The one-line change and the 41-minute build
Hermetic, content-addressed builds rebuild only what changed

Introduction
Two numbers, from the same afternoon at a fifty-engineer company. The diff: one line, a copy change in a checkout banner. The build that validated it: forty-one minutes.
Multiply. Fifty engineers, a dozen builds each per day, most of them rebuilding and retesting a codebase that is 99 percent identical to the last run, because nothing in the pipeline is hermetic enough to prove what stayed the same. The CI invoice is the visible cost, and it is real; the invisible one is worse, because a forty-one minute loop does not just burn compute, it changes how people work. Engineers batch their changes to avoid the wait, so diffs get bigger, so reviews get slower, so bugs hide better. You are not paying for compute. You are paying for the size of the diffs the wait encourages.
The instinct is to buy faster runners, which is treating a data-structure problem with a hardware budget; the real lever is content-addressed caching. The build is slow because it cannot answer a simple question: what actually changed?
Builds as pure functions
The method that fixes this has been running inside the biggest engineering organizations for years, and the concept transfers even where their tooling does not: make the build hermetic, and cache it by content.
Hermetic means every build step declares its inputs completely: source files, dependencies, compiler version, environment. No step reaches out to the network mid-build, no step depends on whatever happened to be installed on the runner. That discipline buys you something mathematically valuable: the output of a step becomes a pure function of its inputs.
Once that is true, caching becomes trivial and safe. Hash the inputs; if the hash was built before, anywhere, by anyone, download the result instead of rebuilding it. The unit-test job for a module whose files did not change is a cache hit, not a re-run. A one-line banner change rebuilds one target and its dependents, in seconds, because the other several thousand targets have content-addressed results sitting in the shared cache from the last hundred runs. Your CI stops asking "rebuild everything, just in case" and starts asking "what does this hash not already know."
The teams doing this well see the same shape of result: the median build collapses from tens of minutes to low single digits, and the CI bill drops even as build frequency goes up, because frequency is cheap when 95 percent of the work is a lookup. We wired a content-addressed cache into one product team's pipeline where the test suite alone ran nineteen minutes; the median pull request now spends ninety seconds in CI, and the long pole is the one integration suite that genuinely touches what changed.
A build system's job is not to run your tests. It is to prove which tests it can refuse to run.
The honest cost of getting there
This is not a flag you flip. Undeclared inputs are everywhere in a legacy pipeline: the test that reads a config from the runner's home directory, the Dockerfile that pulls latest, the script that calls a live service. Every one of them breaks hermeticity, and finding them is genuine work, which is why the right migration is incremental: pick the slowest, mostexecuted path, usually the unit-test wall, make that one hermetic, cache it, and bank the minutes. A team that tries to convert everything at once will abandon the effort by week three. (The runner's home directory is where hermeticity goes to die.)
There is also a threshold question. A five-engineer team with a six-minute build should spend this energy elsewhere; the mathematics of caching pay off with scale, either of team or of codebase. The one-line-change test tells you where you stand: if validating a trivial diff costs more than a coffee break, the queue of engineers behind that wait is your most expensive line item, and it appears on no invoice.
At TensorLabs this is a recurring engagement shape: not making the tests faster, but making the build able to prove which work it can skip. The forty-one minutes was never the price of safety. It was the price of not keeping receipts.
You might also like
Keep reading from the journal.
July 13, 2026DocumentProcessing
The deal dies in the security review
Purpose-based access control makes minimum-necessary enforceable at query time
July 13, 2026DataEngineering
The bestseller your website cannot find
A canonical attribute dictionary, enforced at ingestion, keeps inventory findable
July 6, 2026Tech
Give every contact a frequency budget
One budget per human, enforced where every message must pass