@backstage/plugin-scaffolder-backend 0.15.10 → 0.15.14

package/dist/index.cjs.js

@@ -5,12 +5,12 @@ Object.defineProperty(exports, '__esModule', { value: true });
 var errors = require('@backstage/errors');
 var catalogModel = require('@backstage/catalog-model');
 var fs = require('fs-extra');
-var path = require('path');
 var yaml = require('yaml');
 var backendCommon = require('@backstage/backend-common');
+var path = require('path');
 var globby = require('globby');
-var nunjucks = require('nunjucks');
 var isbinaryfile = require('isbinaryfile');
+var vm2 = require('vm2');
 var pluginScaffolderBackendModuleCookiecutter = require('@backstage/plugin-scaffolder-backend-module-cookiecutter');
 var child_process = require('child_process');
 var stream = require('stream');
@@ -22,14 +22,15 @@ var lodash = require('lodash');
 var octokitPluginCreatePullRequest = require('octokit-plugin-create-pull-request');
 var node = require('@gitbeaker/node');
 var webhooks = require('@octokit/webhooks');
-var express = require('express');
-var Router = require('express-promise-router');
-var jsonschema = require('jsonschema');
 var uuid = require('uuid');
 var luxon = require('luxon');
-var os = require('os');
 var Handlebars = require('handlebars');
 var winston = require('winston');
+var jsonschema = require('jsonschema');
+var nunjucks = require('nunjucks');
+var express = require('express');
+var Router = require('express-promise-router');
+var os = require('os');
 var pluginCatalogBackend = require('@backstage/plugin-catalog-backend');
 var pluginScaffolderCommon = require('@backstage/plugin-scaffolder-common');
 
@@ -56,17 +57,16 @@ function _interopNamespace(e) {
 }
 
 var fs__default = /*#__PURE__*/_interopDefaultLegacy(fs);
-var path__namespace = /*#__PURE__*/_interopNamespace(path);
-var path__default = /*#__PURE__*/_interopDefaultLegacy(path);
 var yaml__namespace = /*#__PURE__*/_interopNamespace(yaml);
+var path__default = /*#__PURE__*/_interopDefaultLegacy(path);
 var globby__default = /*#__PURE__*/_interopDefaultLegacy(globby);
-var nunjucks__default = /*#__PURE__*/_interopDefaultLegacy(nunjucks);
 var fetch__default = /*#__PURE__*/_interopDefaultLegacy(fetch);
+var Handlebars__namespace = /*#__PURE__*/_interopNamespace(Handlebars);
+var winston__namespace = /*#__PURE__*/_interopNamespace(winston);
+var nunjucks__default = /*#__PURE__*/_interopDefaultLegacy(nunjucks);
 var express__default = /*#__PURE__*/_interopDefaultLegacy(express);
 var Router__default = /*#__PURE__*/_interopDefaultLegacy(Router);
 var os__default = /*#__PURE__*/_interopDefaultLegacy(os);
-var Handlebars__namespace = /*#__PURE__*/_interopNamespace(Handlebars);
-var winston__namespace = /*#__PURE__*/_interopNamespace(winston);
 
 const createTemplateAction = (templateAction) => {
   return templateAction;
@@ -182,7 +182,7 @@ function createCatalogWriteAction() {
     async handler(ctx) {
       ctx.logStream.write(`Writing catalog-info.yaml`);
       const {entity} = ctx.input;
-      await fs__default['default'].writeFile(path.resolve(ctx.workspacePath, "catalog-info.yaml"), yaml__namespace.stringify(entity));
+      await fs__default['default'].writeFile(backendCommon.resolveSafeChildPath(ctx.workspacePath, "catalog-info.yaml"), yaml__namespace.stringify(entity));
     }
   });
 }
@@ -226,7 +226,7 @@ ${files.map((f) => `  - ${path.relative(ctx.workspacePath, f)}`).join("\n")}`);
 async function recursiveReadDir(dir) {
   const subdirs = await fs.readdir(dir);
   const files = await Promise.all(subdirs.map(async (subdir) => {
-    const res = path.resolve(dir, subdir);
+    const res = path.join(dir, subdir);
     return (await fs.stat(res)).isDirectory() ? recursiveReadDir(res) : [res];
   }));
   return files.reduce((a, f) => a.concat(f), []);
@@ -250,7 +250,7 @@ async function fetchContents({
   }
   if (!fetchUrlIsAbsolute && (baseUrl == null ? void 0 : baseUrl.startsWith("file://"))) {
     const basePath = baseUrl.slice("file://".length);
-    const srcDir = backendCommon.resolveSafeChildPath(path__namespace.dirname(basePath), fetchUrl);
