🐛 Actionable token permission guidance with GitHub + Settings links#4236
🐛 Actionable token permission guidance with GitHub + Settings links#4236clubanderson merged 1 commit intomainfrom
Conversation
When screenshot uploads fail or the feedback token is missing, the UI now tells users exactly which permissions they need (Issues + Contents for fine-grained PATs, repo scope for classic PATs) and provides direct links to update their token on GitHub and in Console Settings. Updated: .env.example comments, feedbackTokenMissing banner, screenshot failure warnings in both modals, and backend startup/503 log messages. Signed-off-by: Andrew Anderson <andy@clubanderson.com>
kubestellar-prow
bot
added
the
dco-signoff: yes
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
✅ Deploy Preview for kubestellarconsole ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
👋 Hey @clubanderson — thanks for opening this PR!
This is an automated message. |
kubestellar-prow
bot
added
the
size/M
|
Thank you for your contribution! Your PR has been merged. Check out what's new:
Stay connected: Slack #kubestellar-dev | Multi-Cluster Survey |
There was a problem hiding this comment.
Pull request overview
Improves user-facing guidance when GitHub issue creation/screenshot uploads fail due to missing or insufficient GitHub PAT permissions, by adding clearer UI messaging (with GitHub + Settings links), enhancing backend log/error messages, and documenting PAT requirements in .env.example.
Changes:
- Add “Update/Create token on GitHub” and “Console Settings” links plus expanded permission guidance in feedback/feature request modals.
- Expand backend startup warning and 503 error text to describe both classic and fine-grained PAT requirements.
- Update
.env.exampleto document classic vs fine-grained PAT permissions and the screenshot-upload implication.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| web/src/components/feedback/FeedbackModal.tsx | Expands screenshot-upload failure warnings with permission guidance and links. |
| web/src/components/feedback/FeatureRequestModal.tsx | Adds missing-token permission list + links; expands screenshot-upload failure warnings with links. |
| pkg/api/handlers/feedback.go | Enhances startup warning and 503 message with classic vs fine-grained PAT guidance. |
| .env.example | Documents PAT requirements for issue creation and screenshot uploads. |
| <p className="text-xs text-muted-foreground mt-1"> | ||
| <a href="https://github.com/settings/personal-access-tokens" target="_blank" rel="noopener noreferrer" className="text-purple-400 hover:text-purple-300 underline underline-offset-2">Update token on GitHub</a> | ||
| {' · '} | ||
| <button type="button" onClick={() => { window.location.href = '/settings' }} className="text-purple-400 hover:text-purple-300 underline underline-offset-2">Console Settings</button> | ||
| </p> |
There was a problem hiding this comment.
This navigation uses window.location.href = '/settings', which forces a full page reload and hard-codes the route. The app has centralized route constants (web/src/config/routes.ts explicitly recommends using them instead of hardcoding paths), so prefer Link/useNavigate with ROUTES.SETTINGS here for SPA navigation and maintainability.
| <p className="text-xs text-muted-foreground mt-1"> | ||
| <a href="https://github.com/settings/personal-access-tokens" target="_blank" rel="noopener noreferrer" className="text-purple-400 hover:text-purple-300 underline underline-offset-2">Update token on GitHub</a> | ||
| {' · '} | ||
| <button type="button" onClick={() => { window.location.href = '/settings' }} className="text-purple-400 hover:text-purple-300 underline underline-offset-2">Console Settings</button> | ||
| </p> |
There was a problem hiding this comment.
window.location.href = '/settings' hard-codes the path and triggers a full reload. Please switch to SPA navigation (e.g., Link/useNavigate) and use ROUTES.SETTINGS per the route-constants convention in web/src/config/routes.ts.
| <p className="text-xs text-muted-foreground mt-1"> | ||
| <a href="https://github.com/settings/personal-access-tokens" target="_blank" rel="noopener noreferrer" className="text-purple-400 hover:text-purple-300 underline underline-offset-2">Update token on GitHub</a> | ||
| {' · '} | ||
| <button type="button" onClick={() => { window.location.href = '/settings' }} className="text-purple-400 hover:text-purple-300 underline underline-offset-2">Console Settings</button> | ||
| </p> |
There was a problem hiding this comment.
Same as above: this uses window.location.href = '/settings' (hard-coded + full reload). Prefer Link/useNavigate with ROUTES.SETTINGS for internal navigation.
| <p className="text-muted-foreground text-xs"> | ||
| The <code className="px-1 py-0.5 rounded bg-secondary text-foreground text-2xs">FEEDBACK_GITHUB_TOKEN</code> is | ||
| not set. Issue submission requires a GitHub personal access token with <em>repo</em> scope. | ||
| Add it to your <code className="px-1 py-0.5 rounded bg-secondary text-foreground text-2xs">.env</code> file or | ||
| configure it in{' '} | ||
| not set. Issue submission requires a GitHub personal access token with these permissions: | ||
| </p> | ||
| <ul className="text-muted-foreground text-xs list-disc ml-4 mt-1 space-y-0.5"> | ||
| <li><em>Issues: Read and write</em> — to create GitHub issues</li> | ||
| <li><em>Contents: Read and write</em> — to upload screenshots</li> | ||
| </ul> |
There was a problem hiding this comment.
The “missing token” banner text lists fine-grained PAT permissions but doesn’t mention the classic PAT requirement (repo scope), even though the PR description says both token types are covered. Consider adding a short classic-PAT note here to avoid misleading users who follow the classic token flow.
| return fiber.NewError(fiber.StatusServiceUnavailable, "Issue submission is not available: FEEDBACK_GITHUB_TOKEN is not configured. "+ | ||
| "Add FEEDBACK_GITHUB_TOKEN=<your-pat> to your .env file. "+ | ||
| "Classic PAT: needs 'repo' scope. Fine-grained PAT: needs 'Issues' + 'Contents' read/write permissions.") |
There was a problem hiding this comment.
The 503 condition checks token || repoOwner || repoName (any missing config), but the error message only says the token is not configured. This is misleading when FEEDBACK_REPO_OWNER/FEEDBACK_REPO_NAME are unset; either split the checks/messages or change the message to reflect all required config.
| return fiber.NewError(fiber.StatusServiceUnavailable, "Issue submission is not available: FEEDBACK_GITHUB_TOKEN is not configured. "+ | |
| "Add FEEDBACK_GITHUB_TOKEN=<your-pat> to your .env file. "+ | |
| "Classic PAT: needs 'repo' scope. Fine-grained PAT: needs 'Issues' + 'Contents' read/write permissions.") | |
| return fiber.NewError(fiber.StatusServiceUnavailable, "Issue submission is not available: feedback GitHub integration is not fully configured. "+ | |
| "Please set FEEDBACK_GITHUB_TOKEN, FEEDBACK_REPO_OWNER, and FEEDBACK_REPO_NAME in your environment. "+ | |
| "Add FEEDBACK_GITHUB_TOKEN=<your-pat> to your .env file. Classic PAT: needs 'repo' scope. Fine-grained PAT: needs 'Issues' + 'Contents' read/write permissions.") |
🔄 Auto-Applying Copilot Code ReviewCopilot code review found 1 code suggestion(s) and 4 general comment(s). @copilot Please apply all of the following code review suggestions:
Also address these general comments:
Push all fixes in a single commit. Run Auto-generated by copilot-review-apply workflow. |
Summary
Follow-up to #4226. When screenshot uploads fail or the feedback token is missing, users had no clear guidance on what to do. Now:
.env.example: Documents both classic and fine-grained PAT requirementsTest plan
FEEDBACK_GITHUB_TOKEN→ missing token banner shows permission list + both links