Containerized bazelisk wrapper: run bazelisk transparently inside a Docker container
Project description
dazelisk
dazelisk (portmanteau of Docker + Bazelisk) is a containerized bazelisk wrapper focused on simplicity and supply chain safety, targeting modern Bazel versions, that aims to isolate and normalize the build environment across machines and platforms by providing a transparent containerized wrapping of Bazel invocations.
In place of
bazelisk build //...
you run
dazelisk build //...
and the command executes transparently inside a Linux Docker container, giving a consistent build environment across Linux, WSL2, and macOS (Apple Silicon only).
Any argument that is not a --dazelisk-* flag is forwarded verbatim to bazelisk.
Supported platforms
- Linux
- macOS (Apple silicon only)
- Windows (WSL2 only)
Requirements
- Python 3.12+
- Docker (Engine on Linux/WSL2, Desktop on macOS) with a running daemon
dazelisk has no third-party Python dependencies to strengthen supply chain safety.
Installation
uv pip install dazelisk
This installs the dazelisk entry point.
Container image
The container image can be configured. By default dazelisk uses the official
image published on Docker Hub,
martinopilia/dazelisk — a
minimal image containing only what is needed to run bazelisk, so that you do
not pay for what you do not use. It is pulled automatically on first use; no
configuration is required. dazelisk never builds an image, it only pulls one.
To use a custom image instead, set DAZELISK_IMAGE:
# pin a digest for exact reproducibility
export DAZELISK_IMAGE=docker.io/myorg/my-bazel-image@sha256:<digest>
For reproducibility and supply-chain safety, a custom DAZELISK_IMAGE should
also be an immutable reference (a pinned tag or a digest), not a mutable tag.
Usage
dazelisk build //...
dazelisk test //foo:bar --config=ci
dazelisk --dazelisk-shell # interactive shell in the container
dazelisk --dazelisk-as-root run //tool # run this command as root
Supported arguments and environment variables
See
dazelisk --dazelisk-help
Cache
A per-user Docker volume (dazelisk-cache-<uid>) is mounted at $HOME/.cache
inside the container and shared across all of your worktrees. A volume (rather
than a bind mount) avoids cross-platform permission issues and gives native
Linux filesystem performance on macOS.
GPU passthrough
If an NVIDIA GPU and the NVIDIA Container Toolkit (nvidia-container-cli) are
both present, dazelisk adds --gpus all automatically. Disable with
DAZELISK_GPU_PASSTHROUGH=0.
Container naming & isolation
Containers are scoped by image, user and worktree to avoid collisions, and
changing DAZELISK_IMAGE automatically uses a fresh container.
Troubleshooting
- Image pull failure — check your network/registry access and that
DAZELISK_IMAGE(if set) is a valid, reachable reference. - Docker CLI not found / daemon not reachable — install Docker and start it
(
sudo systemctl start docker, or launch Docker Desktop). - Permission denied talking to Docker —
sudo usermod -aG docker $USER && newgrp docker. - Invalid
DAZELISK_*JSON — dazelisk reports the parse error; fix the JSON. --dazelisk-mount-cacheon macOS — unsupported; the volume lives inside the Docker Desktop VM with no host-reachable path.
Development
See DESIGN.md for design and security guidelines.
Run checks and tests:
./pre_push.sh
Or individually:
uv run pytest # tests
uv run ruff check # lint
uv run ruff format # auto-format the code
uv run ruff format --check # verify formatting
uv run ty check # type-check
Build and load the image:
cd image
bazelisk test //... # build the image and run its tests
bazelisk run //:load # load it into the local Docker daemon
Manual push to registry:
bazelisk run //:push -- --repository <repository> --tag <tag>
After changing anything under image/, refresh the pinned default digest:
python scripts/sync_image_digest.py # rewrite the pinned digest
python scripts/sync_image_digest.py --check # verify if the digest is up to date
To add a Debian package, edit image/packages.yaml and regenerate the lock:
cd image
bazelisk run @bookworm//:lock
Related projects
- dazel — A transparent proxy that runs Bazel commands inside a Docker container.
License
dazelisk is released under the MIT License. See LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file dazelisk-0.1.1-py3-none-any.whl.
File metadata
- Download URL: dazelisk-0.1.1-py3-none-any.whl
- Upload date:
- Size: 18.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6798f5078c31b42108339dc0916a40ab37c6d685012426af0737ee27778bdcbd
|
|
| MD5 |
fd15d021bc8292c95e3db71937ffaa21
|
|
| BLAKE2b-256 |
837a99fbabbe7f7d6bbac61e6f8952c6c0ce8caa6da618b92c202f4e2e2eb7b1
|
Provenance
The following attestation bundles were made for dazelisk-0.1.1-py3-none-any.whl:
Publisher:
ci.yaml on m-pilia/dazelisk
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
dazelisk-0.1.1-py3-none-any.whl -
Subject digest:
6798f5078c31b42108339dc0916a40ab37c6d685012426af0737ee27778bdcbd - Sigstore transparency entry: 1995499864
- Sigstore integration time:
-
Permalink:
m-pilia/dazelisk@027aa7b9fc3e3759acf0b56f74133e3df0a91b5a -
Branch / Tag:
refs/heads/master - Owner: https://github.com/m-pilia
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
ci.yaml@027aa7b9fc3e3759acf0b56f74133e3df0a91b5a -
Trigger Event:
push
-
Statement type: