@backstage/plugin-scaffolder-backend 0.15.23-next.1 → 0.16.0

package/CHANGELOG.md

@@ -1,5 +1,83 @@
 # @backstage/plugin-scaffolder-backend
 
+## 0.16.0
+
+### Minor Changes
+
+- 661594bf43: **BREAKING**: Updated `TemplateAction` and related types to have its type parameter extend `JsonObject` instead of `InputBase`. The `createTemplateAction` has also been updated to pass through the `TInput` type parameter to the return type, meaning the `TemplateAction` retains its type. This can lead to breakages during type checking especially within tests.
+- 8db2b671c6: **BREAKING**: `ctx.token` is now `ctx.secrets.backstageToken` in Actions. Please update any of your Actions that might call out to Backstage API's with this token.
+- 5a1594330e: **BREAKING** - Removed the `CatalogEntityClient` export. This is no longer provider by this package,
+  but you can implement one pretty simply yourself using the `CatalogApi` and applying filters to fetch templates.
+- 7d3471db94: Remove the previously deprecated `scaffolder.provider` config for all providers.
+  This config is no longer used anywhere, and adopters should use [`integrations` config](https://backstage.io/docs/integrations) instead.
+
+### Patch Changes
+
+- 1ed305728b: Bump `node-fetch` to version 2.6.7 and `cross-fetch` to version 3.1.5
+- 3e59f90b51: Fix error handling of the `runCommand` helper to return `Error`
+  instance.
+- c77c5c7eb6: Added `backstage.role` to `package.json`
+- 216725b434: Updated to use new names for `parseLocationRef` and `stringifyLocationRef`
+- e72d371296: Use `TemplateEntityV1beta2` from `@backstage/plugin-scaffolder-common` instead
+  of `@backstage/catalog-model`.
+- 1433045c08: Removed unused `helmet` dependency.
+- 27eccab216: Replaces use of deprecated catalog-model constants.
+- Updated dependencies
+  - @backstage/plugin-scaffolder-common@0.2.0
+  - @backstage/plugin-catalog-backend@0.21.4
+  - @backstage/backend-common@0.10.8
+  - @backstage/catalog-client@0.7.0
+  - @backstage/errors@0.2.1
+  - @backstage/integration@0.7.3
+  - @backstage/catalog-model@0.10.0
+  - @backstage/config@0.1.14
+  - @backstage/types@0.1.2
+  - @backstage/plugin-scaffolder-backend-module-cookiecutter@0.2.0
+
+## 0.15.24
+
+### Patch Changes
+
+- 2441d1cf59: chore(deps): bump `knex` from 0.95.6 to 1.0.2
+
+  This also replaces `sqlite3` with `@vscode/sqlite3` 5.0.7
+
+- 2bd5f24043: fix for the `gitlab:publish` action to use the `oauthToken` key when creating a
+  `Gitlab` client. This only happens if `ctx.input.token` is provided else the key `token` will be used.
+- 898a56578c: Bump `vm2` to version 3.9.6
+- Updated dependencies
+  - @backstage/catalog-client@0.6.0
+  - @backstage/backend-common@0.10.7
+  - @backstage/plugin-catalog-backend@0.21.3
+  - @backstage/plugin-scaffolder-backend-module-cookiecutter@0.1.11
+
+## 0.15.24-next.0
+
+### Patch Changes
+
+- 2441d1cf59: chore(deps): bump `knex` from 0.95.6 to 1.0.2
+
+  This also replaces `sqlite3` with `@vscode/sqlite3` 5.0.7
+
+- 2bd5f24043: fix for the `gitlab:publish` action to use the `oauthToken` key when creating a
+  `Gitlab` client. This only happens if `ctx.input.token` is provided else the key `token` will be used.
+- Updated dependencies
+  - @backstage/backend-common@0.10.7-next.0
+  - @backstage/plugin-catalog-backend@0.21.3-next.0
+  - @backstage/plugin-scaffolder-backend-module-cookiecutter@0.1.11-next.0
+
+## 0.15.23
+
+### Patch Changes
+
+- 2e0dbb0e50: Migrate from deprecated package @octokit/rest to octokit
+- c95df1631e: Added support for templating secrets into actions input, and also added an extra `token` input argument to all publishers to provide a token that would override the `integrations.config`.
