Skip to content

build(protobufs): regen protobufs with nanopb 0.4.9.1#84

Merged
jeremiah-k merged 3 commits into
developfrom
update-protobufs
Apr 11, 2026
Merged

build(protobufs): regen protobufs with nanopb 0.4.9.1#84
jeremiah-k merged 3 commits into
developfrom
update-protobufs

Conversation

@jeremiah-k

@jeremiah-k jeremiah-k commented Apr 11, 2026

Copy link
Copy Markdown
Owner

Overview

This PR regenerates protobuf sources using nanopb 0.4.9.1 and tightens the protobuf regeneration workflow and CI verification. It updates regenerated Python protobuf modules and stubs to the newer nanopb/protoc output, bumps the Python protobuf dependency, and documents the local regeneration process and integrity checks.

Key changes

Features

  • Regenerate protobufs with nanopb 0.4.9.1 and updated generated outputs for all meshtastic/protobuf/* files (py and pyi).
  • CI: add NANOPB_SHA256 and verify nanopb tarball integrity before extraction.
  • regen script: introduce configurable NANOPB_* variables, dynamic PROTOC selection, logging of chosen protoc and its version, and explicit failure with instructions when protoc isn’t available.
  • CONTRIBUTING.md: new "Updating protobufs" section documenting nanopb download, sha256 verification, and overrides (PROTOC=/path/to/protoc or ALLOW_SYSTEM_PROTOC=1).
  • Add ALLOW_SYSTEM_PROTOC support in bin/regen-protobufs.sh to permit an explicit system protoc fallback when desired.

Fixes / Security

  • Verify nanopb tarball SHA-256 in CI and document the verification steps.
  • Use curl -fsSL in workflow to fail on HTTP errors.
  • Bump protobuf runtime requirement in pyproject.toml to >=5.29.5 and add typing-extensions (for Python <3.13) to support the regenerated stubs.

Refactors / Generated outputs

  • Generated Python pb2.py files:
    • Add runtime validation via google.protobuf.runtime_version.ValidateProtobufRuntimeVersion(...) (records expected protobuf Python version 5.28.1 in generated files).
    • Switch absolute package imports to relative imports (from . import *_pb2).
    • Update descriptor non-C-descriptor handling to use _globals['DESCRIPTOR']._loaded_options and modernize boolean checks (if not ...).
    • Update serialized descriptor payloads and offsets to match regenerated protos.
  • Generated .pyi stubs:
    • Rework imports to underscore-prefixed aliases (_descriptor, _message, _builtins, _typing, etc.).
    • Replace global___* aliases with typed Global___* : TypeAlias = ... exports.
    • Introduce TypeAlias-based named aliases for Literal[...] signatures (HasField/ClearField/WhichOneof) with Python-version-aware imports (typing vs typing_extensions).
    • Add new message types, enum values, and fields found in updated proto defs (examples: TAK_CONFIG, ModuleConfig.TAKConfig, FEM_LNA_Mode, new port numbers).
    • Add deprecation decorator handling for previously deprecated fields where generated.

Other

  • Workflow and regen script defaults updated to nanopb-0.4.9.1 and to respect ALLOW_SYSTEM_PROTOC.
  • .gitignore: add .codex entry.
  • protobufs submodule pointer updated.

Breaking changes / migration notes

  • Runtime protobuf requirement increased: projects must use protobuf >=5.29.5 (pyproject.toml now requires >=5.29.5).
  • Generated Python code records expected protobuf runtime 5.28.1; mismatched protobuf runtimes may trigger the generated runtime checks at import time—ensure installed protobuf runtime is compatible.
  • Regenerated stubs use TypeAlias and typing-extensions conditionally; typing-extensions is added for older Python versions (<3.13).
  • If relying on an older local protoc or the previous nanopb 0.4.8 behaviour, follow CONTRIBUTING.md instructions: either set PROTOC=/path/to/protoc when running ./bin/regen-protobufs.sh or set ALLOW_SYSTEM_PROTOC=1 to allow discovery from PATH.

