@backstage/plugin-scaffolder-backend 1.3.0 → 1.4.0-next.2

package/dist/index.cjs.js

@@ -12,16 +12,16 @@ var path = require('path');
 var globby = require('globby');
 var isbinaryfile = require('isbinaryfile');
 var vm2 = require('vm2');
+var octokit = require('octokit');
 var child_process = require('child_process');
 var stream = require('stream');
+var webhooks = require('@octokit/webhooks');
 var azureDevopsNodeApi = require('azure-devops-node-api');
 var fetch = require('node-fetch');
 var crypto = require('crypto');
-var octokit = require('octokit');
 var octokitPluginCreatePullRequest = require('octokit-plugin-create-pull-request');
 var limiterFactory = require('p-limit');
 var node = require('@gitbeaker/node');
-var webhooks = require('@octokit/webhooks');
 var uuid = require('uuid');
 var luxon = require('luxon');
 var ObservableImpl = require('zen-observable');
@@ -688,6 +688,55 @@ const createFilesystemRenameAction = () => {
   });
 };
 
+const getRepoSourceDirectory = (workspacePath, sourcePath) => {
+  if (sourcePath) {
+    const safeSuffix = path.normalize(sourcePath).replace(/^(\.\.(\/|\\|$))+/, "");
+    const path$1 = path.join(workspacePath, safeSuffix);
+    if (!backendCommon.isChildPath(workspacePath, path$1)) {
+      throw new Error("Invalid source path");
+    }
+    return path$1;
+  }
+  return workspacePath;
+};
+const parseRepoUrl = (repoUrl, integrations) => {
+  var _a, _b, _c, _d, _e;
+  let parsed;
+  try {
+    parsed = new URL(`https://${repoUrl}`);
+  } catch (error) {
+    throw new errors.InputError(`Invalid repo URL passed to publisher, got ${repoUrl}, ${error}`);
+  }
+  const host = parsed.host;
+  const owner = (_a = parsed.searchParams.get("owner")) != null ? _a : void 0;
+  const organization = (_b = parsed.searchParams.get("organization")) != null ? _b : void 0;
+  const workspace = (_c = parsed.searchParams.get("workspace")) != null ? _c : void 0;
+  const project = (_d = parsed.searchParams.get("project")) != null ? _d : void 0;
+  const type = (_e = integrations.byHost(host)) == null ? void 0 : _e.type;
+  if (!type) {
+    throw new errors.InputError(`No matching integration configuration for host ${host}, please check your integrations config`);
+  }
+  if (type === "bitbucket") {
+    if (host === "bitbucket.org") {
+      if (!workspace) {
+        throw new errors.InputError(`Invalid repo URL passed to publisher: ${repoUrl}, missing workspace`);
+      }
+    }
+    if (!project) {
+      throw new errors.InputError(`Invalid repo URL passed to publisher: ${repoUrl}, missing project`);
+    }
+  } else {
+    if (!owner) {
+      throw new errors.InputError(`Invalid repo URL passed to publisher: ${repoUrl}, missing owner`);
+    }
+  }
+  const repo = parsed.searchParams.get("repo");
+  if (!repo) {
+    throw new errors.InputError(`Invalid repo URL passed to publisher: ${repoUrl}, missing repo`);
+  }
+  return { host, owner, repo, organization, workspace, project };
+};
+
 const executeShellCommand = async (options) => {
   const {
     command,
@@ -803,663 +852,684 @@ const enableBranchProtectionOnDefaultRepoBranch = async ({
   }
 };
 
