@postman-cse/onboarding-insights 1.0.4 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +33 -86
- package/action.yml +4 -4
- package/dist/action.cjs +483 -82
- package/dist/cli.cjs +584 -183
- package/dist/index.cjs +487 -82
- package/package.json +8 -7
package/README.md
CHANGED
|
@@ -4,7 +4,13 @@
|
|
|
4
4
|
|
|
5
5
|
Links [Postman Insights](https://learning.postman.com/docs/insights/overview/) discovered services to [API Catalog](https://learning.postman.com/docs/api-catalog/overview/) workspaces and git repositories after deployment, so every service the Insights agent finds lands in your catalog with a collection, a repo link, and live telemetry.
|
|
6
6
|
|
|
7
|
-
Part of the [Postman API Onboarding suite](https://github.com/postman-cs/postman-api-onboarding-action).
|
|
7
|
+
Part of the [Postman API Onboarding suite](https://github.com/postman-cs/postman-api-onboarding-action); the composite action's README has the full [action-picker table](https://github.com/postman-cs/postman-api-onboarding-action#which-action-should-i-use).
|
|
8
|
+
|
|
9
|
+
- [Prerequisites](#prerequisites)
|
|
10
|
+
- [Usage](#usage)
|
|
11
|
+
- [Examples](#examples)
|
|
12
|
+
- [Inputs](#inputs) / [Outputs](#outputs)
|
|
13
|
+
- [How it works](#how-it-works)
|
|
8
14
|
|
|
9
15
|
## Prerequisites
|
|
10
16
|
|
|
@@ -16,17 +22,7 @@ Part of the [Postman API Onboarding suite](https://github.com/postman-cs/postman
|
|
|
16
22
|
|
|
17
23
|
This action does **not** deploy the Insights agent, create workspaces, create environments, upload OpenAPI specs, or sync repo artifacts. It only links a service that Insights has already discovered.
|
|
18
24
|
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
| Need | Action |
|
|
22
|
-
| --- | --- |
|
|
23
|
-
| Mint a service-account access token and team ID | [Postman Onboarding: Service Token](https://github.com/postman-cs/postman-resolve-service-token-action) |
|
|
24
|
-
| Run the full workspace, collection, repo sync, and optional Insights pipeline | [Postman API Onboarding](https://github.com/postman-cs/postman-api-onboarding-action) |
|
|
25
|
-
| Create a workspace, upload an OpenAPI spec, and generate collections | [Postman Onboarding: Workspace Bootstrap](https://github.com/postman-cs/postman-bootstrap-action) |
|
|
26
|
-
| Sync Postman artifacts, mocks, monitors, and CI files back to the repo | [Postman Onboarding: Repo Sync](https://github.com/postman-cs/postman-repo-sync-action) |
|
|
27
|
-
| Link an already discovered Insights service to an existing workspace | [Postman Onboarding: Insights Linking](https://github.com/postman-cs/postman-insights-onboarding-action) |
|
|
28
|
-
| Discover OpenAPI specs from AWS services | [Postman Onboarding: AWS Spec Discovery](https://github.com/postman-cs/postman-aws-spec-discovery-action) |
|
|
29
|
-
| Apply a curated smoke flow to an existing Smoke collection | [Postman Onboarding: Smoke Flow](https://github.com/postman-cs/postman-smoke-flow-action) |
|
|
25
|
+
> **Credential requirement for the Insights linking steps.** The service discovery and git-link calls run on the `api-catalog` service and accept a service-account access token. The Insights acknowledgment and application-binding steps run on the `akita` (Insights) service, which authenticates against a **Postman user identity** and answers `401 "Postman User not found"` for a service-account token. To complete the full link, supply a credential pair that carries a Postman user identity (a user's access token and user PMAK). A service-account-only pair from `postman-resolve-service-token-action` is sufficient for discovery and git linking but cannot finish the Insights acknowledgment.
|
|
30
26
|
|
|
31
27
|
## Usage
|
|
32
28
|
|
|
@@ -40,12 +36,12 @@ jobs:
|
|
|
40
36
|
# ... deploy your service to Kubernetes ...
|
|
41
37
|
|
|
42
38
|
- id: postman_token
|
|
43
|
-
uses: postman-cs/postman-resolve-service-token-action@
|
|
39
|
+
uses: postman-cs/postman-resolve-service-token-action@v2
|
|
44
40
|
with:
|
|
45
41
|
postman-api-key: ${{ secrets.POSTMAN_API_KEY }}
|
|
46
42
|
postman-region: us
|
|
47
43
|
|
|
48
|
-
- uses: postman-cs/postman-insights-onboarding-action@
|
|
44
|
+
- uses: postman-cs/postman-insights-onboarding-action@v2
|
|
49
45
|
with:
|
|
50
46
|
project-name: core-payments
|
|
51
47
|
workspace-id: ${{ vars.POSTMAN_WORKSPACE_ID }}
|
|
@@ -70,12 +66,12 @@ jobs:
|
|
|
70
66
|
# ... deploy your service to Kubernetes ...
|
|
71
67
|
|
|
72
68
|
- id: postman_token
|
|
73
|
-
uses: postman-cs/postman-resolve-service-token-action@
|
|
69
|
+
uses: postman-cs/postman-resolve-service-token-action@v2
|
|
74
70
|
with:
|
|
75
71
|
postman-api-key: ${{ secrets.POSTMAN_API_KEY }}
|
|
76
72
|
postman-region: us
|
|
77
73
|
|
|
78
|
-
- uses: postman-cs/postman-insights-onboarding-action@
|
|
74
|
+
- uses: postman-cs/postman-insights-onboarding-action@v2
|
|
79
75
|
with:
|
|
80
76
|
project-name: core-payments
|
|
81
77
|
workspace-id: ${{ vars.POSTMAN_WORKSPACE_ID }}
|
|
@@ -99,12 +95,12 @@ jobs:
|
|
|
99
95
|
- uses: actions/checkout@v5
|
|
100
96
|
|
|
101
97
|
- id: postman_token
|
|
102
|
-
uses: postman-cs/postman-resolve-service-token-action@
|
|
98
|
+
uses: postman-cs/postman-resolve-service-token-action@v2
|
|
103
99
|
with:
|
|
104
100
|
postman-api-key: ${{ secrets.POSTMAN_API_KEY }}
|
|
105
101
|
postman-region: us
|
|
106
102
|
|
|
107
|
-
- uses: postman-cs/postman-bootstrap-action@
|
|
103
|
+
- uses: postman-cs/postman-bootstrap-action@v2
|
|
108
104
|
id: bootstrap
|
|
109
105
|
with:
|
|
110
106
|
project-name: core-payments
|
|
@@ -115,7 +111,7 @@ jobs:
|
|
|
115
111
|
|
|
116
112
|
# ... deploy service to Kubernetes ...
|
|
117
113
|
|
|
118
|
-
- uses: postman-cs/postman-repo-sync-action@
|
|
114
|
+
- uses: postman-cs/postman-repo-sync-action@v2
|
|
119
115
|
id: sync
|
|
120
116
|
with:
|
|
121
117
|
project-name: core-payments
|
|
@@ -129,7 +125,7 @@ jobs:
|
|
|
129
125
|
postman-api-key: ${{ secrets.POSTMAN_API_KEY }}
|
|
130
126
|
postman-access-token: ${{ steps.postman_token.outputs.token }}
|
|
131
127
|
|
|
132
|
-
- uses: postman-cs/postman-insights-onboarding-action@
|
|
128
|
+
- uses: postman-cs/postman-insights-onboarding-action@v2
|
|
133
129
|
with:
|
|
134
130
|
project-name: core-payments
|
|
135
131
|
workspace-id: ${{ steps.bootstrap.outputs.workspace-id }}
|
|
@@ -147,7 +143,7 @@ jobs:
|
|
|
147
143
|
The Insights agent takes time to discover services after pods start. The action polls the [API Catalog](https://learning.postman.com/docs/api-catalog/connect/insights/) discovered-services list until the service appears or the timeout is reached. For services that take longer to appear (cold cluster, large pod startup time), raise the timeout:
|
|
148
144
|
|
|
149
145
|
```yaml
|
|
150
|
-
- uses: postman-cs/postman-insights-onboarding-action@
|
|
146
|
+
- uses: postman-cs/postman-insights-onboarding-action@v2
|
|
151
147
|
with:
|
|
152
148
|
project-name: core-payments
|
|
153
149
|
workspace-id: ${{ vars.POSTMAN_WORKSPACE_ID }}
|
|
@@ -165,7 +161,7 @@ The Insights agent takes time to discover services after pods start. The action
|
|
|
165
161
|
Before any onboarding write, the action can verify that `postman-api-key` and `postman-access-token` resolve to the same parent organization. The default `warn` mode logs a note and continues. Set `credential-preflight` to `enforce` to fail fast on mismatched credentials:
|
|
166
162
|
|
|
167
163
|
```yaml
|
|
168
|
-
- uses: postman-cs/postman-insights-onboarding-action@
|
|
164
|
+
- uses: postman-cs/postman-insights-onboarding-action@v2
|
|
169
165
|
with:
|
|
170
166
|
project-name: core-payments
|
|
171
167
|
workspace-id: ${{ vars.POSTMAN_WORKSPACE_ID }}
|
|
@@ -201,13 +197,13 @@ See [CLI Usage](docs/cli.md) for provider auto-detection, output formats, and Gi
|
|
|
201
197
|
<!-- inputs-table:start -->
|
|
202
198
|
| Name | Description | Required | Default |
|
|
203
199
|
| --- | --- | --- | --- |
|
|
204
|
-
| `project-name` | Service name or
|
|
200
|
+
| `project-name` | Service name or Jira/Xray project key to match against the final discovered-service segment | Yes | |
|
|
205
201
|
| `workspace-id` | Postman workspace ID to link the discovered service to | Yes | |
|
|
206
202
|
| `environment-id` | Postman environment UID for the onboarding association | Yes | |
|
|
207
203
|
| `system-environment-id` | Postman system environment UUID for service-level Insights acknowledgment | No | |
|
|
208
|
-
| `cluster-name` | Insights cluster name.