+    const srcDir = backendCommon.resolveSafeChildPath(path__default['default'].dirname(basePath), fetchUrl);
     await fs__default['default'].copy(srcDir, outputPath);
   } else {
     let readUrl;
@@ -313,7 +313,100 @@ function createFetchPlainAction(options) {
   });
 }
 
-nunjucks__default['default'].installJinjaCompat();
+const mkScript = (nunjucksSource) => `
+const { render, renderCompat } = (() => {
+  const module = {};
+  const process = { env: {} };
+  const require = (pkg) => { if (pkg === 'events') { return function (){}; }};
+
+  ${nunjucksSource}
+
+  const env = module.exports.configure({
+    autoescape: false,
+    tags: {
+      variableStart: '\${{',
+      variableEnd: '}}',
+    },
+  });
+
+  const compatEnv = module.exports.configure({
+    autoescape: false,
+    tags: {
+      variableStart: '{{',
+      variableEnd: '}}',
+    },
+  });
+  compatEnv.addFilter('jsonify', compatEnv.getFilter('dump'));
+
+  if (typeof parseRepoUrl !== 'undefined') {
+    const safeHelperRef = parseRepoUrl;
+
+    env.addFilter('parseRepoUrl', repoUrl => {
+      return JSON.parse(safeHelperRef(repoUrl))
+    });
+    env.addFilter('projectSlug', repoUrl => {
+      const { owner, repo } = JSON.parse(safeHelperRef(repoUrl));
+      return owner + '/' + repo;
+    });
+  }
+
+  let uninstallCompat = undefined;
+
+  function render(str, values) {
+    try {
+      if (uninstallCompat) {
+        uninstallCompat();
+        uninstallCompat = undefined;
+      }
+      return env.renderString(str, JSON.parse(values));
+    } catch (error) {
+      // Make sure errors don't leak anything
+      throw new Error(String(error.message));
+    }
+  }
+
+  function renderCompat(str, values) {
+    try {
+      if (!uninstallCompat) {
+        uninstallCompat = module.exports.installJinjaCompat();
+      }
+      return compatEnv.renderString(str, JSON.parse(values));
+    } catch (error) {
+      // Make sure errors don't leak anything
+      throw new Error(String(error.message));
+    }
+  }
+
+  return { render, renderCompat };
+})();
+`;
+class SecureTemplater {
+  static async loadRenderer(options = {}) {
+    const {parseRepoUrl, cookiecutterCompat} = options;
+    let sandbox = void 0;
+    if (parseRepoUrl) {
+      sandbox = {
+        parseRepoUrl: (url) => JSON.stringify(parseRepoUrl(url))
+      };
+    }
+    const vm = new vm2.VM({sandbox});
+    const nunjucksSource = await fs__default['default'].readFile(backendCommon.resolvePackagePath("@backstage/plugin-scaffolder-backend", "assets/nunjucks.js.txt"), "utf-8");
+    vm.run(mkScript(nunjucksSource));
+    const render = (template, values) => {
+      if (!vm) {
+        throw new Error("SecureTemplater has not been initialized");
+      }
+      vm.setGlobal("templateStr", template);
+      vm.setGlobal("templateValues", JSON.stringify(values));
+      if (cookiecutterCompat) {
+        return vm.run(`renderCompat(templateStr, templateValues)`);
+      }
+      return vm.run(`render(templateStr, templateValues)`);
+    };
+    return render;
+  }
+}
+
 function createFetchTemplateAction(options) {
   const {reader, integrations} = options;
   return createTemplateAction({
@@ -364,7 +457,7 @@ function createFetchTemplateAction(options) {
       var _a;
       ctx.logger.info("Fetching template content from remote URL");
       const workDir = await ctx.createTemporaryDirectory();
-      const templateDir = path.resolve(workDir, "template");
+      const templateDir = backendCommon.resolveSafeChildPath(workDir, "template");
       const targetPath = (_a = ctx.input.targetPath) != null ? _a : "./";
       const outputDir = backendCommon.resolveSafeChildPath(ctx.workspacePath, targetPath);
       if (ctx.input.copyWithoutRender && !Array.isArray(ctx.input.copyWithoutRender)) {
@@ -400,23 +493,14 @@ function createFetchTemplateAction(options) {
         onlyFiles: false,
         markDirectories: true
       })))).flat());
-      const templater = nunjucks__default['default'].configure({
-        ...ctx.input.cookiecutterCompat ? {} : {
