Remote caching
Is your CI pipeline running slower than usual? Are you tired of running the same build over and over although nothing has changed? Do you wish to reuse the same local cache across other machines and environments? These are just a few scenarios that remote caching aims to solve.
Remote caching is a system that shares artifacts to improve performance, reduce unnecessary computation time, and alleviate resources. It achieves this by uploading hashed artifacts to a cloud storage provider, like AWS S3 or Google Cloud, and downloading them on demand when a build matches a derived hash.
To make use of remote caching, we provide 2 solutions.
Self-hosted v1.30.0
This solution allows you to host any remote caching service that is compatible with the
Bazel Remote Execution v2 API,
such as bazel-remote. When using this solution, the
following RE API features must be enabled:
- Action result caching
- Content addressable storage caching
- SHA256 digest hashing
- gRPC requests
This feature and its implementation is currently unstable, and its documentation is incomplete. Please report any issues on GitHub or through Discord!
Host your service
When you have chosen (or built) a compatible service, host it and make it available through gRPC (we
do not support HTTP at this time). For example, if you plan to use bazel-remote, you can do
something like the following:
bazel-remote --dir /path/to/moon-cache --max_size 10 --storage_mode uncompressed --grpc_address 0.0.0.0:9092
If you've configured the remote.cache.compression setting to
"zstd", you'll need to run the binary with that storage mode as well.
bazel-remote --dir /path/to/moon-cache --max_size 10 --storage_mode zstd --grpc_address 0.0.0.0:9092
View the official bazel-remote documentation for
all the available options, like storing artifacts in S3, configuring authentication (TLS/mTLS),
proxies, and more.
Configure remote caching
Once your service is running, you can enable remote caching by configuring the
unstable_remote settings in
.moon/workspace.yml. At minimum, the only setting that is required is
host.
unstable_remote:
host: 'grpc://your-host.com:9092'
TLS and mTLS
We have rudimentary support for TLS and mTLS, but it's very unstable, and has not been thoroughly tested. There's also many many issues around authentication in Tonic.
# TLS
unstable_remote:
host: 'grpcs://your-host.com:9092'
tls:
cert: 'certs/ca.pem'
domain: 'your-host.com'
# mTLS
unstable_remote:
host: 'grpcs://your-host.com:9092'
mtls:
caCert: 'certs/ca.pem'
clientCert: 'certs/client.pem'
clientKey: 'certs/client.key'
domain: 'your-host.com'
Cloud-hosted: Depotv1.32.0
If you'd prefer not to host your own solution, you could use Depot Cache, a cloud-based caching solution. To make use of Depot, follow these steps:
- Create an account on depot.dev
- Create an organization
- Go to organization settings -> API tokens
- Create a new API token
- Add the token as a
DEPOT_TOKENenvironment variable to your moon pipelines
Once these steps have been completed, you can enable remote caching in moon with the following
configuration. If your Depot account has more than 1 organization, you'll need to set the
X-Depot-Org header.
unstable_remote:
host: 'grpcs://cache.depot.dev'
auth:
token: 'DEPOT_TOKEN'
headers:
'X-Depot-Org': '<your-org-id>'
FAQ
What is an artifact?
In the context of moon and remote caching, an artifact is the outputs of a task, as well as the stdout and stderr of the task that generated the outputs. Artifacts are uniquely identified by the moon generated hash.
Do I have to use remote caching?
No, remote caching is optional. It's intended purpose is to store long lived build artifacts to
speed up CI pipelines, and optionally local development. For the most part,
moon ci does a great job of only running what's affected in pull requests, and
is a great starting point.
Does remote caching store source code?
No, remote caching does not store source code. It stores the
outputs of a task, which is typically built and compiled code. To
verify this, you can inspect the tar archives in .moon/cache/outputs.
Does moon collect any personally identifiable information?
No, moon does not collect any PII as part of the remote caching process.
Are artifacts encrypted?
We do not encrypt on moon's side, as encryption is provided by your cloud storage provider.