Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support policy checks #69

Merged
merged 28 commits into from
Feb 26, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
63634d0
Add BreakingState and ReviewState to ListLabelHistoryResponse
bufdev Feb 13, 2024
40e9a5f
Merge branch 'main' into breaking-review-labels
bufdev Feb 13, 2024
e346d75
Take two
bufdev Feb 13, 2024
abae8ae
format
bufdev Feb 13, 2024
451ee8c
fixes
bufdev Feb 13, 2024
88530ad
fix
bufdev Feb 13, 2024
94a8cfd
newline
bufdev Feb 13, 2024
b0403a8
comment
bufdev Feb 13, 2024
9b136e4
LabelReviewState -> CommitReviewState and update docs
nicksnyder Feb 15, 2024
dc29366
commit -> Commit
nicksnyder Feb 15, 2024
855d3d0
lint
nicksnyder Feb 15, 2024
f2007cd
clarify docs for Label.commit_id
nicksnyder Feb 15, 2024
b826484
Standardize on "governance workflow"
nicksnyder Feb 16, 2024
4368113
CommitReviewState -> GovernanceWorkflowState
nicksnyder Feb 16, 2024
2f7a199
lint
nicksnyder Feb 16, 2024
347ea32
Support GovernanceWorkflowState being blocked on another governance w…
nicksnyder Feb 16, 2024
f3d9cb2
clarify docs for blocked commits
nicksnyder Feb 16, 2024
a0a968a
Update buf/registry/module/v1beta1/label.proto
nicksnyder Feb 16, 2024
3eeb39c
clarify behavior of blocked state
nicksnyder Feb 16, 2024
f7687d9
governance flow -> policy checks
nicksnyder Feb 16, 2024
03c229f
accepted -> approved
nicksnyder Feb 16, 2024
ed33e9c
validation rule
nicksnyder Feb 16, 2024
f42ba0c
Rename PolicyChecks{State|Status} to PolicyCheck{State|Status}
nicksnyder Feb 26, 2024
da077c5
Merge branch 'main' into breaking-review-labels
nicksnyder Feb 26, 2024
d126dac
Merge branch 'main' into breaking-review-labels
bufdev Feb 26, 2024
4546866
Merge branch 'breaking-review-labels' of https://github.com/bufbuild/…
bufdev Feb 26, 2024
46300fc
commit
bufdev Feb 26, 2024
108b279
commit
bufdev Feb 26, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ BIN := .tmp/bin
export PATH := $(BIN):$(PATH)
export GOBIN := $(abspath $(BIN))

BUF_VERSION := v1.28.1
BUF_VERSION := v1.29.0
COPYRIGHT_YEARS := 2023-2024

.PHONY: help
Expand Down
40 changes: 40 additions & 0 deletions buf/registry/module/v1beta1/label.proto
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ message Label {
];
// The id of the Commit currently associated with the Label.
//
// If policy checks are enabled, this will point to the most recent Commit that passed or was approved.
// To get the history of the Commits that have been associated with a Label, use ListLabelHistory.
string commit_id = 8 [
(buf.validate.field).required = true,
Expand All @@ -71,6 +72,45 @@ message Label {
(buf.validate.field).required = true,
(buf.validate.field).string.uuid = true
];
// The CommitCheckState for the Commit the Label points to.
//
// The CommitCheckStatus will always be disabled, passed, or approved, since Labels will
// never point to pending or rejected Commits.
//
// TODO: Add custom CEL validation to validate the status field is one of DISABLED, PASSED, APPROVED.
CommitCheckState commit_check_state = 10 [(buf.validate.field).required = true];
}

// The state of a Commit's policy checks for a particular Label.
//
// Policy checks are an enterprise-only feature - contact us to learn more!
message CommitCheckState {
// The status of the policy check.
CommitCheckStatus status = 1 [
(buf.validate.field).enum.defined_only = true,
(buf.validate.field).required = true
];
// The time the policy check state was last updated.
//
// If the status is disabled, this will be equal to the Commit create_time.
google.protobuf.Timestamp update_time = 3 [(buf.validate.field).required = true];
}

// A check status for a Commit.
//
// Policy checks are an enterprise-only feature - contact us to learn more!
enum CommitCheckStatus {
COMMIT_CHECK_STATUS_UNSPECIFIED = 0;
// Policy checks were not enabled when the Commit was created.
COMMIT_CHECK_STATUS_DISABLED = 1;
// The Commit did not fail any policy checks and therefore did not need review.
COMMIT_CHECK_STATUS_PASSED = 2;
// The Commit has not yet been reviewed after failing policy checks and is pending.
COMMIT_CHECK_STATUS_PENDING = 3;
// The Commit was reviewed after failing policy checks and was rejected.
COMMIT_CHECK_STATUS_REJECTED = 4;
// The Commit was reviewed after failing policy checks and was approved.
COMMIT_CHECK_STATUS_APPROVED = 5;
}

// LabelRef is a reference to a Label, either an id or a fully-qualified name.
Expand Down
23 changes: 20 additions & 3 deletions buf/registry/module/v1beta1/label_service.proto
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,8 @@ message ListLabelsRequest {
// Once the resource is resolved, the following Labels are listed:
// - If a Module is referenced, all Labels for the Module are returned.
// - If a Label is referenced, this Label is returned.
nicksnyder marked this conversation as resolved.
Show resolved Hide resolved
// - If a Commit is referenced, all Labels for the Commit are returned.
// - If a Commit is referenced, all Labels that currently point to the Commit are returned. Note that
// Labels only point to passed or approved Commits, or Commits where policy checks were disabled.
ResourceRef resource_ref = 3 [(buf.validate.field).required = true];
// The order to return the Labels.
//
Expand All @@ -106,6 +107,15 @@ message ListLabelsRequest {
// TODO: We are purposefully not making the default the zero enum value, however
// we may want to consider this.
Order order = 4 [(buf.validate.field).enum.defined_only = true];
// Only return Labels that point to a Commit with one of these CommitCheckStatus values.
//
// If not set, Labels that point to a Commit with any CommitCheckStatus value are returned.
//
// It is an error to filter on CommitCheckStatuses of pending or rejected, as Labels will only
// point to Commits that are passed or approved, or that have policy checks disabled.
//
// TODO: Add custom CEL validation to validate the status field is one of DISABLED, PASSED, APPROVED.
repeated CommitCheckStatus commit_check_statuses = 5 [(buf.validate.field).repeated.items.enum.defined_only = true];
}

message ListLabelsResponse {
Expand Down Expand Up @@ -157,12 +167,19 @@ message ListLabelHistoryRequest {
}

message ListLabelHistoryResponse {
message Value {
// The Commit.
Commit commit = 1 [(buf.validate.field).required = true];
// The CommitCheckState for this Commit on this Label.
CommitCheckState commit_check_state = 2 [(buf.validate.field).required = true];
}
nicksnyder marked this conversation as resolved.
Show resolved Hide resolved

// The next page token.
//
/// If empty, there are no more pages.
string next_page_token = 1 [(buf.validate.field).string.max_len = 4096];
// The listed Commits that represent the history of the Label.
repeated Commit commits = 2;
// The ordered history of the Label.
repeated Value values = 2;
}

message CreateOrUpdateLabelsRequest {
Expand Down
Loading