@backstage/plugin-scaffolder-backend 1.15.0-next.3 → 1.15.0

package/CHANGELOG.md

@@ -1,5 +1,48 @@
 # @backstage/plugin-scaffolder-backend
 
+## 1.15.0
+
+### Minor Changes
+
+- 84b0e47373db: Add `TargetBranchName` variable and output for the `publish:gitlab:merge-request` and `publish:github:pull-request` s'cascaffolder actions.
+- 6a694ce98e32: Add a scaffolder action that pull-requests for bitbucket server
+- 1948845861b0: Added `github:deployKey:create` and `github:environment:create` scaffolder actions. You will need to add `read/write` permissions to your GITHUB_TOKEN and/or Github Backstage App for Repository `Administration` (for deploy key functionality) and `Environments` (for Environment functionality)
+- df8411779da1: Add support for Repository Variables and Secrets to the `publish:github` and `github:repo:create` scaffolder actions. You will need to add `read/write` permissions to your GITHUB_TOKEN and/or Github Backstage App for Repository `Secrets` and `Variables`
+
+  Upgrade octokit introduces some breaking changes.
+
+### Patch Changes
+
+- cc936b529676: Fix handling of `optional` property in `catalog:register` scaffolder action
+- b269da39ac2d: Clearer error messages for action `publish:gitlab:merge-request`
+- 11e0f625583f: Fix wrong gitlabUrl format in repoUrl input description
+- a2c70cdda202: Switch out the sandbox, from `vm2` to `isolated-vm`.
+
+  This is a native dependency, which means that it will need to be compiled with the same version of node on the same OS. This could cause some issues when running in Docker for instance, as you will need to make sure that the dependency is installed and compiled inside the docker container that it will run on.
+
+  This could mean adding in some dependencies to the container like `build-essential` to make sure that this compiles correctly.
+
+  If you're having issues installing this dependency, there's some [install instructions](https://github.com/laverdet/isolated-vm#requirements) over on `isolated-vm`'s repo.
+
+- Updated dependencies
+  - @backstage/backend-common@0.19.0
+  - @backstage/catalog-client@1.4.2
+  - @backstage/types@1.1.0
+  - @backstage/plugin-catalog-backend@1.10.0
+  - @backstage/integration@1.5.0
+  - @backstage/catalog-model@1.4.0
+  - @backstage/errors@1.2.0
+  - @backstage/backend-plugin-api@0.5.3
+  - @backstage/backend-tasks@0.5.3
+  - @backstage/plugin-auth-node@0.2.15
+  - @backstage/plugin-catalog-node@1.3.7
+  - @backstage/plugin-permission-node@0.7.9
+  - @backstage/config@1.0.8
+  - @backstage/plugin-catalog-common@1.0.14
+  - @backstage/plugin-permission-common@0.7.6
+  - @backstage/plugin-scaffolder-common@1.3.1
+  - @backstage/plugin-scaffolder-node@0.1.4
+
 ## 1.15.0-next.3
 
 ### Minor Changes

package/alpha/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-scaffolder-backend",
-  "version": "1.15.0-next.3",
+  "version": "1.15.0",
   "main": "../dist/alpha.cjs.js",
   "types": "../dist/alpha.d.ts"
 }

package/dist/alpha.cjs.js

@@ -4,7 +4,7 @@ Object.defineProperty(exports, '__esModule', { value: true });
 
 var backendPluginApi = require('@backstage/backend-plugin-api');
 var alpha = require('@backstage/plugin-catalog-node/alpha');
-var ScaffolderEntitiesProcessor = require('./cjs/ScaffolderEntitiesProcessor-8d851e94.cjs.js');
+var ScaffolderEntitiesProcessor = require('./cjs/ScaffolderEntitiesProcessor-d9bc7a90.cjs.js');
 var alpha$1 = require('@backstage/plugin-scaffolder-common/alpha');
 var pluginPermissionNode = require('@backstage/plugin-permission-node');
 var backendCommon = require('@backstage/backend-common');
@@ -15,7 +15,7 @@ require('fs-extra');
 require('path');
 require('globby');
 require('isbinaryfile');
-require('vm2');
+require('isolated-vm');
 require('@backstage/catalog-model');
 require('lodash/get');
 require('child_process');

package/dist/cjs/{ScaffolderEntitiesProcessor-8d851e94.cjs.js → ScaffolderEntitiesProcessor-d9bc7a90.cjs.js}

@@ -17,7 +17,7 @@ var path = require('path');
 var luxon = require('luxon');
 var globby = require('globby');
 var isbinaryfile = require('isbinaryfile');
-var vm2 = require('vm2');
+var isolatedVm = require('isolated-vm');
 var get = require('lodash/get');
 var octokit = require('octokit');
 var child_process = require('child_process');
@@ -738,20 +738,14 @@ const { render, renderCompat } = (() => {
   });
   compatEnv.addFilter('jsonify', compatEnv.getFilter('dump'));
 
