Skip to main content

buf.lock

If your buf.yaml declares any deps, it will be accompanied by a buf.lock file that contains your module's dependency manifest. This manifest represents a single, reproducible build of your module.

You can create or update a buf.lock file for your module by running the buf mod update command. For example, suppose that we have the following directory layout and buf.lock content for the buf.build/acme/petapis module:

.├── acme│   └── pet│       └── v1│           └── pet.proto├── buf.lock└── buf.yaml
buf.lock
# Generated by buf. DO NOT EDIT.version: v1deps:  - remote: buf.build    owner: acme    repository: paymentapis    branch: main    commit: 42abe5cfeb904508839378050d95ab13    digest: b1-adftuIW3X3VYL65FfLiqkmW_DIDUuqRbyuxOSmscA4B=    create_time: 2021-06-02T10:28:18.283761Z

deps#

Each entry in the buf.lock deps key is a module pin, which uniquely represents a specific snapshot of the given module (buf.build/acme/paymentapis:5173e5cfeb904508839378050d95e1de in this case). With this, the local snapshot of the buf.build/acme/petapis module and all of its dependencies are uniquely represented and reproducible.

Push and update modules#

You can then publish and share this particular snapshot with your consumers and/or collaborators by pushing it to the BSR with the following command:

$ buf push

With this, modules that depend on buf.build/acme/petapis will be able to run buf mod update and notice a new module pin in their buf.lock! For example, we can update the content found in this module's buf.lock by running the following:

# Generated by buf. DO NOT EDIT.version: v1deps:  - remote: buf.build    owner: acme    repository: paymentapis    branch: main    commit: 5173e5cfeb904508839378050d95e1de    digest: b1-tteutIW3X3VYL65FfLiqkmW_DIDUuqRbyuxOSmscB5Q=    create_time: 2021-06-03T17:53:54.361543Z

For more on updating dependencies and pushing modules, please refer to the Iterate on Modules guide.