@backstage/plugin-scaffolder-backend 1.15.0-next.2 → 1.15.0-next.3

package/CHANGELOG.md

@@ -1,5 +1,34 @@
 # @backstage/plugin-scaffolder-backend
 
+## 1.15.0-next.3
+
+### Minor Changes
+
+- 84b0e47373db: Add `TargetBranchName` variable and output for the `publish:gitlab:merge-request` and `publish:github:pull-request` s'cascaffolder actions.
+- 6a694ce98e32: Add a scaffolder action that pull-requests for bitbucket server
+- 1948845861b0: Added `github:deployKey:create` and `github:environment:create` scaffolder actions. You will need to add `read/write` permissions to your GITHUB_TOKEN and/or Github Backstage App for Repository `Administration` (for deploy key functionality) and `Environments` (for Environment functionality)
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/backend-common@0.19.0-next.2
+  - @backstage/catalog-model@1.4.0-next.1
+  - @backstage/plugin-catalog-backend@1.10.0-next.2
+  - @backstage/backend-plugin-api@0.5.3-next.2
+  - @backstage/backend-tasks@0.5.3-next.2
+  - @backstage/catalog-client@1.4.2-next.2
+  - @backstage/config@1.0.7
+  - @backstage/errors@1.2.0-next.0
+  - @backstage/integration@1.5.0-next.0
+  - @backstage/types@1.0.2
+  - @backstage/plugin-auth-node@0.2.15-next.2
+  - @backstage/plugin-catalog-common@1.0.14-next.1
+  - @backstage/plugin-catalog-node@1.3.7-next.2
+  - @backstage/plugin-permission-common@0.7.6-next.0
+  - @backstage/plugin-permission-node@0.7.9-next.2
+  - @backstage/plugin-scaffolder-common@1.3.1-next.1
+  - @backstage/plugin-scaffolder-node@0.1.4-next.2
+
 ## 1.15.0-next.2
 
 ### Patch Changes

package/alpha/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-scaffolder-backend",
-  "version": "1.15.0-next.2",
+  "version": "1.15.0-next.3",
   "main": "../dist/alpha.cjs.js",
   "types": "../dist/alpha.d.ts"
 }

package/dist/alpha.cjs.js

@@ -4,7 +4,7 @@ Object.defineProperty(exports, '__esModule', { value: true });
 
 var backendPluginApi = require('@backstage/backend-plugin-api');
 var alpha = require('@backstage/plugin-catalog-node/alpha');
-var ScaffolderEntitiesProcessor = require('./cjs/ScaffolderEntitiesProcessor-70d9fced.cjs.js');
+var ScaffolderEntitiesProcessor = require('./cjs/ScaffolderEntitiesProcessor-8d851e94.cjs.js');
 var alpha$1 = require('@backstage/plugin-scaffolder-common/alpha');
 var pluginPermissionNode = require('@backstage/plugin-permission-node');
 var backendCommon = require('@backstage/backend-common');

package/dist/cjs/{ScaffolderEntitiesProcessor-70d9fced.cjs.js → ScaffolderEntitiesProcessor-8d851e94.cjs.js}

@@ -1477,7 +1477,7 @@ async function createGithubRepoWithCollaboratorsAndTopics(client, repo, owner, r
     name: repo,
     org: owner,
     private: repoVisibility === "private",
-    // @ts-ignore
+    // @ts-ignore https://github.com/octokit/types.ts/issues/522
     visibility: repoVisibility,
     description,
     delete_branch_on_merge: deleteBranchOnMerge,
@@ -2421,6 +2421,260 @@ function createGithubWebhookAction(options) {
   });
 }
 
