Skip to content

Run buf Policies locally #3785

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 21 commits into from
Jun 13, 2025
Merged

Run buf Policies locally #3785

merged 21 commits into from
Jun 13, 2025

Conversation

emcfarlane
Copy link
Contributor

@emcfarlane emcfarlane commented Apr 22, 2025
edited
Loading

This PR adds support for running local buf Policies. Lint and breaking checks now invoke the set of policy rules alongside the set of configured rules. Only local policies are currently supported, remote will be added with lock file support. The annotations emitted now include the policy name alongside the plugin (e.g. <annotation> (buf-plugin-name, buf-policy-name)). An inbuilt plugin for a policy will include only the policy name.

As an example a policy can be expressed for the buf-plugin-suffix.wasm plugin in a policy.yaml file:

version: v2
lint:
  use:
    - SERVICE_BANNED_SUFFIXES
    - RPC_BANNED_SUFFIXES
plugins:
  - plugin: buf-plugin-suffix.wasm
    options:
      service_banned_suffixes:
        - Mock
        - Test
      rpc_banned_suffixes:
        - Element

Which can then be used in a buf.yaml file:

version: v2
lint:
  disable_builtin: true
policies:
  - policy: policy.yaml

And run with buf lint showing the output annotations for a simple test proto:

a.proto:8:1:Service name "AMock" has banned suffix "Mock". (buf-plugin-suffix.wasm, policy.yaml)
a.proto:9:3:Method name "AMock.GetAllAElement" has banned suffix "Element". (buf-plugin-suffix.wasm, policy.yaml)

@emcfarlane emcfarlane requested a review from doriable April 22, 2025 21:25
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 22, 2025
edited
Loading

The latest Buf updates on your PR. Results from workflow Buf CI / buf (pull_request).

BuildFormatLintBreakingUpdated (UTC)
✅ passed✅ passed✅ passed✅ passedJun 6, 2025, 3:13 PM

Base automatically changed from ed/bufPolicyYaml to main April 28, 2025 14:54
@emcfarlane emcfarlane marked this pull request as ready for review April 28, 2025 18:14
@emcfarlane emcfarlane changed the title Invoke buf policies locally Run buf Policies locally Apr 29, 2025
doriable
doriable reviewed Jun 4, 2025
View reviewed changes
Copy link
Member

@doriable doriable left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This mostly makes sense to me, left some comments around the plugin/policy config paths and avoiding passing the read bucket.

doriable
doriable reviewed Jun 5, 2025
View reviewed changes
Copy link
Member

@doriable doriable left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is looking good, just left a couple of very basic comments. I think this behaviour is probably the most straightforward based on our discussions.

@emcfarlane emcfarlane merged commit fae9f4e into main Jun 13, 2025
10 checks passed
@emcfarlane emcfarlane deleted the ed/bufPolicyLocal branch June 13, 2025 15:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@doriable doriable doriable approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@emcfarlane @doriable