@postman-cse/onboarding-insights 1.0.3 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -16,6 +16,8 @@ Part of the [Postman API Onboarding suite](https://github.com/postman-cs/postman
16
16
 
17
17
  This action does **not** deploy the Insights agent, create workspaces, create environments, upload OpenAPI specs, or sync repo artifacts. It only links a service that Insights has already discovered.
18
18
 
19
+ > **Credential requirement for the Insights linking steps.** The service discovery and git-link calls run on Postman's `api-catalog` service and accept a service-account access token. The Insights acknowledgment and application-binding steps run on the `akita` (Insights) service, which authenticates against a **Postman user identity** and answers `401 "Postman User not found"` for a service-account token. To complete the full link, supply a credential pair that carries a Postman user identity (a user's access token and user PMAK). A service-account-only pair from `postman-resolve-service-token-action` is sufficient for discovery and git linking but cannot finish the Insights acknowledgment.
20
+
19
21
  ## Which action should I use?
20
22
 
21
23
  | Need | Action |
@@ -40,12 +42,12 @@ jobs:
40
42
  # ... deploy your service to Kubernetes ...
41
43
 
42
44
  - id: postman_token
43
- uses: postman-cs/postman-resolve-service-token-action@v1
45
+ uses: postman-cs/postman-resolve-service-token-action@v2
44
46
  with:
45
47
  postman-api-key: ${{ secrets.POSTMAN_API_KEY }}
46
48
  postman-region: us
47
49
 
48
- - uses: postman-cs/postman-insights-onboarding-action@v1
50
+ - uses: postman-cs/postman-insights-onboarding-action@v2
49
51
  with:
50
52
  project-name: core-payments
51
53
  workspace-id: ${{ vars.POSTMAN_WORKSPACE_ID }}
@@ -70,12 +72,12 @@ jobs:
70
72
  # ... deploy your service to Kubernetes ...
71
73
 
72
74
  - id: postman_token
73
- uses: postman-cs/postman-resolve-service-token-action@v1
75
+ uses: postman-cs/postman-resolve-service-token-action@v2
74
76
  with:
75
77
  postman-api-key: ${{ secrets.POSTMAN_API_KEY }}
76
78
  postman-region: us
77
79
 
78
- - uses: postman-cs/postman-insights-onboarding-action@v1
80
+ - uses: postman-cs/postman-insights-onboarding-action@v2
79
81
  with:
80
82
  project-name: core-payments
81
83
  workspace-id: ${{ vars.POSTMAN_WORKSPACE_ID }}
@@ -99,12 +101,12 @@ jobs:
99
101
  - uses: actions/checkout@v5
100
102
 
101
103
  - id: postman_token
102
- uses: postman-cs/postman-resolve-service-token-action@v1
104
+ uses: postman-cs/postman-resolve-service-token-action@v2
103
105
  with:
104
106
  postman-api-key: ${{ secrets.POSTMAN_API_KEY }}
105
107
  postman-region: us
106
108
 
107
- - uses: postman-cs/postman-bootstrap-action@v1
109
+ - uses: postman-cs/postman-bootstrap-action@v2
108
110
  id: bootstrap
109
111
  with:
110
112
  project-name: core-payments
@@ -115,7 +117,7 @@ jobs:
115
117
 
116
118
  # ... deploy service to Kubernetes ...
117
119
 
118
- - uses: postman-cs/postman-repo-sync-action@v1
120
+ - uses: postman-cs/postman-repo-sync-action@v2
119
121
  id: sync
120
122
  with:
121
123
  project-name: core-payments
@@ -129,7 +131,7 @@ jobs:
129
131
  postman-api-key: ${{ secrets.POSTMAN_API_KEY }}
130
132
  postman-access-token: ${{ steps.postman_token.outputs.token }}
131
133
 
132
- - uses: postman-cs/postman-insights-onboarding-action@v1
134
+ - uses: postman-cs/postman-insights-onboarding-action@v2
133
135
  with:
134
136
  project-name: core-payments
135
137
  workspace-id: ${{ steps.bootstrap.outputs.workspace-id }}
@@ -147,7 +149,7 @@ jobs:
147
149
  The Insights agent takes time to discover services after pods start. The action polls the [API Catalog](https://learning.postman.com/docs/api-catalog/connect/insights/) discovered-services list until the service appears or the timeout is reached. For services that take longer to appear (cold cluster, large pod startup time), raise the timeout:
148
150
 
