fix(deps): update protobuf to v4.35.1 #10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Generate Protobuf | |
| on: | |
| push: | |
| branches: | |
| - "renovate/protobuf" | |
| permissions: {} | |
| jobs: | |
| generate: | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read # checkout + read-only `git fetch origin main` for the verify step | |
| steps: | |
| - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 | |
| with: | |
| ref: ${{ github.ref }} | |
| persist-credentials: false | |
| - uses: jdx/mise-action@dba19683ed58901619b14f395a24841710cb4925 # v4.1.0 | |
| with: | |
| version: v2026.6.10 | |
| sha256: 656131b5d995493c18b06c2135afda193f94a1848e0a4d1cb07a1161859d0c80 | |
| - name: Cache local Maven repository | |
| uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| - name: Verify both protobuf deps are updated | |
| run: | | |
| git fetch origin main | |
| DIFF_POM=$(git diff origin/main -- pom.xml) | |
| DIFF_MISE=$(git diff origin/main -- mise.toml) | |
| if ! echo "$DIFF_POM" | grep -q 'protobuf-java.version'; then | |
| echo "::error::protobuf-java not updated in pom.xml" | |
| exit 1 | |
| fi | |
| if ! echo "$DIFF_MISE" | grep -q 'protoc'; then | |
| echo "::error::protoc not updated in mise.toml" | |
| exit 1 | |
| fi | |
| - name: Generate protobuf sources | |
| run: mise run generate | |
| - name: Validate and export generated sources as a patch | |
| run: | | |
| UNEXPECTED=$(git diff --name-only | grep -v '\.java$' || true) | |
| if [[ -n "$UNEXPECTED" ]]; then | |
| echo "::error::Unexpected files changed:" | |
| echo "$UNEXPECTED" | |
| exit 1 | |
| fi | |
| git diff --binary > /tmp/protobuf-sources.patch | |
| - name: Upload generated patch | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: protobuf-sources-patch | |
| path: /tmp/protobuf-sources.patch | |
| retention-days: 5 | |
| publish: | |
| runs-on: ubuntu-24.04 | |
| needs: generate | |
| permissions: | |
| contents: write # push regenerated sources back to the renovate branch | |
| steps: | |
| - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 | |
| with: | |
| ref: ${{ github.ref }} | |
| # zizmor: ignore[artipacked] -- needs credentials to push | |
| persist-credentials: true | |
| - name: Download generated patch | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: protobuf-sources-patch | |
| path: /tmp/patch | |
| - name: Commit and push generated sources | |
| run: | | |
| PATCH=/tmp/patch/protobuf-sources.patch | |
| if [[ ! -s "$PATCH" ]]; then | |
| echo "No generated changes to commit" | |
| exit 0 | |
| fi | |
| git apply "$PATCH" | |
| # Note: GITHUB_TOKEN pushes don't trigger CI re-runs. | |
| # Close and reopen the PR to trigger CI after this commit. | |
| git config user.name "github-actions[bot]" | |
| git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| git add '*.java' | |
| git commit -m "chore: regenerate protobuf sources" | |
| git push |