+function createGithubDeployKeyAction(options) {
+  const { integrations } = options;
+  return pluginScaffolderNode.createTemplateAction({
+    id: "github:deployKey:create",
+    description: "Creates and stores Deploy Keys",
+    schema: {
+      input: {
+        type: "object",
+        required: ["repoUrl", "publicKey", "privateKey", "deployKeyName"],
+        properties: {
+          repoUrl: {
+            title: "Repository Location",
+            description: `Accepts the format 'github.com?repo=reponame&owner=owner' where 'reponame' is the new repository name and 'owner' is an organization or username`,
+            type: "string"
+          },
+          publicKey: {
+            title: "SSH Public Key",
+            description: `Generated from ssh-keygen.  Begins with 'ssh-rsa', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521', 'ssh-ed25519', 'sk-ecdsa-sha2-nistp256@openssh.com', or 'sk-ssh-ed25519@openssh.com'.`,
+            type: "string"
+          },
+          privateKey: {
+            title: "SSH Private Key",
+            description: `SSH Private Key generated from ssh-keygen`,
+            type: "string"
+          },
+          deployKeyName: {
+            title: "Deploy Key Name",
+            description: `Name of the Deploy Key`,
+            type: "string"
+          },
+          privateKeySecretName: {
+            title: "Private Key GitHub Secret Name",
+            description: `Name of the GitHub Secret to store the private key related to the Deploy Key.  Defaults to: 'KEY_NAME_PRIVATE_KEY' where 'KEY_NAME' is the name of the Deploy Key`,
+            type: "string"
+          },
+          token: {
+            title: "Authentication Token",
+            type: "string",
+            description: "The token to use for authorization to GitHub"
+          }
+        }
+      },
+      output: {
+        type: "object",
+        properties: {
+          privateKeySecretName: {
+            title: "The GitHub Action Repo Secret Name for the Private Key",
+            type: "string"
+          }
+        }
+      }
+    },
+    async handler(ctx) {
+      const {
+        repoUrl,
+        publicKey,
+        privateKey,
+        deployKeyName,
+        privateKeySecretName = `${deployKeyName.split(" ").join("_").toLocaleUpperCase("en-US")}_PRIVATE_KEY`,
+        token: providedToken
+      } = ctx.input;
+      const octokitOptions = await getOctokitOptions({
+        integrations,
+        token: providedToken,
+        repoUrl
+      });
+      const { owner, repo } = parseRepoUrl(repoUrl, integrations);
+      if (!owner) {
+        throw new errors.InputError(`No owner provided for repo ${repoUrl}`);
+      }
+      const client = new octokit.Octokit(octokitOptions);
+      await client.rest.repos.createDeployKey({
+        owner,
+        repo,
+        title: deployKeyName,
+        key: publicKey
+      });
+      const publicKeyResponse = await client.rest.actions.getRepoPublicKey({
+        owner,
+        repo
+      });
+      await Sodium__default["default"].ready;
+      const binaryKey = Sodium__default["default"].from_base64(
+        publicKeyResponse.data.key,
+        Sodium__default["default"].base64_variants.ORIGINAL
+      );
+      const binarySecret = Sodium__default["default"].from_string(privateKey);
+      const encryptedBinarySecret = Sodium__default["default"].crypto_box_seal(
+        binarySecret,
+        binaryKey
+      );
+      const encryptedBase64Secret = Sodium__default["default"].to_base64(
+        encryptedBinarySecret,
+        Sodium__default["default"].base64_variants.ORIGINAL
+      );
+      await client.rest.actions.createOrUpdateRepoSecret({
+        owner,
+        repo,
+        secret_name: privateKeySecretName,
+        encrypted_value: encryptedBase64Secret,
+        key_id: publicKeyResponse.data.key_id
+      });
+      ctx.output("privateKeySecretName", privateKeySecretName);
+    }
+  });
+}
+
+function createGithubEnvironmentAction(options) {
+  const { integrations } = options;
+  return pluginScaffolderNode.createTemplateAction({
+    id: "github:environment:create",
+    description: "Creates Deployment Environments",
+    schema: {
+      input: {
+        type: "object",
+        required: ["repoUrl", "name"],
+        properties: {
+          repoUrl: {
+            title: "Repository Location",
+            description: `Accepts the format 'github.com?repo=reponame&owner=owner' where 'reponame' is the new repository name and 'owner' is an organization or username`,
+            type: "string"
+          },
+          name: {
+            title: "Environment Name",
+            description: `Name of the deployment environment to create`,
+            type: "string"
+          },
+          deploymentBranchPolicy: {
+            title: "Deployment Branch Policy",
+            description: `The type of deployment branch policy for this environment. To allow all branches to deploy, set to null.`,
+            type: "object",
