Hello,
Following grafana documentation I created a token to sign my plugin.
I faced an interrogation cause the doc speak of “plugin” realms and I got “provisioned-plugins” and “stack-plugins”.
I doubt I add them both but I am getting a 403 in my github workflow.
If so did I miss something in the doc about that ?
Regards.
Is it normal/expected ?
Hi @punetworkobservabili have you submitted your plugin for review to publish in the Grafana catalog?
In the documentation about signing plugins is mentioned: Public plugins need to be reviewed by the Grafana team before you can sign them.
Hello,
I get confused with the doc about the order of the steps. Will submit the reveiw thx.
Btw do you know know/advise a way to provide the zip file through an url ?
Thx
The easiest way is using our github action to package and sign (when available) your plugin
Here’s an example plugin-actions/build-plugin at main · grafana/plugin-actions · GitHub
you probably already have this release action. All you have to do is push a git tag starting with v like v1.0.0 for example.
This will create a “draft release” that you can promote into a release and in the assets you’ll see the zip file you can share with us.
Remember to put the archive (Zip) file url and not the github release url (that won’t work)
I also recommend you that, if in the review process you get comments and things you need to change, create a new release every time you submit an update (e.g. v1.0.1) instead of reusing tags.
Ok thx.
I have yet another question.
I am building a datasource API plugin.
I generated my CI from the grafana cli. Every time it failed on mage command with this expection:
plugin.json is missing: executable
My understanding is mage is use for datasource backend where the difference between datasource and datasource backend is:
A backend component provides a number of additional capabilities to your plugin, such as custom authentication methods. To learn more, refer to the documentation on Backend plugins.
If mage is use only for this kind of plugin why is it run by “grafana/plugin-actions/build-plugin@release” action ? And if it must why does it fail ?
Thx
Are you building a frontend-only datasource? (no go backend code involved) then you don’t need the Magefile.go file or the pkg folder. It was generated because you answered yes when prompted if your plugin needed a backend component.
The action is failing because it is detecting you have a Magefile.go and pkg folder and it is trying to build the backend.
Thank you very much for all your explanation. Working fine now.
Hello @academo. I’m also encountering this issue, but for the moment I only want to deploy this privately. From the documentation, I can infer that there is no need for me to submit my code for review. Am I understanding this incorrectly?
For private plugins you want to sign your plugin but there’s no need to submit your plugin because you don’t want it published.
The original question was asking about signing a plugin intended to be public
here’s how to sign a private plugin Sign a plugin | Grafana Plugin Tools
Thank you for your quick reply! I really appreciate this.
The thing is that when I follow these instructions; in the section “Generate an Access Policy token” I don’t see the “Realm” field and the scopes available to me are “provisioned-plugins” and “stack-plugins”, as opposed to “plugins” as the documentation states.
I selected both scopes with “read, write and delete”. But when I run the commands in Sign a plugin | Grafana Plugin Tools I get a 403 error message.
have you tried removing your existing access policy token and creating a new one? also make sure you are logged in (and selected) the correct organization when you are creating the token.
Thank you so much! I found what I was doing wrong. I was trying to create this policy in my grafana instance instead of the grafana.com portal.