-          tags: {
-            variableStart: "${{",
-            variableEnd: "}}"
-          }
-        },
-        autoescape: false
-      });
-      if (ctx.input.cookiecutterCompat) {
-        templater.addFilter("jsonify", templater.getFilter("dump"));
-      }
       const {cookiecutterCompat, values} = ctx.input;
       const context = {
         [cookiecutterCompat ? "cookiecutter" : "values"]: values
       };
       ctx.logger.info(`Processing ${allEntriesInTemplate.length} template files/directories with input values`, ctx.input.values);
+      const renderTemplate = await SecureTemplater.loadRenderer({
+        cookiecutterCompat: ctx.input.cookiecutterCompat
+      });
       for (const location of allEntriesInTemplate) {
         let renderFilename;
         let renderContents;
@@ -431,9 +515,12 @@ function createFetchTemplateAction(options) {
           renderFilename = renderContents = !nonTemplatedEntries.has(location);
         }
         if (renderFilename) {
-          localOutputPath = templater.renderString(localOutputPath, context);
+          localOutputPath = renderTemplate(localOutputPath, context);
+        }
+        const outputPath = backendCommon.resolveSafeChildPath(outputDir, localOutputPath);
+        if (outputDir === outputPath) {
+          continue;
         }
-        const outputPath = path.resolve(outputDir, localOutputPath);
         if (!renderContents && !extension) {
           ctx.logger.info(`Copying file/directory ${location} without processing.`);
         }
@@ -441,7 +528,7 @@ function createFetchTemplateAction(options) {
           ctx.logger.info(`Writing directory ${location} to template output path.`);
           await fs__default['default'].ensureDir(outputPath);
         } else {
-          const inputFilePath = path.resolve(templateDir, location);
+          const inputFilePath = backendCommon.resolveSafeChildPath(templateDir, location);
           if (await isbinaryfile.isBinaryFile(inputFilePath)) {
             ctx.logger.info(`Copying binary file ${location} to template output path.`);
             await fs__default['default'].copy(inputFilePath, outputPath);
@@ -449,7 +536,7 @@ function createFetchTemplateAction(options) {
             const statsObj = await fs__default['default'].stat(inputFilePath);
             ctx.logger.info(`Writing file ${location} to template output path with mode ${statsObj.mode}.`);
             const inputFileContents = await fs__default['default'].readFile(inputFilePath, "utf-8");
-            await fs__default['default'].outputFile(outputPath, renderContents ? templater.renderString(inputFileContents, context) : inputFileContents, {mode: statsObj.mode});
+            await fs__default['default'].outputFile(outputPath, renderContents ? renderTemplate(inputFileContents, context) : inputFileContents, {mode: statsObj.mode});
           }
         }
       }
@@ -714,6 +801,11 @@ const parseRepoUrl = (repoUrl, integrations) => {
   }
   return {host, owner, repo, organization, workspace, project};
 };
+const isExecutable = (fileMode) => {
+  const executeBitMask = 73;
+  const res = fileMode & executeBitMask;
+  return res > 0;
+};
 
 function createPublishAzureAction(options) {
   const {integrations, config} = options;
@@ -1391,13 +1483,24 @@ const createPublishGithubPullRequestAction = ({
         gitignore: true,
         dot: true
       });
-      const fileContents = await Promise.all(localFilePaths.map((p) => fs.readFile(path__default['default'].resolve(fileRoot, p))));
+      const fileContents = await Promise.all(localFilePaths.map((filePath) => {
+        const absPath = backendCommon.resolveSafeChildPath(fileRoot, filePath);
+        const base64EncodedContent = fs__default['default'].readFileSync(absPath).toString("base64");
+        const fileStat = fs__default['default'].statSync(absPath);
+        const githubTreeItemMode = isExecutable(fileStat.mode) ? "100755" : "100644";
+        const encoding = "base64";
+        return {
+          encoding,
+          content: base64EncodedContent,