+  You can find more information over at [Writing Templates](https://backstage.io/docs/features/software-templates/writing-templates#using-the-users-oauth-token)
+- Updated dependencies
+  - @backstage/plugin-catalog-backend@0.21.2
+  - @backstage/backend-common@0.10.6
+  - @backstage/plugin-scaffolder-backend-module-cookiecutter@0.1.10
+
 ## 0.15.23-next.1
 
 ### Patch Changes

package/config.d.ts

@@ -28,30 +28,5 @@ export interface Config {
      * The commit message used when new components are created.
      */
     defaultCommitMessage?: string;
-    /**
-     * @deprecated Replaced by parameters for the publish:github action
-     */
-    github?: {
-      [key: string]: string;
-    };
-    /**
-     * @deprecated Use the Gitlab integration instead
-     */
-    gitlab?: {
-      api: { [key: string]: string };
-    };
-    /**
-     * @deprecated Use the Azure integration instead
-     */
-    azure?: {
-      baseUrl: string;
-      api: { [key: string]: string };
-    };
-    /**
-     * @deprecated Use the Bitbucket integration instead
-     */
-    bitbucket?: {
-      api: { [key: string]: string };
-    };
   };
 }

package/dist/index.cjs.js

@@ -685,7 +685,7 @@ const runCommand = async ({
     });
     process.on("close", (code) => {
       if (code !== 0) {
-        return reject(`Command ${command} failed, exit code: ${code}`);
+        return reject(new Error(`Command ${command} failed, exit code: ${code}`));
       }
       return resolve();
     });
@@ -854,8 +854,14 @@ function createPublishAzureAction(options) {
             description: `Sets the default branch on the repository. The default value is 'master'`
           },
           sourcePath: {
-            title: "Path within the workspace that will be used as the repository root. If omitted, the entire workspace will be published as the repository.",
+            title: "Source Path",
+            description: "Path within the workspace that will be used as the repository root. If omitted, the entire workspace will be published as the repository.",
             type: "string"
+          },
+          token: {
+            title: "Authentication Token",
+            type: "string",
+            description: "The token to use for authorization to Azure"
           }
         }
       },
@@ -874,6 +880,7 @@ function createPublishAzureAction(options) {
       }
     },
     async handler(ctx) {
+      var _a;
       const { repoUrl, defaultBranch = "master" } = ctx.input;
       const { owner, repo, host, organization } = parseRepoUrl(repoUrl, integrations);
       if (!organization) {
@@ -883,10 +890,11 @@ function createPublishAzureAction(options) {
       if (!integrationConfig) {
         throw new errors.InputError(`No matching integration configuration for host ${host}, please check your integrations config`);
       }
-      if (!integrationConfig.config.token) {
+      if (!integrationConfig.config.token && !ctx.input.token) {
         throw new errors.InputError(`No token provided for Azure Integration ${host}`);
       }
-      const authHandler = azureDevopsNodeApi.getPersonalAccessTokenHandler(integrationConfig.config.token);
+      const token = (_a = ctx.input.token) != null ? _a : integrationConfig.config.token;
+      const authHandler = azureDevopsNodeApi.getPersonalAccessTokenHandler(token);
       const webApi = new azureDevopsNodeApi.WebApi(`https://${host}/${organization}`, authHandler);
       const client = await webApi.getGitApi();
       const createOptions = { name: repo };
@@ -910,7 +918,7 @@ function createPublishAzureAction(options) {
         defaultBranch,
         auth: {
           username: "notempty",
-          password: integrationConfig.config.token
+          password: token
         },
         logger: ctx.logger,
         commitMessage: config.getOptionalString("scaffolder.defaultCommitMessage"),
@@ -1056,12 +1064,19 @@ function createPublishBitbucketAction(options) {
             description: `Sets the default branch on the repository. The default value is 'master'`
           },
           sourcePath: {
-            title: "Path within the workspace that will be used as the repository root. If omitted, the entire workspace will be published as the repository.",
+            title: "Source Path",
+            description: "Path within the workspace that will be used as the repository root. If omitted, the entire workspace will be published as the repository.",
