Skip to content

Modernize proto Buf CI#74

Merged
haasonsaas merged 1 commit intomainfrom
codex/proto-buf-action-followup
Apr 15, 2026
Merged

Modernize proto Buf CI#74
haasonsaas merged 1 commit intomainfrom
codex/proto-buf-action-followup

Conversation

@haasonsaas
Copy link
Copy Markdown
Contributor

@haasonsaas haasonsaas commented Apr 15, 2026

Summary

  • migrate from bufbuild/buf-setup-action to the supported bufbuild/buf-action bridge with setup_only: true
  • remove duplicate buf generate runs from packaging jobs and keep generation drift enforcement in the dedicated generate gate
  • add the missing traces TypeScript package export and include traces in the Python package smoke check

Verification

  • buf generate --timeout 10m && git diff --exit-code -- gen
  • go test ./... -count=1
  • actionlint .github/workflows/ci.yml
  • npm ci && npm run check:package
  • python3 -m venv .venv-build && . .venv-build/bin/activate && python -m pip install --upgrade build && python -m build

@cursor
Copy link
Copy Markdown

cursor bot commented Apr 15, 2026
edited
Loading

PR Summary

Low Risk
CI-only changes that adjust Buf action usage and job responsibilities; main risk is misconfigured secrets/action inputs causing lint/breaking/generate jobs to fail.

Overview
Modernizes Buf usage in CI by replacing bufbuild/buf-setup-action with bufbuild/buf-action@v1 (setup-only) and wiring in a BUF_TOKEN.

Simplifies packaging jobs by removing duplicate buf generate and drift checks from the TypeScript and Python package jobs, leaving generation enforcement in the dedicated generate gate.

Fixes missing proto surface exports/tests by adding the ./traces/v1/traces_pb export to package.json and extending the Python wheel smoke import/assert to include traces.v1.TraceSummary.

Reviewed by Cursor Bugbot for commit c55b3b5. Bugbot is set up for automated code reviews on this repo. Configure here.

@haasonsaas haasonsaas merged commit 09ea528 into main Apr 15, 2026
8 checks passed
@haasonsaas haasonsaas deleted the codex/proto-buf-action-followup branch April 15, 2026 09:00
cursor[bot]
cursor bot reviewed Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

Bugbot Autofix is ON, but it could not run because the branch was deleted or merged before autofix could start.

Reviewed by Cursor Bugbot for commit c55b3b5. Configure here.

Comment thread .github/workflows/ci.yml
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: bufbuild/buf-setup-action@a47c93e0b1648d5651a065437926377d060baa99 # v1.50.0
- uses: bufbuild/buf-action@v1
Copy link
Copy Markdown

@cursor cursor bot Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unpinned action reference will fail security guardrails

High Severity

bufbuild/buf-action@v1 uses a mutable tag instead of a full SHA pin. Every other action in this file is pinned to a 40-character commit hash. The project's own workflow-security-guardrails job runs check-workflow-security-baseline.sh with ENFORCE_SHA_PINS: 'true', which will reject any uses: reference that isn't a full-length SHA — so this PR will fail that CI gate.

Additional Locations (2)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit c55b3b5. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@haasonsaas