support pushing draft commit to BSR when draft param is true (#21)

.github/workflows/ci.yaml

@@ -30,4 +30,13 @@ jobs:
           input: path/to/input
         env:
           WANT_BUF_TOKEN: fake-buf-token
-          WANT_ARGS: push --tag ${{ github.sha }} path/to/input
+          WANT_ARGS: push path/to/input --tag ${{ github.sha }}
+      - name: run action with draft
+        uses: ./
+        with:
+          buf_token: fake-buf-token
+          input: path/to/input
+          draft: true
+        env:
+          WANT_BUF_TOKEN: fake-buf-token
+          WANT_ARGS: push path/to/input --draft ${{ github.ref_name }}

README.md

@@ -22,10 +22,13 @@ jobs:
     - uses: bufbuild/buf-push-action@v1
       with:
         buf_token: ${{ secrets.BUF_TOKEN }}
+        draft: ${{ github.ref_name != 'main'}}
 ```
 
-With this configuration, the `buf` CLI pushes the [configured module][buf-yaml] to the BSR upon
-merge using a Buf API token to authenticate with the [Buf Schema Registry][bsr] (BSR).
+With this configuration, upon a pull request [opened, synchronize, or reopened][github-workflow]
+the `buf` CLI pushes the [configured module][buf-yaml] to the BSR using the provided to
+authenticate the request. When the triggering branch is not `main`, the commit will be pushed
+as a [draft][buf-draft].
 
 For instructions on creating a BSR API token, see our [official docs][bsr-token]. Once you've
 created a an API token, you need to create an encrypted [Github Secret][github-secret] for it. In
@@ -38,10 +41,11 @@ We recommend using [`buf-setup-action`][buf-setup] to install it (as in the exam
 
 ## Configuration
 
-Parameter | Description | Required | Default
-:---------|:------------|:---------|:-------
-`buf_token` | The [Buf authentication token][buf-token] used for private [Buf inputs][input] | ✅  | [`${{github.token}}`][github-token]
-`input` | The path of the [input] you want to push to BSR as a module | | `.`
+| Parameter   | Description                                                                      | Required | Default                             |
+|:------------|:---------------------------------------------------------------------------------|:---------|:------------------------------------|
+| `buf_token` | The [Buf authentication token][buf-token] used for private [Buf inputs][input]   | ✅        | [`${{github.token}}`][github-token] |
+| `input`     | The path of the [input] you want to push to BSR as a module                      |          | `.`                                 |
+| `draft`     | Indicates if the workflows should push to the BSR as a [draft][buf-draft] commit |          |                                     |
 
 > These parameters are derived from [`action.yml`](./action.yml).
 
@@ -156,12 +160,14 @@ jobs:
 [bsr]: https://docs.buf.build/bsr
 [bsr-token]: https://docs.buf.build/bsr/authentication
 [buf-breaking]: https://github.com/marketplace/actions/buf-breaking
+[buf-draft]: https://docs.buf.build/bsr/overview#referencing-a-module
 [buf-lint]: https://github.com/marketplace/actions/buf-lint
 [buf-setup]: https://github.com/marketplace/actions/buf-setup
 [buf-token]: https://docs.buf.build/bsr/authentication#create-an-api-token
 [buf-yaml]: https://docs.buf.build/configuration/v1/buf-yaml
 [github-secret]: https://docs.github.com/en/actions/reference/encrypted-secrets
 [github-token]: https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
+[github-workflow]: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request
 [input]: https://docs.buf.build/reference/inputs
 [lint]: https://docs.buf.build/lint
 [modules]: https://docs.buf.build/bsr/overview#module

action.yml

@@ -12,11 +12,15 @@ inputs:
     description: The Input path.
     default: '.'
     required: false
+  draft:
+    description: The identifier of pushing to the BSR as a draft commit, when set to 'true' the action will push the module as draft with the branch name as draft name.