             type: "string"
           },
           enableLFS: {
-            title: "Enable LFS for the repository. Only available for hosted Bitbucket.",
+            title: "Enable LFS?",
+            description: "Enable LFS for the repository. Only available for hosted Bitbucket.",
             type: "boolean"
+          },
+          token: {
+            title: "Authentication Token",
+            type: "string",
+            description: "The token to use for authorization to BitBucket"
           }
         }
       },
@@ -1101,7 +1116,7 @@ function createPublishBitbucketAction(options) {
       if (!integrationConfig) {
         throw new errors.InputError(`No matching integration configuration for host ${host}, please check your integrations config`);
       }
-      const authorization = getAuthorizationHeader(integrationConfig.config);
+      const authorization = getAuthorizationHeader(ctx.input.token ? { host: integrationConfig.config.host, token: ctx.input.token } : integrationConfig.config);
       const apiBaseUrl = integrationConfig.config.apiBaseUrl;
       const createMethod = host === "bitbucket.org" ? createBitbucketCloudRepository : createBitbucketServerRepository;
       const { remoteUrl, repoContentsUrl } = await createMethod({
@@ -1118,13 +1133,22 @@ function createPublishBitbucketAction(options) {
         name: config.getOptionalString("scaffolder.defaultAuthor.name"),
         email: config.getOptionalString("scaffolder.defaultAuthor.email")
       };
+      let auth;
+      if (ctx.input.token) {
+        auth = {
+          username: "x-token-auth",
+          password: ctx.input.token
+        };
+      } else {
+        auth = {
+          username: integrationConfig.config.username ? integrationConfig.config.username : "x-token-auth",
+          password: integrationConfig.config.appPassword ? integrationConfig.config.appPassword : (_a = integrationConfig.config.token) != null ? _a : ""
+        };
+      }
       await initRepoAndPush({
         dir: getRepoSourceDirectory(ctx.workspacePath, ctx.input.sourcePath),
         remoteUrl,
-        auth: {
-          username: integrationConfig.config.username ? integrationConfig.config.username : "x-token-auth",
-          password: integrationConfig.config.appPassword ? integrationConfig.config.appPassword : (_a = integrationConfig.config.token) != null ? _a : ""
-        },
+        auth,
         defaultBranch,
         logger: ctx.logger,
         commitMessage: config.getOptionalString("scaffolder.defaultCommitMessage"),
@@ -1172,7 +1196,7 @@ class OctokitProvider {
     this.integrations = integrations;
     this.githubCredentialsProvider = githubCredentialsProvider || integration.DefaultGithubCredentialsProvider.fromIntegrations(this.integrations);
   }
-  async getOctokit(repoUrl) {
+  async getOctokit(repoUrl, options) {
     var _a;
     const { owner, repo, host } = parseRepoUrl(repoUrl, this.integrations);
     if (!owner) {
@@ -1182,6 +1206,14 @@ class OctokitProvider {
     if (!integrationConfig) {
       throw new errors.InputError(`No integration for host ${host}`);
     }
+    if (options == null ? void 0 : options.token) {
+      const client2 = new octokit.Octokit({
+        auth: options.token,
+        baseUrl: integrationConfig.apiBaseUrl,
+        previews: ["nebula-preview"]
+      });
+      return { client: client2, token: options.token, owner, repo };
+    }
     const { token } = await this.githubCredentialsProvider.getCredentials({
       url: `https://${host}/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}`
     });
@@ -1223,7 +1255,8 @@ function createPublishGithubAction(options) {
             type: "string"
           },
           requireCodeOwnerReviews: {
-            title: "Require an approved review in PR including files with a designated Code Owner",
+            title: "Require CODEOWNER Reviews?",
+            description: "Require an approved review in PR including files with a designated Code Owner",
             type: "boolean"
           },
           repoVisibility: {
@@ -1237,7 +1270,8 @@ function createPublishGithubAction(options) {
             description: `Sets the default branch on the repository. The default value is 'master'`
           },
           sourcePath: {
-            title: "Path within the workspace that will be used as the repository root. If omitted, the entire workspace will be published as the repository.",
