Genericprograminformation-h, --help
Output a usage message and exit.
Supported by: all subcommands.
Compatibilityoptions--compatible
At increased computational effort, be compatible with the original remote build execution protocol. As
the change affects identifiers, the flag must be used consistently for all related invocations.
Supported by: add-to-cas|analyse|build|describe|install-cas|install|rebuild|traverse|execute.
Buildconfigurationoptions--action-timeoutNUM
Action timeout in seconds. (Default: 300). The timeout is honored only for the remote build.
Supported by: build|install|rebuild|traverse.
-c, --configPATH
Path to configuration file.
Supported by: analyse|build|describe|install|rebuild.
-C, --repository-configPATH
Path to configuration file for multi-repository builds. See just-repository-config(5) for more details.
Supported by: analyse|build|describe|install|rebuild|traverse.
-D, --definesJSON
Defines, via an in-line JSON object a configuration to overlay (in the sense of map_union) to the
configuration obtained by the --config option. If -D is given several times, the -D options overlay in
the order they are given on the command line.
Supported by: analyse|build|describe|install|rebuild.
--request-action-inputACTION
Modify the request to be, instead of the analysis result of the requested target, the input stage of the
specified action as artifacts, with empty runfiles and a provides map providing the remaining information
about the action, in particular as "cmd" the arguments vector and "env" the environment.
An action can be specified in the following ways
• an action identifier prefixed by the % character
• a number prefixed by the # character (note that it requires quoting on most shells). This specifies
the action with that index of the actions associated directly with that target; the indices start from
0 onwards, and negative indices count from the end of the array of actions.
• an action identifier or number without prefix, provided the action identifier does not start with
either % or # and the number does not happen to be a valid action identifier.
Supported by: analyse|build|describe|install|rebuild.
--expression-file-nameTEXT
Name of the expressions file.
Supported by: analyse|build|describe|install|rebuild.
--expression-rootPATH
Path of the expression files’ root directory. Default: Same as --rule-root.
Supported by: analyse|build|describe|install|rebuild.
-L, --local-launcherJSON_ARRAY
JSON array with the list of strings representing the launcher to prepend actions’ commands before being
executed locally. Default value: ["env","--"]
Supported by: build|install|rebuild|traverse|execute.
--local-build-rootPATH
Root for local CAS, cache, and build directories. The path will be created if it does not exist already.
Supported by: add-to-cas|build|describe|install-cas|install|rebuild|traverse|gc|execute.
--mainNAME
The repository to take the target from.
Supported by: analyse|build|describe|install|rebuild|traverse.
--rule-file-nameTEXT
Name of the rules file.
Supported by: analyse|build|describe|install|rebuild.
--rule-rootPATH
Path of the rule files’ root directory. Default: Same as --target-root
Supported by: analyse|build|describe|install|rebuild.
--target-file-nameTEXT
Name of the targets file.
Supported by: analyse|build|describe|install|rebuild.
--target-rootPATH
Path of the target files’ root directory. Default: Same as --workspace-root
Supported by: analyse|build|describe|install|rebuild.
-w, --workspace-rootPATH
Path of the workspace’s root directory.
Supported by: analyse|build|describe|install|rebuild|traverse.
Generaloutputoptions--dump-artifacts-to-buildPATH
File path for writing the artifacts to build to. Output format is JSON map with staging path as key, and
intentional artifact description as value.
Supported by: analyse|build|install|rebuild.
--dump-artifactsPATH
Dump artifacts generated by the given target. Using - as PATH, it is interpreted as stdout. Note that,
passing ./- will instead create a file named - in the current directory. Output format is JSON map with
staging path as key, and object id description (hash, type, size) as value. Each artifact is guaranteed
to be KNOWN in CAS. Therefore, this option cannot be used with analyse.
Supported by: build|install|rebuild|traverse.
--dump-graphPATH
File path for writing the action graph description to. See just-graph-file(5) for more details.
Supported by: analyse|build|install|rebuild.
--dump-plain-graphPATH
File path for writing the action graph description to, however without the additional "origins" key. See
just-graph-file(5) for more details.
Supported by: analyse|build|install|rebuild.
-f, --log-filePATH
Path to local log file. justbuild will store the information printed on stderr in the log file along
with the thread id and timestamp when the output has been generated.
