---
title: Bazel外部仓库与checksum治理(WORKSPACE-镜像-哈希)最佳实践
keywords:
- Bazel
- WORKSPACE
- external
- checksum
- 镜像
description: 对 Bazel WORKSPACE 中的外部仓库执行镜像白名单与校验和治理,保障依赖下载的来源与完整性。
categories:
- 文章资讯
- 技术教程
---
实现示例
type Repo = { name: string; urls: string[]; sha256: string }
const allowOrigins = new Set<string>(['https://mirror.example.com','https://github.com'])
function hex64(h: string): boolean { return /^[A-Fa-f0-9]{64}$/.test(h) }
function urlAllowed(u: string): boolean { try { const x = new URL(u); return x.protocol === 'https:' && allowOrigins.has(x.origin) } catch { return false } }
function evaluate(r: Repo): { ok: boolean; errors: string[] } {
const errors: string[] = []
if (!r.name || !hex64(r.sha256)) errors.push('entry')
if (r.urls.length === 0 || !r.urls.every(urlAllowed)) errors.push('urls')
return { ok: errors.length === 0, errors }
}
审计与运行治理
- 审计外部仓库 URL 与哈希;异常阻断并输出修复建议。
- 镜像清单变更需审批与归档。
发表评论 取消回复