@backstage/plugin-scaffolder-backend 1.15.0-next.2 → 1.15.0

package/dist/cjs/{ScaffolderEntitiesProcessor-70d9fced.cjs.js → ScaffolderEntitiesProcessor-d9bc7a90.cjs.js}

@@ -17,7 +17,7 @@ var path = require('path');
 var luxon = require('luxon');
 var globby = require('globby');
 var isbinaryfile = require('isbinaryfile');
-var vm2 = require('vm2');
+var isolatedVm = require('isolated-vm');
 var get = require('lodash/get');
 var octokit = require('octokit');
 var child_process = require('child_process');
@@ -738,20 +738,14 @@ const { render, renderCompat } = (() => {
   });
   compatEnv.addFilter('jsonify', compatEnv.getFilter('dump'));
 
-  if (typeof templateFilters !== 'undefined') {
-    for (const [filterName, filterFn] of Object.entries(templateFilters)) {
-      env.addFilter(filterName, (...args) => JSON.parse(filterFn(...args)));
-    }
+  for (const name of JSON.parse(availableTemplateFilters)) {
+    env.addFilter(name, (...args) => JSON.parse(callFilter(name, args)));
   }
-
-  if (typeof templateGlobals !== 'undefined') {
-    for (const [globalName, global] of Object.entries(templateGlobals)) {
-      if (typeof global === 'function') {
-        env.addGlobal(globalName, (...args) => JSON.parse(global(...args)));
-      } else {
-        env.addGlobal(globalName, JSON.parse(global));
-      }
-    }
+  for (const [name, value] of Object.entries(JSON.parse(availableTemplateGlobals))) {
+    env.addGlobal(name, value);
+  }
+  for (const name of JSON.parse(availableTemplateCallbacks)) {
+    env.addGlobal(name, (...args) => JSON.parse(callGlobal(name, args)));
   }
 
   let uninstallCompat = undefined;
@@ -786,30 +780,14 @@ const { render, renderCompat } = (() => {
 `;
 class SecureTemplater {
   static async loadRenderer(options = {}) {
-    const { cookiecutterCompat, templateFilters, templateGlobals } = options;
-    const sandbox = {};
-    if (templateFilters) {
-      sandbox.templateFilters = Object.fromEntries(
-        Object.entries(templateFilters).filter(([_, filterFunction]) => !!filterFunction).map(([filterName, filterFunction]) => [
-          filterName,
-          (...args) => JSON.stringify(filterFunction(...args))
-        ])
-      );
-    }
-    if (templateGlobals) {
-      sandbox.templateGlobals = Object.fromEntries(
-        Object.entries(templateGlobals).filter(([_, global]) => !!global).map(([globalName, global]) => {
-          if (typeof global === "function") {
-            return [
-              globalName,
-              (...args) => JSON.stringify(global(...args))
-            ];
-          }
-          return [globalName, JSON.stringify(global)];
-        })
-      );
-    }
-    const vm = new vm2.VM({ sandbox });
+    const {
+      cookiecutterCompat,
+      templateFilters = {},
+      templateGlobals = {}
+    } = options;
+    const isolate = new isolatedVm.Isolate({ memoryLimit: 128 });
+    const context = await isolate.createContext();
+    const contextGlobal = context.global;
     const nunjucksSource = await fs__default["default"].readFile(
       backendCommon.resolvePackagePath(
         "@backstage/plugin-scaffolder-backend",
@@ -817,17 +795,64 @@ class SecureTemplater {
       ),
       "utf-8"
     );
-    vm.run(mkScript(nunjucksSource));
+    const nunjucksScript = await isolate.compileScript(
+      mkScript(nunjucksSource)
+    );
+    const availableFilters = Object.keys(templateFilters);
+    await contextGlobal.set(
+      "availableTemplateFilters",
+      JSON.stringify(availableFilters)
+    );
+    const globalCallbacks = [];
+    const globalValues = {};
+    for (const [name, value] of Object.entries(templateGlobals)) {
+      if (typeof value === "function") {
+        globalCallbacks.push(name);
+      } else {
+        globalValues[name] = value;
+      }
+    }
+    await contextGlobal.set(
+      "availableTemplateGlobals",
+      JSON.stringify(globalValues)
+    );
+    await contextGlobal.set(
+      "availableTemplateCallbacks",
+      JSON.stringify(globalCallbacks)