+            title: "Source Path",
+            description: "Path within the workspace that will be used as the repository root. If omitted, the entire workspace will be published as the repository.",
             type: "string"
           },
           collaborators: {
@@ -1260,6 +1294,11 @@ function createPublishGithubAction(options) {
               }
             }
           },
+          token: {
+            title: "Authentication Token",
+            type: "string",
+            description: "The token to use for authorization to GitHub"
+          },
           topics: {
             title: "Topics",
             type: "array",
@@ -1292,9 +1331,10 @@ function createPublishGithubAction(options) {
         repoVisibility = "private",
         defaultBranch = "master",
         collaborators,
-        topics
+        topics,
+        token: providedToken
       } = ctx.input;
-      const { client, token, owner, repo } = await octokitProvider.getOctokit(repoUrl);
+      const { client, token, owner, repo } = await octokitProvider.getOctokit(repoUrl, { token: providedToken });
       const user = await client.rest.users.getByUsername({
         username: owner
       });
@@ -1402,13 +1442,21 @@ const defaultClientFactory = async ({
   githubCredentialsProvider,
   owner,
   repo,
-  host = "github.com"
+  host = "github.com",
+  token: providedToken
 }) => {
   var _a;
   const integrationConfig = (_a = integrations.github.byHost(host)) == null ? void 0 : _a.config;
+  const OctokitPR = octokit.Octokit.plugin(octokitPluginCreatePullRequest.createPullRequest);
   if (!integrationConfig) {
     throw new errors.InputError(`No integration for host ${host}`);
   }
+  if (providedToken) {
+    return new OctokitPR({
+      auth: providedToken,
+      baseUrl: integrationConfig.apiBaseUrl
+    });
+  }
   const credentialsProvider = githubCredentialsProvider || integration.SingleInstanceGithubCredentialsProvider.create(integrationConfig);
   const { token } = await credentialsProvider.getCredentials({
     url: `https://${host}/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}`
@@ -1416,7 +1464,6 @@ const defaultClientFactory = async ({
   if (!token) {
     throw new errors.InputError(`No token available for host: ${host}, with owner ${owner}, and repo ${repo}`);
   }
-  const OctokitPR = octokit.Octokit.plugin(octokitPluginCreatePullRequest.createPullRequest);
   return new OctokitPR({
     auth: token,
     baseUrl: integrationConfig.apiBaseUrl
@@ -1463,6 +1510,11 @@ const createPublishGithubPullRequestAction = ({
             type: "string",
             title: "Repository Subdirectory",
             description: "Subdirectory of repository to apply changes to"
+          },
+          token: {
+            title: "Authentication Token",
+            type: "string",
+            description: "The token to use for authorization to GitHub"
           }
         }
       },
@@ -1485,7 +1537,8 @@ const createPublishGithubPullRequestAction = ({
         title,
         description,
         targetPath,
-        sourcePath
+        sourcePath,
+        token: providedToken
       } = ctx.input;
       const { owner, repo, host } = parseRepoUrl(repoUrl, integrations);
       if (!owner) {
@@ -1496,7 +1549,8 @@ const createPublishGithubPullRequestAction = ({
         githubCredentialsProvider,
         host,
         owner,
-        repo
+        repo,
+        token: providedToken
       });
       const fileRoot = sourcePath ? backendCommon.resolveSafeChildPath(ctx.workspacePath, sourcePath) : ctx.workspacePath;
       const localFilePaths = await globby__default["default"](["./**", "./**/.*", "!.git"], {
@@ -1570,8 +1624,14 @@ function createPublishGitlabAction(options) {
             description: `Sets the default branch on the repository. The default value is 'master'`
           },
           sourcePath: {
-            title: "Path within the workspace that will be used as the repository root. If omitted, the entire workspace will be published as the repository.",
+            title: "Source Path",
+            description: "Path within the workspace that will be used as the repository root. If omitted, the entire workspace will be published as the repository.",
             type: "string"
+          },
+          token: {
+            title: "Authentication Token",