+          mode: githubTreeItemMode
+        };
+      }));
       const repoFilePaths = localFilePaths.map((repoFilePath) => {
         return targetPath ? `${targetPath}/${repoFilePath}` : repoFilePath;
       });
       const changes = [
         {
-          files: lodash.zipObject(repoFilePaths, fileContents.map((buf) => buf.toString())),
+          files: lodash.zipObject(repoFilePaths, fileContents),
           commit: title
         }
       ];
@@ -1735,38 +1838,16 @@ class TemplateActionRegistry {
   }
 }
 
-class CatalogEntityClient {
-  constructor(catalogClient) {
-    this.catalogClient = catalogClient;
-  }
-  async findTemplate(templateName, options) {
-    const {items: templates} = await this.catalogClient.getEntities({
-      filter: {
-        kind: "template",
-        "metadata.name": templateName
-      }
-    }, options);
-    if (templates.length !== 1) {
-      if (templates.length > 1) {
-        throw new errors.ConflictError("Templates lookup resulted in multiple matches");
-      } else {
-        throw new errors.NotFoundError("Template not found");
-      }
-    }
-    return templates[0];
-  }
-}
-
 const migrationsDir = backendCommon.resolvePackagePath("@backstage/plugin-scaffolder-backend", "migrations");
 class DatabaseTaskStore {
-  constructor(db) {
-    this.db = db;
-  }
-  static async create(knex) {
-    await knex.migrate.latest({
+  static async create(options) {
+    await options.database.migrate.latest({
       directory: migrationsDir
     });
-    return new DatabaseTaskStore(knex);
+    return new DatabaseTaskStore(options);
+  }
+  constructor(options) {
+    this.db = options.database;
   }
   async getTask(taskId) {
     const [result] = await this.db("tasks").where({id: taskId}).select();
@@ -1922,7 +2003,7 @@ class DatabaseTaskStore {
   }
 }
 
-class TaskAgent {
+class TaskManager {
   constructor(state, storage, logger) {
     this.state = state;
     this.storage = storage;
@@ -1930,7 +2011,7 @@ class TaskAgent {
     this.isDone = false;
   }
   static create(state, storage, logger) {
-    const agent = new TaskAgent(state, storage, logger);
+    const agent = new TaskManager(state, storage, logger);
     agent.startTimeout();
     return agent;
   }
@@ -1996,7 +2077,7 @@ class StorageTaskBroker {
     for (; ; ) {
       const pendingTask = await this.storage.claimTask();
       if (pendingTask) {
-        return TaskAgent.create({
+        return TaskManager.create({
           taskId: pendingTask.id,
           spec: pendingTask.spec,
           secrets: pendingTask.secrets
@@ -2038,7 +2119,7 @@ class StorageTaskBroker {
         await new Promise((resolve) => setTimeout(resolve, 1e3));
       }
     })();
-    return unsubscribe;
+    return {unsubscribe};
   }
   async vacuumTasks(timeoutS) {
     const {tasks} = await this.storage.listStaleTasks(timeoutS);
@@ -2065,70 +2146,12 @@ class StorageTaskBroker {
   }
 }
 
-class TaskWorker {
-  constructor(options) {
-    this.options = options;
-  }
-  start() {
-    (async () => {
-      for (; ; ) {
-        const task = await this.options.taskBroker.claim();
-        await this.runOneTask(task);
-      }
-    })();
-  }
-  async runOneTask(task) {
-    try {
-      const {output} = task.spec.apiVersion === "scaffolder.backstage.io/v1beta3" ? await this.options.runners.workflowRunner.execute(task) : await this.options.runners.legacyWorkflowRunner.execute(task);
-      await task.complete("completed", {output});
-    } catch (error) {
-      errors.assertError(error);
-      await task.complete("failed", {
-        error: {name: error.name, message: error.message}
-      });
-    }
-  }
-}
-
-async function getWorkingDirectory(config, logger) {
-  if (!config.has("backend.workingDirectory")) {
-    return os__default['default'].tmpdir();
-  }
-  const workingDirectory = config.getString("backend.workingDirectory");
-  try {
-    await fs__default['default'].access(workingDirectory, fs__default['default'].constants.F_OK | fs__default['default'].constants.W_OK);
-    logger.info(`using working directory: ${workingDirectory}`);