+    );
+    await contextGlobal.set(
+      "callFilter",
+      (filterName, args) => {
+        if (!Object.hasOwn(templateFilters, filterName)) {
+          return "";
+        }
+        return JSON.stringify(templateFilters[filterName](...args));
+      }
+    );
+    await contextGlobal.set(
+      "callGlobal",
+      (globalName, args) => {
+        if (!Object.hasOwn(templateGlobals, globalName)) {
+          return "";
+        }
+        const global = templateGlobals[globalName];
+        if (typeof global !== "function") {
+          return "";
+        }
+        return JSON.stringify(global(...args));
+      }
+    );
+    await nunjucksScript.run(context);
     const render = (template, values) => {
-      if (!vm) {
+      if (!context) {
         throw new Error("SecureTemplater has not been initialized");
       }
-      vm.setGlobal("templateStr", template);
-      vm.setGlobal("templateValues", JSON.stringify(values));
+      contextGlobal.setSync("templateStr", String(template));
+      contextGlobal.setSync("templateValues", JSON.stringify(values));
       if (cookiecutterCompat) {
-        return vm.run(`renderCompat(templateStr, templateValues)`);
+        return context.evalSync(`renderCompat(templateStr, templateValues)`);
       }
-      return vm.run(`render(templateStr, templateValues)`);
+      return context.evalSync(`render(templateStr, templateValues)`);
     };
     return render;
   }
@@ -1477,7 +1502,7 @@ async function createGithubRepoWithCollaboratorsAndTopics(client, repo, owner, r
     name: repo,
     org: owner,
     private: repoVisibility === "private",
-    // @ts-ignore
+    // @ts-ignore https://github.com/octokit/types.ts/issues/522
     visibility: repoVisibility,
     description,
     delete_branch_on_merge: deleteBranchOnMerge,
@@ -2421,6 +2446,260 @@ function createGithubWebhookAction(options) {
   });
 }
 
+function createGithubDeployKeyAction(options) {
+  const { integrations } = options;
+  return pluginScaffolderNode.createTemplateAction({
+    id: "github:deployKey:create",
+    description: "Creates and stores Deploy Keys",
+    schema: {
+      input: {
+        type: "object",
+        required: ["repoUrl", "publicKey", "privateKey", "deployKeyName"],
+        properties: {
+          repoUrl: {
+            title: "Repository Location",
+            description: `Accepts the format 'github.com?repo=reponame&owner=owner' where 'reponame' is the new repository name and 'owner' is an organization or username`,
+            type: "string"
+          },
+          publicKey: {
+            title: "SSH Public Key",
+            description: `Generated from ssh-keygen.  Begins with 'ssh-rsa', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521', 'ssh-ed25519', 'sk-ecdsa-sha2-nistp256@openssh.com', or 'sk-ssh-ed25519@openssh.com'.`,
+            type: "string"
+          },
+          privateKey: {
+            title: "SSH Private Key",
+            description: `SSH Private Key generated from ssh-keygen`,
+            type: "string"
+          },
+          deployKeyName: {
+            title: "Deploy Key Name",
+            description: `Name of the Deploy Key`,
+            type: "string"
+          },
+          privateKeySecretName: {
+            title: "Private Key GitHub Secret Name",
+            description: `Name of the GitHub Secret to store the private key related to the Deploy Key.  Defaults to: 'KEY_NAME_PRIVATE_KEY' where 'KEY_NAME' is the name of the Deploy Key`,
+            type: "string"
+          },
+          token: {
+            title: "Authentication Token",
+            type: "string",
+            description: "The token to use for authorization to GitHub"
+          }
+        }
+      },
+      output: {
+        type: "object",
+        properties: {
+          privateKeySecretName: {
+            title: "The GitHub Action Repo Secret Name for the Private Key",
+            type: "string"
+          }
+        }
+      }
+    },
+    async handler(ctx) {
