From 2addf12bbde4fe68cb6dd3fa99c66a949c276554 Mon Sep 17 00:00:00 2001
From: Siew Kam Onn <kosiew@gmail.com>
Date: Wed, 29 Apr 2026 20:20:44 +0800
Subject: [PATCH 1/2] feat: update breaking_changes_detector.yml to install
 protobuf-compiler and improve artifact handling

- Install protobuf-compiler before cargo-semver-checks in the check-semver job.
- Store semver results, PR number, and logs in an artifact instead of commenting directly on the PR.
- Change artifact handoff to default to success only for the "no changed crates" case.
- Add breaking_changes_comment.yml to manage PR comments based on workflow_run triggers.
- Ensure comment workflow is gated to successful upstream runs, preventing comments on cancelled or failed detector runs.
---
 .../workflows/breaking_changes_comment.yml    | 60 +++++++++++++++++++
 .../workflows/breaking_changes_detector.yml   | 58 +++++++++---------
 2 files changed, 91 insertions(+), 27 deletions(-)
 create mode 100644 .github/workflows/breaking_changes_comment.yml

diff --git a/.github/workflows/breaking_changes_comment.yml b/.github/workflows/breaking_changes_comment.yml
new file mode 100644
index 0000000000000..76cec8ed79d21
--- /dev/null
+++ b/.github/workflows/breaking_changes_comment.yml
@@ -0,0 +1,60 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+name: "Detect breaking changes (post comment)"
+
+on:
+  workflow_run:
+    workflows:
+      - "Detect breaking changes"
+    types:
+      - completed
+
+permissions:
+  actions: read
+  contents: read
+  pull-requests: write
+
+jobs:
+  comment-on-pr:
+    name: Comment on pull request
+    runs-on: ubuntu-latest
+    if: github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
+        with:
+          sparse-checkout: ci/scripts
+
+      - name: Download semver result
+        uses: actions/download-artifact@v4
+        with:
+          name: semver-result
+          github-token: ${{ github.token }}
+          run-id: ${{ github.event.workflow_run.id }}
+          path: ${{ runner.temp }}/semver-result
+
+      - name: Update PR comment
+        env:
+          GH_TOKEN: ${{ github.token }}
+          REPO: ${{ github.repository }}
+        run: |
+          PR_NUMBER=$(cat "$RUNNER_TEMP/semver-result/pr_number.txt")
+          CHECK_RESULT=$(cat "$RUNNER_TEMP/semver-result/result.txt")
+          SEMVER_LOGS=$(cat "$RUNNER_TEMP/semver-result/logs.txt")
+          ci/scripts/changed_crates.sh comment \
+            "$REPO" "$PR_NUMBER" "$CHECK_RESULT" "$SEMVER_LOGS"
diff --git a/.github/workflows/breaking_changes_detector.yml b/.github/workflows/breaking_changes_detector.yml
index 03a32be519a08..2179f0c2e5073 100644
--- a/.github/workflows/breaking_changes_detector.yml
+++ b/.github/workflows/breaking_changes_detector.yml
@@ -37,11 +37,6 @@ jobs:
   check-semver:
     name: Check semver
     runs-on: ubuntu-latest
-    outputs:
-      logs: ${{ steps.check_semver.outputs.logs }}
-      # Default to "success" so the comment job clears any stale comment
-      # when the check step is skipped (e.g. no published crates changed).
-      result: ${{ steps.check_semver.outputs.result || 'success' }}
     steps:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
@@ -66,6 +61,12 @@ jobs:
           echo "packages=$PACKAGES" >> "$GITHUB_OUTPUT"
           echo "Changed crates: $PACKAGES"
 
+      - name: Install protoc
+        if: steps.changed_crates.outputs.packages != ''
+        run: |
+          sudo apt-get update -qq
+          sudo apt-get install -y protobuf-compiler
+
       - name: Install cargo-semver-checks
         if: steps.changed_crates.outputs.packages != ''
         uses: taiki-e/install-action@94cb46f8d6e437890146ffbd78a778b78e623fb2  # v2.74.0
@@ -99,28 +100,31 @@ jobs:
             echo "result=failure" >> "$GITHUB_OUTPUT"
           fi
 