+    required: false
 runs:
   using: composite
   steps:
     - name: push
       shell: bash
       env:
         BUF_TOKEN: ${{ inputs.buf_token }}
+        DRAFT: ${{ inputs.draft }}
       run: $GITHUB_ACTION_PATH/push.bash ${{ inputs.input }}

push.bash

@@ -21,6 +21,14 @@ if [ -z "${GITHUB_SHA}" ]; then
   fail "the commit was not provided"
 fi
 
+if [ -z "${GITHUB_REF_NAME}" ]; then
+  fail "the commit ref was not provided"
+fi
+
+if [ -z "${GITHUB_REF_TYPE}" ]; then
+  fail "the commit ref type was not provided"
+fi
+
 if [ -z "${BUF_TOKEN}" ]; then
   fail "a buf authentication token was not provided"
 fi
@@ -33,4 +41,23 @@ if [ -z "$BUF_COMMAND" ]; then
   fail "$NOT_INSTALLED_MESSAGE"
 fi
 
-BUF_TOKEN="${BUF_TOKEN}" "${BUF_COMMAND}" push --tag "${GITHUB_SHA}" "${BUF_INPUT}"
+if [ "${GITHUB_REF_TYPE}" != "branch" ]; then
+  echo "reference type is not branch, skipping" >&2
+  exit 0
+fi
+
+BUF_ARGS=("--tag" "${GITHUB_SHA}")
+if [ "${DRAFT}" == "true" ]; then
+  # Check that --draft is supported by running "buf push --draft example --help"
+  # and checking for "unknown flag: --draft" in the output.
+  set +e
+  BUF_HELP_OUTPUT="$("${BUF_COMMAND}" push --draft example --help 2>&1)"
+  set -e
+  if [[ "${BUF_HELP_OUTPUT}" == *"unknown flag: --draft"* ]]; then
+    fail "The installed version of buf does not support setting the draft. Please use buf v1.7.0 or newer."
+  fi
+
+  BUF_ARGS=("--draft" "${GITHUB_REF_NAME}")
+fi
+
+BUF_TOKEN="${BUF_TOKEN}" "${BUF_COMMAND}" "push" "${BUF_INPUT}" "${BUF_ARGS[@]}"

test/test.bash

@@ -13,11 +13,11 @@ PATH="${DIR}/tmp/test/bin:$PATH"
 cp test/buf.bash tmp/test/bin/buf
 chmod +x tmp/test/bin/buf
 
-# prevent the GITHUB_SHA set by actions from being used in test
-unset GITHUB_SHA
+# prevent the GITHUB_SHA, GITHUB_REF_NAME and GITHUB_REF_TYPE set by actions from being used in test
+unset GITHUB_SHA GITHUB_REF_NAME GITHUB_REF_TYPE
 
 test_push() {
-  export GITHUB_SHA BUF_TOKEN WANT_BUF_TOKEN WANT_ARGS
+  export GITHUB_SHA GITHUB_REF_NAME GITHUB_REF_TYPE BUF_TOKEN DRAFT WANT_BUF_TOKEN WANT_ARGS
   set +e
   ./push.bash "$@" > tmp/test/stdout 2> tmp/test/stderr
   GOT_EXIT_CODE="${?}"
@@ -39,14 +39,44 @@ test_push() {
     fi
   fi
   rm -f tmp/test/stdout tmp/test/stderr
-  unset GITHUB_SHA BUF_TOKEN WANT_BUF_TOKEN WANT_ARGS
+  unset GITHUB_SHA GITHUB_REF_NAME GITHUB_REF_TYPE BUF_TOKEN WANT_BUF_TOKEN WANT_ARGS
 }
 
 echo "testing happy path"
 GITHUB_SHA=fake-sha
+GITHUB_REF_NAME=main
+GITHUB_REF_TYPE=branch
 BUF_TOKEN=fake-token
 WANT_BUF_TOKEN=fake-token
-WANT_ARGS="push --tag fake-sha some/input/path"
+WANT_ARGS="push some/input/path --tag fake-sha"
+WANT_STDOUT="::add-mask::fake-token"
+WANT_STDERR=""
+WANT_EXIT_CODE=0
+test_push some/input/path
+echo "ok"
+
+echo "testing happy path draft"
+GITHUB_SHA=fake-sha
+GITHUB_REF_NAME=fake-ref
+GITHUB_REF_TYPE=branch
+BUF_TOKEN=fake-token
+DRAFT=true
+WANT_BUF_TOKEN=fake-token
+WANT_ARGS="push some/input/path --draft fake-ref"
+WANT_STDOUT="::add-mask::fake-token"
+WANT_STDERR=""
+WANT_EXIT_CODE=0
+test_push some/input/path
+echo "ok"
+
+echo "testing happy path draft on main branch"
+GITHUB_SHA=fake-sha
+GITHUB_REF_NAME=main
+GITHUB_REF_TYPE=branch
+BUF_TOKEN=fake-token
+DRAFT=true
+WANT_BUF_TOKEN=fake-token
+WANT_ARGS="push some/input/path --draft main" # we don't handle this within the action, but this should fail in the server side
 WANT_STDOUT="::add-mask::fake-token"
 WANT_STDERR=""
 WANT_EXIT_CODE=0
@@ -55,6 +85,8 @@ echo "ok"
 
 echo "testing no input"
 GITHUB_SHA=fake-sha
+GITHUB_REF_NAME=main
+GITHUB_REF_TYPE=branch
 BUF_TOKEN=fake-token
 WANT_STDOUT=""
 WANT_STDERR="Usage: ./push.bash <input>"
@@ -73,6 +105,8 @@ echo "ok"
 
 echo "testing no BUF_TOKEN"
 GITHUB_SHA=fake-sha
+GITHUB_REF_NAME=main
+GITHUB_REF_TYPE=branch
 WANT_STDOUT='::add-mask::
 ::error::a buf authentication token was not provided'
 WANT_STDERR=""