+            required: ["protected_branches", "custom_branch_policies"],
+            properties: {
+              protected_branches: {
+                title: "Protected Branches",
+                description: `Whether only branches with branch protection rules can deploy to this environment. If protected_branches is true, custom_branch_policies must be false; if protected_branches is false, custom_branch_policies must be true.`,
+                type: "boolean"
+              },
+              custom_branch_policies: {
+                title: "Custom Branch Policies",
+                description: `Whether only branches that match the specified name patterns can deploy to this environment. If custom_branch_policies is true, protected_branches must be false; if custom_branch_policies is false, protected_branches must be true.`,
+                type: "boolean"
+              }
+            }
+          },
+          customBranchPolicyNames: {
+            title: "Custom Branch Policy Name",
+            description: `The name pattern that branches must match in order to deploy to the environment.
+
+            Wildcard characters will not match /. For example, to match branches that begin with release/ and contain an additional single slash, use release/*/*. For more information about pattern matching syntax, see the Ruby File.fnmatch documentation.`,
+            type: "array",
+            items: {
+              type: "string"
+            }
+          },
+          environmentVariables: {
+            title: "Environment Variables",
+            description: `Environment variables attached to the deployment environment`,
+            type: "object"
+          },
+          secrets: {
+            title: "Deployment Secrets",
+            description: `Secrets attached to the deployment environment`,
+            type: "object"
+          },
+          token: {
+            title: "Authentication Token",
+            type: "string",
+            description: "The token to use for authorization to GitHub"
+          }
+        }
+      }
+    },
+    async handler(ctx) {
+      const {
+        repoUrl,
+        name,
+        deploymentBranchPolicy,
+        customBranchPolicyNames,
+        environmentVariables,
+        secrets,
+        token: providedToken
+      } = ctx.input;
+      const octokitOptions = await getOctokitOptions({
+        integrations,
+        token: providedToken,
+        repoUrl
+      });
+      const { owner, repo } = parseRepoUrl(repoUrl, integrations);
+      if (!owner) {
+        throw new errors.InputError(`No owner provided for repo ${repoUrl}`);
+      }
+      const client = new octokit.Octokit(octokitOptions);
+      const repository = await client.rest.repos.get({
+        owner,
+        repo
+      });
+      await client.rest.repos.createOrUpdateEnvironment({
+        owner,
+        repo,
+        environment_name: name,
+        deployment_branch_policy: deploymentBranchPolicy != null ? deploymentBranchPolicy : null
+      });
+      if (customBranchPolicyNames) {
+        for (const item of customBranchPolicyNames) {
+          await client.rest.repos.createDeploymentBranchPolicy({
+            owner,
+            repo,
+            environment_name: name,
+            name: item
+          });
+        }
+      }
+      for (const [key, value] of Object.entries(environmentVariables != null ? environmentVariables : {})) {
+        await client.rest.actions.createEnvironmentVariable({
+          repository_id: repository.data.id,
+          environment_name: name,
+          name: key,
+          value
+        });
+      }
+      if (secrets) {
+        const publicKeyResponse = await client.rest.actions.getRepoPublicKey({
+          owner,
+          repo
+        });
+        await Sodium__default["default"].ready;
+        const binaryKey = Sodium__default["default"].from_base64(
+          publicKeyResponse.data.key,
+          Sodium__default["default"].base64_variants.ORIGINAL
+        );
+        for (const [key, value] of Object.entries(secrets)) {
+          const binarySecret = Sodium__default["default"].from_string(value);
+          const encryptedBinarySecret = Sodium__default["default"].crypto_box_seal(
+            binarySecret,
+            binaryKey
+          );
+          const encryptedBase64Secret = Sodium__default["default"].to_base64(
+            encryptedBinarySecret,
+            Sodium__default["default"].base64_variants.ORIGINAL
+          );
+          await client.rest.actions.createOrUpdateEnvironmentSecret({
+            repository_id: repository.data.id,
+            environment_name: name,
+            secret_name: key,
+            encrypted_value: encryptedBase64Secret,
+            key_id: publicKeyResponse.data.key_id
+          });
+        }
+      }
+    }
+  });
+}
+
 function createPublishAzureAction(options) {
   const { integrations, config } = options;
   return pluginScaffolderNode.createTemplateAction({
@@ -3273,6 +3527,203 @@ function createPublishBitbucketServerAction(options) {
   });
 }
 
