Extract Grafana MCP config into a shared component for Smoke OTEL Backends

[Copilot]

✨ Enhancement

What does this improve?
This extracts the Grafana MCP server setup into a reusable shared component and switches Smoke OTEL Backends to consume it via imports. The workflow now matches the existing shared-component pattern already used for Sentry.

Why is this valuable?
Keeping Grafana MCP configuration in one shared file makes backend workflows easier to maintain and keeps observability workflow frontmatter focused on workflow-specific behavior rather than duplicated server wiring.

Implementation approach:

• Shared Grafana MCP component

  • Added .github/workflows/shared/mcp/grafana.md
  • Moved the existing read-only Grafana MCP server configuration there:
    • container: grafana/mcp-grafana
    • stdio entrypoint args
    • GRAFANA_URL and GRAFANA_SERVICE_ACCOUNT_TOKEN secrets

• Smoke OTEL Backends cleanup

  • Removed the inline mcp-servers.grafana block from .github/workflows/smoke-otel-backends.md
  • Imported shared/mcp/grafana.md alongside the existing shared Sentry component

• Generated workflow update

  • Recompiled smoke-otel-backends.lock.yml so the generated workflow reflects the new shared import structure

imports:
  - shared/mcp/grafana.md
  - shared/mcp/sentry.md
  - shared/otel-queries.md
  - shared/observability-otlp.md

[Copilot]

Pull request overview

This PR extracts the Grafana MCP server configuration into a reusable shared workflow component and updates the “Smoke OTEL Backends” workflow to consume it via imports, aligning it with the existing shared-component pattern used elsewhere (e.g., Sentry).

Changes:

• Added a new shared component for Grafana MCP config at .github/workflows/shared/mcp/grafana.md.
• Updated .github/workflows/smoke-otel-backends.md to remove inline Grafana MCP config and import the shared component instead.
• Recompiled .github/workflows/smoke-otel-backends.lock.yml so the generated workflow reflects the new import structure.

Show a summary per file

File	Description
.github/workflows/shared/mcp/grafana.md	Introduces a reusable Grafana MCP server config (stdio mode, write disabled) with required secrets wiring.
.github/workflows/smoke-otel-backends.md	Replaces inline Grafana MCP configuration with an import of the new shared component.
.github/workflows/smoke-otel-backends.lock.yml	Regenerated compiled workflow to include the new runtime import and updated metadata hashes/identifiers.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 3/3 changed files
• Comments generated: 0

[mnkiefer]

@copilot make lint and make fmt.

[github-actions]

Skills-Based Review 🧠

Applied /zoom-out and /improve-codebase-architecture — this is a clean refactor extracting a shared MCP configuration module, so architecture consistency is the right lens.

Key Themes

• Good locality: Grafana MCP config is now in a single, named module — the deletion test passes cleanly (deleting the inline block from smoke-otel-backends.md concentrated complexity in one place rather than spreading it).
• Consistent module structure: The new shared/mcp/grafana.md follows the established pattern set by sentry.md, making the shared/mcp/ directory a coherent collection of MCP adapter modules.
• One interface gap: The Grafana module omits the allowed: tool filter that sentry.md uses, leaving its interface less explicit than its sibling. See inline comment.

Positive Highlights

• ✅ The new grafana.md documentation comment is more structured than sentry.md — it explicitly lists required secrets and shows a usage snippet, which is a nice improvement to the module's interface documentation.
• ✅ The lock file recompile is included, so the PR is self-contained and CI-ready.
• ✅ Clean, minimal diff — exactly the right scope for this kind of extraction.

Verdict

Approving — the one suggestion (adding allowed: for defence-in-depth) is non-blocking since --disable-write already handles write protection at the server level.

🧠 Reviewed using Matt Pocock's skills by Matt Pocock Skills Reviewer · ● 4M

[Copilot]

@copilot make lint and make fmt.

Addressed in 8a6fc0c.

Ran make fmt and make lint. make fmt produced one formatting-only change in actions/setup/js/update_pull_request.cjs, and make lint passed.

[mnkiefer]

@copilot Address comment #32318 (comment)
Add explicit allowed list for tools comparable to what we have for sentry. See reference here for tool names, etc. https://github.com/grafana/mcp-grafana

[Copilot]

@copilot Address comment #32318 (comment)
Add explicit allowed list for tools comparable to what we have for sentry. See reference here for tool names...

Addressed in b39da36.

Added an explicit Grafana allowlist with the read-only datasource and Tempo tracing tools used by the smoke workflow, and recompiled the lock file.