+      const {
+        repoUrl,
+        publicKey,
+        privateKey,
+        deployKeyName,
+        privateKeySecretName = `${deployKeyName.split(" ").join("_").toLocaleUpperCase("en-US")}_PRIVATE_KEY`,
+        token: providedToken
+      } = ctx.input;
+      const octokitOptions = await getOctokitOptions({
+        integrations,
+        token: providedToken,
+        repoUrl
+      });
+      const { owner, repo } = parseRepoUrl(repoUrl, integrations);
+      if (!owner) {
+        throw new errors.InputError(`No owner provided for repo ${repoUrl}`);
+      }
+      const client = new octokit.Octokit(octokitOptions);
+      await client.rest.repos.createDeployKey({
+        owner,
+        repo,
+        title: deployKeyName,
+        key: publicKey
+      });
+      const publicKeyResponse = await client.rest.actions.getRepoPublicKey({
+        owner,
+        repo
+      });
+      await Sodium__default["default"].ready;
+      const binaryKey = Sodium__default["default"].from_base64(
+        publicKeyResponse.data.key,
+        Sodium__default["default"].base64_variants.ORIGINAL
+      );
+      const binarySecret = Sodium__default["default"].from_string(privateKey);
+      const encryptedBinarySecret = Sodium__default["default"].crypto_box_seal(
+        binarySecret,
+        binaryKey
+      );
+      const encryptedBase64Secret = Sodium__default["default"].to_base64(
+        encryptedBinarySecret,
+        Sodium__default["default"].base64_variants.ORIGINAL
+      );
+      await client.rest.actions.createOrUpdateRepoSecret({
+        owner,
+        repo,
+        secret_name: privateKeySecretName,
+        encrypted_value: encryptedBase64Secret,
+        key_id: publicKeyResponse.data.key_id
+      });
+      ctx.output("privateKeySecretName", privateKeySecretName);
+    }
+  });
+}
+
+function createGithubEnvironmentAction(options) {
+  const { integrations } = options;
+  return pluginScaffolderNode.createTemplateAction({
+    id: "github:environment:create",
+    description: "Creates Deployment Environments",
+    schema: {
+      input: {
+        type: "object",
+        required: ["repoUrl", "name"],
+        properties: {
+          repoUrl: {
+            title: "Repository Location",
+            description: `Accepts the format 'github.com?repo=reponame&owner=owner' where 'reponame' is the new repository name and 'owner' is an organization or username`,
+            type: "string"
+          },
+          name: {
+            title: "Environment Name",
+            description: `Name of the deployment environment to create`,
+            type: "string"
+          },
+          deploymentBranchPolicy: {
+            title: "Deployment Branch Policy",
+            description: `The type of deployment branch policy for this environment. To allow all branches to deploy, set to null.`,
+            type: "object",
+            required: ["protected_branches", "custom_branch_policies"],
+            properties: {
+              protected_branches: {
+                title: "Protected Branches",
+                description: `Whether only branches with branch protection rules can deploy to this environment. If protected_branches is true, custom_branch_policies must be false; if protected_branches is false, custom_branch_policies must be true.`,
+                type: "boolean"
+              },
+              custom_branch_policies: {
+                title: "Custom Branch Policies",
+                description: `Whether only branches that match the specified name patterns can deploy to this environment. If custom_branch_policies is true, protected_branches must be false; if custom_branch_policies is false, protected_branches must be true.`,
+                type: "boolean"
+              }
+            }
+          },
+          customBranchPolicyNames: {
+            title: "Custom Branch Policy Name",
+            description: `The name pattern that branches must match in order to deploy to the environment.
