npm - @backstage/plugin-scaffolder-backend - Versions diffs - 0.0.0-nightly-202201122931 → 0.0.0-nightly-20221122231 - Mend

@backstage/plugin-scaffolder-backend 0.0.0-nightly-202201122931 → 0.0.0-nightly-20221122231

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,22 +1,75 @@
 # @backstage/plugin-scaffolder-backend
-## 0.0.0-nightly-202201122931
+## 0.0.0-nightly-20221122231
+### Patch Changes
+- 2e0dbb0e50: Migrate from deprecated package @octokit/rest to octokit
+- Updated dependencies
+  - @backstage/plugin-catalog-backend@0.0.0-nightly-20221122231
+## 0.15.22
+### Patch Changes
+- b09dd8f43b: chore(deps): bump `@gitbeaker/node` from 34.6.0 to 35.1.0
+- ac2f1eeec0: This change is for adding the option of inputs on the `github:actions:dispatch` Backstage Action. This will allow users to pass data from Backstage to the GitHub Action.
+- 0d5e846a78: Expose a new option to provide additional template filters via `@backstage/scaffolder-backend`'s `createRouter()` function.
+- Updated dependencies
+  - @backstage/plugin-catalog-backend@0.21.1
+  - @backstage/backend-common@0.10.5
+## 0.15.21
+### Patch Changes
+- b05d303226: Added the ability to support supplying secrets when creating tasks in the `scaffolder-backend`.
+  **deprecation**: Deprecated `ctx.token` from actions in the `scaffolder-backend`. Please move to using `ctx.secrets.backstageToken` instead.
+  **deprecation**: Deprecated `task.token` in `TaskSpec` in the `scaffolder-backend`. Please move to using `task.secrets.backstageToken` instead.
+- Updated dependencies
+  - @backstage/plugin-catalog-backend@0.21.0
+  - @backstage/integration@0.7.2
+  - @backstage/backend-common@0.10.4
+  - @backstage/config@0.1.13
+  - @backstage/catalog-model@0.9.10
+  - @backstage/catalog-client@0.5.5
+  - @backstage/plugin-scaffolder-backend-module-cookiecutter@0.1.9
+  - @backstage/plugin-scaffolder-common@0.1.3
+## 0.15.21-next.0
+### Patch Changes
+- Updated dependencies
+  - @backstage/plugin-catalog-backend@0.21.0-next.0
+  - @backstage/backend-common@0.10.4-next.0
+  - @backstage/config@0.1.13-next.0
+  - @backstage/catalog-model@0.9.10-next.0
+  - @backstage/catalog-client@0.5.5-next.0
+  - @backstage/integration@0.7.2-next.0
+  - @backstage/plugin-scaffolder-backend-module-cookiecutter@0.1.9-next.0
+  - @backstage/plugin-scaffolder-common@0.1.3-next.0
+## 0.15.20
 ### Patch Changes
 - 9fbd3b90ae: fix: Register plugin to prioritise Component kind for entityRef
+- 451ef0aa07: Fix token pass-through for software templates using beta 3 version
 - 5333451def: Cleaned up API exports
+- 3b4d8caff6: Allow a GitHubCredentialsProvider to be passed to the GitHub scaffolder tasks actions.