+            type: "string",
+            description: "The token to use for authorization to GitLab"
           }
         }
       },
@@ -1603,12 +1663,14 @@ function createPublishGitlabAction(options) {
       if (!integrationConfig) {
         throw new errors.InputError(`No matching integration configuration for host ${host}, please check your integrations config`);
       }
-      if (!integrationConfig.config.token) {
+      if (!integrationConfig.config.token && !ctx.input.token) {
         throw new errors.InputError(`No token available for host ${host}`);
       }
+      const token = ctx.input.token || integrationConfig.config.token;
+      const tokenType = ctx.input.token ? "oauthToken" : "token";
       const client = new node.Gitlab({
         host: integrationConfig.config.baseUrl,
-        token: integrationConfig.config.token
+        [tokenType]: token
       });
       let { id: targetNamespace } = await client.Namespaces.show(owner);
       if (!targetNamespace) {
@@ -1632,7 +1694,7 @@ function createPublishGitlabAction(options) {
         defaultBranch,
         auth: {
           username: "oauth2",
-          password: integrationConfig.config.token
+          password: token
         },
         logger: ctx.logger,
         commitMessage: config.getOptionalString("scaffolder.defaultCommitMessage"),
@@ -1682,6 +1744,11 @@ const createPublishGitlabMergeRequestAction = (options) => {
             type: "string",
             title: "Repository Subdirectory",
             description: "Subdirectory of repository to apply changes to"
+          },
+          token: {
+            title: "Authentication Token",
+            type: "string",
+            description: "The token to use for authorization to GitLab"
           }
         }
       },
@@ -1701,6 +1768,7 @@ const createPublishGitlabMergeRequestAction = (options) => {
       }
     },
     async handler(ctx) {
+      var _a;
       const repoUrl = ctx.input.repoUrl;
       const { host } = parseRepoUrl(repoUrl, integrations);
       const integrationConfig = integrations.gitlab.byHost(host);
@@ -1709,12 +1777,14 @@ const createPublishGitlabMergeRequestAction = (options) => {
       if (!integrationConfig) {
         throw new errors.InputError(`No matching integration configuration for host ${host}, please check your integrations config`);
       }
-      if (!integrationConfig.config.token) {
+      if (!integrationConfig.config.token && !ctx.input.token) {
         throw new errors.InputError(`No token available for host ${host}`);
       }
+      const token = (_a = ctx.input.token) != null ? _a : integrationConfig.config.token;
+      const tokenType = ctx.input.token ? "oauthToken" : "token";
       const api = new node.Gitlab({
         host: integrationConfig.config.baseUrl,
-        token: integrationConfig.config.token
+        [tokenType]: token
       });
       const fileRoot = ctx.workspacePath;
       const localFilePaths = await globby__default["default"]([`${ctx.input.targetPath}/**`], {
@@ -1788,14 +1858,25 @@ function createGithubActionsDispatchAction(options) {
             title: "Workflow Inputs",
             description: "Inputs keys and values to send to GitHub Action configured on the workflow file. The maximum number of properties is 10. ",
             type: "object"
+          },
+          token: {
+            title: "Authentication Token",
+            type: "string",
+            description: "The GITHUB_TOKEN to use for authorization to GitHub"
           }
         }
       }
     },
     async handler(ctx) {
-      const { repoUrl, workflowId, branchOrTagName, workflowInputs } = ctx.input;
+      const {
+        repoUrl,
+        workflowId,
+        branchOrTagName,
+        workflowInputs,
+        token: providedToken
+      } = ctx.input;
       ctx.logger.info(`Dispatching workflow ${workflowId} for repo ${repoUrl} on ${branchOrTagName}`);
-      const { client, owner, repo } = await octokitProvider.getOctokit(repoUrl);
+      const { client, owner, repo } = await octokitProvider.getOctokit(repoUrl, { token: providedToken });
       await client.rest.actions.createWorkflowDispatch({
         owner,
         repo,
@@ -1869,6 +1950,11 @@ function createGithubWebhookAction(options) {
             title: "Insecure SSL",
             type: "boolean",
             description: `Determines whether the SSL certificate of the host for url will be verified when delivering payloads. Default 'false'`