- update CI workflow env NANOPB_VERSION to 0.4.9.1
- update regen script defaults to nanopb-0.4.9.1
- regenerate protobuf Python files and stubs with updated imports
- add Protobuf runtime version checks to generated files
- bump protobuf Python dependency to >=5.28.1 in pyproject.toml
- update CONTRIBUTING.md with protobuf update instructions
@jeremiah-k

Copy link
Copy Markdown
Owner Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Apr 11, 2026

Copy link
Copy Markdown
✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the project's protobuf definitions and dependencies, upgrading the protobuf library to version 5.28.1 and updating the protobufs submodule. The changes include the regeneration of all Python protobuf files to use relative imports and include runtime version checks, alongside updates to bin/regen-protobufs.sh for improved protoc discovery and documentation updates in CONTRIBUTING.md. Feedback was provided to remove a hardcoded fallback to an older nanopb version in the regeneration script to ensure consistency with the updated version requirements.

Comment thread bin/regen-protobufs.sh
@coderabbitai

coderabbitai Bot commented Apr 11, 2026

Copy link
Copy Markdown

Walkthrough

Regenerates Python protobuf artifacts and updates tooling: CI/workflow and regen script now parameterize nanopb/protoc download and verify checksums; many meshtastic/protobuf/*_pb2.py and *_pb2.pyi files were regenerated/rewritten; dependencies and docs updated accordingly.

Changes

Cohort / File(s) Summary
CI Workflow
​.github/workflows/update_protobufs.yml
Adds NANOPB_VERSION and NANOPB_SHA256, switches download to use those vars, tightens curl flags, and verifies tarball SHA-256 before extraction.
Regen Script
bin/regen-protobufs.sh
Introduces NANOPB_* env defaults, dynamic PROTOC selection (searches nanopb dirs or PATH when ALLOW_SYSTEM_PROTOC=1), logs chosen protoc and version, and prints explicit download instructions on failure.
Docs & Ignore
CONTRIBUTING.md, .gitignore
Adds "Updating protobufs" section with nanopb/protoc instructions and ignores .codex.
Project Config
pyproject.toml
Bumps required protobuf minimum to >=5.29.5 and adds typing-extensions for Python <3.13.
Protobuf Python modules
meshtastic/protobuf/*_pb2.py (many files)
Regenerated modules: add runtime protobuf version validation (ValidateProtobufRuntimeVersion → 5.28.1), switch absolute imports to relative from . import ..., and update non‑C descriptor initialization to use _globals['DESCRIPTOR']._loaded_options plus adjusted serialized descriptor payloads/offsets.
Protobuf type stubs
meshtastic/protobuf/*_pb2.pyi (many files)
Large refactor: use underscored import aliases (_descriptor, _message, _builtins, _typing, etc.), introduce TypeAlias patterns for Literal-based method args, rename exported aliases from global___XGlobal___X: _TypeAlias = X, and add deprecated property accessors where generated.
New/Extended schema items (stubs & descriptors)
meshtastic/protobuf/atak_pb2.*, module_config_pb2.*, localonly_pb2.*, portnums_pb2.pyi, config_pb2.pyi
Adds new messages/enums (e.g., AircraftTrack, TAKPacketV2, TAKConfig, CotHow) and new enum/field values (e.g., LoRa FEM_LNA_Mode, new port numbers).
Submodule update
protobufs
Updated submodule pointer to a newer commit.

