* Docs: Document the folderless Git Sync target
Adds a "Sync targets" section to the Git Sync key concepts page
describing the `folder` and `folderless` targets, and updates the
code-based setup page to document `target: folderless` alongside
`target: folder`.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* Docs: Add folder vs folderless examples to Git Sync key concepts
Focus the Sync targets section on the folder and folderless modes and
add worked examples showing how the same repository files map to the
Dashboards view under each target.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* Docs: Refine folderless sync target examples in key concepts
Describe the folder and folderless sync modes conceptually instead of by
the spec.sync.target field (the field stays documented in the setup
page), show unprovisioned content alongside synced resources in the
examples, and add a multiple-folderless example.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* Update docs/sources/as-code/observability-as-code/git-sync/key-concepts.md
Co-authored-by: Anna Urbiztondo <anna.urbiztondo@grafana.com>
* Update docs/sources/as-code/observability-as-code/git-sync/key-concepts.md
Co-authored-by: Anna Urbiztondo <anna.urbiztondo@grafana.com>
* Docs: Move sync target when-to-use guidance to top of section
Address review feedback: surface when to use folder vs folderless sync
up front, before the worked examples, since that's what readers want
to know first. Remove the now-redundant trailing paragraph.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Anna Urbiztondo <anna.urbiztondo@grafana.com>
* Provisioning: add public_app_url instance setting for external URLs
Introduces the [provisioning] public_app_url setting to expose a
publicly-reachable URL for instances whose [server] root_url points at an
internal/cluster host. Both webhook callbacks registered with the Git
provider and screenshot images embedded in PR comments fall back through
this setting when set, so a single instance-level knob fixes both the
unreachable-webhook and broken-PR-image-render cases without overloading
the per-repository spec.webhook.baseUrl contract.
Resolution chains:
- Webhook URL: spec.webhook.baseUrl -> public_app_url -> AppURL
- Screenshot URL: public_app_url -> AppURL
Screenshots intentionally do not consult spec.webhook.baseUrl — per-repo
webhook overrides remain a webhook-only concern, keeping the two
contracts independent at the consumer layer.
Alternative to #123004.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* Provisioning: rename public_app_url to public_root_url
The setting shadows [server] root_url as a fallback, so naming it
public_root_url makes the relationship obvious — operators searching
docs for "root_url" will land on the correct setting.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* Provisioning: keep clickable links on AppURL even when public_root_url is set
The previous revision flipped the entire urlProvider closure to public_root_url,
which also moved the GrafanaURL and PreviewURL clickable links in PR comments
onto the public URL. That's wrong for the common reviewer scenario: clicks
travel from a human's browser on the corp network, and the public URL is often
firewalled to the Git provider's CIDRs only — internal reviewers would 403 on
their own preview links.
Split into two closures: internalURLProvider (returns AppURL, fed to the
evaluator's urlProvider for clickable links) and publicURLProvider (returns
public_root_url || AppURL, fed to the webhook builder and as screenshotBaseURL
for image embeds). Webhooks and screenshots stay public-reachable; clickable
links stay corp-network-friendly.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* Provisioning: fall back to public_root_url for operator webhook registration
The operator runs as a separate process and previously needed
[operator] provisioning_server_public_url to be set explicitly to register
webhooks. With public_root_url now defined at the instance level, fall back
to it when the operator-specific knob is unset, so a single config drives
both the in-process and operator deployments.
If neither is set, behavior is unchanged (no webhook registered).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* Provisioning: scope public_root_url to on-prem only
The operator deployment path runs in a different topology and is not the
target audience for the on-prem dual-network use case that motivates
public_root_url. Reverting the operator-side wiring so the setting stays
purely an on-prem concern; can revisit if/when operator deployments grow
the same need.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* Provisioning: trim operator jobs.go to minimal NewEvaluator signature change
Operator path doesn't consume public_root_url; only the new screenshotBaseURL
argument is wired (passing AppURL, unused at runtime due to NoOp renderer).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* Provisioning: replace evaluator's split URL args with URLProvider struct
NewEvaluator previously took urlProvider and screenshotBaseURL as separate
arguments, which forced the operator path to invent a screenshotBaseURL
value (cfg.AppURL) it didn't actually need. Wrap both into a URLProvider
struct with Internal and Public fields — each caller fills in what it knows:
- In-process Grafana: Internal=AppURL, Public=public_root_url||AppURL.
- Operator (NoOp renderer, no public/internal split): Internal=Public=
the existing per-tenant urlProvider from controllerCfg.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
GitHub only grants the Webhooks: Read and write fine-grained permission
to users with the Admin role on the repository. Without admin, the token
can't manage the webhooks Git Sync uses for instantaneous updates and PR
previews. Add a note in the GitHub Personal Access Token setup section.
* Docs: Remove manual provisioning feature toggle instructions
The provisioning feature toggle is now enabled by default in v13,
so users no longer need to manually set it in their configuration.
Update Git Sync setup, file provisioning, and usage limits docs
to reflect this.
Made-with: Cursor
* Docs: Note provisioning toggle is enabled by default in Cloud too
Made-with: Cursor
* Docs: Apply review suggestion for wording clarity
Co-authored-by: urbiz-grafana
Made-with: Cursor
Docs: clarify Pure Git protocol support and GitHub Enterprise status
Update the Git Sync usage limits documentation to specify that Pure Git
only supports Smart HTTP protocol v2 (not v1/v0 or SSH), and add a note
under the enhanced integrations section that GitHub Enterprise Server is
currently only available via Pure Git with a dedicated integration
planned for upcoming releases.
Made-with: Cursor
* Docs: Add Administration permission requirement for GitHub Git Sync
When using the write workflow with GitHub repositories, Git Sync
validates that branch protection rules don't block direct pushes.
This validation requires the Administration read permission.
Without this permission, users receive a 403 Forbidden error when
testing repository configuration. Git Sync now handles this gracefully
by skipping the branch protection check when admin permissions are
unavailable.
Updated documentation:
- Added Administration read-only permission to GitHub App setup
- Added Administration read-only permission to PAT setup
- Added explanatory note about why it's needed
This permission is optional - if not provided, branch protection
validation is skipped and users will discover any issues when they
actually push to the repository.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* Update Administration permission description to be more general
Instead of specifically mentioning 'write workflow', explain that:
- It enables validation of branch protection rules when users can push directly
- It may be used in the future for other repository settings checks
- This makes the permission requirement more future-proof
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
