From 52adf7e4a574410ab2d932afc0defd2c23455bf4 Mon Sep 17 00:00:00 2001 From: Ken Simon Date: Fri, 26 Jun 2026 13:29:01 -0400 Subject: [PATCH 1/2] fix(ci): Make proto-breaking-changes compare against the merge-base It currently compares against main for breaking changes, but that means if new fields were added to main since the branch was created, it incorrectly shows them as being removed in the PR branch. This updates it to check against $(git merge-base HEAD origin/main) so that it sees the actual diffs introduced in this branch since it started. --- .github/workflows/ci.yaml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 0a979f9b30..9488652210 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -994,7 +994,7 @@ jobs: - name: Checkout code uses: actions/checkout@v4 with: - fetch-depth: 0 # Required: Buf needs the history to compare against main + fetch-depth: 0 # Required to compute the merge-base against main - name: Install Buf CLI run: | @@ -1004,8 +1004,18 @@ jobs: - name: Check for Breaking Changes run: | + set -euo pipefail + + git fetch --no-tags origin +refs/heads/main:refs/remotes/origin/main + MERGE_BASE="$(git merge-base HEAD origin/main)" + BASE_PROTO_DIR="$(mktemp -d)" + trap 'rm -rf "${BASE_PROTO_DIR}"' EXIT + + echo "Comparing protobuf changes against merge-base ${MERGE_BASE}" + git archive "${MERGE_BASE}" crates/rpc/proto | tar -x -C "${BASE_PROTO_DIR}" + buf breaking crates/rpc/proto \ - --against 'https://github.com/${{ github.repository }}.git#branch=main,subdir=crates/rpc/proto' \ + --against "${BASE_PROTO_DIR}/crates/rpc/proto" \ --error-format=github-actions lint-police: From 78b27e9d806f15addef462ce6fdbcfbf5fa9f0f3 Mon Sep 17 00:00:00 2001 From: Ken Simon Date: Fri, 26 Jun 2026 13:39:08 -0400 Subject: [PATCH 2/2] Fix for the openapi check too --- .github/workflows/rest-lint-and-test.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/rest-lint-and-test.yml b/.github/workflows/rest-lint-and-test.yml index 2908aa53cd..5ea89453d7 100644 --- a/.github/workflows/rest-lint-and-test.yml +++ b/.github/workflows/rest-lint-and-test.yml @@ -107,10 +107,21 @@ jobs: with: fetch-depth: 0 + - name: Resolve OpenAPI comparison base + id: openapi-base + run: | + set -euo pipefail + + git fetch --no-tags origin +refs/heads/main:refs/remotes/origin/main + MERGE_BASE="$(git merge-base HEAD origin/main)" + + echo "merge_base=${MERGE_BASE}" >> "${GITHUB_OUTPUT}" + echo "Comparing OpenAPI changes against merge-base ${MERGE_BASE}" + - name: Check OpenAPI breaking changes uses: oasdiff/oasdiff-action/breaking@a8c7f0e5649d20d623edb5b38446d3ab3d82d43c with: - base: 'origin/main:rest-api/openapi/spec.yaml' + base: '${{ steps.openapi-base.outputs.merge_base }}:rest-api/openapi/spec.yaml' revision: ':rest-api/openapi/spec.yaml' fail-on: ERR # Allowlist the intentional one-time rename of the BMC credential