+
+            Wildcard characters will not match /. For example, to match branches that begin with release/ and contain an additional single slash, use release/*/*. For more information about pattern matching syntax, see the Ruby File.fnmatch documentation.`,
+            type: "array",
+            items: {
+              type: "string"
+            }
+          },
+          environmentVariables: {
+            title: "Environment Variables",
+            description: `Environment variables attached to the deployment environment`,
+            type: "object"
+          },
+          secrets: {
+            title: "Deployment Secrets",
+            description: `Secrets attached to the deployment environment`,
+            type: "object"
+          },
+          token: {
+            title: "Authentication Token",
+            type: "string",
+            description: "The token to use for authorization to GitHub"
+          }
+        }
+      }
+    },
+    async handler(ctx) {
+      const {
+        repoUrl,
+        name,
+        deploymentBranchPolicy,
+        customBranchPolicyNames,
+        environmentVariables,
+        secrets,
+        token: providedToken
+      } = ctx.input;
+      const octokitOptions = await getOctokitOptions({
+        integrations,
+        token: providedToken,
+        repoUrl
+      });
+      const { owner, repo } = parseRepoUrl(repoUrl, integrations);
+      if (!owner) {
+        throw new errors.InputError(`No owner provided for repo ${repoUrl}`);
+      }
+      const client = new octokit.Octokit(octokitOptions);
+      const repository = await client.rest.repos.get({
+        owner,
+        repo
+      });
+      await client.rest.repos.createOrUpdateEnvironment({
+        owner,
+        repo,
+        environment_name: name,
+        deployment_branch_policy: deploymentBranchPolicy != null ? deploymentBranchPolicy : null
+      });
+      if (customBranchPolicyNames) {
+        for (const item of customBranchPolicyNames) {
+          await client.rest.repos.createDeploymentBranchPolicy({
+            owner,
+            repo,
+            environment_name: name,
+            name: item
+          });
+        }
+      }
+      for (const [key, value] of Object.entries(environmentVariables != null ? environmentVariables : {})) {
+        await client.rest.actions.createEnvironmentVariable({
+          repository_id: repository.data.id,
+          environment_name: name,
+          name: key,
+          value
+        });
+      }
+      if (secrets) {
+        const publicKeyResponse = await client.rest.actions.getRepoPublicKey({
+          owner,
+          repo
+        });
+        await Sodium__default["default"].ready;
+        const binaryKey = Sodium__default["default"].from_base64(
+          publicKeyResponse.data.key,
+          Sodium__default["default"].base64_variants.ORIGINAL
+        );
+        for (const [key, value] of Object.entries(secrets)) {
+          const binarySecret = Sodium__default["default"].from_string(value);
+          const encryptedBinarySecret = Sodium__default["default"].crypto_box_seal(
+            binarySecret,
+            binaryKey
+          );
+          const encryptedBase64Secret = Sodium__default["default"].to_base64(
+            encryptedBinarySecret,
+            Sodium__default["default"].base64_variants.ORIGINAL
+          );
+          await client.rest.actions.createOrUpdateEnvironmentSecret({
+            repository_id: repository.data.id,
+            environment_name: name,
+            secret_name: key,
+            encrypted_value: encryptedBase64Secret,
+            key_id: publicKeyResponse.data.key_id
+          });
+        }
+      }
+    }
+  });
+}
+
 function createPublishAzureAction(options) {
   const { integrations, config } = options;
   return pluginScaffolderNode.createTemplateAction({
@@ -3273,6 +3552,203 @@ function createPublishBitbucketServerAction(options) {
   });
 }
 
+const createPullRequest = async (opts) => {
+  const {
+    project,
+    repo,
+    title,
+    description,
+    toRef,
+    fromRef,
+    authorization,
+    apiBaseUrl
+  } = opts;
+  let response;
+  const data = {
+    method: "POST",
+    body: JSON.stringify({
+      title,
+      description,
