Skip to content

Commit

Permalink
Support netrc-based credentials in buf-setup-action (#94)
Browse files Browse the repository at this point in the history
Added two optional input "buf_user" and "buf_token". 
If both inputs are supplied, perform logging into Buf registry with the
supplied credentials.

Co-authored-by: Elliot Jackson <[email protected]>
  • Loading branch information
tonyli233 and elliotmjackson authored Jan 12, 2023
1 parent 6847859 commit 3aad079
Show file tree
Hide file tree
Showing 5 changed files with 82 additions and 23 deletions.
35 changes: 28 additions & 7 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,16 +26,19 @@ steps:
## Configuration
### Input
You can configure `buf-setup-action` with these parameters:

| Parameter | Description | Default |
|:---------------|:---------------------------------------------------|:-------------------|
| `version` | The version of the [`buf` CLI][buf-cli] to install | [`v1.11.0`][version] |
| `github_token` | The GitHub token to use when making API requests | |
| `buf_user` | The username to use for logging into Buf Schema registry. | |
| `buf_api_token` | The API token to use for logging into Buf Schema registry. | |

> These parameters are derived from [`action.yml`](./action.yml).

### Version
> These parameters are derived from [`action.yml`](./action.yml). <br>
#### Version

If `version` is unspecified, the latest version of `buf` is installed:

Expand Down Expand Up @@ -72,7 +75,7 @@ steps:
- run: buf --version
```

### GitHub token
#### GitHub token

Optionally, you can supply a `github_token` input so that any GitHub API requests are authenticated.
This may prevent rate limit issues when running on GitHub hosted runners:
Expand All @@ -84,10 +87,24 @@ steps:
github_token: ${{ github.token }}
```

### Buf token
#### Buf username and Buf API token

If you are using Private [Remote Packages](https://docs.buf.build/bsr/remote-packages/overview) you may need to authenticate the entire system to successfully communicate with the [Buf Schema Registry][bsr]. To achieve this, supply both `buf_user` and `buf_api_token`. This will add your auth credentials to the `.netrc` and allow you to access the BSR from anything in your `PATH`.

```yaml
steps:
- uses: bufbuild/[email protected]
with:
buf_user: ${{ secrets.buf_user }}
buf_api_token: ${{ secrets.buf_api_token }}
```

### Other Configurations

#### Buf token

When calling the `buf` command directly from a workflow step, you may need to authenticate with the
[Buf Schema Registry][bsr] (BSR). You can authenticate by setting the [`BUF_TOKEN`][buf-token]
BSR. You can authenticate by setting the [`BUF_TOKEN`][buf-token]
environment variable. If you have a GitHub secret called `BUF_TOKEN`, for example, you can set the
`BUF_TOKEN` environment variable like this:

Expand All @@ -96,7 +113,11 @@ env:
BUF_TOKEN: ${{ secrets.BUF_TOKEN }}
```

### Installing `protoc`
Note that this only authenticate you with the `buf` cli. You cannot access your private remote
packages in BSR. If you need to access your private remote packages, supply the username and Buf
API Token [as parameters](#buf-username-and-buf-api-token).

#### Installing `protoc`

In most cases, you _don't_ need to install [`protoc`][protoc] for Buf's GitHub Actions, but some
`protoc` plugins are built into the compiler itself. If you need to execute one of these plugins,
Expand Down
6 changes: 6 additions & 0 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@ inputs:
github_token:
description: The GitHub token to use when making API requests.
required: false
buf_user:
description: The username to use for logging into Buf Schema registry.
required: false
buf_api_token:
description: The API token to use for logging into Buf Schema registry.
required: false
runs:
using: "node16"
main: "./dist/main.js"
26 changes: 13 additions & 13 deletions dist/main.js

Large diffs are not rendered by default.

6 changes: 3 additions & 3 deletions dist/main.js.map

Large diffs are not rendered by default.

32 changes: 32 additions & 0 deletions src/run.ts
Original file line number Diff line number Diff line change
Expand Up @@ -79,5 +79,37 @@ async function runSetup(): Promise<null | Error> {
core.info(`Successfully setup buf version ${version}`);
core.info(cp.execSync(`${binaryPath} --version`).toString());

const bufUser = core.getInput("buf_user");
const bufAPIToken = core.getInput("buf_api_token");
if (bufUser !== "" && bufAPIToken !== "") {
core.info(`buf_user and buf_token supplied, logging in...`);
core.info(
cp
.execSync(
`${binaryPath} registry login --username ${bufUser} --token-stdin`,
{ input: bufAPIToken }
)
.toString()
);
return null;
}

if (bufUser !== "") {
core.info(
`buf_user is supplied, must also supply buf_token to log into Buf Schema Registry`
);
return null;
}

if (bufAPIToken !== "") {
core.info(
`buf_token is supplied, must also supply buf_user to log into Buf Schema Registry`
);
return null;
}

core.info(
`buf_user and buf_token are not supplied, not logging into Buf Schema Registry`
);
return null;
}

0 comments on commit 3aad079

Please sign in to comment.