ci: upgrade buf.yml actions to Node 24 and pin buf CLI to 1.65.0#2512
Draft
andrewhsu wants to merge 2 commits into
Draft
ci: upgrade buf.yml actions to Node 24 and pin buf CLI to 1.65.0#2512andrewhsu wants to merge 2 commits into
andrewhsu wants to merge 2 commits into
Conversation
Contributor
|
The latest Buf updates on your PR. Results from workflow Buf CI / validate (pull_request).
|
andrewhsu
added a commit
that referenced
this pull request
Jun 16, 2026
Updates 9 occurrences across 4 workflow files. v5 and v6 both run on Node 24, so this is not a runtime change -- it aligns the pin with the current major. v6 persists the auth token to a separate file instead of .git/config; our checkout and build steps don't read .git/config, so the change is transparent. (buf.yml's checkout bump is handled separately in #2512.) See https://github.com/actions/checkout/releases/tag/v6.0.0 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
andrewhsu
added a commit
that referenced
this pull request
Jun 16, 2026
Updates 4 occurrences across 4 workflow files. v3 runs on Node 24; v2 runs on Node 20, which is being deprecated on GitHub Actions runners. No input changes affect our usage (secret-ids + parse-json-secrets). (buf.yml's bump is handled separately in #2512.) See https://github.com/aws-actions/aws-secretsmanager-get-secrets/releases/tag/v3.0.0 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
andrewhsu
added a commit
that referenced
this pull request
Jun 16, 2026
Updates 4 occurrences across 4 workflow files. v6 runs on Node 24; v4 runs on Node 20, which is being deprecated on GitHub Actions runners. Our usage only sets aws-region and role-to-assume (string inputs), so the v5 input-validation change (invalid booleans now throw instead of coercing to false) does not affect us. (buf.yml's bump is handled separately in #2512.) See https://github.com/aws-actions/configure-aws-credentials/releases/tag/v6.0.0 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2 tasks
Moved here from #2511 so that PR's checks stay green without re-triggering Buf CI. Bumps the external actions used in .github/workflows/buf.yml: - actions/checkout v5 -> v6 (3 occurrences) - aws-actions/configure-aws-credentials v4 -> v6 (2 occurrences) - aws-actions/aws-secretsmanager-get-secrets v2 -> v3 (2 occurrences) Same Node 24 rationale as the sibling per-action commits in #2511; no input changes. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
bufbuild/buf-action@v1 installs the latest buf release by default. buf 1.71.0 changed the formatter (it collapses short nested message literals onto one line), so `buf format --diff` in the validate job started failing on protos that are formatted for the repo's pinned buf 1.65.0 (BUF_VERSION in taskfiles/proto.yaml, used by `task proto:generate`). Pin buf-action to 1.65.0 so CI's lint/format checks use the same buf version as code generation -- one source of truth -- instead of drifting whenever buf publishes a new release. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
andrewhsu
changed the title
malinskibeniamin
approved these changes
Jun 18, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two
buf.yml-only changes, split out so #2511 (the rest of the Node 24 action upgrades) can stay green without re-triggering Buf CI:.github/workflows/buf.yml—actions/checkoutv5→v6 (×3),aws-actions/configure-aws-credentialsv4→v6 (×2),aws-actions/aws-secretsmanager-get-secretsv2→v3 (×2). (Moved here from ci: upgrade GitHub Actions to Node 24-compatible versions #2511.)1.65.0forbufbuild/buf-action@v1(all three jobs).Why pin buf
buf-action@v1installs the latest buf by default. buf 1.71.0 changed the formatter (it collapses short nested message literals onto one line), sobuf format --diffin thevalidatejob started failing on protos that are formatted for the repo's pinned buf 1.65.0 (BUF_VERSIONintaskfiles/proto.yaml, used bytask proto:generate).CI's format/lint check and code generation were running different buf versions. Pinning
buf-actionto 1.65.0 puts them on a single source of truth, so a new buf release can't silently breakBuf CIagain. No proto reformatting is needed — the committed protos are already 1.65.0-clean (verified locally:buf 1.65.0 format --diff --exit-codeis clean).Test plan
buf 1.65.0 format --diff --exit-codeclean on the committed protos (build + lint also pass)Buf CI(validate) green on this PRProto generategreen on this PR🤖 Generated with Claude Code