-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tools: updating buf.lock googleapis dependency #18019
Conversation
Signed-off-by: Adi Suissa-Peleg <[email protected]>
@adisuissa afaict this is still failing as its trying to use the i guess we either need a senior maintainer to override ci or to add something to ensure it reads the correct |
Also wondering how the |
That's a good point. @johanbrandhorst can you help us here? |
You can lock to a specific version in your Line 3 in 01ea37b
- buf.build/googleapis/googleapis:82944da21578a53b74e547774cf62ed31a05b841 , see https://docs.buf.build/configuration/v1/buf-yaml#deps for details on deps , see https://buf.build/googleapis/googleapis/history for available commit s and tag s. We tag all updates on googleapis/googleapis with the git SHA, so you can use that to easily depend on the same version.), so ideally they'd be updated in lock step, otherwise they would eventually get out of sync. Running buf mod update will get the latest version from the BSR. The risk of any conflict is reasonably small though, seeing as you're only using it for breaking change detection.
|
I went and checked and that particular SHA is not available since it's from 2019, but as I said I wouldn't be too worried about drift right now. |
Signed-off-by: Adi Suissa-Peleg <[email protected]>
Signed-off-by: Adi Suissa-Peleg <[email protected]>
@alyssawilk I think this PR solves the |
More questions after reviewing this PR. It appears we now have 3 places to define, manage and maintain API dependencies?:
After this PR we now have the We used to have Having multiple locations for the same dependencies that have already drifted into different states is not ideal. Can Are we really sure we want to bring
so the delta of the locations is:
/cc @envoyproxy/dependency-shepherds Edit: And... |
I may be misunderstanding you, but I don't believe this is accurate, we build release assets for most common platforms and architectures, including Linux, Darwin and Windows (x86_64 and arm64).
I spoke with @YaseenAlk separately about some of these dependencies when #17515 was in review, but I will add my notes here too: The repositories under the
Eventually, of course, we hope to be able to give these organizations and projects back to their respective owners, too.
I expect the only reason this was added as a dependency in
I think this would require moving more of the protobuf tooling into Having said all of that though, I don't think the drift is a significant issue for your current use case. You're using it for local breaking change detection. You'll need to update the dependencies if one of your dependencies make a change that you want to consume (probably most likely to come from |
Following your comments, submitted #18042 to remove the gogo dependency. AFAICT it was added to test breaking changes against old PRs where the API used it. I agree with @moderation that having a single place where the packages and their versions are defined is the desired goal. I'll take a look at the As a next step, I think it will be wise to pin the versions used by the buf script to the most compatible one. I'll do it. |
I should have clarified that Envoy's usage of I'm confused about the commit SHAs. https://github.com/envoyproxy/envoy/blob/main/api/buf.yaml#L3
However you can't use that value to find the commit on My suggestion is that until we work out where this goes, we should manually synchronize the commit SHA's in the
using the latest Sept. 3 commit. Thanks for the follow up @adisuissa and 👍 to removing |
The source of the confusion is that this (noticeably shorter string) references a BSR commit, which is independent of the VCS SHAs that may be associated with the files at the time of pushing to the BSR. If you just always use a reasonably recent |
* tools: updating buf.lock googleapis dependency Signed-off-by: Adi Suissa-Peleg <[email protected]> Signed-off-by: Adi (Suissa) Peleg <[email protected]>
Looping back on this discussion, we've since made https://buf.build/envoyproxy/envoy a managed third party plugin, so we're monitoring and automatically updating it. This means all dependencies are also available, and up to date (including https://buf.build/cncf/xds). As a result, you should be able to update your version: v1
deps:
- buf.build/googleapis/googleapis
- buf.build/opencensus/opencensus
- buf.build/prometheus/client-model
- buf.build/opentelemetry/opentelemetry
- buf.build/cncf/xds
breaking:
ignore_unstable_packages: true
use:
- FIELD_SAME_ONEOF
- FIELD_SAME_JSON_NAME
- FIELD_SAME_NAME
- FIELD_SAME_TYPE
- FIELD_SAME_LABEL
- FILE_SAME_PACKAGE
- FIELD_NO_DELETE_UNLESS_NUMBER_RESERVED
- FIELD_NO_DELETE_UNLESS_NAME_RESERVED This should fix any issues you have around files missing in |
Commit Message: tools: updating buf.lock googleapis dependency
Additional Description:
Buf googleapis version was updated in the BSR. This PR updates that version, and should fix the error we are seeing in CI.
Risk Level: Low - CI only
Testing: N/A. tools dependency update.
Docs Changes: N/A.
Release Notes: N/A.
Signed-off-by: Adi Suissa-Peleg [email protected]