Supported by: add-to-cas|analyse|build|describe|install|install-cas|rebuild|traverse|gc|execute.
--log-limitNUM
Log limit (higher is more verbose) in interval [0,6] (Default: 3).
Supported by: add-to-cas|analyse|build|describe|install|install-cas|rebuild|traverse|gc|execute.
--restrict-stderr-log-limitNUM
Restrict logging on console to the minimum of the specified --log-limit and the value specified in this
option. The default is to not additionally restrict the log level at the console.
Supported by: add-to-cas|analyse|build|describe|install|install-cas|rebuild|traverse|gc|execute.
--plain-log
Do not use ANSI escape sequences to highlight messages.
Supported by: add-to-cas|analyse|build|describe|install|install-cas|rebuild|traverse|gc|execute.
--log-append
Append messages to log file instead of overwriting existing.
Supported by: add-to-cas|analyse|build|describe|install|install-cas|rebuild|traverse|gc|execute.
--expression-log-limitNUM
In error messages, truncate the entries in the enumeration of the active environment, as well as the
expression to be evaluated, to the specified number of characters (default: 320).
Supported by: analyse|build|install.
--serve-errors-logPATH
Path to local file in which justbuild will write, in machine readable form, the references to all errors
that occurred on the serve side. More precisely, the value will be a JSON array with one element per
failure, where the element is a pair (array of length 2) consisting of the configured target (serialized,
as usual, as a pair of qualified target name an configuration) and a string with the hex representation
of the blob identifier of the log; the log itself is guaranteed to be available on the remote-execution
side. Supported by: analyse|build|install.
-P, --print-to-stdoutLOGICAL_PATH
After building, print the specified artifact to stdout.
Supported by: build|install|rebuild|traverse.
-s, --show-runfiles
Do not omit runfiles in build report.
Supported by: build|install|rebuild|traverse.
--target-cache-write-strategySTRATEGY
Strategy for creating target-level cache entries. Supported values are
• sync Synchronize the artifacts of the export targets and write target-level cache entries. This is the
default behaviour.
• split Synchronize the artifacts of the export targets, using blob splitting if the remote-execution
endpoint supports it, and write target-level cache entries. As opposed to the default strategy,
additional entries (the chunks) are created in the CAS, but subsequent syncs of similar blobs might
need less traffic.
• disable Do not write any target-level cache entries. As no artifacts have to be synced, this can be
useful for one-off builds of a project or when the connection to the remote-execution endpoint is
behind a very slow network.
Supported by: build|install|rebuild.
Outputdirandpath-o, --output-dirPATH
Path of the directory where outputs will be copied. If the output path does not exist, it will create
all the necessary folders and subfolders. If the artifacts have been already staged, they will be
overwritten.
Required by: install|traverse.
-o, --output-pathPATH
Install path for the artifact. Refer to install-cas section for more details.
Supported by: install-cas.
--archive
Instead of installing the requested tree, install an archive with the content of the tree. It is a user
error to specify --archive and not request a tree.
Supported by: install-cas.
--raw-tree
When installing a tree to stdout, i.e., when no option -o is given, dump the raw tree rather than a
pretty-printed version. This option is ignored if --archive is given.
Supported by: install-cas.
-P, --sub-object-pathPATH
Instead of the specified tree object take the object at the specified logical path inside.
Supported by: install-cas.
--remember
Ensure that all installed artifacts are available in local CAS as well, even when using remote execution.
Supported by: install|traverse|install-cas.
Parallelismoptions-J, --build-jobsNUM
Number of jobs to run during build phase. Default: same as --jobs.
Supported by: build|install|rebuild|traverse.
-j, --jobsNUM
Number of jobs to run. Default: Number of cores.
Supported by: analyse|build|describe|install|rebuild|traverse.
Remoteexecutionoptions
As remote execution properties shard the target-level cache, they are also available for analysis. In
this way, the same action identifiers can be achieved despite the extensional projection inherent to
target level caching, e.g., in conjunction with --request-action-input.
--remote-execution-propertyKEY:VAL
Property for remote execution as key-value pair. Specifying this option multiple times will accumulate
pairs. If multiple pairs with the same key are given, the latest wins.
Supported by: analyse|build|install|rebuild|traverse.
