Add ability to depend on arbitrary upstream commits#310
Open
srikrsna-buf wants to merge 3 commits intomainfrom
Open
Add ability to depend on arbitrary upstream commits#310srikrsna-buf wants to merge 3 commits intomainfrom
srikrsna-buf wants to merge 3 commits intomainfrom
Conversation
|
The latest Buf updates on your PR. Results from workflow Buf / validate-protos (pull_request).
|
srikrsna-buf
changed the title
emcfarlane
reviewed
Mar 24, 2026
| @@ -0,0 +1,25 @@ | |||
| name: Check generated SDK dependency | |||
Contributor
There was a problem hiding this comment.
I like this idea. One suggestion: instead of exit 1 (which shows a red X and looks like broken CI), consider using the GitHub Checks API with an action_required conclusion. This still blocks merging when set as a required check, but shows as a distinct warning rather than a failure. Making it clear this is "waiting on upstream" not "something is broken."
Rough sketch:
- name: Check for zeroed-out version
uses: actions/github-script@v7
with:
script: |
const gomod = require('fs').readFileSync('go.mod', 'utf8');
const zeroed = /buf\.build\/gen\/go\/bufbuild\/protovalidate\/protocolbuffers\/go.*00000000000000/.test(gomod);
if (zeroed) {
await github.rest.checks.create({
owner: context.repo.owner,
repo: context.repo.repo,
name: 'Upstream dependency check',
head_sha: context.sha,
status: 'completed',
conclusion: 'action_required',
output: {
title: 'Waiting for upstream protovalidate merge',
summary: '`go.mod` has a zeroed-out pseudo-version. Update `PROTOVALIDATE_VERSION` once the upstream PR is merged and re-run `make sync-upstream`.'
},
details_url: 'https://github.com/bufbuild/protovalidate/pulls'
});
}
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
With bufbuild/protovalidate#470, all commits of protovalidate and protovalidate-testing module will be available on the BSR. This means we can depend on the generated SDK versions of those commits.
This PR adds the ability to depend on an arbitrary upstream commit. This drastically improves the development cycle by letting us review and merge PRs for each individual change in
validate.proto, rather than bundling all changes from the previous release into a single PR.It uses the git commit/tag/branch as the pointer because there are two different BSR modules, and each will have its own BSR commit name.
To avoid merging zeroed versions of the generated SDK, this ensures that only release versions or commits on the main version can be merged. The CI failure is because of this. Once bufbuild/protovalidate#470 is merged and we update the reference here, it should pass.
Because of the version update, there were some errors in the example test. I fixed them in a separate commit.