@backstage/plugin-scaffolder-backend 0.15.21-next.0 → 0.15.23-next.1

package/CHANGELOG.md

@@ -1,5 +1,54 @@
 # @backstage/plugin-scaffolder-backend
 
+## 0.15.23-next.1
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/backend-common@0.10.6-next.0
+  - @backstage/plugin-catalog-backend@0.21.2-next.1
+  - @backstage/plugin-scaffolder-backend-module-cookiecutter@0.1.10-next.1
+
+## 0.15.23-next.0
+
+### Patch Changes
+
+- 2e0dbb0e50: Migrate from deprecated package @octokit/rest to octokit
+- Updated dependencies
+  - @backstage/plugin-catalog-backend@0.21.2-next.0
+  - @backstage/plugin-scaffolder-backend-module-cookiecutter@0.1.10-next.0
+
+## 0.15.22
+
+### Patch Changes
+
+- b09dd8f43b: chore(deps): bump `@gitbeaker/node` from 34.6.0 to 35.1.0
+- ac2f1eeec0: This change is for adding the option of inputs on the `github:actions:dispatch` Backstage Action. This will allow users to pass data from Backstage to the GitHub Action.
+- 0d5e846a78: Expose a new option to provide additional template filters via `@backstage/scaffolder-backend`'s `createRouter()` function.
+- Updated dependencies
+  - @backstage/plugin-catalog-backend@0.21.1
+  - @backstage/backend-common@0.10.5
+
+## 0.15.21
+
+### Patch Changes
+
+- b05d303226: Added the ability to support supplying secrets when creating tasks in the `scaffolder-backend`.
+
+  **deprecation**: Deprecated `ctx.token` from actions in the `scaffolder-backend`. Please move to using `ctx.secrets.backstageToken` instead.
+
+  **deprecation**: Deprecated `task.token` in `TaskSpec` in the `scaffolder-backend`. Please move to using `task.secrets.backstageToken` instead.
+
+- Updated dependencies
+  - @backstage/plugin-catalog-backend@0.21.0
+  - @backstage/integration@0.7.2
+  - @backstage/backend-common@0.10.4
+  - @backstage/config@0.1.13
+  - @backstage/catalog-model@0.9.10
+  - @backstage/catalog-client@0.5.5
+  - @backstage/plugin-scaffolder-backend-module-cookiecutter@0.1.9
+  - @backstage/plugin-scaffolder-common@0.1.3
+
 ## 0.15.21-next.0
 
 ### Patch Changes

package/dist/index.cjs.js

@@ -17,7 +17,7 @@ var child_process = require('child_process');
 var stream = require('stream');
 var azureDevopsNodeApi = require('azure-devops-node-api');
 var fetch = require('node-fetch');
-var rest = require('@octokit/rest');
+var octokit = require('octokit');
 var lodash = require('lodash');
 var octokitPluginCreatePullRequest = require('octokit-plugin-create-pull-request');
 var node = require('@gitbeaker/node');
@@ -119,6 +119,7 @@ function createCatalogRegisterAction(options) {
       }
     },
     async handler(ctx) {
+      var _a, _b;
       const { input } = ctx;
       let catalogInfoUrl;
       if ("catalogInfoUrl" in input) {
@@ -138,13 +139,13 @@ function createCatalogRegisterAction(options) {
       await catalogClient.addLocation({
         type: "url",
         target: catalogInfoUrl
-      }, ctx.token ? { token: ctx.token } : {});
+      }, ((_a = ctx.secrets) == null ? void 0 : _a.backstageToken) ? { token: ctx.secrets.backstageToken } : {});
       try {
         const result = await catalogClient.addLocation({
           dryRun: true,
           type: "url",
           target: catalogInfoUrl
-        }, ctx.token ? { token: ctx.token } : {});
+        }, ((_b = ctx.secrets) == null ? void 0 : _b.backstageToken) ? { token: ctx.secrets.backstageToken } : {});
         if (result.entities.length > 0) {
           const { entities } = result;
           let entity;
@@ -360,6 +361,12 @@ const { render, renderCompat } = (() => {
     });
   }
 
