ci(workflows): update GitHub Actions for proto definitions management

.github/workflows/protos.yml

@@ -1,74 +1,65 @@
-name: Overwrite Proto Directory
+name: Update Permify Proto Definitions
 
 on:
   push:
     branches: [ "main" ]
-  workflow_dispatch:  # Allows manual trigger from GitHub UI
+  workflow_dispatch:
 
 permissions:
-  contents: read
+  contents: write
+  pull-requests: write
 
 jobs:
-  copy-proto:
-    permissions:
-      contents: write  # Required for pushing changes back to the repository
+  update-protos:
+    name: Update Proto Definitions
+    timeout-minutes: 10
     runs-on: ubuntu-latest
 
     steps:
-    # Security hardening for GitHub Actions runner
-    - name: Harden Runner
-      uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
-      with:
-        egress-policy: audit
+       # Security hardening for GitHub Actions runner
+       - name: Harden Runner
+         uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+         with:
+           egress-policy: audit
 
-    # Checkout the current repository
-    - name: Checkout Repository
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+       # Checkout the current repository
+       - name: Checkout Repository
+         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
-    # Clone Permify repo and copy proto files to our repo
-    - name: Copy Proto Files from Permify
-      run: |
-        git clone --depth=1 https://github.com/Permify/permify.git temp_dir
-        rm -rf proto
-        mkdir -p proto
-        cp -r temp_dir/proto/* proto
-        rm -rf temp_dir
+       # Setup Buf CLI - will pull proto from buf.build/permifyco/permify
+       - name: Setup Buf
+         uses: bufbuild/buf-action@v1
+         with:
+           setup_only: true
+           github_token: ${{ secrets.GITHUB_TOKEN }}
 
-    # Setup Node.js and install dependencies (including ts-proto)
-    - name: Setup Node.js
-      uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
-      with:
-        node-version: '18'
-        cache: 'npm'
+       # Generate TypeScript code from Buf Schema Registry
+       - name: Generate Code with Buf
+         run: buf generate
 
-    - name: Install Dependencies
-      run: npm ci
+       # Check if there are any changes
+       - name: Check for changes
+         id: verify-changes
+         run: |
+           if git diff --quiet; then
+             echo "has_changes=false" >> $GITHUB_OUTPUT
+             echo "No changes detected"
+           else
+             echo "has_changes=true" >> $GITHUB_OUTPUT
+             echo "Changes detected, will create PR"
+           fi
 
-    # Install Buf CLI using official action
-    - name: Setup Buf
-      uses: bufbuild/buf-action@v1
-      with:
-        setup_only: true
-
-    # Generate TypeScript code from proto files
-    - name: Generate Code with Buf
-      run: buf generate
-
-    # Commit generated files if there are any changes
-    - name: Add and Commit Changes
-      run: |
-        git config --global user.name 'GitHub Actions Bot'
-        git config --global user.email '<>'
-        git add src/grpc/generated proto/ package-lock.json
-        if git diff-index --quiet HEAD; then
-          echo "No changes to commit"
-        else
-          git commit -m "Update generated sdk directory with latest changes"
-        fi
-
-    # Push changes back to main branch
-    - name: Push Changes
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      run: |
-        git push origin main
+       # Create Pull Request only if there are changes
+       - name: Create Pull Request
+         if: steps.verify-changes.outputs.has_changes == 'true'
+         uses: peter-evans/create-pull-request@v7.0.8
+         with:
+           token: ${{ secrets.GITHUB_TOKEN }}
+           commit-message: "chore(proto): update generated SDK with latest Permify definitions"
+           title: "chore(proto): update generated SDK with latest Permify definitions"
+           branch: proto-update/permify-latest
+           delete-branch: true
+           base: main
+           labels: |
+             dependencies
+             automated

buf.gen.yaml

@@ -1,6 +1,12 @@
-version: "v1"
+version: v2
+managed:
+  enabled: true
+inputs:
+  - module: buf.build/permifyco/permify
 plugins:
-  - name: ts-proto
-    out: "src/grpc/generated"
-    opt: oneof=unions,forceLong=long,esModuleInterop=true,env=node,outputServices=nice-grpc,outputServices=generic-definitions,useExactTypes=false
-    path: node_modules/.bin/protoc-gen-ts_proto
+  - remote: buf.build/community/timostamm-protobuf-ts:v2.9.1
+    out: src/grpc/generated
+    opt:
+      - long_type_string
+      - client_grpc1
+      - generate_dependencies

package.json

@@ -10,7 +10,8 @@
     "run-instance": "scripts/run-instance.sh",
     "run-test": "ts-node node_modules/jasmine/bin/jasmine --config=jasmine.json",
     "lint": "eslint \"src/**/*.ts\"",
-    "build": "rm -rf ./dist && npx tsc"
+    "build": "rm -rf ./dist && npx tsc",
+    "buf:generate": "buf generate"
   },
   "keywords": [
     "permissions",