+const createPullRequest = async (opts) => {
+  const {
+    project,
+    repo,
+    title,
+    description,
+    toRef,
+    fromRef,
+    authorization,
+    apiBaseUrl
+  } = opts;
+  let response;
+  const data = {
+    method: "POST",
+    body: JSON.stringify({
+      title,
+      description,
+      state: "OPEN",
+      open: true,
+      closed: false,
+      locked: true,
+      toRef,
+      fromRef
+    }),
+    headers: {
+      Authorization: authorization,
+      "Content-Type": "application/json"
+    }
+  };
+  try {
+    response = await fetch__default["default"](
+      `${apiBaseUrl}/projects/${encodeURIComponent(
+        project
+      )}/repos/${encodeURIComponent(repo)}/pull-requests`,
+      data
+    );
+  } catch (e) {
+    throw new Error(`Unable to create pull-reqeusts, ${e}`);
+  }
+  if (response.status !== 201) {
+    throw new Error(
+      `Unable to create pull requests, ${response.status} ${response.statusText}, ${await response.text()}`
+    );
+  }
+  const r = await response.json();
+  return `${r.links.self[0].href}`;
+};
+const findBranches = async (opts) => {
+  const { project, repo, branchName, authorization, apiBaseUrl } = opts;
+  let response;
+  const options = {
+    method: "GET",
+    headers: {
+      Authorization: authorization,
+      "Content-Type": "application/json"
+    }
+  };
+  try {
+    response = await fetch__default["default"](
+      `${apiBaseUrl}/projects/${encodeURIComponent(
+        project
+      )}/repos/${encodeURIComponent(
+        repo
+      )}/branches?boostMatches=true&filterText=${encodeURIComponent(
+        branchName
+      )}`,
+      options
+    );
+  } catch (e) {
+    throw new Error(`Unable to get branches, ${e}`);
+  }
+  if (response.status !== 200) {
+    throw new Error(
+      `Unable to get branches, ${response.status} ${response.statusText}, ${await response.text()}`
+    );
+  }
+  const r = await response.json();
+  for (const object of r.values) {
+    if (object.displayId === branchName) {
+      return object;
+    }
+  }
+  return void 0;
+};
+function createPublishBitbucketServerPullRequestAction(options) {
+  const { integrations } = options;
+  return pluginScaffolderNode.createTemplateAction({
+    id: "publish:bitbucketServer:pull-request",
+    schema: {
+      input: {
+        type: "object",
+        required: ["repoUrl", "title", "sourceBranch"],
+        properties: {
+          repoUrl: {
+            title: "Repository Location",
+            type: "string"
+          },
+          title: {
+            title: "Pull Request title",
+            type: "string",
+            description: "The title for the pull request"
+          },
+          description: {
+            title: "Pull Request Description",
+            type: "string",
+            description: "The description of the pull request"
+          },
+          targetBranch: {
+            title: "Target Branch",
+            type: "string",
+            description: `Branch of repository to apply changes to. The default value is 'master'`
+          },
+          sourceBranch: {
+            title: "Source Branch",
+            type: "string",
+            description: "Branch of repository to copy changes from"
+          },
+          token: {
+            title: "Authorization Token",
+            type: "string",
+            description: "The token to use for authorization to BitBucket Server"
+          }
+        }
+      },
+      output: {
+        type: "object",
+        properties: {
+          pullRequestUrl: {
+            title: "A URL to the pull request with the provider",
+            type: "string"
+          }
+        }
+      }
+    },
+    async handler(ctx) {
+      var _a;
+      const {
+        repoUrl,
+        title,
+        description,
+        targetBranch = "master",
+        sourceBranch
+      } = ctx.input;
+      const { project, repo, host } = parseRepoUrl(repoUrl, integrations);
+      if (!project) {
+        throw new errors.InputError(
+          `Invalid URL provider was included in the repo URL to create ${ctx.input.repoUrl}, missing project`
+        );
+      }
+      const integrationConfig = integrations.bitbucketServer.byHost(host);
+      if (!integrationConfig) {
+        throw new errors.InputError(
+          `No matching integration configuration for host ${host}, please check your integrations config`