+  if (typeof additionalTemplateFilters !== 'undefined') {
+    for (const [filterName, filterFn] of Object.entries(additionalTemplateFilters)) {
+      env.addFilter(filterName, (...args) => JSON.parse(filterFn(...args)));
+    }
+  }
+
   let uninstallCompat = undefined;
 
   function render(str, values) {
@@ -392,12 +399,16 @@ const { render, renderCompat } = (() => {
 `;
 class SecureTemplater {
   static async loadRenderer(options = {}) {
-    const { parseRepoUrl, cookiecutterCompat } = options;
-    let sandbox = void 0;
+    const { parseRepoUrl, cookiecutterCompat, additionalTemplateFilters } = options;
+    const sandbox = {};
     if (parseRepoUrl) {
-      sandbox = {
-        parseRepoUrl: (url) => JSON.stringify(parseRepoUrl(url))
-      };
+      sandbox.parseRepoUrl = (url) => JSON.stringify(parseRepoUrl(url));
+    }
+    if (additionalTemplateFilters) {
+      sandbox.additionalTemplateFilters = Object.fromEntries(Object.entries(additionalTemplateFilters).filter(([_, filterFunction]) => !!filterFunction).map(([filterName, filterFunction]) => [
+        filterName,
+        (...args) => JSON.stringify(filterFunction(...args))
+      ]));
     }
     const vm = new vm2.VM({ sandbox });
     const nunjucksSource = await fs__default["default"].readFile(backendCommon.resolvePackagePath("@backstage/plugin-scaffolder-backend", "assets/nunjucks.js.txt"), "utf-8");
@@ -418,7 +429,7 @@ class SecureTemplater {
 }
 