 - Updated dependencies
-  - @backstage/config@0.0.0-nightly-202201122931
-  - @backstage/plugin-catalog-backend@0.0.0-nightly-202201122931
-  - @backstage/backend-common@0.0.0-nightly-202201122931
-  - @backstage/integration@0.0.0-nightly-202201122931
-  - @backstage/errors@0.0.0-nightly-202201122931
-  - @backstage/catalog-client@0.0.0-nightly-202201122931
-  - @backstage/catalog-model@0.0.0-nightly-202201122931
-  - @backstage/types@0.0.0-nightly-202201122931
-  - @backstage/plugin-scaffolder-backend-module-cookiecutter@0.0.0-nightly-202201122931
-  - @backstage/plugin-scaffolder-common@0.0.0-nightly-202201122931
+  - @backstage/config@0.1.12
+  - @backstage/integration@0.7.1
+  - @backstage/backend-common@0.10.3
+  - @backstage/plugin-catalog-backend@0.20.0
+  - @backstage/errors@0.2.0
+  - @backstage/catalog-client@0.5.4
+  - @backstage/catalog-model@0.9.9
+  - @backstage/plugin-scaffolder-backend-module-cookiecutter@0.1.8
 ## 0.15.19

package/dist/index.cjs.js CHANGED Viewed

@@ -7,6 +7,7 @@ var catalogModel = require('@backstage/catalog-model');
 var fs = require('fs-extra');
 var yaml = require('yaml');
 var backendCommon = require('@backstage/backend-common');
+var integration = require('@backstage/integration');
 var path = require('path');
 var globby = require('globby');
 var isbinaryfile = require('isbinaryfile');
@@ -16,8 +17,7 @@ var child_process = require('child_process');
 var stream = require('stream');
 var azureDevopsNodeApi = require('azure-devops-node-api');
 var fetch = require('node-fetch');
-var integration = require('@backstage/integration');
-var rest = require('@octokit/rest');
+var octokit = require('octokit');
 var lodash = require('lodash');
 var octokitPluginCreatePullRequest = require('octokit-plugin-create-pull-request');
 var node = require('@gitbeaker/node');
@@ -119,6 +119,7 @@ function createCatalogRegisterAction(options) {
       }
     },
     async handler(ctx) {
+      var _a, _b;
       const { input } = ctx;
       let catalogInfoUrl;
       if ("catalogInfoUrl" in input) {
@@ -138,13 +139,13 @@ function createCatalogRegisterAction(options) {
       await catalogClient.addLocation({
         type: "url",
         target: catalogInfoUrl
-      }, ctx.token ? { token: ctx.token } : {});
+      }, ((_a = ctx.secrets) == null ? void 0 : _a.backstageToken) ? { token: ctx.secrets.backstageToken } : {});
       try {
         const result = await catalogClient.addLocation({
           dryRun: true,
           type: "url",
           target: catalogInfoUrl
-        }, ctx.token ? { token: ctx.token } : {});
+        }, ((_b = ctx.secrets) == null ? void 0 : _b.backstageToken) ? { token: ctx.secrets.backstageToken } : {});
         if (result.entities.length > 0) {
           const { entities } = result;
           let entity;
@@ -360,6 +361,12 @@ const { render, renderCompat } = (() => {
     });
   }
+  if (typeof additionalTemplateFilters !== 'undefined') {
+    for (const [filterName, filterFn] of Object.entries(additionalTemplateFilters)) {
+      env.addFilter(filterName, (...args) => JSON.parse(filterFn(...args)));
+    }
+  }
   let uninstallCompat = undefined;
   function render(str, values) {
@@ -392,12 +399,16 @@ const { render, renderCompat } = (() => {
 `;
 class SecureTemplater {
   static async loadRenderer(options = {}) {
-    const { parseRepoUrl, cookiecutterCompat } = options;
-    let sandbox = void 0;
+    const { parseRepoUrl, cookiecutterCompat, additionalTemplateFilters } = options;
+    const sandbox = {};
     if (parseRepoUrl) {
-      sandbox = {
-        parseRepoUrl: (url) => JSON.stringify(parseRepoUrl(url))
-      };
+      sandbox.parseRepoUrl = (url) => JSON.stringify(parseRepoUrl(url));
+    }
+    if (additionalTemplateFilters) {
+      sandbox.additionalTemplateFilters = Object.fromEntries(Object.entries(additionalTemplateFilters).filter(([_, filterFunction]) => !!filterFunction).map(([filterName, filterFunction]) => [
+        filterName,
+        (...args) => JSON.stringify(filterFunction(...args))
+      ]));
     }
     const vm = new vm2.VM({ sandbox });