+      state: "OPEN",
+      open: true,
+      closed: false,
+      locked: true,
+      toRef,
+      fromRef
+    }),
+    headers: {
+      Authorization: authorization,
+      "Content-Type": "application/json"
+    }
+  };
+  try {
+    response = await fetch__default["default"](
+      `${apiBaseUrl}/projects/${encodeURIComponent(
+        project
+      )}/repos/${encodeURIComponent(repo)}/pull-requests`,
+      data
+    );
+  } catch (e) {
+    throw new Error(`Unable to create pull-reqeusts, ${e}`);
+  }
+  if (response.status !== 201) {
+    throw new Error(
+      `Unable to create pull requests, ${response.status} ${response.statusText}, ${await response.text()}`
+    );
+  }
+  const r = await response.json();
+  return `${r.links.self[0].href}`;
+};
+const findBranches = async (opts) => {
+  const { project, repo, branchName, authorization, apiBaseUrl } = opts;
+  let response;
+  const options = {
+    method: "GET",
+    headers: {
+      Authorization: authorization,
+      "Content-Type": "application/json"
+    }
+  };
+  try {
+    response = await fetch__default["default"](
+      `${apiBaseUrl}/projects/${encodeURIComponent(
+        project
+      )}/repos/${encodeURIComponent(
+        repo
+      )}/branches?boostMatches=true&filterText=${encodeURIComponent(
+        branchName
+      )}`,
+      options
+    );
+  } catch (e) {
+    throw new Error(`Unable to get branches, ${e}`);
+  }
+  if (response.status !== 200) {
+    throw new Error(
+      `Unable to get branches, ${response.status} ${response.statusText}, ${await response.text()}`
+    );
+  }
+  const r = await response.json();
+  for (const object of r.values) {
+    if (object.displayId === branchName) {
+      return object;
+    }
+  }
+  return void 0;
+};
+function createPublishBitbucketServerPullRequestAction(options) {
+  const { integrations } = options;
+  return pluginScaffolderNode.createTemplateAction({
+    id: "publish:bitbucketServer:pull-request",
+    schema: {
+      input: {
+        type: "object",
+        required: ["repoUrl", "title", "sourceBranch"],
+        properties: {
+          repoUrl: {
+            title: "Repository Location",
+            type: "string"
+          },
+          title: {
+            title: "Pull Request title",
+            type: "string",
+            description: "The title for the pull request"
+          },
+          description: {
+            title: "Pull Request Description",
+            type: "string",
+            description: "The description of the pull request"
+          },
+          targetBranch: {
+            title: "Target Branch",
+            type: "string",
+            description: `Branch of repository to apply changes to. The default value is 'master'`
+          },
+          sourceBranch: {
+            title: "Source Branch",
+            type: "string",
+            description: "Branch of repository to copy changes from"
+          },
+          token: {
+            title: "Authorization Token",
+            type: "string",
+            description: "The token to use for authorization to BitBucket Server"
+          }
+        }
+      },
+      output: {
+        type: "object",
+        properties: {
+          pullRequestUrl: {
+            title: "A URL to the pull request with the provider",
+            type: "string"
+          }
+        }
+      }
+    },
+    async handler(ctx) {
+      var _a;
+      const {
+        repoUrl,
+        title,
+        description,
+        targetBranch = "master",
+        sourceBranch
+      } = ctx.input;
+      const { project, repo, host } = parseRepoUrl(repoUrl, integrations);
+      if (!project) {
+        throw new errors.InputError(
+          `Invalid URL provider was included in the repo URL to create ${ctx.input.repoUrl}, missing project`
+        );
+      }
+      const integrationConfig = integrations.bitbucketServer.byHost(host);
+      if (!integrationConfig) {
+        throw new errors.InputError(
+          `No matching integration configuration for host ${host}, please check your integrations config`
+        );
+      }
+      const token = (_a = ctx.input.token) != null ? _a : integrationConfig.config.token;
+      const authConfig = {