Sequence Diagram(s)

sequenceDiagram
  participant Dev as Developer
  participant CI as GitHub Actions Runner
  participant Nano as nanopb Release (remote)
  participant FS as Filesystem
  participant Protoc as protoc (tool)

  Dev->>CI: push update_protobufs workflow/run
  CI->>Nano: curl download tarball (using NANOPB_VERSION)
  Nano-->>CI: tarball
  CI->>CI: sha256sum -c - (verify NANOPB_SHA256)
  alt checksum OK
    CI->>CI: tar xzf, mv extracted to nanopb-${NANOPB_VERSION}-linux-x86
    CI->>Protoc: use protoc from nanopb dir (or from PATH if allowed)
    Protoc-->>CI: protoc --version (logged)
    CI->>FS: run regen script (bin/regen-protobufs.sh) to generate *_pb2.py and .pyi
    FS-->>CI: generated files
  else checksum FAIL
    CI-->>Dev: fail job with instructions to re-run/download
  end
Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

🐰 A rabbit hums while proto bytes realign,
Aliases hop from global___ to Global___ fine,
Checksums verified, protoc paths in view,
Regenerated stubs and messages—hoppy review! 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 35.35% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The PR title clearly summarizes the main objective: regenerating protobufs with nanopb version 0.4.9.1, which is the primary change across the large number of modified files.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch update-protobufs

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 8

🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/update_protobufs.yml:
- Line 9: Remove the redundant quoting for the YAML variable NANOPB_VERSION by
changing its value from a quoted string to an unquoted scalar (i.e., replace
"0.4.9.1" with 0.4.9.1) so it passes YAMLlint's quoted-strings rule; update the
NANOPB_VERSION entry in the workflow file where the key is defined to use the
unquoted value.
- Around line 40-42: The workflow currently downloads and extracts
nanopb-${NANOPB_VERSION}-linux-x86.tar.gz without integrity checks; update the
steps around the curl/tar/mv commands to fetch or embed the official SHA256 for
nanopb-${NANOPB_VERSION}-linux-x86.tar.gz and verify it before extraction (e.g.,
download a .sha256 file or echo the known hash and run sha256sum -c or sha256sum
--check), and fail the job on mismatch so the tar extraction and subsequent mv
only run after successful checksum validation.

In @.gitignore:
- Line 23: The .codex entry in .gitignore appears to be an IDE/assistant
artifact (like .cursor) and not related to the nanopb/protobuf changes in this
PR; remove the .codex addition from this PR or move it into a separate, focused
PR for editor/IDE exclusions, and update the PR description to reflect that only
nanopb/protobuf regeneration is included; reference the .codex gitignore line
(and related .cursor entry) when making the split so the IDE-related ignores are
handled separately from functions touching nanopb/protobuf generation.

In `@bin/regen-protobufs.sh`:
- Around line 29-57: Remove the legacy nanopb-0.4.8 fallback by deleting the
"./nanopb-0.4.8/generator-bin/protoc" candidate from the PROTOC_CANDIDATE loop
(symbols: PROTOC_CANDIDATE, NANOPB_DIR, NANOPB_LINUX_DIR) and change the
automatic system lookup block that uses "command -v protoc" so it only accepts a
system protoc when ALLOW_SYSTEM_PROTOC=1 is set (check the ALLOW_SYSTEM_PROTOC
env var before assigning PROTOC from command -v protoc); keep the existing
failure message and the later logging of the chosen PROTOC and ensure
NANOPB_VERSION is still the single source-of-truth for the expected nanopb
release.

In `@meshtastic/protobuf/config_pb2.pyi`:
- Around line 16-24: The project is missing typing_extensions as a
runtime/dependency even though the regenerated stubs import
typing_extensions.deprecated for Python <3.13; add typing_extensions to the
project dependencies in pyproject.toml (e.g., add a dependency entry like
typing_extensions = "^4.0.0" or a compatible newer version) so imports in
meshtastic/protobuf/config_pb2.pyi (the conditional imports of TypeAlias and
deprecated from typing_extensions) will succeed for Python 3.10–3.12.

In `@meshtastic/protobuf/mesh_pb2.py`:
- Around line 5-19: The project currently allows protobuf versions starting at
5.28.1 which includes vulnerable releases; update the dependency constraint in
pyproject.toml to exclude the vulnerable range by raising the minimum to
protobuf >=5.29.5 (or use an explicit exclusion like "protobuf
>=5.28.1,!=5.28.1-5.29.4, <6") and then run dependency lock/install; you can
verify the runtime check in mesh_pb2.py
(runtime_version.ValidateProtobufRuntimeVersion and
_runtime_version.Domain.PUBLIC) will still accept the newer non-vulnerable
protobuf at import.