|
|
204
|
+
| `cluster-name` | Insights cluster name. When set, matches {cluster-name}/{project-name} exactly in discovered services | No | |
|
|
209
205
|
| `repo-url` | Repository URL for Git onboarding. Auto-detected from CI context when omitted. | No | |
|
|
210
|
-
| `postman-access-token` |
|
|
206
|
+
| `postman-access-token` | Postman access token (x-access-token) for the Bifrost linking calls. When omitted, the action mints a service-account token from postman-api-key. The api-catalog discovery and git-link steps accept a service-account token (mint it with postman-resolve-service-token-action); the Insights (akita) acknowledgment and application-binding steps require a token carrying a Postman user identity — a service-account token answers 401 "Postman User not found" there. | No | |
|
|
211
207
|
| `postman-team-id` | Explicit Postman team ID for org-mode integration request headers. When omitted, x-entity-team-id is not sent. | No | |
|
|
212
208
|
| `github-token` | Optional GitHub token passed as git_api_key when repository auth is required by onboarding/git | No | |
|
|
213
209
|
| `postman-api-key` | Service-account Postman API key (PMAK-*) for the application binding call. Auto-created from postman-access-token when omitted or invalid after a clear 401/403 validation failure. | No | |
|
|
@@ -236,11 +232,19 @@ Failures set `status=error` before the action exits.
|
|
|
236
232
|
|
|
237
233
|
## How it works
|
|
238
234
|
|
|
235
|
+
```mermaid
|
|
236
|
+
flowchart LR
|
|
237
|
+
D["Discovery poll<br/>discovered-services list"] --> P["Catalog prep<br/>prepare-collection"]
|
|
238
|
+
P --> G["Git link<br/>service to repository"]
|
|
239
|
+
G --> A["Acknowledgment<br/>onboard + workspace ack"]
|
|
240
|
+
A --> B["Binding<br/>application binding +<br/>team verification token"]
|
|
241
|
+
```
|
|
242
|
+
|
|
239
243
|
**Discovery poll.** The action polls the API Catalog discovered-services list at the configured interval until a service matching `{cluster-name}/{project-name}` appears (suffix matching when `cluster-name` is omitted) or the timeout is reached.
|
|
240
244
|
|
|
241
245
|
**Catalog prep.** It then calls `POST /api/v1/onboarding/prepare-collection` to create the API Catalog collection entry for the discovered service in your workspace.
|
|
242
246
|
|
|
243
|
-
**Git link.** `POST /api/v1/onboarding/git` with `via_integrations: false` links the service to the GitHub repository (`repo-url` input, auto-detected from CI context when omitted; `github-token` is passed as `git_api_key` only when the endpoint requires repository auth).
|
|
247
|
+
**Git link.** `POST /api/v1/onboarding/git` with `via_integrations: false` links the service to the GitHub repository (`repo-url` input, auto-detected from CI context when omitted; `github-token` is passed as `git_api_key` only when the endpoint requires repository auth). The [connect code](https://learning.postman.com/docs/api-catalog/connect/code/) docs cover the product workflow this binding supports.
|
|
244
248
|
|
|
245
249
|
**Acknowledgment.** The action resolves the `svc_*` Akita service ID, marks the service as managed (`POST /v2/api-catalog/services/onboard`), and acknowledges the workspace (`POST /v2/workspaces/{id}/onboarding/acknowledge`) to activate the Insights project.
