Avoid pruning unused dependencies for buf dep update
#2966
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When running
buf mod update
, we want to include in thebuf.lock
depsthat have been configured in
buf.yaml
and may not be used yet. This is tosupport workflows where a user can configure a dependency and
buf dep update
before they use the newly configured dep in their proto definitions.
Prune
does the following things right now:buf.lock
buf.yaml
that are present inbuf.lock
The first step is necessary for
buf dep update
for tamper-proofing and validatingthe build. However, the latter two steps are unnecessary -- we want to keep
unused dependencies and their transitive dependencies, and since
dep update
gets the dependencies from
buf.yaml
and writes them intobuf.lock
, therewill not be dependencies present not from the
buf.yaml
, so that step is ano-op.
So instead of running
Prune
, we validate the build after the logic fordep udpate
and we log out the unused dependencies as a warning to the users (but we do not
remove them).