149
151
  ```yaml
150
- - uses: postman-cs/postman-insights-onboarding-action@v1
152
+ - uses: postman-cs/postman-insights-onboarding-action@v2
151
153
  with:
152
154
  project-name: core-payments
153
155
  workspace-id: ${{ vars.POSTMAN_WORKSPACE_ID }}
@@ -165,7 +167,7 @@ The Insights agent takes time to discover services after pods start. The action
165
167
  Before any onboarding write, the action can verify that `postman-api-key` and `postman-access-token` resolve to the same parent organization. The default `warn` mode logs a note and continues. Set `credential-preflight` to `enforce` to fail fast on mismatched credentials:
166
168
 
167
169
  ```yaml
168
- - uses: postman-cs/postman-insights-onboarding-action@v1
170
+ - uses: postman-cs/postman-insights-onboarding-action@v2
169
171
  with:
170
172
  project-name: core-payments
171
173
  workspace-id: ${{ vars.POSTMAN_WORKSPACE_ID }}
@@ -201,13 +203,13 @@ See [CLI Usage](docs/cli.md) for provider auto-detection, output formats, and Gi
201
203
  <!-- inputs-table:start -->
202
204
  | Name | Description | Required | Default |
203
205
  | --- | --- | --- | --- |
204
- | `project-name` | Service name or spec ID to match against discovered service names | Yes | |
206
+ | `project-name` | Service name or Jira/Xray project key to match against the final discovered-service segment | Yes | |
205
207
  | `workspace-id` | Postman workspace ID to link the discovered service to | Yes | |
206
208
  | `environment-id` | Postman environment UID for the onboarding association | Yes | |
207
209
  | `system-environment-id` | Postman system environment UUID for service-level Insights acknowledgment | No | |
208
- | `cluster-name` | Insights cluster name. Matches {cluster}/{project-name} in discovered services | No | |
210
+ | `cluster-name` | Insights cluster name. When set, matches {cluster-name}/{project-name} exactly in discovered services | No | |
209
211
  | `repo-url` | Repository URL for Git onboarding. Auto-detected from CI context when omitted. | No | |
210
- | `postman-access-token` | Service-account Postman access token for integration API calls. Prefer minting it with postman-resolve-service-token-action. | Yes | |
212
+ | `postman-access-token` | Postman access token (x-access-token) for the Bifrost linking calls. The api-catalog discovery and git-link steps accept a service-account token (mint it with postman-resolve-service-token-action); the Insights (akita) acknowledgment and application-binding steps require a token carrying a Postman user identity — a service-account token answers 401 "Postman User not found" there. | Yes | |
211
213
  | `postman-team-id` | Explicit Postman team ID for org-mode integration request headers. When omitted, x-entity-team-id is not sent. | No | |
212
214
  | `github-token` | Optional GitHub token passed as git_api_key when repository auth is required by onboarding/git | No | |
213
215
  | `postman-api-key` | Service-account Postman API key (PMAK-*) for the application binding call. Auto-created from postman-access-token when omitted or invalid after a clear 401/403 validation failure. | No | |
package/action.yml CHANGED
@@ -6,7 +6,7 @@ branding:
6
6
  color: orange
7
7
  inputs:
8
8
  project-name:
9
- description: 'Service name or spec ID to match against discovered service names'
9
+ description: 'Service name or Jira/Xray project key to match against the final discovered-service segment'
10
10
  required: true
11
11
  workspace-id:
12
12
  description: 'Postman workspace ID to link the discovered service to'
@@ -18,13 +18,13 @@ inputs:
18
18
  description: 'Postman system environment UUID for service-level Insights acknowledgment'
19
19
  required: false
20
20
  cluster-name:
21
- description: 'Insights cluster name. Matches {cluster}/{project-name} in discovered services'
21
+ description: 'Insights cluster name. When set, matches {cluster-name}/{project-name} exactly in discovered services'
22
22
  required: false
23
23
  repo-url:
24
24
  description: 'Repository URL for Git onboarding. Auto-detected from CI context when omitted.'
25
25
  required: false
26
26
  postman-access-token:
27
- description: 'Service-account Postman access token for integration API calls. Prefer minting it with postman-resolve-service-token-action.'
27
+ description: 'Postman access token (x-access-token) for the Bifrost linking calls. The api-catalog discovery and git-link steps accept a service-account token (mint it with postman-resolve-service-token-action); the Insights (akita) acknowledgment and application-binding steps require a token carrying a Postman user identity — a service-account token answers 401 "Postman User not found" there.'
28
28
  required: true
29
29
  postman-team-id:
30
30
  description: 'Explicit Postman team ID for org-mode integration request headers. When omitted, x-entity-team-id is not sent.'