     const nunjucksSource = await fs__default["default"].readFile(backendCommon.resolvePackagePath("@backstage/plugin-scaffolder-backend", "assets/nunjucks.js.txt"), "utf-8");
@@ -418,7 +429,7 @@ class SecureTemplater {
 }
 function createFetchTemplateAction(options) {
-  const { reader, integrations } = options;
+  const { reader, integrations, additionalTemplateFilters } = options;
   return createTemplateAction({
     id: "fetch:template",
     description: "Downloads a skeleton, templates variables into file and directory names and content, and places the result in the workspace, or optionally in a subdirectory specified by the 'targetPath' input option.",
@@ -509,7 +520,8 @@ function createFetchTemplateAction(options) {
       };
       ctx.logger.info(`Processing ${allEntriesInTemplate.length} template files/directories with input values`, ctx.input.values);
       const renderTemplate = await SecureTemplater.loadRenderer({
-        cookiecutterCompat: ctx.input.cookiecutterCompat
+        cookiecutterCompat: ctx.input.cookiecutterCompat,
+        additionalTemplateFilters
       });
       for (const location of allEntriesInTemplate) {
         let renderFilename;
@@ -729,7 +741,7 @@ const enableBranchProtectionOnDefaultRepoBranch = async ({
 }) => {
   const tryOnce = async () => {
     try {
-      await client.repos.updateBranchProtection({
+      await client.rest.repos.updateBranchProtection({
         mediaType: {
           previews: ["luke-cage-preview"]
         },
@@ -1156,12 +1168,9 @@ function createPublishFileAction() {
 }
 class OctokitProvider {
-  constructor(integrations) {
+  constructor(integrations, githubCredentialsProvider) {
     this.integrations = integrations;
-    this.credentialsProviders = new Map(integrations.github.list().map((integration$1) => {
-      const provider = integration.SingleInstanceGithubCredentialsProvider.create(integration$1.config);
-      return [integration$1.config.host, provider];
-    }));
+    this.githubCredentialsProvider = githubCredentialsProvider || integration.DefaultGithubCredentialsProvider.fromIntegrations(this.integrations);
   }
   async getOctokit(repoUrl) {
     var _a;
@@ -1173,17 +1182,13 @@ class OctokitProvider {
     if (!integrationConfig) {
       throw new errors.InputError(`No integration for host ${host}`);
     }
-    const credentialsProvider = this.credentialsProviders.get(host);
-    if (!credentialsProvider) {
-      throw new errors.InputError(`No matching credentials for host ${host}, please check your integrations config`);
-    }
-    const { token } = await credentialsProvider.getCredentials({
+    const { token } = await this.githubCredentialsProvider.getCredentials({
       url: `https://${host}/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}`
     });
     if (!token) {
       throw new errors.InputError(`No token available for host: ${host}, with owner ${owner}, and repo ${repo}`);
     }
-    const client = new rest.Octokit({
+    const client = new octokit.Octokit({
       auth: token,
       baseUrl: integrationConfig.apiBaseUrl,
       previews: ["nebula-preview"]
@@ -1193,8 +1198,8 @@ class OctokitProvider {
 }
 function createPublishGithubAction(options) {
-  const { integrations, config } = options;
-  const octokitProvider = new OctokitProvider(integrations);
+  const { integrations, config, githubCredentialsProvider } = options;
+  const octokitProvider = new OctokitProvider(integrations, githubCredentialsProvider || integration.DefaultGithubCredentialsProvider.fromIntegrations(integrations));
   return createTemplateAction({
     id: "publish:github",
     description: "Initializes a git repository of contents in workspace and publishes it to GitHub.",
@@ -1290,16 +1295,16 @@ function createPublishGithubAction(options) {
         topics
       } = ctx.input;
       const { client, token, owner, repo } = await octokitProvider.getOctokit(repoUrl);
-      const user = await client.users.getByUsername({
+      const user = await client.rest.users.getByUsername({
         username: owner
       });
-      const repoCreationPromise = user.data.type === "Organization" ? client.repos.createInOrg({
+      const repoCreationPromise = user.data.type === "Organization" ? client.rest.repos.createInOrg({
