GitHub workflows for publishing a panel plugin

I’ve finally reached the point of actually publishing my plugin. I am using the basic GitHub workflow that came with the starter panel, but it fails on the Lint plugin step with this error:

{
  "level": "error",
  "message": "Plugin has a private signature",
  "details": "Plugins that are published on Grafana.com must be signed under a **commercial** or **community** signature level. For more information, refer to [Plugin signature levels](https://grafana.com/docs/grafana/latest/plugins/plugin-signatures/#plugin-signature-levels)."
}

I’ve been using rootUrls when signing the plugin to indicate a private signature but still the workflow fails. Any advice?

I tried running the workflow again with no rootUrls and obtained this different error log for Lint plugin:

Run git clone https://github.com/grafana/plugin-validator
Cloning into 'plugin-validator'...
~/work/Psychart/Psychart/plugin-validator/pkg/cmd/plugincheck ~/work/Psychart/Psychart
go: downloading github.com/xeipuuv/gojsonschema v1.2.0
go: downloading golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871
go: downloading github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415
go: downloading github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb
~/work/Psychart/Psychart
open /tmp/926816208/ventura-psychrometric-panel/MANIFEST.txt: no such file or directory
Error: Process completed with exit code 1.

I would suggest to disable the Sign plugin step and create a release with an unsigned version as a first step. If this still doesn’t work, would suggest to disable the lint step temporary as well so that you’re able to build and package your plugin.

As soon as the team has done an initial review of your submitted plugin, they’ll assign a Community signature level to your plugin and you’ll be able to sign it.

1 Like

For some reason, the lint plugin step really does not like unsigned plugins. I tested it with only disabling the sign plugin step which still failed on lint plugin. However, when I disabled both (I just commented them out) it successfully created a draft release! I still had to manually publish it, but it created 4 files: my panel.zip, my panel.zip.md5, source code.zip, and source code.tar.gz.

I will try to resubmit my panel.zip and panel.zip.md5. If I obtain a community signature, should I then revert the workflow to allow signing and linting?

Great :+1:

If I obtain a community signature, should I then revert the workflow to allow signing and linting?

Yes, we’ll let you know in the plugin submission process when you can sign using a community signature level and then you can enable signing and linting again.

Sounds good! :smile: How long should I expect the approval process to take?