-  } catch (err) {
-    errors.assertError(err);
-    logger.error(`working directory ${workingDirectory} ${err.code === "ENOENT" ? "does not exist" : "is not writable"}`);
-    throw err;
-  }
-  return workingDirectory;
-}
-function getEntityBaseUrl(entity) {
-  var _a, _b;
-  let location = (_a = entity.metadata.annotations) == null ? void 0 : _a[catalogModel.SOURCE_LOCATION_ANNOTATION];
-  if (!location) {
-    location = (_b = entity.metadata.annotations) == null ? void 0 : _b[catalogModel.LOCATION_ANNOTATION];
-  }
-  if (!location) {
-    return void 0;
-  }
-  const {type, target} = catalogModel.parseLocationReference(location);
-  if (type === "url") {
-    return target;
-  } else if (type === "file") {
-    return `file://${target}`;
-  }
-  return void 0;
-}
-
 function isTruthy(value) {
   return lodash.isArray(value) ? value.length > 0 : !!value;
 }
 
 const isValidTaskSpec$1 = (taskSpec) => taskSpec.apiVersion === "backstage.io/v1beta2";
-class LegacyWorkflowRunner {
+class HandlebarsWorkflowRunner {
   constructor(options) {
     this.options = options;
     this.handlebars = Handlebars__namespace.create();
@@ -2239,6 +2262,9 @@ class LegacyWorkflowRunner {
           this.options.logger.debug(`Running ${action.id} with input`, {
             input: JSON.stringify(input, null, 2)
           });
+          if (!task.spec.metadata) {
+            console.warn("DEPRECATION NOTICE: metadata is undefined. metadata will be required in the future.");
+          }
           await action.handler({
             baseUrl: task.spec.baseUrl,
             logger: taskLogger,
@@ -2253,7 +2279,8 @@ class LegacyWorkflowRunner {
             },
             output(name, value) {
               stepOutputs[name] = value;
-            }
+            },
+            metadata: task.spec.metadata
           });
           for (const tmpDir of tmpDirs) {
             await fs__default['default'].remove(tmpDir);
@@ -2304,7 +2331,10 @@ class LegacyWorkflowRunner {
 const isValidTaskSpec = (taskSpec) => {
   return taskSpec.apiVersion === "scaffolder.backstage.io/v1beta3";
 };
-const createStepLogger = ({task, step}) => {
+const createStepLogger = ({
+  task,
+  step
+}) => {
   const metadata = {stepId: step.id};
   const taskLogger = winston__namespace.createLogger({
     level: process.env.LOG_LEVEL || "info",
@@ -2321,38 +2351,30 @@ const createStepLogger = ({task, step}) => {
   taskLogger.add(new winston__namespace.transports.Stream({stream: streamLogger}));
   return {taskLogger, streamLogger};
 };
-class DefaultWorkflowRunner {
+class NunjucksWorkflowRunner {
   constructor(options) {
     this.options = options;
-    this.nunjucksOptions = {
+  }
+  isSingleTemplateString(input) {
+    var _a, _b;
+    const {parser, nodes} = nunjucks__default['default'];
+    const parsed = parser.parse(input, {}, {
       autoescape: false,
       tags: {
         variableStart: "${{",
         variableEnd: "}}"
       }
-    };
-    this.nunjucks = nunjucks__default['default'].configure(this.nunjucksOptions);
-    this.nunjucks.addFilter("parseRepoUrl", (repoUrl) => {
-      return parseRepoUrl(repoUrl, this.options.integrations);
-    });
-    this.nunjucks.addFilter("projectSlug", (repoUrl) => {
-      const {owner, repo} = parseRepoUrl(repoUrl, this.options.integrations);
-      return `${owner}/${repo}`;
     });
+    return parsed.children.length === 1 && !(((_b = (_a = parsed.children[0]) == null ? void 0 : _a.children) == null ? void 0 : _b[0]) instanceof nodes.TemplateData);
   }
-  isSingleTemplateString(input) {
-    const {parser, nodes} = require("nunjucks");
-    const parsed = parser.parse(input, {}, this.nunjucksOptions);
-    return parsed.children.length === 1 && !(parsed.children[0] instanceof nodes.TemplateData);
-  }
-  render(input, context) {
+  render(input, context, renderTemplate) {
     return JSON.parse(JSON.stringify(input), (_key, value) => {
       try {
         if (typeof value === "string") {
           try {
             if (this.isSingleTemplateString(value)) {
