ci: Add API protobuf breaking-change-detector CI script#17793
ci: Add API protobuf breaking-change-detector CI script#17793htuch merged 16 commits intoenvoyproxy:mainfrom
Conversation
Signed-off-by: Yaseen Alkhafaji <yaseena@google.com>
Signed-off-by: Yaseen Alkhafaji <yaseena@google.com>
Signed-off-by: Yaseen Alkhafaji <yaseena@google.com>
Signed-off-by: Yaseen Alkhafaji <yaseena@google.com>
akonradi
left a comment
There was a problem hiding this comment.
Still need to review plenty of the code but flushing comments for now
| buf_args = _generate_buf_args(target_path, config_file_loc, additional_args) | ||
|
|
||
| update_code, _, update_err = run_command(f'{buf_path} mod update') | ||
| # for some reason buf prints out the "downloading..." lines on stderr |
There was a problem hiding this comment.
We can capture or redirect stderr if that's useful?
Signed-off-by: Yaseen Alkhafaji <yaseena@google.com>
Signed-off-by: Yaseen Alkhafaji <yaseena@google.com>
|
/retest |
|
Retrying Azure Pipelines: |
Signed-off-by: Yaseen Alkhafaji <yaseena@google.com>
Signed-off-by: Yaseen Alkhafaji <yaseena@google.com>
Signed-off-by: Yaseen Alkhafaji <yaseena@google.com>
Signed-off-by: Yaseen Alkhafaji <yaseena@google.com>
|
/retest |
|
Retrying Azure Pipelines: |
adisuissa
left a comment
There was a problem hiding this comment.
Thanks for working on this!
Left a few high-level comments
|
|
||
| licenses(["notice"]) # Apache 2 | ||
|
|
||
| py_binary( |
There was a problem hiding this comment.
Maybe we should also have detector_ci.py here.
akonradi
left a comment
There was a problem hiding this comment.
Happy to re-review once the changes to remove lock file support are made
| echo "Testing API boosting (golden C++ tests)..." | ||
| # We use custom BAZEL_BUILD_OPTIONS here; the API booster isn't capable of working with libc++ yet. | ||
| BAZEL_BUILD_OPTIONS="${BAZEL_BUILD_OPTIONS[*]}" python3.8 "${ENVOY_SRCDIR}"/tools/api_boost/api_boost_test.py | ||
| echo "Building buf..." |
There was a problem hiding this comment.
I'd recommend moving this to a bazel.api_compat target and CI job. We can then turn this on as an optional GitHub check, which will make it an active part of the ongoing review process. If we see false positives or need to override, it won't block developer velocity, and ideally we can tune them. At some point it can become a mandatory check and senior maintainers can override as needed.
WDYT @lizan @phlax @mattklein123?
I'm very excited to see this land and think this will be immeasurably valuable in avoiding costly breaking changes that hurt the ecosystem. It will also free up bandwidth of @envoyproxy/api-shepherds to focus on things other than breaking changes.
There was a problem hiding this comment.
not sure what adding a new CI job entails on the azure/github side but I modified .azure-pipelines/pipelines.yml to add api_compat under api for the bazel job of the check stage. if I need to do anything else, let me know
There was a problem hiding this comment.
I see the new CI check, and it seems to be failing as expected.
Signed-off-by: Yaseen Alkhafaji <yaseena@google.com>
Signed-off-by: Yaseen Alkhafaji <yaseena@google.com>
Signed-off-by: Yaseen Alkhafaji <yaseena@google.com>
Signed-off-by: Yaseen Alkhafaji <yaseena@google.com>
|
this should be ready for a second review! @adisuissa @akonradi |
| echo "Testing API boosting (golden C++ tests)..." | ||
| # We use custom BAZEL_BUILD_OPTIONS here; the API booster isn't capable of working with libc++ yet. | ||
| BAZEL_BUILD_OPTIONS="${BAZEL_BUILD_OPTIONS[*]}" python3.8 "${ENVOY_SRCDIR}"/tools/api_boost/api_boost_test.py | ||
| echo "Building buf..." |
There was a problem hiding this comment.
I see the new CI check, and it seems to be failing as expected.
tools/testdata/api_proto_breaking_change_detector/breaking/test_change_package_name_changed
Show resolved
Hide resolved
Signed-off-by: Yaseen Alkhafaji <yaseena@google.com>
|
Please add a comment on why |
api/buf.yaml
Outdated
| @@ -1,13 +1,19 @@ | |||
| version: v1beta1 | |||
| deps: | |||
| - buf.build/beta/googleapis | |||
There was a problem hiding this comment.
FYI, this protobuf module has been deprecated in favor of buf.build/googleapis/googleapis. I think it'd be good to update it now before merging this as changing the dependency later can be annoying for downstream dependents.
|
@htuch this should be ready for one last review from you! the |
| initial_state_input += f',subdir={subdir}' | ||
|
|
||
| final_code, final_out, final_err = run_command( | ||
| ' '.join([buf_path, f"breaking --against {initial_state_input}", *buf_args])) |
There was a problem hiding this comment.
FYI, if you actually want to parse this output (I see it's not really being parsed here) you can use --error-format=json to get structured results.
|
actually hold on, going to push one more change to update buf version and adjust BSR dependencies that @johanbrandhorst recommended |
Signed-off-by: Yaseen Alkhafaji <yaseena@google.com>
|
/retest |
|
Retrying Azure Pipelines: |
htuch
left a comment
There was a problem hiding this comment.
LGTM, thanks! Look forward to working with this and iterating. Great accomplishment for the internship!
|
/lgtm deps |
|
@envoyproxy/maintainers @phlax this may cause issues in CI or PRs; presumably not given its an optional check, but just flagging it in case. Please rollback if there is a genuine CI breakage (i.e. modulo the optional api_compat check). |
Commit Message: Add API protobuf breaking-change-detector CI script
Additional Description:
This PR is a continuation to #17515 - it adds a script that uses
bufto check for breaking changes on proto files in the api folder. It does so by comparing the current api folder against the api folder at the git commit computed bytools/git/last_github_commit.sh- that should hopefully represent the most recent commit on main (if there is a better method to obtain the base branch commit, let me know!).Adding the script also required re-organizing some of the breaking change detector logic from the previous pr: some levels of abstraction were added, and the detector now expects a git repository and ref as the input for initial state (rather than a proto file).
The script is invoked in
do_ci.shifbazel.api_compatis specified as theCI_TARGET.This PR also bumps the buf bazel dependency to 0.53.0. If this is preferred to be in a separate PR, let me know and I would be happy to do so
Risk Level: low (hopefully) - the CI script will be invoked in a separate CI pipeline job that can be set to be optional on github. The azure pipeline has been added but needs to be set to optional by a CI maintainer
Testing: New scripts and logic were tested manually; also ran tests from the previous PR and they still pass. hoping to observe more output of this tool through reading CI logs of other PRs once this is merged (this PR should not affect the existing PR workflow - refer to Risk Level)
Docs Changes: n/a
Release Notes: n/a
Platform Specific Features: CI script uses a linux binary for buf so it cannot be run outside of docker on non-linux systems
Related Issue #3368