-  # Post or remove a sticky comment on the PR based on the semver check result.
-  comment-on-pr:
-    name: Comment on pull request
-    runs-on: ubuntu-latest
-    needs: check-semver
-    if: always()
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
-        with:
-          sparse-checkout: ci/scripts
-
-      - name: Update PR comment
+      - name: Save semver result for comment workflow
+        if: always()
         env:
-          GH_TOKEN: ${{ github.token }}
-          REPO: ${{ github.repository }}
+          CHANGED_PACKAGES: ${{ steps.changed_crates.outputs.packages }}
+          STEP_RESULT: ${{ steps.check_semver.outputs.result }}
           PR_NUMBER: ${{ github.event.pull_request.number }}
-          CHECK_RESULT: ${{ needs.check-semver.outputs.result }}
-          SEMVER_LOGS: ${{ needs.check-semver.outputs.logs }}
+          SEMVER_LOGS: ${{ steps.check_semver.outputs.logs }}
         run: |
-          ci/scripts/changed_crates.sh comment \
-            "$REPO" "$PR_NUMBER" "$CHECK_RESULT" "$SEMVER_LOGS"
+          if [ -n "$STEP_RESULT" ]; then
+            CHECK_RESULT="$STEP_RESULT"
+          elif [ -z "$CHANGED_PACKAGES" ]; then
+            CHECK_RESULT="success"
+          else
+            CHECK_RESULT="error"
+          fi
+
+          mkdir -p "$RUNNER_TEMP/semver-result"
+          printf '%s\n' "$CHECK_RESULT" > "$RUNNER_TEMP/semver-result/result.txt"
+          printf '%s\n' "$PR_NUMBER" > "$RUNNER_TEMP/semver-result/pr_number.txt"
+          printf '%s' "$SEMVER_LOGS" > "$RUNNER_TEMP/semver-result/logs.txt"
+
+      - name: Upload semver result artifact
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: semver-result
+          path: ${{ runner.temp }}/semver-result/
+          retention-days: 1

From 90df1f4f3029ff10907d9e6a07635435f31a28b7 Mon Sep 17 00:00:00 2001
From: Siew Kam Onn <kosiew@gmail.com>
Date: Wed, 29 Apr 2026 20:42:58 +0800
Subject: [PATCH 2/2] feat: update workflows for breaking changes detection

- Update `.github/workflows/breaking_changes_comment.yml` to derive `PR_NUMBER` from `github.event.workflow_run.pull_requests[0].number` and remove reliance on `pr_number.txt`. Added validation for `CHECK_RESULT` to ensure it is one of `success`, `failure`, or `error`.
- Modify `.github/workflows/breaking_changes_detector.yml` to stop writing `pr_number.txt` into the artifact.
---
 .github/workflows/breaking_changes_comment.yml  | 15 ++++++++++++++-
 .github/workflows/breaking_changes_detector.yml |  2 --
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/breaking_changes_comment.yml b/.github/workflows/breaking_changes_comment.yml
index 76cec8ed79d21..8e59636493df3 100644
--- a/.github/workflows/breaking_changes_comment.yml
+++ b/.github/workflows/breaking_changes_comment.yml
@@ -52,9 +52,22 @@ jobs:
         env:
           GH_TOKEN: ${{ github.token }}
           REPO: ${{ github.repository }}
+          PR_NUMBER: ${{ github.event.workflow_run.pull_requests[0].number }}
         run: |
-          PR_NUMBER=$(cat "$RUNNER_TEMP/semver-result/pr_number.txt")
+          if [ -z "$PR_NUMBER" ]; then
+            echo "No pull request associated with workflow_run; skipping comment update"
+            exit 0
+          fi
+
           CHECK_RESULT=$(cat "$RUNNER_TEMP/semver-result/result.txt")
+          case "$CHECK_RESULT" in
+            success|failure|error) ;;
+            *)
+              echo "Unexpected semver result '$CHECK_RESULT'"
+              exit 1
+              ;;
+          esac
+
           SEMVER_LOGS=$(cat "$RUNNER_TEMP/semver-result/logs.txt")
           ci/scripts/changed_crates.sh comment \
             "$REPO" "$PR_NUMBER" "$CHECK_RESULT" "$SEMVER_LOGS"
diff --git a/.github/workflows/breaking_changes_detector.yml b/.github/workflows/breaking_changes_detector.yml
index 2179f0c2e5073..4fd0177ccc707 100644
--- a/.github/workflows/breaking_changes_detector.yml
+++ b/.github/workflows/breaking_changes_detector.yml
@@ -105,7 +105,6 @@ jobs:
         env:
           CHANGED_PACKAGES: ${{ steps.changed_crates.outputs.packages }}
           STEP_RESULT: ${{ steps.check_semver.outputs.result }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
           SEMVER_LOGS: ${{ steps.check_semver.outputs.logs }}
         run: |
           if [ -n "$STEP_RESULT" ]; then
@@ -118,7 +117,6 @@ jobs:
 
           mkdir -p "$RUNNER_TEMP/semver-result"
           printf '%s\n' "$CHECK_RESULT" > "$RUNNER_TEMP/semver-result/result.txt"
-          printf '%s\n' "$PR_NUMBER" > "$RUNNER_TEMP/semver-result/pr_number.txt"
           printf '%s' "$SEMVER_LOGS" > "$RUNNER_TEMP/semver-result/logs.txt"
 
       - name: Upload semver result artifact