+        );
+      }
+      const token = (_a = ctx.input.token) != null ? _a : integrationConfig.config.token;
+      const authConfig = {
+        ...integrationConfig.config,
+        ...{ token }
+      };
+      const reqOpts = integration.getBitbucketServerRequestOptions(authConfig);
+      const authorization = reqOpts.headers.Authorization;
+      if (!authorization) {
+        throw new Error(
+          `Authorization has not been provided for ${integrationConfig.config.host}. Please add either (a) a user login auth token, or (b) a token input from the template or (c) username + password to the integration config.`
+        );
+      }
+      const apiBaseUrl = integrationConfig.config.apiBaseUrl;
+      const toRef = await findBranches({
+        project,
+        repo,
+        branchName: targetBranch,
+        authorization,
+        apiBaseUrl
+      });
+      const fromRef = await findBranches({
+        project,
+        repo,
+        branchName: sourceBranch,
+        authorization,
+        apiBaseUrl
+      });
+      const pullRequestUrl = await createPullRequest({
+        project,
+        repo,
+        title,
+        description,
+        toRef,
+        fromRef,
+        authorization,
+        apiBaseUrl
+      });
+      ctx.output("pullRequestUrl", pullRequestUrl);
+    }
+  });
+}
+
 const createGerritProject = async (config, options) => {
   const { projectName, parent, owner, description } = options;
   const fetchOptions = {
@@ -3811,6 +4262,11 @@ const createPublishGithubPullRequestAction = (options) => {
             title: "Branch Name",
             description: "The name for the branch"
           },
+          targetBranchName: {
+            type: "string",
+            title: "Target Branch Name",
+            description: "The target branch name of the merge request"
+          },
           title: {
             type: "string",
             title: "Pull Request Name",
@@ -3868,6 +4324,10 @@ const createPublishGithubPullRequestAction = (options) => {
         required: ["remoteUrl"],
         type: "object",
         properties: {
+          targetBranchName: {
+            title: "Target branch name of the merge request",
+            type: "string"
+          },
           remoteUrl: {
             type: "string",
             title: "Pull Request URL",
@@ -3885,6 +4345,7 @@ const createPublishGithubPullRequestAction = (options) => {
       const {
         repoUrl,
         branchName,
+        targetBranchName,
         title,
         description,
         draft,
@@ -3941,7 +4402,7 @@ const createPublishGithubPullRequestAction = (options) => {
         ])
       );
       try {
-        const response = await client.createPullRequest({
+        const createOptions = {
           owner,
           repo,
           title,
@@ -3954,7 +4415,11 @@ const createPublishGithubPullRequestAction = (options) => {
           body: description,
           head: branchName,
           draft
-        });
+        };
+        if (targetBranchName) {
+          createOptions.base = targetBranchName;
+        }
+        const response = await client.createPullRequest(createOptions);
         if (!response) {
           throw new GithubResponseError("null response from Github");
         }
@@ -3969,6 +4434,8 @@ const createPublishGithubPullRequestAction = (options) => {
             ctx.logger
           );
         }
+        const targetBranch = response.data.base.ref;
+        ctx.output("targetBranchName", targetBranch);
         ctx.output("remoteUrl", response.data.html_url);
         ctx.output("pullRequestNumber", pullRequestNumber);
       } catch (e) {
@@ -4195,8 +4662,13 @@ const createPublishGitlabMergeRequestAction = (options) => {
           },
           branchName: {
             type: "string",
-            title: "Destination Branch name",
-            description: "The description of the merge request"
+            title: "Source Branch Name",
+            description: "The source branch name of the merge request"
+          },
+          targetBranchName: {
+            type: "string",
+            title: "Target Branch Name",
+            description: "The target branch name of the merge request"
           },
           sourcePath: {
             type: "string",