               const wrappedDumped = value.replace(/\${{(.+)}}/g, "${{ ( $1 ) | dump }}");
-              const templated2 = this.nunjucks.renderString(wrappedDumped, context);
+              const templated2 = renderTemplate(wrappedDumped, context);
               if (templated2 === "") {
                 return void 0;
               }
@@ -2361,7 +2383,7 @@ class DefaultWorkflowRunner {
           } catch (ex) {
             this.options.logger.error(`Failed to parse template string: ${value} with error ${ex.message}`);
           }
-          const templated = this.nunjucks.renderString(value, context);
+          const templated = renderTemplate(value, context);
           if (templated === "") {
             return void 0;
           }
@@ -2379,6 +2401,12 @@ class DefaultWorkflowRunner {
       throw new errors.InputError("Wrong template version executed with the workflow engine");
     }
     const workspacePath = path__default['default'].join(this.options.workingDirectory, await task.getWorkspaceName());
+    const {integrations} = this.options;
+    const renderTemplate = await SecureTemplater.loadRenderer({
+      parseRepoUrl(url) {
+        return parseRepoUrl(url, integrations);
+      }
+    });
     try {
       await fs__default['default'].ensureDir(workspacePath);
       await task.emitLog(`Starting up task with ${task.spec.steps.length} steps`);
@@ -2389,7 +2417,7 @@ class DefaultWorkflowRunner {
       for (const step of task.spec.steps) {
         try {
           if (step.if) {
-            const ifResult = await this.render(step.if, context);
+            const ifResult = await this.render(step.if, context, renderTemplate);
             if (!isTruthy(ifResult)) {
               await task.emitLog(`Skipping step ${step.id} because it's if condition was false`, {stepId: step.id, status: "skipped"});
               continue;
@@ -2401,7 +2429,7 @@ class DefaultWorkflowRunner {
           });
           const action = this.options.actionRegistry.get(step.action);
           const {taskLogger, streamLogger} = createStepLogger({task, step});
-          const input = (_a = step.input && this.render(step.input, context)) != null ? _a : {};
+          const input = (_a = step.input && this.render(step.input, context, renderTemplate)) != null ? _a : {};
           if ((_b = action.schema) == null ? void 0 : _b.input) {
             const validateResult = jsonschema.validate(input, action.schema.input);
             if (!validateResult.valid) {
@@ -2411,6 +2439,9 @@ class DefaultWorkflowRunner {
           }
           const tmpDirs = new Array();
           const stepOutput = {};
+          if (!task.spec.metadata) {
+            console.warn("DEPRECATION NOTICE: metadata is undefined. metadata will be required in the future.");
+          }
           await action.handler({
             baseUrl: task.spec.baseUrl,
             input,
@@ -2424,7 +2455,8 @@ class DefaultWorkflowRunner {
             },
             output(name, value) {
               stepOutput[name] = value;
-            }
+            },
+            metadata: task.spec.metadata
           });
           for (const tmpDir of tmpDirs) {
             await fs__default['default'].remove(tmpDir);
@@ -2442,7 +2474,7 @@ class DefaultWorkflowRunner {
           throw err;
         }
       }
-      const output = this.render(task.spec.output, context);
+      const output = this.render(task.spec.output, context, renderTemplate);
       return {output};
     } finally {
       if (workspacePath) {
@@ -2452,6 +2484,111 @@ class DefaultWorkflowRunner {
   }
 }
 
+class TaskWorker {
+  constructor(options) {
+    this.options = options;
+  }
+  static async create(options) {
+    const {
+      taskBroker,
+      logger,
+      actionRegistry,
+      integrations,
+      workingDirectory
+    } = options;
+    const legacyWorkflowRunner = new HandlebarsWorkflowRunner({
+      logger,
+      actionRegistry,
+      integrations,
+      workingDirectory
+    });
+    const workflowRunner = new NunjucksWorkflowRunner({