+          },
+          token: {
+            title: "Authentication Token",
+            type: "string",
+            description: "The GITHUB_TOKEN to use for authorization to GitHub"
           }
         }
       }
@@ -1881,10 +1967,11 @@ function createGithubWebhookAction(options) {
         events = ["push"],
         active = true,
         contentType = "form",
-        insecureSsl = false
+        insecureSsl = false,
+        token: providedToken
       } = ctx.input;
       ctx.logger.info(`Creating webhook ${webhookUrl} for repo ${repoUrl}`);
-      const { client, owner, repo } = await octokitProvider.getOctokit(repoUrl);
+      const { client, owner, repo } = await octokitProvider.getOctokit(repoUrl, { token: providedToken });
       try {
         const insecure_ssl = insecureSsl ? "1" : "0";
         await client.rest.repos.createWebhook({
@@ -2327,7 +2414,7 @@ class HandlebarsWorkflowRunner {
     this.handlebars.registerHelper("eq", (a, b) => a === b);
   }
   async execute(task) {
-    var _a, _b, _c;
+    var _a, _b;
     if (!isValidTaskSpec$1(task.spec)) {
       throw new errors.InputError(`Task spec is not a valid v1beta2 task spec`);
     }
@@ -2430,8 +2517,7 @@ class HandlebarsWorkflowRunner {
             logger: taskLogger,
             logStream: stream$1,
             input,
-            token: (_b = task.secrets) == null ? void 0 : _b.token,
-            secrets: (_c = task.secrets) != null ? _c : {},
+            secrets: (_b = task.secrets) != null ? _b : {},
             workspacePath,
             async createTemporaryDirectory() {
               const tmpDir = await fs__default["default"].mkdtemp(`${workspacePath}_step-${step.id}-`);
@@ -2591,8 +2677,8 @@ class NunjucksWorkflowRunner {
           });
           const action = this.options.actionRegistry.get(step.action);
           const { taskLogger, streamLogger } = createStepLogger({ task, step });
-          const input = (_a = step.input && this.render(step.input, context, renderTemplate)) != null ? _a : {};
-          if ((_b = action.schema) == null ? void 0 : _b.input) {
+          const input = (_b = step.input && this.render(step.input, { ...context, secrets: (_a = task.secrets) != null ? _a : {} }, renderTemplate)) != null ? _b : {};
+          if ((_c = action.schema) == null ? void 0 : _c.input) {
             const validateResult = jsonschema.validate(input, action.schema.input);
             if (!validateResult.valid) {
               const errors$1 = validateResult.errors.join(", ");
@@ -2601,13 +2687,9 @@ class NunjucksWorkflowRunner {
           }
           const tmpDirs = new Array();
           const stepOutput = {};
-          if (!task.spec.metadata) {
-            console.warn("DEPRECATION NOTICE: metadata is undefined. metadata will be required in the future.");
-          }
           await action.handler({
             baseUrl: task.spec.baseUrl,
             input,
-            token: (_c = task.secrets) == null ? void 0 : _c.token,
             secrets: (_d = task.secrets) != null ? _d : {},
             logger: taskLogger,
             logStream: streamLogger,
@@ -2700,28 +2782,6 @@ class TaskWorker {
   }
 }
 
-class CatalogEntityClient {
-  constructor(catalogClient) {
-    this.catalogClient = catalogClient;
-  }
-  async findTemplate(templateName, options) {
-    const { items: templates } = await this.catalogClient.getEntities({
-      filter: {
-        kind: "template",
-        "metadata.name": templateName
-      }
-    }, options);
-    if (templates.length !== 1) {
-      if (templates.length > 1) {
-        throw new errors.ConflictError("Templates lookup resulted in multiple matches");
-      } else {
-        throw new errors.NotFoundError("Template not found");
-      }
-    }
-    return templates[0];
-  }
-}
-
 async function getWorkingDirectory(config, logger) {
   if (!config.has("backend.workingDirectory")) {
     return os__default["default"].tmpdir();
@@ -2739,14 +2799,14 @@ async function getWorkingDirectory(config, logger) {
 }
 function getEntityBaseUrl(entity) {
   var _a, _b;
-  let location = (_a = entity.metadata.annotations) == null ? void 0 : _a[catalogModel.SOURCE_LOCATION_ANNOTATION];
+  let location = (_a = entity.metadata.annotations) == null ? void 0 : _a[catalogModel.ANNOTATION_SOURCE_LOCATION];
   if (!location) {