@@ -4234,6 +4706,10 @@ const createPublishGitlabMergeRequestAction = (options) => {
       output: {
         type: "object",
         properties: {
+          targetBranchName: {
+            title: "Target branch name of the merge request",
+            type: "string"
+          },
           projectid: {
             title: "Gitlab Project id/Name(slug)",
             type: "string"
@@ -4254,6 +4730,7 @@ const createPublishGitlabMergeRequestAction = (options) => {
       const {
         assignee,
         branchName,
+        targetBranchName,
         description,
         repoUrl,
         removeSourceBranch,
@@ -4314,10 +4791,14 @@ const createPublishGitlabMergeRequestAction = (options) => {
           execute_filemode: file.executable
         };
       });
-      const projects = await api.Projects.show(repoID);
-      const { default_branch: defaultBranch } = projects;
+      let targetBranch = targetBranchName;
+      if (!targetBranch) {
+        const projects = await api.Projects.show(repoID);
+        const { default_branch: defaultBranch } = projects;
+        targetBranch = defaultBranch;
+      }
       try {
-        await api.Branches.create(repoID, branchName, String(defaultBranch));
+        await api.Branches.create(repoID, branchName, String(targetBranch));
       } catch (e) {
         throw new errors.InputError(
           `The branch creation failed. Please check that your repo does not already contain a branch named '${branchName}'. ${e}`
@@ -4334,7 +4815,7 @@ const createPublishGitlabMergeRequestAction = (options) => {
         const mergeRequestUrl = await api.MergeRequests.create(
           repoID,
           branchName,
-          String(defaultBranch),
+          String(targetBranch),
           title,
           {
             description,
@@ -4345,6 +4826,7 @@ const createPublishGitlabMergeRequestAction = (options) => {
           return mergeRequest.web_url;
         });
         ctx.output("projectid", repoID);
+        ctx.output("targetBranchName", targetBranch);
         ctx.output("projectPath", repoID);
         ctx.output("mergeRequestUrl", mergeRequestUrl);
       } catch (e) {
@@ -4415,6 +4897,10 @@ const createBuiltinActions = (options) => {
       integrations,
       config
     }),
+    createPublishBitbucketServerPullRequestAction({
+      integrations,
+      config
+    }),
     createPublishAzureAction({
       integrations,
       config
@@ -4446,6 +4932,12 @@ const createBuiltinActions = (options) => {
       integrations,
       config,
       githubCredentialsProvider
+    }),
+    createGithubEnvironmentAction({
+      integrations
+    }),
+    createGithubDeployKeyAction({
+      integrations
     })
   ];
   return actions;
@@ -6225,6 +6717,8 @@ exports.createFetchTemplateAction = createFetchTemplateAction;
 exports.createFilesystemDeleteAction = createFilesystemDeleteAction;
 exports.createFilesystemRenameAction = createFilesystemRenameAction;
 exports.createGithubActionsDispatchAction = createGithubActionsDispatchAction;
+exports.createGithubDeployKeyAction = createGithubDeployKeyAction;
+exports.createGithubEnvironmentAction = createGithubEnvironmentAction;
 exports.createGithubIssuesLabelAction = createGithubIssuesLabelAction;
 exports.createGithubRepoCreateAction = createGithubRepoCreateAction;
 exports.createGithubRepoPushAction = createGithubRepoPushAction;
@@ -6233,6 +6727,7 @@ exports.createPublishAzureAction = createPublishAzureAction;
 exports.createPublishBitbucketAction = createPublishBitbucketAction;
 exports.createPublishBitbucketCloudAction = createPublishBitbucketCloudAction;
 exports.createPublishBitbucketServerAction = createPublishBitbucketServerAction;
+exports.createPublishBitbucketServerPullRequestAction = createPublishBitbucketServerPullRequestAction;
 exports.createPublishGerritAction = createPublishGerritAction;
 exports.createPublishGerritReviewAction = createPublishGerritReviewAction;
 exports.createPublishGithubAction = createPublishGithubAction;
@@ -6245,4 +6740,4 @@ exports.executeShellCommand = executeShellCommand;
 exports.fetchContents = fetchContents;
 exports.scaffolderActionRules = scaffolderActionRules;
 exports.scaffolderTemplateRules = scaffolderTemplateRules;
-//# sourceMappingURL=ScaffolderEntitiesProcessor-70d9fced.cjs.js.map
+//# sourceMappingURL=ScaffolderEntitiesProcessor-8d851e94.cjs.js.map