|
|
246
250
|
|
|
@@ -250,71 +254,14 @@ For local builds, contract smoke monitoring, and release channels, see [Developm
|
|
|
250
254
|
|
|
251
255
|
## Resources
|
|
252
256
|
|
|
253
|
-
### The suite
|
|
254
|
-
|
|
255
|
-
| Action | Role |
|
|
256
|
-
| --- | --- |
|
|
257
|
-
| [Postman API Onboarding](https://github.com/postman-cs/postman-api-onboarding-action) | Entry point: chains workspace bootstrap, repo sync, and optional Insights linking |
|
|
258
|
-
| [Postman Onboarding: Service Token](https://github.com/postman-cs/postman-resolve-service-token-action) | Mints the service-account access token and team ID |
|
|
259
|
-
| [Postman Onboarding: AWS Spec Discovery](https://github.com/postman-cs/postman-aws-spec-discovery-action) | Discovers and exports API specs from AWS services |
|
|
260
|
-
| [Postman Onboarding: Workspace Bootstrap](https://github.com/postman-cs/postman-bootstrap-action) | Creates the workspace, uploads the spec, generates collections |
|
|
261
|
-
| [Postman Onboarding: Smoke Flow](https://github.com/postman-cs/postman-smoke-flow-action) | Applies a curated flow.yaml to the Smoke collection |
|
|
262
|
-
| [Postman Onboarding: Repo Sync](https://github.com/postman-cs/postman-repo-sync-action) | Exports artifacts into the repo and wires CI, mocks, and monitors |
|
|
263
|
-
| [Postman Onboarding: Insights Linking](https://github.com/postman-cs/postman-insights-onboarding-action) | Links Insights discovered services to the workspace |
|
|
264
|
-
|
|
265
|
-
- [postman-resolve-service-token-action](https://github.com/postman-cs/postman-resolve-service-token-action): mints a service-account access token and team ID.
|
|
266
|
-
- [postman-api-onboarding-action](https://github.com/postman-cs/postman-api-onboarding-action): composite action that orchestrates the onboarding pipeline.
|
|
267
|
-
- [postman-bootstrap-action](https://github.com/postman-cs/postman-bootstrap-action): workspace provisioning, spec upload, and collection generation.
|
|
268
|
-
- [postman-smoke-flow-action](https://github.com/postman-cs/postman-smoke-flow-action): applies a curated flow.yaml to the canonical Smoke collection.
|
|
269
|
-
- [postman-repo-sync-action](https://github.com/postman-cs/postman-repo-sync-action): artifact sync, environments, mocks, monitors, and CI templates.
|
|
270
|
-
- [postman-aws-spec-discovery-action](https://github.com/postman-cs/postman-aws-spec-discovery-action): discovers API specs from AWS.
|
|
271
257
|
- npm package: [@postman-cse/onboarding-insights](https://www.npmjs.com/package/@postman-cse/onboarding-insights)
|
|
258
|
+
- Docs in this repo: [Credentials and Identity](docs/credentials.md), [Development and Operations](docs/development.md), [CLI usage](docs/cli.md)
|
|
259
|
+
- Marketplace docs: [Support](SUPPORT.md), [Security Policy](SECURITY.md), [Release Policy](RELEASE_POLICY.md)
|
|
272
260
|
- Postman Learning Center: [Insights overview](https://learning.postman.com/docs/insights/overview/), [connect Insights](https://learning.postman.com/docs/api-catalog/connect/insights/), [Insights API Catalog agent reference](https://learning.postman.com/docs/insights/reference/agent/api-catalog/), [API Catalog overview](https://learning.postman.com/docs/api-catalog/overview/), [connect code](https://learning.postman.com/docs/api-catalog/connect/code/)
|
|
273
|
-
- [Credentials and Identity](docs/credentials.md)
|
|
274
|
-
- [Development and Operations](docs/development.md)
|
|
275
|
-
- [Support](SUPPORT.md)
|
|
276
|
-
- [Security Policy](SECURITY.md)
|
|
277
|
-
- [Release Policy](RELEASE_POLICY.md)
|
|
278
|
-
|
|
279
261
|
|
|
280
262
|
## Telemetry
|
|
281
263
|
|
|
282
|
-
|
|
283
|
-
Postman team can measure adoption across CI systems. The event contains the
|
|
284
|
-
action name and version, your Postman team ID, the detected CI provider and
|
|
285
|
-
runner kind, the run outcome, the CI run identifier, an event timestamp, and a one-way SHA-256 hash of the repository
|
|
286
|
-
identifier. Each event also carries a schema version and a constant event marker (always `completion`). The Postman team ID is sent in the clear on a legitimate-interest
|
|
287
|
-
basis to measure product adoption.