 function createFetchTemplateAction(options) {
-  const { reader, integrations } = options;
+  const { reader, integrations, additionalTemplateFilters } = options;
   return createTemplateAction({
     id: "fetch:template",
     description: "Downloads a skeleton, templates variables into file and directory names and content, and places the result in the workspace, or optionally in a subdirectory specified by the 'targetPath' input option.",
@@ -509,7 +520,8 @@ function createFetchTemplateAction(options) {
       };
       ctx.logger.info(`Processing ${allEntriesInTemplate.length} template files/directories with input values`, ctx.input.values);
       const renderTemplate = await SecureTemplater.loadRenderer({
-        cookiecutterCompat: ctx.input.cookiecutterCompat
+        cookiecutterCompat: ctx.input.cookiecutterCompat,
+        additionalTemplateFilters
       });
       for (const location of allEntriesInTemplate) {
         let renderFilename;
@@ -729,7 +741,7 @@ const enableBranchProtectionOnDefaultRepoBranch = async ({
 }) => {
   const tryOnce = async () => {
     try {
-      await client.repos.updateBranchProtection({
+      await client.rest.repos.updateBranchProtection({
         mediaType: {
           previews: ["luke-cage-preview"]
         },
@@ -1176,7 +1188,7 @@ class OctokitProvider {
     if (!token) {
       throw new errors.InputError(`No token available for host: ${host}, with owner ${owner}, and repo ${repo}`);
     }
-    const client = new rest.Octokit({
+    const client = new octokit.Octokit({
       auth: token,
       baseUrl: integrationConfig.apiBaseUrl,
       previews: ["nebula-preview"]
@@ -1283,16 +1295,16 @@ function createPublishGithubAction(options) {
         topics
       } = ctx.input;
       const { client, token, owner, repo } = await octokitProvider.getOctokit(repoUrl);
-      const user = await client.users.getByUsername({
+      const user = await client.rest.users.getByUsername({
         username: owner
       });
-      const repoCreationPromise = user.data.type === "Organization" ? client.repos.createInOrg({
+      const repoCreationPromise = user.data.type === "Organization" ? client.rest.repos.createInOrg({
         name: repo,
         org: owner,
         private: repoVisibility === "private",
         visibility: repoVisibility,
         description
-      }) : client.repos.createForAuthenticatedUser({
+      }) : client.rest.repos.createForAuthenticatedUser({
         name: repo,
         private: repoVisibility === "private",
         description
@@ -1300,7 +1312,7 @@ function createPublishGithubAction(options) {
       const { data: newRepo } = await repoCreationPromise;
       if (access == null ? void 0 : access.startsWith(`${owner}/`)) {
         const [, team] = access.split("/");
-        await client.teams.addOrUpdateRepoPermissionsInOrg({
+        await client.rest.teams.addOrUpdateRepoPermissionsInOrg({
           org: owner,
           team_slug: team,
           owner,
@@ -1308,7 +1320,7 @@ function createPublishGithubAction(options) {
           permission: "admin"
         });
       } else if (access && access !== owner) {
-        await client.repos.addCollaborator({
+        await client.rest.repos.addCollaborator({
           owner,
           repo,
           username: access,
@@ -1321,7 +1333,7 @@ function createPublishGithubAction(options) {
           username: team_slug
         } of collaborators) {
           try {
-            await client.teams.addOrUpdateRepoPermissionsInOrg({
+            await client.rest.teams.addOrUpdateRepoPermissionsInOrg({
               org: owner,
               team_slug,
               owner,
@@ -1336,7 +1348,7 @@ function createPublishGithubAction(options) {
       }
       if (topics) {
         try {
-          await client.repos.replaceAllTopics({
+          await client.rest.repos.replaceAllTopics({
             owner,
             repo,
             names: topics.map((t) => t.toLowerCase())
@@ -1404,7 +1416,7 @@ const defaultClientFactory = async ({
   if (!token) {
     throw new errors.InputError(`No token available for host: ${host}, with owner ${owner}, and repo ${repo}`);
   }
-  const OctokitPR = rest.Octokit.plugin(octokitPluginCreatePullRequest.createPullRequest);
+  const OctokitPR = octokit.Octokit.plugin(octokitPluginCreatePullRequest.createPullRequest);
   return new OctokitPR({
     auth: token,
     baseUrl: integrationConfig.apiBaseUrl
@@ -1771,19 +1783,25 @@ function createGithubActionsDispatchAction(options) {
             title: "Branch or Tag name",
             description: "The git branch or tag name used to dispatch the workflow",
             type: "string"
+          },
+          workflowInputs: {
+            title: "Workflow Inputs",
+            description: "Inputs keys and values to send to GitHub Action configured on the workflow file. The maximum number of properties is 10. ",
+            type: "object"
           }
         }
       }
     },
     async handler(ctx) {
-      const { repoUrl, workflowId, branchOrTagName } = ctx.input;
+      const { repoUrl, workflowId, branchOrTagName, workflowInputs } = ctx.input;
       ctx.logger.info(`Dispatching workflow ${workflowId} for repo ${repoUrl} on ${branchOrTagName}`);
       const { client, owner, repo } = await octokitProvider.getOctokit(repoUrl);
       await client.rest.actions.createWorkflowDispatch({
         owner,
         repo,
         workflow_id: workflowId,
-        ref: branchOrTagName
+        ref: branchOrTagName,
+        inputs: workflowInputs
       });
       ctx.logger.info(`Workflow ${workflowId} dispatched successfully`);
     }
@@ -1869,7 +1887,7 @@ function createGithubWebhookAction(options) {
       const { client, owner, repo } = await octokitProvider.getOctokit(repoUrl);
       try {
         const insecure_ssl = insecureSsl ? "1" : "0";
-        await client.repos.createWebhook({
+        await client.rest.repos.createWebhook({
           owner,
           repo,
           config: {
@@ -1891,7 +1909,14 @@ function createGithubWebhookAction(options) {
 }
 