+        ...integrationConfig.config,
+        ...{ token }
+      };
+      const reqOpts = integration.getBitbucketServerRequestOptions(authConfig);
+      const authorization = reqOpts.headers.Authorization;
+      if (!authorization) {
+        throw new Error(
+          `Authorization has not been provided for ${integrationConfig.config.host}. Please add either (a) a user login auth token, or (b) a token input from the template or (c) username + password to the integration config.`
+        );
+      }
+      const apiBaseUrl = integrationConfig.config.apiBaseUrl;
+      const toRef = await findBranches({
+        project,
+        repo,
+        branchName: targetBranch,
+        authorization,
+        apiBaseUrl
+      });
+      const fromRef = await findBranches({
+        project,
+        repo,
+        branchName: sourceBranch,
+        authorization,
+        apiBaseUrl
+      });
+      const pullRequestUrl = await createPullRequest({
+        project,
+        repo,
+        title,
+        description,
+        toRef,
+        fromRef,
+        authorization,
+        apiBaseUrl
+      });
+      ctx.output("pullRequestUrl", pullRequestUrl);
+    }
+  });
+}
+
 const createGerritProject = async (config, options) => {
   const { projectName, parent, owner, description } = options;
   const fetchOptions = {
@@ -3811,6 +4287,11 @@ const createPublishGithubPullRequestAction = (options) => {
             title: "Branch Name",
             description: "The name for the branch"
           },
+          targetBranchName: {
+            type: "string",
+            title: "Target Branch Name",
+            description: "The target branch name of the merge request"
+          },
           title: {
             type: "string",
             title: "Pull Request Name",
@@ -3868,6 +4349,10 @@ const createPublishGithubPullRequestAction = (options) => {
         required: ["remoteUrl"],
         type: "object",
         properties: {
+          targetBranchName: {
+            title: "Target branch name of the merge request",
+            type: "string"
+          },
           remoteUrl: {
             type: "string",
             title: "Pull Request URL",
@@ -3885,6 +4370,7 @@ const createPublishGithubPullRequestAction = (options) => {
       const {
         repoUrl,
         branchName,
+        targetBranchName,
         title,
         description,
         draft,
@@ -3941,7 +4427,7 @@ const createPublishGithubPullRequestAction = (options) => {
         ])
       );
       try {
-        const response = await client.createPullRequest({
+        const createOptions = {
           owner,
           repo,
           title,
@@ -3954,7 +4440,11 @@ const createPublishGithubPullRequestAction = (options) => {
           body: description,
           head: branchName,
           draft
-        });
+        };
+        if (targetBranchName) {
+          createOptions.base = targetBranchName;
+        }
+        const response = await client.createPullRequest(createOptions);
         if (!response) {
           throw new GithubResponseError("null response from Github");
         }
@@ -3969,6 +4459,8 @@ const createPublishGithubPullRequestAction = (options) => {
             ctx.logger
           );
         }
+        const targetBranch = response.data.base.ref;
+        ctx.output("targetBranchName", targetBranch);
         ctx.output("remoteUrl", response.data.html_url);
         ctx.output("pullRequestNumber", pullRequestNumber);
       } catch (e) {
@@ -4195,8 +4687,13 @@ const createPublishGitlabMergeRequestAction = (options) => {
           },
           branchName: {
             type: "string",
-            title: "Destination Branch name",
-            description: "The description of the merge request"
+            title: "Source Branch Name",
+            description: "The source branch name of the merge request"
+          },
+          targetBranchName: {
+            type: "string",
+            title: "Target Branch Name",
+            description: "The target branch name of the merge request"
           },
           sourcePath: {
             type: "string",
@@ -4234,6 +4731,10 @@ const createPublishGitlabMergeRequestAction = (options) => {
       output: {
         type: "object",