In `@meshtastic/protobuf/module_config_pb2.pyi`:
- Around line 16-24: module_config_pb2.pyi imports typing_extensions.deprecated
for Python <3.13 (see the _deprecated alias) so typing_extensions must be
declared as an explicit project dependency; add typing_extensions to your
pyproject.toml project dependencies (or equivalent manifest) so consumers on
Python 3.10–3.12 get it, optionally using an environment marker (e.g.,
python_version < "3.13") if you want to limit it, then regenerate your lockfile
(poetry lock / pip-compile / pipenv lock) so the lock includes the explicit
dependency.

In `@pyproject.toml`:
- Line 18: Update the protobuf version constraint to exclude vulnerable releases
by changing the dependency declaration for protobuf (the line containing
protobuf = ">=5.28.1") to require at least the patched release; replace the
current constraint with one that sets the minimum to >=5.29.5 so installations
cannot pick affected versions (<5.29.5).
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: ASSERTIVE

Plan: Pro

Run ID: f721e1d1-de7d-4e70-b242-ddbc67524ba6

📥 Commits

Reviewing files that changed from the base of the PR and between e15fde1 and 093dca1.

⛔ Files ignored due to path filters (1)
  • poetry.lock is excluded by !**/*.lock
📒 Files selected for processing (54)
  • .github/workflows/update_protobufs.yml
  • .gitignore
  • CONTRIBUTING.md
  • bin/regen-protobufs.sh
  • meshtastic/protobuf/admin_pb2.py
  • meshtastic/protobuf/admin_pb2.pyi
  • meshtastic/protobuf/apponly_pb2.py
  • meshtastic/protobuf/apponly_pb2.pyi
  • meshtastic/protobuf/atak_pb2.py
  • meshtastic/protobuf/atak_pb2.pyi
  • meshtastic/protobuf/cannedmessages_pb2.py
  • meshtastic/protobuf/cannedmessages_pb2.pyi
  • meshtastic/protobuf/channel_pb2.py
  • meshtastic/protobuf/channel_pb2.pyi
  • meshtastic/protobuf/clientonly_pb2.py
  • meshtastic/protobuf/clientonly_pb2.pyi
  • meshtastic/protobuf/config_pb2.py
  • meshtastic/protobuf/config_pb2.pyi
  • meshtastic/protobuf/connection_status_pb2.py
  • meshtastic/protobuf/connection_status_pb2.pyi
  • meshtastic/protobuf/device_ui_pb2.py
  • meshtastic/protobuf/device_ui_pb2.pyi
  • meshtastic/protobuf/deviceonly_pb2.py
  • meshtastic/protobuf/deviceonly_pb2.pyi
  • meshtastic/protobuf/interdevice_pb2.py
  • meshtastic/protobuf/interdevice_pb2.pyi
  • meshtastic/protobuf/localonly_pb2.py
  • meshtastic/protobuf/localonly_pb2.pyi
  • meshtastic/protobuf/mesh_pb2.py
  • meshtastic/protobuf/mesh_pb2.pyi
  • meshtastic/protobuf/module_config_pb2.py
  • meshtastic/protobuf/module_config_pb2.pyi
  • meshtastic/protobuf/mqtt_pb2.py
  • meshtastic/protobuf/mqtt_pb2.pyi
  • meshtastic/protobuf/nanopb_pb2.py
  • meshtastic/protobuf/nanopb_pb2.pyi
  • meshtastic/protobuf/paxcount_pb2.py
  • meshtastic/protobuf/paxcount_pb2.pyi
  • meshtastic/protobuf/portnums_pb2.py
  • meshtastic/protobuf/portnums_pb2.pyi
  • meshtastic/protobuf/powermon_pb2.py
  • meshtastic/protobuf/powermon_pb2.pyi
  • meshtastic/protobuf/remote_hardware_pb2.py
  • meshtastic/protobuf/remote_hardware_pb2.pyi
  • meshtastic/protobuf/rtttl_pb2.py
  • meshtastic/protobuf/rtttl_pb2.pyi
  • meshtastic/protobuf/storeforward_pb2.py
  • meshtastic/protobuf/storeforward_pb2.pyi
  • meshtastic/protobuf/telemetry_pb2.py
  • meshtastic/protobuf/telemetry_pb2.pyi
  • meshtastic/protobuf/xmodem_pb2.py
  • meshtastic/protobuf/xmodem_pb2.pyi
  • protobufs
  • pyproject.toml