         name: repo,
         org: owner,
         private: repoVisibility === "private",
         visibility: repoVisibility,
         description
-      }) : client.repos.createForAuthenticatedUser({
+      }) : client.rest.repos.createForAuthenticatedUser({
         name: repo,
         private: repoVisibility === "private",
         description
@@ -1307,7 +1312,7 @@ function createPublishGithubAction(options) {
       const { data: newRepo } = await repoCreationPromise;
       if (access == null ? void 0 : access.startsWith(`${owner}/`)) {
         const [, team] = access.split("/");
-        await client.teams.addOrUpdateRepoPermissionsInOrg({
+        await client.rest.teams.addOrUpdateRepoPermissionsInOrg({
           org: owner,
           team_slug: team,
           owner,
@@ -1315,7 +1320,7 @@ function createPublishGithubAction(options) {
           permission: "admin"
         });
       } else if (access && access !== owner) {
-        await client.repos.addCollaborator({
+        await client.rest.repos.addCollaborator({
           owner,
           repo,
           username: access,
@@ -1328,7 +1333,7 @@ function createPublishGithubAction(options) {
           username: team_slug
         } of collaborators) {
           try {
-            await client.teams.addOrUpdateRepoPermissionsInOrg({
+            await client.rest.teams.addOrUpdateRepoPermissionsInOrg({
               org: owner,
               team_slug,
               owner,
@@ -1343,7 +1348,7 @@ function createPublishGithubAction(options) {
       }
       if (topics) {
         try {
-          await client.repos.replaceAllTopics({
+          await client.rest.repos.replaceAllTopics({
             owner,
             repo,
             names: topics.map((t) => t.toLowerCase())
@@ -1394,6 +1399,7 @@ class GithubResponseError extends errors.CustomErrorBase {
 }
 const defaultClientFactory = async ({
   integrations,
+  githubCredentialsProvider,
   owner,
   repo,
   host = "github.com"
@@ -1403,17 +1409,14 @@ const defaultClientFactory = async ({
   if (!integrationConfig) {
     throw new errors.InputError(`No integration for host ${host}`);
   }
-  const credentialsProvider = integration.SingleInstanceGithubCredentialsProvider.create(integrationConfig);
-  if (!credentialsProvider) {
-    throw new errors.InputError(`No matching credentials for host ${host}, please check your integrations config`);
-  }
+  const credentialsProvider = githubCredentialsProvider || integration.SingleInstanceGithubCredentialsProvider.create(integrationConfig);
   const { token } = await credentialsProvider.getCredentials({
     url: `https://${host}/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}`
   });
   if (!token) {
     throw new errors.InputError(`No token available for host: ${host}, with owner ${owner}, and repo ${repo}`);
   }
-  const OctokitPR = rest.Octokit.plugin(octokitPluginCreatePullRequest.createPullRequest);
+  const OctokitPR = octokit.Octokit.plugin(octokitPluginCreatePullRequest.createPullRequest);
   return new OctokitPR({
     auth: token,
     baseUrl: integrationConfig.apiBaseUrl
@@ -1421,6 +1424,7 @@ const defaultClientFactory = async ({
 };
 const createPublishGithubPullRequestAction = ({
   integrations,
+  githubCredentialsProvider,
   clientFactory = defaultClientFactory
 }) => {
   return createTemplateAction({
@@ -1487,7 +1491,13 @@ const createPublishGithubPullRequestAction = ({
       if (!owner) {
         throw new errors.InputError(`No owner provided for host: ${host}, and repo ${repo}`);
       }
-      const client = await clientFactory({ integrations, host, owner, repo });
+      const client = await clientFactory({
+        integrations,
+        githubCredentialsProvider,
+        host,
+        owner,
+        repo
+      });
       const fileRoot = sourcePath ? backendCommon.resolveSafeChildPath(ctx.workspacePath, sourcePath) : ctx.workspacePath;
       const localFilePaths = await globby__default["default"](["./**", "./**/.*", "!.git"], {
         cwd: fileRoot,
@@ -1749,8 +1759,8 @@ const createPublishGitlabMergeRequestAction = (options) => {
 };
 function createGithubActionsDispatchAction(options) {