         properties: {
+          targetBranchName: {
+            title: "Target branch name of the merge request",
+            type: "string"
+          },
           projectid: {
             title: "Gitlab Project id/Name(slug)",
             type: "string"
@@ -4254,6 +4755,7 @@ const createPublishGitlabMergeRequestAction = (options) => {
       const {
         assignee,
         branchName,
+        targetBranchName,
         description,
         repoUrl,
         removeSourceBranch,
@@ -4314,10 +4816,14 @@ const createPublishGitlabMergeRequestAction = (options) => {
           execute_filemode: file.executable
         };
       });
-      const projects = await api.Projects.show(repoID);
-      const { default_branch: defaultBranch } = projects;
+      let targetBranch = targetBranchName;
+      if (!targetBranch) {
+        const projects = await api.Projects.show(repoID);
+        const { default_branch: defaultBranch } = projects;
+        targetBranch = defaultBranch;
+      }
       try {
-        await api.Branches.create(repoID, branchName, String(defaultBranch));
+        await api.Branches.create(repoID, branchName, String(targetBranch));
       } catch (e) {
         throw new errors.InputError(
           `The branch creation failed. Please check that your repo does not already contain a branch named '${branchName}'. ${e}`
@@ -4334,7 +4840,7 @@ const createPublishGitlabMergeRequestAction = (options) => {
         const mergeRequestUrl = await api.MergeRequests.create(
           repoID,
           branchName,
-          String(defaultBranch),
+          String(targetBranch),
           title,
           {
             description,
@@ -4345,6 +4851,7 @@ const createPublishGitlabMergeRequestAction = (options) => {
           return mergeRequest.web_url;
         });
         ctx.output("projectid", repoID);
+        ctx.output("targetBranchName", targetBranch);
         ctx.output("projectPath", repoID);
         ctx.output("mergeRequestUrl", mergeRequestUrl);
       } catch (e) {
@@ -4415,6 +4922,10 @@ const createBuiltinActions = (options) => {
       integrations,
       config
     }),
+    createPublishBitbucketServerPullRequestAction({
+      integrations,
+      config
+    }),
     createPublishAzureAction({
       integrations,
       config
@@ -4446,6 +4957,12 @@ const createBuiltinActions = (options) => {
       integrations,
       config,
       githubCredentialsProvider
+    }),
+    createGithubEnvironmentAction({
+      integrations
+    }),
+    createGithubDeployKeyAction({
+      integrations
     })
   ];
   return actions;
@@ -6225,6 +6742,8 @@ exports.createFetchTemplateAction = createFetchTemplateAction;
 exports.createFilesystemDeleteAction = createFilesystemDeleteAction;
 exports.createFilesystemRenameAction = createFilesystemRenameAction;
 exports.createGithubActionsDispatchAction = createGithubActionsDispatchAction;
+exports.createGithubDeployKeyAction = createGithubDeployKeyAction;
+exports.createGithubEnvironmentAction = createGithubEnvironmentAction;
 exports.createGithubIssuesLabelAction = createGithubIssuesLabelAction;
 exports.createGithubRepoCreateAction = createGithubRepoCreateAction;
 exports.createGithubRepoPushAction = createGithubRepoPushAction;
@@ -6233,6 +6752,7 @@ exports.createPublishAzureAction = createPublishAzureAction;
 exports.createPublishBitbucketAction = createPublishBitbucketAction;
 exports.createPublishBitbucketCloudAction = createPublishBitbucketCloudAction;
 exports.createPublishBitbucketServerAction = createPublishBitbucketServerAction;
+exports.createPublishBitbucketServerPullRequestAction = createPublishBitbucketServerPullRequestAction;
 exports.createPublishGerritAction = createPublishGerritAction;
 exports.createPublishGerritReviewAction = createPublishGerritReviewAction;
 exports.createPublishGithubAction = createPublishGithubAction;
@@ -6245,4 +6765,4 @@ exports.executeShellCommand = executeShellCommand;
 exports.fetchContents = fetchContents;
 exports.scaffolderActionRules = scaffolderActionRules;
 exports.scaffolderTemplateRules = scaffolderTemplateRules;
-//# sourceMappingURL=ScaffolderEntitiesProcessor-70d9fced.cjs.js.map
+//# sourceMappingURL=ScaffolderEntitiesProcessor-d9bc7a90.cjs.js.map