diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 5563a03..5844eaa 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -30,4 +30,13 @@ jobs: input: path/to/input env: WANT_BUF_TOKEN: fake-buf-token - WANT_ARGS: push --tag ${{ github.sha }} path/to/input + WANT_ARGS: push path/to/input --tag ${{ github.sha }} + - name: run action with draft + uses: ./ + with: + buf_token: fake-buf-token + input: path/to/input + draft: true + env: + WANT_BUF_TOKEN: fake-buf-token + WANT_ARGS: push path/to/input --draft ${{ github.ref_name }} diff --git a/README.md b/README.md index 5ec9ac3..5cac6ec 100644 --- a/README.md +++ b/README.md @@ -22,10 +22,13 @@ jobs: - uses: bufbuild/buf-push-action@v1 with: buf_token: ${{ secrets.BUF_TOKEN }} + draft: ${{ github.ref_name != 'main'}} ``` -With this configuration, the `buf` CLI pushes the [configured module][buf-yaml] to the BSR upon -merge using a Buf API token to authenticate with the [Buf Schema Registry][bsr] (BSR). +With this configuration, upon a pull request [opened, synchronize, or reopened][github-workflow] +the `buf` CLI pushes the [configured module][buf-yaml] to the BSR using the provided to +authenticate the request. When the triggering branch is not `main`, the commit will be pushed +as a [draft][buf-draft]. For instructions on creating a BSR API token, see our [official docs][bsr-token]. Once you've created a an API token, you need to create an encrypted [Github Secret][github-secret] for it. In @@ -38,10 +41,11 @@ We recommend using [`buf-setup-action`][buf-setup] to install it (as in the exam ## Configuration -Parameter | Description | Required | Default -:---------|:------------|:---------|:------- -`buf_token` | The [Buf authentication token][buf-token] used for private [Buf inputs][input] | ✅ | [`${{github.token}}`][github-token] -`input` | The path of the [input] you want to push to BSR as a module | | `.` +| Parameter | Description | Required | Default | +|:------------|:---------------------------------------------------------------------------------|:---------|:------------------------------------| +| `buf_token` | The [Buf authentication token][buf-token] used for private [Buf inputs][input] | ✅ | [`${{github.token}}`][github-token] | +| `input` | The path of the [input] you want to push to BSR as a module | | `.` | +| `draft` | Indicates if the workflows should push to the BSR as a [draft][buf-draft] commit | | | > These parameters are derived from [`action.yml`](./action.yml). @@ -114,12 +118,14 @@ jobs: [bsr]: https://docs.buf.build/bsr [bsr-token]: https://docs.buf.build/bsr/authentication [buf-breaking]: https://github.com/marketplace/actions/buf-breaking +[buf-draft]: https://docs.buf.build/bsr/overview#referencing-a-module [buf-lint]: https://github.com/marketplace/actions/buf-lint [buf-setup]: https://github.com/marketplace/actions/buf-setup [buf-token]: https://docs.buf.build/bsr/authentication#create-an-api-token [buf-yaml]: https://docs.buf.build/configuration/v1/buf-yaml [github-secret]: https://docs.github.com/en/actions/reference/encrypted-secrets [github-token]: https://docs.github.com/en/actions/learn-github-actions/contexts#github-context +[github-workflow]: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request [input]: https://docs.buf.build/reference/inputs [lint]: https://docs.buf.build/lint [modules]: https://docs.buf.build/bsr/overview#module diff --git a/action.yml b/action.yml index f22d47d..4500dc7 100644 --- a/action.yml +++ b/action.yml @@ -12,6 +12,9 @@ inputs: description: The Input path. default: '.' required: false + draft: + description: The identifier of pushing to the BSR as a draft commit, when set to 'true' the action will push the module as draft with the branch name as draft name. + required: false runs: using: composite steps: @@ -19,4 +22,5 @@ runs: shell: bash env: