Security News
Crates.io Implements Trusted Publishing Support
Crates.io adds Trusted Publishing support, enabling secure GitHub Actions-based crate releases without long-lived API tokens.
By Sarah Gooding - Jul 16, 2025
You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
strapi-plugin-github-action-dispatch
Advanced tools
strapi-plugin-github-action-dispatch
A strapi plugin to manually trigger github actions from admin panel
strapi-plugin-github-action-dispatch
This plugin provides a web ui to trigger a Github workflow run from strapi's admin panel as well as a list of the latest run status and results.
Installation
- Install the plugin with
yarn add strapi-plugin-github-action-dispatch
Configuration
The plugin will run without options by default.
When doing so, the generated tarball name will be your package.json name field, and encryption will be disabled.
In your config/plugins.js you can add:
{
"strapi-plugin-github-action-dispatch": {
enabled: true,
config: {
token: env("GITHUB_TOKEN"),
repository: 'my-username-or-org/my-repo-name',
workflow: "my-workflow.yml",
ref: "main" // optional, defaults to main
}
}
}
- The
tokenshould be a GitHub PAT with permissions to list workflows and run them (Actions: RW) - the
repositoryis your typical${owner}/${repo}in one string - the
workflowis either the file name or the workflow id (as per Github API spec)
ACL
You can go an enable/disable this plugin's actions in the roles section of the admin panel. This should enable/disable endpoints and stop displaying the section according to the permissions you provided.
GitHub Workflow
A boilerplate file for your workflow should be this one:
name: 🚀
run-name: 🚀 (by ${{ inputs.email }})
on:
workflow_dispatch:
inputs:
email:
default: 'unknown@example.com' # used to mark ownership of the run from strapi
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: echo "hello world"
As you can see in the screenshot at the top of this README, there's an Initiator column which logs which user triggered the workflow run. In order to avoid creating a GitHub account for every Strapi user and ask them to create a PAT, there's an inputs.email field provided in the workflow run to store the user's identity.
Sadly, due to a limitation in GitHub's APi, we cannot fetch a run's inputs so we have no choice but to leverage run-name to insert the inputs.email and later parse it in the APi response.
FAQs
A strapi plugin to manually trigger github actions from admin panel
The npm package strapi-plugin-github-action-dispatch receives a total of 0 weekly downloads. As such, strapi-plugin-github-action-dispatch popularity was classified as not popular.
We found that strapi-plugin-github-action-dispatch demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 07 Nov 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Tracking Protestware Spread: 28 npm Packages Affected by Payload Targeting Russian-Language Users
Undocumented protestware found in 28 npm packages disrupts UI for Russian-language users visiting Russian and Belarusian domains.
By Olivia Brown - Jul 15, 2025
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
By Kirill Boychenko - Jul 14, 2025