Skip to content

chore: add origin for local fe development #26

chore: add origin for local fe development

chore: add origin for local fe development #26

Workflow file for this run

---
name: Buf
# Proto schema CI for the `proto/` module (buf.build/authorizerdev/authorizer).
# Responsibilities are split by event so nothing runs twice across a PR and its
# merge commit:
# - pull_request -> validate (lint + breaking-change check)
# - push to main -> publish (buf push)
on:
pull_request:
# `labeled`/`unlabeled` so toggling `proto-breaking-approved` re-runs the
# breaking gate with the current label set in the event payload.
types: [opened, synchronize, reopened, labeled, unlabeled]
paths:
- "proto/**"
- "gen/**"
- "Makefile"
- ".github/workflows/buf.yml"
push:
branches: [main]
paths:
- "proto/**"
- "gen/**"
- "Makefile"
- ".github/workflows/buf.yml"
permissions:
contents: read
# Cancel superseded runs on the same ref (e.g. rapid pushes to a PR).
concurrency:
group: buf-${{ github.ref }}
cancel-in-progress: true
jobs:
validate:
name: Lint & breaking
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- uses: bufbuild/buf-setup-action@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Lint
run: buf lint proto
- uses: actions/setup-go@v6
with:
go-version-file: go.mod
cache: true
# Regenerate gen/ from proto/ and fail if the committed output is stale.
- name: Verify generated protobuf output
run: make proto-check
# Compare against the published module so a PR that would break
# wire/source compatibility fails before it lands. Intentional,
# reviewed breaks (e.g. the v1 package consolidation / response-envelope
# flatten) are allowed only when a maintainer applies the
# `proto-breaking-approved` label — the gate still hard-fails on every
# unlabeled PR, so accidental breaks are caught.
- name: Breaking-change check
continue-on-error: ${{ contains(github.event.pull_request.labels.*.name, 'proto-breaking-approved') }}
run: buf breaking proto --against buf.build/authorizerdev/authorizer
env:
BUF_TOKEN: ${{ secrets.BUF_TOKEN }}
publish:
name: Push to BSR
if: github.event_name == 'push'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- uses: bufbuild/buf-setup-action@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
# buf de-dupes identical schemas, so commits that don't touch protos
# are no-ops.
- name: Push to BSR
run: buf push proto
env:
BUF_TOKEN: ${{ secrets.BUF_TOKEN }}