|
|
288
|
-
|
|
289
|
-
The `events.pm-cse.dev` endpoint is operated by the Postman Customer Success
|
|
290
|
-
Engineering team. Postman, Inc. processes these events only to measure
|
|
291
|
-
onboarding adoption in aggregate, retains them only as aggregated counts for
|
|
292
|
-
product-adoption trend analysis, and includes no payload field that identifies
|
|
293
|
-
an individual person.
|
|
294
|
-
|
|
295
|
-
It never sends API keys, access tokens, spec content, workspace or repository
|
|
296
|
-
names, or any personal data. It is fire-and-forget with a hard
|
|
297
|
-
timeout and can never block or fail your pipeline. Corporate HTTP and HTTPS
|
|
298
|
-
proxies are honored through the standard `HTTPS_PROXY`, `HTTP_PROXY`, and
|
|
299
|
-
`NO_PROXY` environment variables.
|
|
300
|
-
|
|
301
|
-
Disable it by setting either environment variable in your CI:
|
|
302
|
-
|
|
303
|
-
```sh
|
|
304
|
-
POSTMAN_ACTIONS_TELEMETRY=off
|
|
305
|
-
# or the cross-tool standard
|
|
306
|
-
DO_NOT_TRACK=1
|
|
307
|
-
```
|
|
308
|
-
|
|
309
|
-
Telemetry is also skipped automatically when no Postman team ID can be resolved.
|
|
310
|
-
|
|
311
|
-
A run that ends in the `not-found` state (no matching Insights project) is
|
|
312
|
-
recorded with a `failure` outcome.
|
|
313
|
-
|
|
314
|
-
Events are sent over HTTPS to `https://events.pm-cse.dev/v1/events`. To
|
|
315
|
-
allowlist this destination on a restricted network, or to route events to a
|
|
316
|
-
collector you operate, set the `POSTMAN_ACTIONS_TELEMETRY_ENDPOINT` environment
|
|
317
|
-
variable to your own URL.
|
|
264
|
+
The action sends one anonymous usage event per run (action name/version, outcome, coarse CI metadata; never secrets, spec content, or repo names). A run ending in the `not-found` state is recorded with a `failure` outcome. Disable with `POSTMAN_ACTIONS_TELEMETRY=off` or `DO_NOT_TRACK=1`; route events to your own collector with `POSTMAN_ACTIONS_TELEMETRY_ENDPOINT`.
|
|
318
265
|
|
|
319
266
|
## License
|
|
320
267
|
|
package/action.yml
CHANGED
|
@@ -6,7 +6,7 @@ branding:
|
|
|
6
6
|
color: orange
|
|
7
7
|
inputs:
|
|
8
8
|
project-name:
|
|
9
|
-
description: 'Service name or
|
|
9
|
+
description: 'Service name or Jira/Xray project key to match against the final discovered-service segment'
|
|
10
10
|
required: true
|
|
11
11
|
workspace-id:
|
|
12
12
|
description: 'Postman workspace ID to link the discovered service to'
|
|
@@ -18,14 +18,14 @@ inputs:
|
|
|
18
18
|
description: 'Postman system environment UUID for service-level Insights acknowledgment'
|
|
19
19
|
required: false
|
|
20
20
|
cluster-name:
|
|
21
|
-
description: 'Insights cluster name.
|
|
21
|
+
description: 'Insights cluster name. When set, matches {cluster-name}/{project-name} exactly in discovered services'
|
|
22
22
|
required: false
|
|
23
23
|
repo-url:
|
|
24
24
|
description: 'Repository URL for Git onboarding. Auto-detected from CI context when omitted.'
|
|
25
25
|
required: false
|
|
26
26
|
postman-access-token:
|
|
27
|
-
description: '
|
|
28
|
-
required:
|
|
27
|
+
description: 'Postman access token (x-access-token) for the Bifrost linking calls. When omitted, the action mints a service-account token from postman-api-key. The api-catalog discovery and git-link steps accept a service-account token (mint it with postman-resolve-service-token-action); the Insights (akita) acknowledgment and application-binding steps require a token carrying a Postman user identity — a service-account token answers 401 "Postman User not found" there.'
|
|
28
|
+
required: false
|
|
29
29
|
postman-team-id:
|
|
30
30
|
description: 'Explicit Postman team ID for org-mode integration request headers. When omitted, x-entity-team-id is not sent.'
|
|
31
31
|
required: false
|