+      actionRegistry,
+      integrations,
+      logger,
+      workingDirectory
+    });
+    return new TaskWorker({
+      taskBroker,
+      runners: {legacyWorkflowRunner, workflowRunner}
+    });
+  }
+  start() {
+    (async () => {
+      for (; ; ) {
+        const task = await this.options.taskBroker.claim();
+        await this.runOneTask(task);
+      }
+    })();
+  }
+  async runOneTask(task) {
+    try {
+      const {output} = task.spec.apiVersion === "scaffolder.backstage.io/v1beta3" ? await this.options.runners.workflowRunner.execute(task) : await this.options.runners.legacyWorkflowRunner.execute(task);
+      await task.complete("completed", {output});
+    } catch (error) {
+      errors.assertError(error);
+      await task.complete("failed", {
+        error: {name: error.name, message: error.message}
+      });
+    }
+  }
+}
+
+class CatalogEntityClient {
+  constructor(catalogClient) {
+    this.catalogClient = catalogClient;
+  }
+  async findTemplate(templateName, options) {
+    const {items: templates} = await this.catalogClient.getEntities({
+      filter: {
+        kind: "template",
+        "metadata.name": templateName
+      }
+    }, options);
+    if (templates.length !== 1) {
+      if (templates.length > 1) {
+        throw new errors.ConflictError("Templates lookup resulted in multiple matches");
+      } else {
+        throw new errors.NotFoundError("Template not found");
+      }
+    }
+    return templates[0];
+  }
+}
+
+async function getWorkingDirectory(config, logger) {
+  if (!config.has("backend.workingDirectory")) {
+    return os__default['default'].tmpdir();
+  }
+  const workingDirectory = config.getString("backend.workingDirectory");
+  try {
+    await fs__default['default'].access(workingDirectory, fs__default['default'].constants.F_OK | fs__default['default'].constants.W_OK);
+    logger.info(`using working directory: ${workingDirectory}`);
+  } catch (err) {
+    errors.assertError(err);
+    logger.error(`working directory ${workingDirectory} ${err.code === "ENOENT" ? "does not exist" : "is not writable"}`);
+    throw err;
+  }
+  return workingDirectory;
+}
+function getEntityBaseUrl(entity) {
+  var _a, _b;
+  let location = (_a = entity.metadata.annotations) == null ? void 0 : _a[catalogModel.SOURCE_LOCATION_ANNOTATION];
+  if (!location) {
+    location = (_b = entity.metadata.annotations) == null ? void 0 : _b[catalogModel.LOCATION_ANNOTATION];
+  }
+  if (!location) {
+    return void 0;
+  }
+  const {type, target} = catalogModel.parseLocationReference(location);
+  if (type === "url") {
+    return target;
+  } else if (type === "file") {
+    return `file://${target}`;
+  }
+  return void 0;
+}
+
 function isSupportedTemplate(entity) {
   return entity.apiVersion === "backstage.io/v1beta2" || entity.apiVersion === "scaffolder.backstage.io/v1beta3";
 }
@@ -2472,29 +2609,24 @@ async function createRouter(options) {
   const workingDirectory = await getWorkingDirectory(config, logger);
   const entityClient = new CatalogEntityClient(catalogClient);
   const integrations = integration.ScmIntegrations.fromConfig(config);
-  const databaseTaskStore = await DatabaseTaskStore.create(await database.getClient());
-  const taskBroker = new StorageTaskBroker(databaseTaskStore, logger);
+  let taskBroker;
+  if (!options.taskBroker) {
+    const databaseTaskStore = await DatabaseTaskStore.create({
+      database: await database.getClient()
+    });
+    taskBroker = new StorageTaskBroker(databaseTaskStore, logger);
+  } else {
+    taskBroker = options.taskBroker;
+  }
   const actionRegistry = new TemplateActionRegistry();
-  const legacyWorkflowRunner = new LegacyWorkflowRunner({
-    logger,
-    actionRegistry,
-    integrations,
-    workingDirectory
-  });
-  const workflowRunner = new DefaultWorkflowRunner({
-    actionRegistry,
-    integrations,
-    logger,
-    workingDirectory
-  });
   const workers = [];
   for (let i = 0; i < (taskWorkers || 1); i++) {
-    const worker = new TaskWorker({
+    const worker = await TaskWorker.create({