BUF_TOKEN: ${{ inputs.buf_token }} + DRAFT: ${{ inputs.draft }} run: $GITHUB_ACTION_PATH/push.bash ${{ inputs.input }} diff --git a/push.bash b/push.bash index 18e810f..6f68da7 100755 --- a/push.bash +++ b/push.bash @@ -21,6 +21,14 @@ if [ -z "${GITHUB_SHA}" ]; then fail "the commit was not provided" fi +if [ -z "${GITHUB_REF_NAME}" ]; then + fail "the commit ref was not provided" +fi + +if [ -z "${GITHUB_REF_TYPE}" ]; then + fail "the commit ref type was not provided" +fi + if [ -z "${BUF_TOKEN}" ]; then fail "a buf authentication token was not provided" fi @@ -33,4 +41,23 @@ if [ -z "$BUF_COMMAND" ]; then fail "$NOT_INSTALLED_MESSAGE" fi -BUF_TOKEN="${BUF_TOKEN}" "${BUF_COMMAND}" push --tag "${GITHUB_SHA}" "${BUF_INPUT}" +if [ "${GITHUB_REF_TYPE}" != "branch" ]; then + echo "reference type is not branch, skipping" >&2 + exit 0 +fi + +BUF_ARGS=("--tag" "${GITHUB_SHA}") +if [ "${DRAFT}" == "true" ]; then + # Check that --draft is supported by running "buf push --draft example --help" + # and checking for "unknown flag: --draft" in the output. + set +e + BUF_HELP_OUTPUT="$("${BUF_COMMAND}" push --draft example --help 2>&1)" + set -e + if [[ "${BUF_HELP_OUTPUT}" == *"unknown flag: --draft"* ]]; then + fail "The installed version of buf does not support setting the draft. Please use buf v1.7.0 or newer." + fi + + BUF_ARGS=("--draft" "${GITHUB_REF_NAME}") +fi + +BUF_TOKEN="${BUF_TOKEN}" "${BUF_COMMAND}" "push" "${BUF_INPUT}" "${BUF_ARGS[@]}" diff --git a/test/test.bash b/test/test.bash index c3decac..d7c0360 100755 --- a/test/test.bash +++ b/test/test.bash @@ -13,11 +13,11 @@ PATH="${DIR}/tmp/test/bin:$PATH" cp test/buf.bash tmp/test/bin/buf chmod +x tmp/test/bin/buf -# prevent the GITHUB_SHA set by actions from being used in test -unset GITHUB_SHA +# prevent the GITHUB_SHA, GITHUB_REF_NAME and GITHUB_REF_TYPE set by actions from being used in test +unset GITHUB_SHA GITHUB_REF_NAME GITHUB_REF_TYPE test_push() { - export GITHUB_SHA BUF_TOKEN WANT_BUF_TOKEN WANT_ARGS + export GITHUB_SHA GITHUB_REF_NAME GITHUB_REF_TYPE BUF_TOKEN DRAFT WANT_BUF_TOKEN WANT_ARGS set +e ./push.bash "$@" > tmp/test/stdout 2> tmp/test/stderr GOT_EXIT_CODE="${?}" @@ -39,14 +39,44 @@ test_push() { fi fi rm -f tmp/test/stdout tmp/test/stderr - unset GITHUB_SHA BUF_TOKEN WANT_BUF_TOKEN WANT_ARGS + unset GITHUB_SHA GITHUB_REF_NAME GITHUB_REF_TYPE BUF_TOKEN WANT_BUF_TOKEN WANT_ARGS } echo "testing happy path" GITHUB_SHA=fake-sha +GITHUB_REF_NAME=main +GITHUB_REF_TYPE=branch BUF_TOKEN=fake-token WANT_BUF_TOKEN=fake-token -WANT_ARGS="push --tag fake-sha some/input/path" +WANT_ARGS="push some/input/path --tag fake-sha" +WANT_STDOUT="::add-mask::fake-token" +WANT_STDERR="" +WANT_EXIT_CODE=0 +test_push some/input/path +echo "ok" + +echo "testing happy path draft" +GITHUB_SHA=fake-sha +GITHUB_REF_NAME=fake-ref +GITHUB_REF_TYPE=branch +BUF_TOKEN=fake-token +DRAFT=true +WANT_BUF_TOKEN=fake-token +WANT_ARGS="push some/input/path --draft fake-ref" +WANT_STDOUT="::add-mask::fake-token" +WANT_STDERR="" +WANT_EXIT_CODE=0 +test_push some/input/path +echo "ok" + +echo "testing happy path draft on main branch" +GITHUB_SHA=fake-sha +GITHUB_REF_NAME=main +GITHUB_REF_TYPE=branch +BUF_TOKEN=fake-token +DRAFT=true +WANT_BUF_TOKEN=fake-token +WANT_ARGS="push some/input/path --draft main" # we don't handle this within the action, but this should fail in the server side WANT_STDOUT="::add-mask::fake-token" WANT_STDERR="" WANT_EXIT_CODE=0 @@ -55,6 +85,8 @@ echo "ok" echo "testing no input" GITHUB_SHA=fake-sha +GITHUB_REF_NAME=main +GITHUB_REF_TYPE=branch BUF_TOKEN=fake-token WANT_STDOUT="" WANT_STDERR="Usage: ./push.bash " @@ -73,6 +105,8 @@ echo "ok" echo "testing no BUF_TOKEN" GITHUB_SHA=fake-sha +GITHUB_REF_NAME=main +GITHUB_REF_TYPE=branch WANT_STDOUT='::add-mask:: ::error::a buf authentication token was not provided' WANT_STDERR=""