-r, --remote-execution-addressNAME:PORT
Address of the remote execution service.
Supported by: add-to-cas|analyse|build|describe|install-cas|install|rebuild|traverse.
--endpoint-configuration FILE
File containing a description on how to dispatch to different remote-execution endpoints based on the
execution properties. The format is a JSON list of pairs (lists of length two) of an object of strings
and a string. The first entry describes a condition (the remote-execution properties have to agree on
the domain of this object), the second entry is a remote-execution address in the NAME:PORT format as for
the -r option. The first matching entry (if any) is taken; if none matches, the default execution
endpoint is taken (either as specified by -r, or local execution if no endpoint is specified).
Supported by: analyse|build|install|rebuild|traverse.
--max-attemptsNUM
If a remote procedure call (rpc) returns grpc::StatusCode::UNAVAILABLE, that rpc is retried at most NUM
times. (Default: 1, i.e., no retry).
Supported by: analyse|build|describe|install|rebuild|traverse.
--initial-backoff-secondsNUM
Before retrying the second time, the client will wait the given amount of seconds plus a jitter, to
better distribute the workload. (Default: 1).
Supported by: analyse|build|describe|install|rebuild|traverse.
--max-backoff-secondsNUM
From the third attempt (included) on, the backoff time is doubled at each attempt, until it exceeds the
max-backoff-seconds parameter. From that point, the waiting time is computed as max-backoff-seconds plus
a jitter. (Default: 60)
Supported by: analyse|build|describe|install|rebuild|traverse.
--max-attemptsNUM
If a remote procedure call (rpc) returns grpc::StatusCode::UNAVAILABLE, that rpc is retried at most NUM
times. (Default: 1, i.e., no retry).
Supported by: analyse|build|install|rebuild|traverse.
--initial-backoff-secondsNUM
Before retrying the second time, the client will wait the given amount of seconds plus a jitter, to
better distribute the workload. (Default: 1).
Supported by: analyse|build|install|rebuild|traverse.
--max-backoff-secondsNUM
From the third attempt (included) on, the backoff time is doubled at each attempt, until it exceeds the
max-backoff-seconds parameter. From that point, the waiting time is computed as max-backoff-seconds plus
a jitter. (Default: 60)
Supported by: analyse|build|install|rebuild|traverse.
Remoteserveoptions-R, --remote-serve-addressNAME:PORT
Address of the remote execution service.
Supported by: analyse|build|describe|install|rebuild.
Authenticationoptions
Only TLS and mutual TLS (mTLS) are supported.
--tls-ca-certPATH
Path to a TLS CA certificate that is trusted to sign the server certificate.
Supported by: add-to-cas|analyse|build|describe|install-cas|install|rebuild|traverse|execute.
--tls-client-certPATH
Path to a TLS client certificate to enable mTLS. It must be passed in conjunction with --tls-client-key
and --tls-ca-cert.
Supported by: add-to-cas|analyse|build|describe|install-cas|install|rebuild|traverse.
--tls-client-keyPATH
Path to a TLS client key to enable mTLS. It must be passed in conjunction with --tls-client-cert and
--tls-ca-cert.
Supported by: add-to-cas|analyse|build|describe|install-cas|install|rebuild|traverse.
analyse specific options
--dump-actionsPATH
Dump actions to file. - is treated as stdout. Output is a list of action descriptions, in JSON format,
for the given target.
--dump-anonymousPATH
Dump anonymous targets to file. - is treated as stdout. Output is a JSON map, for all transitive
targets, with two entries: nodes and rule_maps. The former contains maps between node id and the node
description. rule_maps states the maps between the mode_type and the rule to use in order to make a
target out of the node.
--dump-blobsPATH
Dump blobs to file. - is treated as stdout. The term blob identifies a collection of strings that the
execution back end should be aware of before traversing the action graph. A blob, will be referred to as
a KNOWN artifact in the action graph.
--dump-nodesPATH
Dump nodes of only the given target to file. - is treated as stdout. Output is a JSON map between node
id and its description.
--dump-varsPATH
Dump configuration variables to file. - is treated as stdout. The output is a JSON list of those
variable names (in lexicographic order) at which the configuration influenced the analysis of this
target. This might contain variables unset in the configuration if the fact that they were unset (and
hence treated as the default null) was relevant for the analysis of that target.