-  if (typeof templateFilters !== 'undefined') {
-    for (const [filterName, filterFn] of Object.entries(templateFilters)) {
-      env.addFilter(filterName, (...args) => JSON.parse(filterFn(...args)));
-    }
+  for (const name of JSON.parse(availableTemplateFilters)) {
+    env.addFilter(name, (...args) => JSON.parse(callFilter(name, args)));
   }
-
-  if (typeof templateGlobals !== 'undefined') {
-    for (const [globalName, global] of Object.entries(templateGlobals)) {
-      if (typeof global === 'function') {
-        env.addGlobal(globalName, (...args) => JSON.parse(global(...args)));
-      } else {
-        env.addGlobal(globalName, JSON.parse(global));
-      }
-    }
+  for (const [name, value] of Object.entries(JSON.parse(availableTemplateGlobals))) {
+    env.addGlobal(name, value);
+  }
+  for (const name of JSON.parse(availableTemplateCallbacks)) {
+    env.addGlobal(name, (...args) => JSON.parse(callGlobal(name, args)));
   }
 
   let uninstallCompat = undefined;
@@ -786,30 +780,14 @@ const { render, renderCompat } = (() => {
 `;
 class SecureTemplater {
   static async loadRenderer(options = {}) {
-    const { cookiecutterCompat, templateFilters, templateGlobals } = options;
-    const sandbox = {};
-    if (templateFilters) {
-      sandbox.templateFilters = Object.fromEntries(
-        Object.entries(templateFilters).filter(([_, filterFunction]) => !!filterFunction).map(([filterName, filterFunction]) => [
-          filterName,
-          (...args) => JSON.stringify(filterFunction(...args))
-        ])
-      );
-    }
-    if (templateGlobals) {
-      sandbox.templateGlobals = Object.fromEntries(
-        Object.entries(templateGlobals).filter(([_, global]) => !!global).map(([globalName, global]) => {
-          if (typeof global === "function") {
-            return [
-              globalName,
-              (...args) => JSON.stringify(global(...args))
-            ];
-          }
-          return [globalName, JSON.stringify(global)];
-        })
-      );
-    }
-    const vm = new vm2.VM({ sandbox });
+    const {
+      cookiecutterCompat,
+      templateFilters = {},
+      templateGlobals = {}
+    } = options;
+    const isolate = new isolatedVm.Isolate({ memoryLimit: 128 });
+    const context = await isolate.createContext();
+    const contextGlobal = context.global;
     const nunjucksSource = await fs__default["default"].readFile(
       backendCommon.resolvePackagePath(
         "@backstage/plugin-scaffolder-backend",
@@ -817,17 +795,64 @@ class SecureTemplater {
       ),
       "utf-8"
     );
-    vm.run(mkScript(nunjucksSource));
+    const nunjucksScript = await isolate.compileScript(
+      mkScript(nunjucksSource)
+    );
+    const availableFilters = Object.keys(templateFilters);
+    await contextGlobal.set(
+      "availableTemplateFilters",
+      JSON.stringify(availableFilters)
+    );
+    const globalCallbacks = [];
+    const globalValues = {};
+    for (const [name, value] of Object.entries(templateGlobals)) {
+      if (typeof value === "function") {
+        globalCallbacks.push(name);
+      } else {
+        globalValues[name] = value;
+      }
+    }
+    await contextGlobal.set(
+      "availableTemplateGlobals",
+      JSON.stringify(globalValues)
+    );
+    await contextGlobal.set(
+      "availableTemplateCallbacks",
+      JSON.stringify(globalCallbacks)
+    );
+    await contextGlobal.set(
+      "callFilter",
+      (filterName, args) => {
+        if (!Object.hasOwn(templateFilters, filterName)) {
+          return "";
+        }
+        return JSON.stringify(templateFilters[filterName](...args));
+      }
+    );
+    await contextGlobal.set(
+      "callGlobal",
+      (globalName, args) => {
+        if (!Object.hasOwn(templateGlobals, globalName)) {
+          return "";
+        }
+        const global = templateGlobals[globalName];
+        if (typeof global !== "function") {
+          return "";
+        }
+        return JSON.stringify(global(...args));
+      }
+    );
+    await nunjucksScript.run(context);
     const render = (template, values) => {
-      if (!vm) {
+      if (!context) {
         throw new Error("SecureTemplater has not been initialized");
       }
-      vm.setGlobal("templateStr", template);
-      vm.setGlobal("templateValues", JSON.stringify(values));
+      contextGlobal.setSync("templateStr", String(template));
+      contextGlobal.setSync("templateValues", JSON.stringify(values));
       if (cookiecutterCompat) {
-        return vm.run(`renderCompat(templateStr, templateValues)`);
+        return context.evalSync(`renderCompat(templateStr, templateValues)`);
       }
-      return vm.run(`render(templateStr, templateValues)`);
+      return context.evalSync(`render(templateStr, templateValues)`);
     };
     return render;
   }
@@ -6740,4 +6765,4 @@ exports.executeShellCommand = executeShellCommand;
 exports.fetchContents = fetchContents;
 exports.scaffolderActionRules = scaffolderActionRules;
 exports.scaffolderTemplateRules = scaffolderTemplateRules;
-//# sourceMappingURL=ScaffolderEntitiesProcessor-8d851e94.cjs.js.map
+//# sourceMappingURL=ScaffolderEntitiesProcessor-d9bc7a90.cjs.js.map