From b381eb6cc05ebd465deb455346fd2d4019e74faf Mon Sep 17 00:00:00 2001 From: Jack Westbrook Date: Fri, 7 Nov 2025 10:46:46 +0100 Subject: [PATCH 1/3] fix(cp-update): make token required to convince users to pass a PAT --- create-plugin-update/README.md | 23 ++++++++++++----------- create-plugin-update/action.yml | 3 +-- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/create-plugin-update/README.md b/create-plugin-update/README.md index 48173dec..93955a0c 100644 --- a/create-plugin-update/README.md +++ b/create-plugin-update/README.md @@ -10,10 +10,13 @@ This GitHub Action automates the process of running `create-plugin update` withi ## Usage +Detailed setup instructions can be found in the [Grafana developer portal](https://grafana.com/developers/plugin-tools/set-up/set-up-github#the-create-plugin-update-workflow). + - Add a workflow to your Github repository as in the example below. -- Set up the necessary secrets. As this action will push to and open a PR in the plugins repository make sure the token you supply has the correct privileges. +- Set up the necessary secrets. As this action will push to and open a PR in the plugins repostory make sure the token you supply has the correct privileges. ## Workflow example + ```yaml @@ -22,28 +25,26 @@ name: Create Plugin Update on: workflow_dispatch: schedule: - - cron: '0 0 1 * *' # run once a month on the 1st day - -# To use the default github token with the following elevated permissions make sure to check: -# **Allow GitHub Actions to create and approve pull requests** in https://github.com/USER_NAME/REPO_NAME/settings/actions. -# Alternatively create a fine-grained personal access token for your repository with `contents: read and write` and `pull requests: read and write` and pass it to the action. - -permissions: - contents: write - pull-requests: write + - cron: "0 0 1 * *" # run once a month on the 1st day jobs: release: runs-on: ubuntu-latest steps: - uses: grafana/plugin-actions/create-plugin-update@create-plugin-update/v1.1.0 +<<<<<<< Updated upstream +======= + with: + token: ${{ secrets.GH_PAT_TOKEN }} +>>>>>>> Stashed changes ``` + ## Options The following options can be passed to this action: -- `token`: A github token with write access to pull requests and content (defaults to `github.token`). +- `token`: A github token with write access to pull requests and content (**required**). - `base`: The base branch to open the pull request against (defaults to `main`). - `node-version`: The version of node to use (defaults to `20`). diff --git a/create-plugin-update/action.yml b/create-plugin-update/action.yml index 6258a178..ee81f3f1 100644 --- a/create-plugin-update/action.yml +++ b/create-plugin-update/action.yml @@ -4,8 +4,7 @@ description: "Runs create-plugin update within a Grafana plugin and opens a PR w inputs: token: description: "Token for the repository. Can be passed in using `{{ secrets.GITHUB_TOKEN }}`." - required: false - default: "${{ github.token }}" + required: true base: description: "Sets the pull request base branch" required: false From 29322d0450a21a8c6da28d154bce298538134aee Mon Sep 17 00:00:00 2001 From: Jack Westbrook Date: Tue, 11 Nov 2025 09:12:27 +0100 Subject: [PATCH 2/3] docs(cp-update): fix readme --- create-plugin-update/README.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/create-plugin-update/README.md b/create-plugin-update/README.md index 93955a0c..0c6bd926 100644 --- a/create-plugin-update/README.md +++ b/create-plugin-update/README.md @@ -13,7 +13,7 @@ This GitHub Action automates the process of running `create-plugin update` withi Detailed setup instructions can be found in the [Grafana developer portal](https://grafana.com/developers/plugin-tools/set-up/set-up-github#the-create-plugin-update-workflow). - Add a workflow to your Github repository as in the example below. -- Set up the necessary secrets. As this action will push to and open a PR in the plugins repostory make sure the token you supply has the correct privileges. +- Set up the necessary secrets. As this action will push to and open a PR in the plugins repostory create a fine-grained personal access token for your repository with `contents: read and write`, `pull requests: read and write` and `workflows: read and write` and pass it to the action. ## Workflow example @@ -32,11 +32,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: grafana/plugin-actions/create-plugin-update@create-plugin-update/v1.1.0 -<<<<<<< Updated upstream -======= with: token: ${{ secrets.GH_PAT_TOKEN }} ->>>>>>> Stashed changes ``` From f2b03bd07f693773e18785be61b6d9af855fb900 Mon Sep 17 00:00:00 2001 From: Jack Westbrook Date: Tue, 11 Nov 2025 09:20:31 +0100 Subject: [PATCH 3/3] docs(cp-update): add correct permissions to readme --- create-plugin-update/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/create-plugin-update/README.md b/create-plugin-update/README.md index 0c6bd926..01ff9320 100644 --- a/create-plugin-update/README.md +++ b/create-plugin-update/README.md @@ -42,6 +42,6 @@ jobs: The following options can be passed to this action: -- `token`: A github token with write access to pull requests and content (**required**). +- `token`: A github token with write access to `pull requests`, `content` and `workflows` (**required**). - `base`: The base branch to open the pull request against (defaults to `main`). - `node-version`: The version of node to use (defaults to `20`).