-    location = (_b = entity.metadata.annotations) == null ? void 0 : _b[catalogModel.LOCATION_ANNOTATION];
+    location = (_b = entity.metadata.annotations) == null ? void 0 : _b[catalogModel.ANNOTATION_LOCATION];
   }
   if (!location) {
     return void 0;
   }
-  const { type, target } = catalogModel.parseLocationReference(location);
+  const { type, target } = catalogModel.parseLocationRef(location);
   if (type === "url") {
     return target;
   } else if (type === "file") {
@@ -2754,6 +2814,34 @@ function getEntityBaseUrl(entity) {
   }
   return void 0;
 }
+async function findTemplate({
+  entityRef,
+  token,
+  catalogApi
+}) {
+  const parsedEntityRef = catalogModel.parseEntityRef(entityRef, {
+    defaultKind: "template",
+    defaultNamespace: "default"
+  });
+  const { items } = await catalogApi.getEntities({
+    filter: {
+      kind: "template",
+      "metadata.name": parsedEntityRef.name,
+      "metadata.namespace": parsedEntityRef.namespace
+    }
+  }, {
+    token
+  });
+  const templates = items.filter((entity) => entity.kind === "Template");
+  if (templates.length !== 1) {
+    if (templates.length > 1) {
+      throw new errors.ConflictError("Templates lookup resulted in multiple matches");
+    } else {
+      throw new errors.NotFoundError("Template not found");
+    }
+  }
+  return templates[0];
+}
 
 function isSupportedTemplate(entity) {
   return entity.apiVersion === "backstage.io/v1beta2" || entity.apiVersion === "scaffolder.backstage.io/v1beta3";
@@ -2774,7 +2862,6 @@ async function createRouter(options) {
   } = options;
   const logger = parentLogger.child({ plugin: "scaffolder" });
   const workingDirectory = await getWorkingDirectory(config, logger);
-  const entityClient = new CatalogEntityClient(catalogClient);
   const integrations = integration.ScmIntegrations.fromConfig(config);
   let taskBroker;
   if (!options.taskBroker) {
@@ -2817,7 +2904,9 @@ async function createRouter(options) {
     if (kind.toLowerCase() !== "template") {
       throw new errors.InputError(`Invalid kind, only 'Template' kind is supported`);
     }
-    const template = await entityClient.findTemplate(name, {
+    const template = await findTemplate({
+      catalogApi: catalogClient,
+      entityRef: { kind, namespace, name },
       token: getBearerToken(req.headers.authorization)
     });
     if (isSupportedTemplate(template)) {
@@ -2849,11 +2938,18 @@ async function createRouter(options) {
     const templateName = req.body.templateName;
     const values = req.body.values;
     const token = getBearerToken(req.headers.authorization);
-    const template = await entityClient.findTemplate(templateName, {
-      token
+    const template = await findTemplate({
+      catalogApi: catalogClient,
+      entityRef: {
+        name: templateName
+      },
+      token: getBearerToken(req.headers.authorization)
     });
     let taskSpec;
     if (isSupportedTemplate(template)) {
+      if (template.apiVersion === "backstage.io/v1beta2") {
+        logger.warn(`Scaffolding ${catalogModel.stringifyEntityRef(template)} with deprecated apiVersion ${template.apiVersion}. Please migrate the template to backstage.io/v1beta3. https://backstage.io/docs/features/software-templates/migrating-from-v1beta2-to-v1beta3`);
+      }
       for (const parameters of [(_a = template.spec.parameters) != null ? _a : []].flat()) {
         const result2 = jsonschema.validate(values, parameters);
         if (!result2.valid) {
@@ -2974,13 +3070,11 @@ function getBearerToken(header) {
 
 class ScaffolderEntitiesProcessor {
   constructor() {
-    this.validators = [
-      catalogModel.entityKindSchemaValidator(pluginScaffolderCommon.templateEntityV1beta3Schema)
-    ];
+    this.validators = [pluginScaffolderCommon.templateEntityV1beta3Validator];
   }
   async validateEntityKind(entity) {
     for (const validator of this.validators) {
-      if (validator(entity)) {
+      if (await validator.check(entity)) {
         return true;
       }
     }
@@ -3024,7 +3118,6 @@ Object.defineProperty(exports, 'createFetchCookiecutterAction', {
   enumerable: true,
   get: function () { return pluginScaffolderBackendModuleCookiecutter.createFetchCookiecutterAction; }
 });
-exports.CatalogEntityClient = CatalogEntityClient;
 exports.DatabaseTaskStore = DatabaseTaskStore;
 exports.OctokitProvider = OctokitProvider;
 exports.ScaffolderEntitiesProcessor = ScaffolderEntitiesProcessor;