Skip to content

buf.lock v1 config file#

If your buf.yaml declares any deps, it should be accompanied by a buf.lock file that contains your module's dependency manifest. This manifest represents a single, reproducible build of your module and should never be hand-edited.

You can create or update a buf.lock file for your module by running the buf dep update command. For example, given this directory layout and buf.lock content for the buf.build/acme/petapis module:

.
├── acme
│   └── pet
│       └── v1
│           └── pet.proto
├── buf.lock
└── buf.yaml
buf.lock
# Generated by buf. DO NOT EDIT.
version: v1
deps:
  - remote: buf.build
    owner: acme
    repository: paymentapis
    commit: 9a877cf260e1488d869a31fce3bea26d
    digest: b4:4af5b88c9a1d9b36421ad84a2cff211fc74995040188dafc1c8508d36406140e40eb0ab82d21e761961e4a71631d4474e3d0608b987ca3d02d5d19012edff21d

Note

This file has a v2 configuration available. See the v2 buf.lock reference and the migration guide for details about the new configuration and migration instructions.

deps#

Each entry in the buf.lock deps key is a module pin, which uniquely represents a specific snapshot of the given module (buf.build/acme/paymentapis:9a877cf260e1488d869a31fce3bea26d in this case), protected with a cryptographic digest of all of the files in it (see how we protect dependencies against tampering). With this, the local snapshot of the buf.build/acme/petapis module and all of its dependencies are uniquely represented, reproducible, and protected against tampering.