 const createBuiltinActions = (options) => {
-  const { reader, integrations, containerRunner, catalogClient, config } = options;
+  const {
+    reader,
+    integrations,
+    containerRunner,
+    catalogClient,
+    config,
+    additionalTemplateFilters
+  } = options;
   const githubCredentialsProvider = integration.DefaultGithubCredentialsProvider.fromIntegrations(integrations);
   const actions = [
     createFetchPlainAction({
@@ -1900,7 +1925,8 @@ const createBuiltinActions = (options) => {
     }),
     createFetchTemplateAction({
       integrations,
-      reader
+      reader,
+      additionalTemplateFilters
     }),
     createPublishGithubAction({
       integrations,
@@ -2023,7 +2049,8 @@ class DatabaseTaskStore {
       }
       const updateCount = await tx("tasks").where({ id: task.id, status: "open" }).update({
         status: "processing",
-        last_heartbeat_at: this.db.fn.now()
+        last_heartbeat_at: this.db.fn.now(),
+        secrets: null
       });
       if (updateCount < 1) {
         return void 0;
@@ -2087,8 +2114,7 @@ class DatabaseTaskStore {
         id: taskId,
         status: oldStatus
       }).update({
-        status,
-        secrets: null
+        status
       });
       if (updateCount !== 1) {
         throw new errors.ConflictError(`Failed to update status to '${status}' for taskId ${taskId}`);
@@ -2301,7 +2327,7 @@ class HandlebarsWorkflowRunner {
     this.handlebars.registerHelper("eq", (a, b) => a === b);
   }
   async execute(task) {
-    var _a, _b;
+    var _a, _b, _c;
     if (!isValidTaskSpec$1(task.spec)) {
       throw new errors.InputError(`Task spec is not a valid v1beta2 task spec`);
     }
@@ -2405,6 +2431,7 @@ class HandlebarsWorkflowRunner {
             logStream: stream$1,
             input,
             token: (_b = task.secrets) == null ? void 0 : _b.token,
+            secrets: (_c = task.secrets) != null ? _c : {},
             workspacePath,
             async createTemporaryDirectory() {
               const tmpDir = await fs__default["default"].mkdtemp(`${workspacePath}_step-${step.id}-`);
@@ -2530,7 +2557,7 @@ class NunjucksWorkflowRunner {
     });
   }
   async execute(task) {
-    var _a, _b, _c;
+    var _a, _b, _c, _d;
     if (!isValidTaskSpec(task.spec)) {
       throw new errors.InputError("Wrong template version executed with the workflow engine");
     }
@@ -2539,7 +2566,8 @@ class NunjucksWorkflowRunner {
     const renderTemplate = await SecureTemplater.loadRenderer({
       parseRepoUrl(url) {
         return parseRepoUrl(url, integrations);
-      }
+      },
+      additionalTemplateFilters: this.options.additionalTemplateFilters
     });
     try {
       await fs__default["default"].ensureDir(workspacePath);
@@ -2580,6 +2608,7 @@ class NunjucksWorkflowRunner {
             baseUrl: task.spec.baseUrl,
             input,
             token: (_c = task.secrets) == null ? void 0 : _c.token,
+            secrets: (_d = task.secrets) != null ? _d : {},
             logger: taskLogger,
             logStream: streamLogger,
             workspacePath,
@@ -2629,7 +2658,8 @@ class TaskWorker {
       logger,
       actionRegistry,
       integrations,
-      workingDirectory
+      workingDirectory,
+      additionalTemplateFilters
     } = options;
     const legacyWorkflowRunner = new HandlebarsWorkflowRunner({
       logger,
@@ -2641,7 +2671,8 @@ class TaskWorker {
       actionRegistry,
       integrations,
       logger,
-      workingDirectory
+      workingDirectory,
+      additionalTemplateFilters
     });
     return new TaskWorker({
       taskBroker,
@@ -2738,7 +2769,8 @@ async function createRouter(options) {
     catalogClient,
     actions,
     containerRunner,
-    taskWorkers
+    taskWorkers,
+    additionalTemplateFilters
   } = options;
   const logger = parentLogger.child({ plugin: "scaffolder" });
   const workingDirectory = await getWorkingDirectory(config, logger);
@@ -2761,7 +2793,8 @@ async function createRouter(options) {
       actionRegistry,
       integrations,
       logger,
-      workingDirectory
+      workingDirectory,
+      additionalTemplateFilters
     });
     workers.push(worker);
   }
@@ -2770,7 +2803,8 @@ async function createRouter(options) {
     catalogClient,
     containerRunner,
     reader,
-    config
+    config,
+    additionalTemplateFilters
   });
   actionsToRegister.forEach((action) => actionRegistry.register(action));
   workers.forEach((worker) => worker.start());
@@ -2861,6 +2895,8 @@ async function createRouter(options) {
       throw new errors.InputError(`Unsupported apiVersion field in schema entity, ${template.apiVersion}`);
     }
     const result = await taskBroker.dispatch(taskSpec, {
+      ...req.body.secrets,
+      backstageToken: token,
       token
     });
     res.status(201).json({ id: result.taskId });