Comment thread .github/workflows/update_protobufs.yml Outdated
Comment thread .github/workflows/update_protobufs.yml
Comment thread .gitignore
Comment thread bin/regen-protobufs.sh
Comment thread meshtastic/protobuf/config_pb2.pyi
Comment thread meshtastic/protobuf/mesh_pb2.py
Comment thread meshtastic/protobuf/module_config_pb2.pyi
Comment thread pyproject.toml Outdated
bump protobuf version requirement in pyproject.toml to >=5.29.5

update regen-protobufs.sh to honor ALLOW_SYSTEM_PROTOC and drop
fallback to nanopb-0.4.8

CI workflow updates: set NANOPB_SHA256 and verify tarball integrity

update CONTRIBUTING.md with sha256 verification steps and ALLOW_SYSTEM_PROTOC guidance
@jeremiah-k

Copy link
Copy Markdown
Owner Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Apr 11, 2026

Copy link
Copy Markdown
✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@bin/regen-protobufs.sh`:
- Around line 7-8: The script currently hardcodes NANOPB_LINUX_DIR and
NANOPB_DOWNLOAD_URL while NANOPB_DIR is overrideable; change both to respect
environment overrides by only assigning defaults when the vars are unset (e.g.,
use conditional assignments for NANOPB_LINUX_DIR and NANOPB_DOWNLOAD_URL), and
ensure NANOPB_DOWNLOAD_URL is derived from NANOPB_VERSION/NANOPB_LINUX_DIR if
needed so custom NANOPB_LINUX_DIR or NANOPB_DIR values are honored; update
references to NANOPB_LINUX_DIR and NANOPB_DOWNLOAD_URL accordingly (symbols:
NANOPB_LINUX_DIR, NANOPB_DOWNLOAD_URL, NANOPB_DIR, NANOPB_VERSION).

In `@pyproject.toml`:
- Around line 18-19: The pyproject.toml currently allows protobuf ">=5.29.5"
which permits protobuf 6.x and will cause runtime import failures; update the
protobuf dependency constraint to lock the major version (e.g., change protobuf
= ">=5.29.5" to protobuf = ">=5.29.5,<6") so the project only installs protobuf
5.x until generated modules are regenerated; edit the protobuf entry in
pyproject.toml accordingly.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 508dc316-d457-451a-9926-b3cfc3363f5e

📥 Commits

Reviewing files that changed from the base of the PR and between 093dca1 and 7312abd.

⛔ Files ignored due to path filters (1)
  • poetry.lock is excluded by !**/*.lock
📒 Files selected for processing (4)
  • .github/workflows/update_protobufs.yml
  • CONTRIBUTING.md
  • bin/regen-protobufs.sh
  • pyproject.toml

Comment thread bin/regen-protobufs.sh Outdated
Comment thread pyproject.toml
update regen-protobufs.sh to read NANOPB_LINUX_DIR and NANOPB_DOWNLOAD_URL from environment with defaults
This enables overriding nanopb sources without editing the script, while preserving
existing behavior when variables are unset
@jeremiah-k jeremiah-k merged commit 12bd895 into develop Apr 11, 2026
20 checks passed
@jeremiah-k jeremiah-k deleted the update-protobufs branch April 11, 2026 19:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant