel a try if you’re interested, give us feedback, and, if you hate it now, give it another try in a couple of months when we actually launch!

Making wedding rings

This weekend, Andrew and I made our own wedding rings. We’ve been married for several years, but we never got around to getting rings. We found out about a guy in NYC who does ring-making workshops: you come to his studio and spend a day making personalized, custom rings. It was fun, and now we have very special rings!

Here’s what we started with at 10am:


We made each other’s bands, so Andrew used the thin piece and I used the thick piece. The long strip was for the side rails.

We were using palladium, which we had to anneal (make hot) to make it bendy. When palladium gets hot it turns purple, which is interesting:


Once it was bendy, we used pliers to bend it into something roughly ring-shaped:


It was more D-shaped, but the point was just to connect the ends, which we soldered together:


After some shaping, we had to hammer the bands so that we could get the “beaten” appearance we wanted:


We had to re-anneal the rings several times while beating them, so they wouldn’t get brittle:


Then we had to create two more “rings” for rails and stick everything together with solder:


Finally we polished the things:


It took us twelve hours, but I think they came out pretty good:


I highly recommend it as a fun and romantic way to get wedding rings.

Laptops are getting smaller all the time

As a “thank you” for hosting an intern this summer, Google gave me a little Android figurine. When I took it out of its box, a little backpack fell out, too. The backpack actually zipped and unzipped, but it didn’t have anything in it. So I decided to make a Macbook Air for it.

First, I made the Apple logo at a reasonable size as a small tube:


Then I rolled out the tube to miniaturize the logo:


I didn’t roll it out quite evenly enough, so I lost the leaf. However, the apple’s shape came out pretty well:


I sliced off a piece of my “Apple tube” and dropped it into a grey rectangle for the Macbook body. Then I had to add back in the leaf. The logo was so tiny at this point that even the tip of a pin was a little big for the amount of clay I was working with:


Finally, I baked it and put it in the backpack!

14 - 1