-  const { integrations } = options;
-  const octokitProvider = new OctokitProvider(integrations);
+  const { integrations, githubCredentialsProvider } = options;
+  const octokitProvider = new OctokitProvider(integrations, githubCredentialsProvider || integration.DefaultGithubCredentialsProvider.fromIntegrations(integrations));
   return createTemplateAction({
     id: "github:actions:dispatch",
     description: "Dispatches a GitHub Action workflow for a given branch or tag",
@@ -1773,19 +1783,25 @@ function createGithubActionsDispatchAction(options) {
             title: "Branch or Tag name",
             description: "The git branch or tag name used to dispatch the workflow",
             type: "string"
+          },
+          workflowInputs: {
+            title: "Workflow Inputs",
+            description: "Inputs keys and values to send to GitHub Action configured on the workflow file. The maximum number of properties is 10. ",
+            type: "object"
           }
         }
       }
     },
     async handler(ctx) {
-      const { repoUrl, workflowId, branchOrTagName } = ctx.input;
+      const { repoUrl, workflowId, branchOrTagName, workflowInputs } = ctx.input;
       ctx.logger.info(`Dispatching workflow ${workflowId} for repo ${repoUrl} on ${branchOrTagName}`);
       const { client, owner, repo } = await octokitProvider.getOctokit(repoUrl);
       await client.rest.actions.createWorkflowDispatch({
         owner,
         repo,
         workflow_id: workflowId,
-        ref: branchOrTagName
+        ref: branchOrTagName,
+        inputs: workflowInputs
       });
       ctx.logger.info(`Workflow ${workflowId} dispatched successfully`);
     }
@@ -1793,8 +1809,8 @@ function createGithubActionsDispatchAction(options) {
 }
 function createGithubWebhookAction(options) {
-  const { integrations, defaultWebhookSecret } = options;
-  const octokitProvider = new OctokitProvider(integrations);
+  const { integrations, defaultWebhookSecret, githubCredentialsProvider } = options;
+  const octokitProvider = new OctokitProvider(integrations, githubCredentialsProvider != null ? githubCredentialsProvider : integration.DefaultGithubCredentialsProvider.fromIntegrations(integrations));
   const eventNames = webhooks.emitterEventNames.filter((event) => !event.includes("."));
   return createTemplateAction({
     id: "github:webhook",
@@ -1871,7 +1887,7 @@ function createGithubWebhookAction(options) {
       const { client, owner, repo } = await octokitProvider.getOctokit(repoUrl);
       try {
         const insecure_ssl = insecureSsl ? "1" : "0";
-        await client.repos.createWebhook({
+        await client.rest.repos.createWebhook({
           owner,
           repo,
           config: {
@@ -1893,7 +1909,15 @@ function createGithubWebhookAction(options) {
 }
 const createBuiltinActions = (options) => {
-  const { reader, integrations, containerRunner, catalogClient, config } = options;
+  const {
+    reader,
+    integrations,
+    containerRunner,
+    catalogClient,
+    config,
+    additionalTemplateFilters
+  } = options;
+  const githubCredentialsProvider = integration.DefaultGithubCredentialsProvider.fromIntegrations(integrations);
   const actions = [
     createFetchPlainAction({
       reader,
@@ -1901,14 +1925,17 @@ const createBuiltinActions = (options) => {
     }),
     createFetchTemplateAction({
       integrations,
-      reader
+      reader,
+      additionalTemplateFilters
     }),
     createPublishGithubAction({
       integrations,
-      config
+      config,
+      githubCredentialsProvider
     }),
     createPublishGithubPullRequestAction({
-      integrations
+      integrations,
+      githubCredentialsProvider
     }),
     createPublishGitlabAction({
       integrations,
@@ -1931,10 +1958,12 @@ const createBuiltinActions = (options) => {
     createFilesystemDeleteAction(),
     createFilesystemRenameAction(),
     createGithubActionsDispatchAction({
-      integrations
+      integrations,
+      githubCredentialsProvider
     }),
     createGithubWebhookAction({
-      integrations
+      integrations,
+      githubCredentialsProvider
     })
   ];
   if (containerRunner) {
