bufbuild / buf-push-action Goto Github PK
View Code? Open in Web Editor NEWLicense: Apache License 2.0
License: Apache License 2.0
The "iterate on modules" doc shows the --tag
option.
I'd like that as an option for this action.
Thanks!
The buf docs indicate that branches have replaced drafts. They show an example of using branches with this action:
https://buf.build/docs/bsr/module/configure#publishing-branches
Yet AFAICT action doesn't have a with.branch
option. It only has with.draft
.
At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token permissions for their workflows, they can use this knowledge-base instead of trying to research permissions needed by each GitHub Action they use.
Below you can see the KB of your GITHUB Action.
name: 'buf-push'
#No reference to GitHub token
If you think this information is not accurate, or if in the future your GitHub Action starts using a different set of permissions, please create an issue at https://github.com/step-security/secure-workflows/issues to let us know.
This issue is automatically created by our analysis bot, feel free to close after reading :)
GitHub asks users to define workflow permissions, see https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ and https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token for securing GitHub workflows against supply-chain attacks.
Setting minimum token permissions is also checked for by Open Source Security Foundation (OpenSSF) Scorecards. Scorecards recommend using https://github.com/step-security/secure-workflows so developers can fix this issue in an easier manner.
Y'all are probably already aware of this:
Run bufbuild/[email protected]
Command "push" is deprecated, "buf beta push" has been moved to "buf push".
We recommend migrating, however this command continues to work.
It's not a big deal. Just thought I'd point it out. Happy to create a PR myself to change the command to buf push
if it helps.
As Buf supports multi-module proto workspaces as documented here https://docs.buf.build/tour/push-workspace-modules ,
please document how to push multiple modules via this GitHub action for a monorepo.
If possible, please improve this action to support pushing multi-module repo with coordinated buf mod update
and buf push
We need to make the remote configurable so that users can choose to authenticate with a remote other than buf.build (here).
We could add a remote
input to action.yml and use buf registry login <$remote> --username <$placeholder> --token-stdin
command, so that we don't need to manually write the .netrc
file, too. The username would be unused for this action since it's not actually required for BSR authentication (just the Go Module Proxy for now).
Alternatively (and preferably), we could refactor all of the actions that and simply provide the BUF_TOKEN
environment variable to each buf
command so that it remains agnostic to the remote
(re: bufbuild/buf-setup-action#4 (comment)).
The buf_token input is already configured here, so we should be able to update this behavior and extend what remotes we support while maintaining compatibility. For reference, this solution applies to both buf-lint-action and buf-breaking-action, too.
Hi buf team, with last week's release of v1.1.0
I believe a breaking change was introduced that has made our CI stop pushing to BSR. In particular:
if [ "${GITHUB_REF_TYPE}" != "branch" ]; then
echo "reference type is not branch, skipping" >&2
exit 0
fi
This is skipping for us, since in our workflow we don't push on branch, but for particularly formatted tags on master
๐ค
In the interim, I've reverted our GHA workflow to specifically use v1.0.1
instead of v1
but of course we'd love to keep up with the latest changes.
My questions are:
Thanks!
When buf-push-action is called from a "delete" action where the ref_type is "branch", it should delete the corresponding track on BSR.
Allow users to use --draft option in the action as it is offered in the CLI:
buf push --draft $DRAFT_NAME
This was reported in the Slack channel.
buf_token
is ${{github.token}}
. This seems incorrect.buf-setup-action
uses the name buf_api_token
whereas this and some other actions use buf_token
. We should probably unify these at some point?Since latest release was quite some time ago, and lacking create_visibility
for example - could you please tag new version?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.