--dump-targetsPATH
Dump all transitive targets to file for the given target. - is treated as stdout. Output is a JSON map
of all targets encoded as tree by their entity name:
{ "#": // anonymous targets
{ "<rule_map_id>":
{ "<node_id>": ["<serialized config1>", ...] } // all configs this target is configured with
}
, "@": // "normal" targets
{ "<repo>":
{ "<module>":
{ "<target>": ["<serialized config1>", ...] } // all configs this target is configured with
}
}
}
--dump-export-targetsPATH
Dump all transitive targets to file for the given target that are export targets. - is treated as
stdout. The output format is the same as for --dump-targets.
--dump-targets-graphPATH
Dump the graph of configured targets to a file (even if it is called -). In this graph, only non-source
targets are reported. The graph is represented as a JSON object. The keys are the nodes of the graph,
and for each node, the value is a JSON object containing the different kind of dependencies (each
represented as a list of nodes).
• "declared" are the dependencies coming from the target fields in the definition of the target
• "implicit" are the dependencies implicit from the rule definition
• "anonymous" are the dependencies on anonymous targets implicitly referenced during the evaluation of
that rule
While the node names are strings (so that they can be keys in a JSON object), they can themselves be
decoded as JSON and in this way precisely name the configured target. More precisely, the JSON decoding
of a node name is a list of length two, with the first entry being the target name (as ["@",repo,module,target] or ["#",rule_map_id,node_id]) and the second entry the effective configuration.
--dump-treesPATH
Dump trees and all subtrees of the given target to file. - is treated as stdout. Output is a JSON map
between tree ids and the corresponding artifact map, which maps the path to the artifact description.
--dump-providesPATH
Dump the provides map of the given target to file. - is treated as stdout. The output is a JSON object
mapping the providers to their values, serialized as JSON; in particular, artifacts are replaced by a
JSON object with their intensional description. Therefore, the dumped JSON is not uniquely readable, but
requires an out-of-band understanding where artifacts are to be expected.
--dump-resultPATH
Dump the result of the analysis for the requested target to file. - is treated as stdout. The output is
a JSON object with the keys "artifacts", "provides", and "runfiles".
--dump-providesPATH
Dump the provides map of the given target to file. - is treated as stdout. The output is a JSON object
mapping the providers to their values, serialized as JSON; in particular, artifacts are replaced by a
JSON object with their intensional description. Therefore, the dumped JSON is not uniquely readable, but
requires an out-of-band understanding where artifacts are to be expected.
rebuild specific options
--vsNAME:PORT|"local"
Cache endpoint to compare against (use "local" for local cache).
--dump-flakyPATH
Dump flaky actions to file.
add-to-cas specific options
--follow-symlinks
Resolve the positional argument to not be a symbolic link by following symbolic links. The default is to
add the link itself, i.e., the string obtained by readlink(2), as blob.
traverse specific options
-a, --artifactsTEXT
JSON maps between relative path where to copy the artifact and its description (as JSON object as well).
-g, --graph-fileTEXT[[REQUIRED]]
Path of the file containing the description of the actions. See just-graph-file(5) for more details.
--git-casTEXT
Path to a Git repository, containing blobs of potentially missing KNOWN artifacts.
describe specific options
--json
Omit pretty-printing and describe rule in JSON format.
--rule
Module and target arguments refer to a rule instead of a target.
execute specific options
-p, --portINT
Execution service will listen to this port. If unset, the service will listen to the first available
one.
--info-fileTEXT
Write the used port, interface, and pid to this file in JSON format. If the file exists, it will be
overwritten.
-i, --interfaceTEXT
Interface to use. If unset, the loopback device is used.
--pid-fileTEXT
Write pid to this file in plain txt. If the file exists, it will be overwritten.
--tls-server-certTEXT
Path to the TLS server certificate.
--tls-server-keyTEXT
Path to the TLS server key.
--log-operations-thresholdINT
Once the number of operations stored exceeds twice 2^n, where n is given by the option
--log-operations-threshold, at most 2^n operations will be removed, in a FIFO scheme. If unset, defaults
to 14. Must be in the range [0,63].
gc specific options
--no-rotate
Do not rotate gargabe-collection generations. Instead, only carry out clean up tasks that do not affect
what is stored in the cache.