       taskBroker,
-      runners: {
-        legacyWorkflowRunner,
-        workflowRunner
-      }
+      actionRegistry,
+      integrations,
+      logger,
+      workingDirectory
     });
     workers.push(worker);
   }
@@ -2544,7 +2676,7 @@ async function createRouter(options) {
     });
     res.json(actionsList);
   }).post("/v2/tasks", async (req, res) => {
-    var _a, _b, _c;
+    var _a, _b, _c, _d, _e;
     const templateName = req.body.templateName;
     const values = req.body.values;
     const token = getBearerToken(req.headers.authorization);
@@ -2573,7 +2705,8 @@ async function createRouter(options) {
             name: (_b2 = step.name) != null ? _b2 : step.action
           };
         }),
-        output: (_b = template.spec.output) != null ? _b : {}
+        output: (_b = template.spec.output) != null ? _b : {},
+        metadata: {name: (_c = template.metadata) == null ? void 0 : _c.name}
       } : {
         apiVersion: template.apiVersion,
         baseUrl,
@@ -2586,7 +2719,8 @@ async function createRouter(options) {
             name: (_b2 = step.name) != null ? _b2 : step.action
           };
         }),
-        output: (_c = template.spec.output) != null ? _c : {}
+        output: (_d = template.spec.output) != null ? _d : {},
+        metadata: {name: (_e = template.metadata) == null ? void 0 : _e.name}
       };
     } else {
       throw new errors.InputError(`Unsupported apiVersion field in schema entity, ${template.apiVersion}`);
@@ -2605,14 +2739,15 @@ async function createRouter(options) {
     res.status(200).json(task);
   }).get("/v2/tasks/:taskId/eventstream", async (req, res) => {
     const {taskId} = req.params;
-    const after = Number(req.query.after) || void 0;
+    const after = req.query.after !== void 0 ? Number(req.query.after) : void 0;
     logger.debug(`Event stream observing taskId '${taskId}' opened`);
     res.writeHead(200, {
       Connection: "keep-alive",
       "Cache-Control": "no-cache",
       "Content-Type": "text/event-stream"
     });
-    const unsubscribe = taskBroker.observe({taskId, after}, (error, {events}) => {
+    const {unsubscribe} = taskBroker.observe({taskId, after}, (error, {events}) => {
+      var _a;
       if (error) {
         logger.error(`Received error from event stream when observing taskId '${taskId}', ${error}`);
       }
@@ -2626,7 +2761,7 @@ data: ${JSON.stringify(event)}
           shouldUnsubscribe = true;
         }
       }
-      res.flush();
+      (_a = res.flush) == null ? void 0 : _a.call(res);
       if (shouldUnsubscribe)
         unsubscribe();
     });
@@ -2634,6 +2769,27 @@ data: ${JSON.stringify(event)}
       unsubscribe();
       logger.debug(`Event stream observing taskId '${taskId}' closed`);
     });
+  }).get("/v2/tasks/:taskId/events", async (req, res) => {
+    const {taskId} = req.params;
+    const after = Number(req.query.after) || void 0;
+    let unsubscribe = () => {
+    };
+    const timeout = setTimeout(() => {
+      unsubscribe();
+      res.json([]);
+    }, 3e4);
+    ({unsubscribe} = taskBroker.observe({taskId, after}, (error, {events}) => {
+      clearTimeout(timeout);
+      unsubscribe();
+      if (error) {
+        logger.error(`Received error from log when observing taskId '${taskId}', ${error}`);
+      }
+      res.json(events);
+    }));
+    req.on("close", () => {
+      unsubscribe();
+      clearTimeout(timeout);
+    });
   });
   const app = express__default['default']();
   app.set("logger", logger);
@@ -2700,8 +2856,11 @@ Object.defineProperty(exports, 'createFetchCookiecutterAction', {
   }
 });
 exports.CatalogEntityClient = CatalogEntityClient;
+exports.DatabaseTaskStore = DatabaseTaskStore;
 exports.OctokitProvider = OctokitProvider;
 exports.ScaffolderEntitiesProcessor = ScaffolderEntitiesProcessor;
+exports.TaskManager = TaskManager;
+exports.TaskWorker = TaskWorker;
 exports.TemplateActionRegistry = TemplateActionRegistry;
 exports.createBuiltinActions = createBuiltinActions;
 exports.createCatalogRegisterAction = createCatalogRegisterAction;