@@ -2020,7 +2049,8 @@ class DatabaseTaskStore {
       }
       const updateCount = await tx("tasks").where({ id: task.id, status: "open" }).update({
         status: "processing",
-        last_heartbeat_at: this.db.fn.now()
+        last_heartbeat_at: this.db.fn.now(),
+        secrets: null
       });
       if (updateCount < 1) {
         return void 0;
@@ -2084,8 +2114,7 @@ class DatabaseTaskStore {
         id: taskId,
         status: oldStatus
       }).update({
-        status,
-        secrets: null
+        status
       });
       if (updateCount !== 1) {
         throw new errors.ConflictError(`Failed to update status to '${status}' for taskId ${taskId}`);
@@ -2298,7 +2327,7 @@ class HandlebarsWorkflowRunner {
     this.handlebars.registerHelper("eq", (a, b) => a === b);
   }
   async execute(task) {
-    var _a, _b;
+    var _a, _b, _c;
     if (!isValidTaskSpec$1(task.spec)) {
       throw new errors.InputError(`Task spec is not a valid v1beta2 task spec`);
     }
@@ -2402,6 +2431,7 @@ class HandlebarsWorkflowRunner {
             logStream: stream$1,
             input,
             token: (_b = task.secrets) == null ? void 0 : _b.token,
+            secrets: (_c = task.secrets) != null ? _c : {},
             workspacePath,
             async createTemporaryDirectory() {
               const tmpDir = await fs__default["default"].mkdtemp(`${workspacePath}_step-${step.id}-`);
@@ -2527,7 +2557,7 @@ class NunjucksWorkflowRunner {
     });
   }
   async execute(task) {
-    var _a, _b;
+    var _a, _b, _c, _d;
     if (!isValidTaskSpec(task.spec)) {
       throw new errors.InputError("Wrong template version executed with the workflow engine");
     }
@@ -2536,7 +2566,8 @@ class NunjucksWorkflowRunner {
     const renderTemplate = await SecureTemplater.loadRenderer({
       parseRepoUrl(url) {
         return parseRepoUrl(url, integrations);
-      }
+      },
+      additionalTemplateFilters: this.options.additionalTemplateFilters
     });
     try {
       await fs__default["default"].ensureDir(workspacePath);
@@ -2576,6 +2607,8 @@ class NunjucksWorkflowRunner {
           await action.handler({
             baseUrl: task.spec.baseUrl,
             input,
+            token: (_c = task.secrets) == null ? void 0 : _c.token,
+            secrets: (_d = task.secrets) != null ? _d : {},
             logger: taskLogger,
             logStream: streamLogger,
             workspacePath,
@@ -2625,7 +2658,8 @@ class TaskWorker {
       logger,
       actionRegistry,
       integrations,
-      workingDirectory
+      workingDirectory,
+      additionalTemplateFilters
     } = options;
     const legacyWorkflowRunner = new HandlebarsWorkflowRunner({
       logger,
@@ -2637,7 +2671,8 @@ class TaskWorker {
       actionRegistry,
       integrations,
       logger,
-      workingDirectory
+      workingDirectory,
+      additionalTemplateFilters
     });
     return new TaskWorker({
       taskBroker,
@@ -2734,7 +2769,8 @@ async function createRouter(options) {
     catalogClient,
     actions,
     containerRunner,
-    taskWorkers
+    taskWorkers,
+    additionalTemplateFilters
   } = options;
   const logger = parentLogger.child({ plugin: "scaffolder" });
   const workingDirectory = await getWorkingDirectory(config, logger);
@@ -2757,7 +2793,8 @@ async function createRouter(options) {
       actionRegistry,
       integrations,
       logger,
-      workingDirectory
+      workingDirectory,
+      additionalTemplateFilters
     });
     workers.push(worker);
   }
@@ -2766,7 +2803,8 @@ async function createRouter(options) {
     catalogClient,
     containerRunner,
     reader,
-    config
+    config,
+    additionalTemplateFilters
   });
   actionsToRegister.forEach((action) => actionRegistry.register(action));
   workers.forEach((worker) => worker.start());
@@ -2857,6 +2895,8 @@ async function createRouter(options) {
       throw new errors.InputError(`Unsupported apiVersion field in schema entity, ${template.apiVersion}`);
     }
     const result = await taskBroker.dispatch(taskSpec, {
+      ...req.body.secrets,
+      backstageToken: token,
       token
     });
     res.status(201).json({ id: result.taskId });