diff --git a/.github/actions/bazel-command/action.yml b/.github/actions/bazel-command/action.yml
index 19a7365..f1bce85 100644
--- a/.github/actions/bazel-command/action.yml
+++ b/.github/actions/bazel-command/action.yml
@@ -28,6 +28,9 @@ runs:
       with:
         separator: +
 
+    - run: buf generate
+      shell: bash
+
     - id: bazel-rdeps-query
       if: ${{ inputs.affected_targets_only}}
       shell: bash
diff --git a/.github/workflows/buf.yml b/.github/workflows/buf.yml
index d1220c8..d91ca03 100644
--- a/.github/workflows/buf.yml
+++ b/.github/workflows/buf.yml
@@ -6,6 +6,7 @@ on:
   workflow_call:
     inputs:
       detect_breaking_changes:
+        description: Whether to check for breaking changes to protos
         type: boolean
         default: false
         required: false
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 391a478..62e13c7 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -6,6 +6,7 @@ on:
   workflow_call:
     inputs:
       affected_targets_only:
+        description: Whether to limit checks to targets affected by modified files
         type: boolean
         default: false
         required: false
diff --git a/.github/workflows/buildifier.yml b/.github/workflows/buildifier.yml
index 61bf9ee..02e2d2b 100644
--- a/.github/workflows/buildifier.yml
+++ b/.github/workflows/buildifier.yml
@@ -6,6 +6,7 @@ on:
   workflow_call:
     inputs:
       changed_files_only:
+        description: Whether to limit checks to modified files
         type: boolean
         default: false
         required: false
@@ -48,6 +49,7 @@ jobs:
           fi
           if [[ "$fileset" != "" ]]; then
             echo "Executing buildifier on: $fileset"
+            # shellcheck disable=SC2086
             buildifier -mode=check -lint=warn $fileset
           else
             echo "Skipping buildifier; no files to check"
diff --git a/.github/workflows/check-pr.yml b/.github/workflows/check-pr.yml
index 2ad4163..06b2c25 100644
--- a/.github/workflows/check-pr.yml
+++ b/.github/workflows/check-pr.yml
@@ -1,31 +1,31 @@
 name: Check PR
 
 on:
-  pull_request:
-    branches: [main]
+ pull_request:
+   branches: [main]
 
 jobs:
-  buildifier:
-    uses: ./.github/workflows/buildifier.yml
-    with:
-      changed_files_only: true
-  buf:
-    uses: ./.github/workflows/buf.yml
-    with:
-      detect_breaking_changes: true
-  super-linter:
-    uses: ./.github/workflows/lint.yml
-    with:
-      changed_files_only: true
-  build:
-    uses: ./.github/workflows/build.yml
-    with:
-      affected_targets_only: true
-  test:
-    needs: [build]
-    uses: ./.github/workflows/test.yml
-    with:
-      affected_targets_only: true
-  tilt:
-    needs: [build]
-    uses: ./.github/workflows/tilt.yml
+ buildifier:
+   uses: ./.github/workflows/buildifier.yml
+   with:
+     changed_files_only: true
+ buf:
+   uses: ./.github/workflows/buf.yml
+   with:
+     detect_breaking_changes: true
+ super-linter:
+   uses: ./.github/workflows/lint.yml
+   with:
+     changed_files_only: true
+ build:
+   uses: ./.github/workflows/build.yml
+   with:
+     affected_targets_only: true
+ test:
+   needs: [build]
+   uses: ./.github/workflows/test.yml
+   with:
+     affected_targets_only: true
+ tilt:
+   needs: [build]
+   uses: ./.github/workflows/tilt.yml
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index eb21803..a026065 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -1,5 +1,5 @@
 # This workflow executes several linters on changed files based on languages used in your code base whenever
-# you push a code or open a pull request.
+# you push code or open a pull request.
 #
 # You can adjust the behavior by modifying this file.
 # For more information, see:
@@ -12,6 +12,7 @@ on:
   workflow_call:
     inputs:
       changed_files_only:
+        description: Whether to limit checks to modified files
         type: boolean
         default: false
         required: false
@@ -25,11 +26,20 @@ jobs:
           # Full git history is needed to get a proper list of changed files within `super-linter`
           fetch-depth: 0
 
+      - name: Set up Buf
+        uses: bufbuild/buf-setup-action@v0.6.0
+        with:
+          version: 1.0.0-rc12
+
+      - name: Generate Protos
+        run: buf generate
+        shell: bash
+
       - name: Lint Code
-        uses: github/super-linter/slim@v4
+        uses: github/super-linter/slim@latest
         env:
           VALIDATE_ALL_CODEBASE: ${{ !inputs.changed_files_only }}
           DEFAULT_BRANCH: main
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          # TODO: Reenable github actions validation after https://github.com/rhysd/actionlint/pull/115
-          VALIDATE_GITHUB_ACTIONS: false
+          # TODO: Figure out why golangci-lint doesn't see the generated protos
+          VALIDATE_GO: false
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 9513fdc..3eeb934 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -6,6 +6,7 @@ on:
   workflow_call:
     inputs:
       affected_targets_only:
+        description: Whether to limit checks to targets affected by modified files
         type: boolean
         default: false
         required: false