-const getRepoSourceDirectory = (workspacePath, sourcePath) => {
-  if (sourcePath) {
-    const safeSuffix = path.normalize(sourcePath).replace(/^(\.\.(\/|\\|$))+/, "");
-    const path$1 = path.join(workspacePath, safeSuffix);
-    if (!backendCommon.isChildPath(workspacePath, path$1)) {
-      throw new Error("Invalid source path");
-    }
-    return path$1;
+const DEFAULT_TIMEOUT_MS = 6e4;
+async function getOctokitOptions(options) {
+  var _a;
+  const { integrations, credentialsProvider, repoUrl, token } = options;
+  const { owner, repo, host } = parseRepoUrl(repoUrl, integrations);
+  const requestOptions = {
+    timeout: DEFAULT_TIMEOUT_MS
+  };
+  if (!owner) {
+    throw new errors.InputError(`No owner provided for repo ${repoUrl}`);
   }
-  return workspacePath;
-};
-const parseRepoUrl = (repoUrl, integrations) => {
-  var _a, _b, _c, _d, _e;
-  let parsed;
+  const integrationConfig = (_a = integrations.github.byHost(host)) == null ? void 0 : _a.config;
+  if (!integrationConfig) {
+    throw new errors.InputError(`No integration for host ${host}`);
+  }
+  if (token) {
+    return {
+      auth: token,
+      baseUrl: integrationConfig.apiBaseUrl,
+      previews: ["nebula-preview"],
+      request: requestOptions
+    };
+  }
+  const githubCredentialsProvider = credentialsProvider != null ? credentialsProvider : integration.DefaultGithubCredentialsProvider.fromIntegrations(integrations);
+  const { token: credentialProviderToken } = await githubCredentialsProvider.getCredentials({
+    url: `https://${host}/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}`
+  });
+  if (!credentialProviderToken) {
+    throw new errors.InputError(`No token available for host: ${host}, with owner ${owner}, and repo ${repo}`);
+  }
+  return {
+    auth: credentialProviderToken,
+    baseUrl: integrationConfig.apiBaseUrl,
+    previews: ["nebula-preview"]
+  };
+}
+async function createGithubRepoWithCollaboratorsAndTopics(client, repo, owner, repoVisibility, description, deleteBranchOnMerge, allowMergeCommit, allowSquashMerge, allowRebaseMerge, access, collaborators, topics, logger) {
+  const user = await client.rest.users.getByUsername({
+    username: owner
+  });
+  const repoCreationPromise = user.data.type === "Organization" ? client.rest.repos.createInOrg({
+    name: repo,
+    org: owner,
+    private: repoVisibility === "private",
+    visibility: repoVisibility,
+    description,
+    delete_branch_on_merge: deleteBranchOnMerge,
+    allow_merge_commit: allowMergeCommit,
+    allow_squash_merge: allowSquashMerge,
+    allow_rebase_merge: allowRebaseMerge
+  }) : client.rest.repos.createForAuthenticatedUser({
+    name: repo,
+    private: repoVisibility === "private",
+    description,
+    delete_branch_on_merge: deleteBranchOnMerge,
+    allow_merge_commit: allowMergeCommit,
+    allow_squash_merge: allowSquashMerge,
+    allow_rebase_merge: allowRebaseMerge
+  });
+  let newRepo;
   try {
-    parsed = new URL(`https://${repoUrl}`);
-  } catch (error) {
-    throw new errors.InputError(`Invalid repo URL passed to publisher, got ${repoUrl}, ${error}`);
+    newRepo = (await repoCreationPromise).data;
+  } catch (e) {
+    errors.assertError(e);
+    if (e.message === "Resource not accessible by integration") {
+      logger.warn(`The GitHub app or token provided may not have the required permissions to create the ${user.data.type} repository ${owner}/${repo}.`);
+    }
+    throw new Error(`Failed to create the ${user.data.type} repository ${owner}/${repo}, ${e.message}`);
   }
-  const host = parsed.host;
-  const owner = (_a = parsed.searchParams.get("owner")) != null ? _a : void 0;
-  const organization = (_b = parsed.searchParams.get("organization")) != null ? _b : void 0;
-  const workspace = (_c = parsed.searchParams.get("workspace")) != null ? _c : void 0;
-  const project = (_d = parsed.searchParams.get("project")) != null ? _d : void 0;
-  const type = (_e = integrations.byHost(host)) == null ? void 0 : _e.type;
-  if (!type) {
-    throw new errors.InputError(`No matching integration configuration for host ${host}, please check your integrations config`);
+  if (access == null ? void 0 : access.startsWith(`${owner}/`)) {
+    const [, team] = access.split("/");
+    await client.rest.teams.addOrUpdateRepoPermissionsInOrg({
+      org: owner,
+      team_slug: team,
+      owner,
+      repo,
+      permission: "admin"
+    });
+  } else if (access && access !== owner) {
+    await client.rest.repos.addCollaborator({
+      owner,
+      repo,
+      username: access,
+      permission: "admin"
+    });
   }
-  if (type === "bitbucket") {
-    if (host === "bitbucket.org") {
-      if (!workspace) {
-        throw new errors.InputError(`Invalid repo URL passed to publisher: ${repoUrl}, missing workspace`);
+  if (collaborators) {
+    for (const collaborator of collaborators) {
+      try {
+        if ("user" in collaborator) {
+          await client.rest.repos.addCollaborator({
+            owner,
+            repo,
+            username: collaborator.user,
+            permission: collaborator.access
+          });
+        } else if ("team" in collaborator) {
+          await client.rest.teams.addOrUpdateRepoPermissionsInOrg({
+            org: owner,
+            team_slug: collaborator.team,
+            owner,
+            repo,
+            permission: collaborator.access
+          });
+        }
+      } catch (e) {
+        errors.assertError(e);
+        const name = extractCollaboratorName(collaborator);
+        logger.warn(`Skipping ${collaborator.access} access for ${name}, ${e.message}`);
       }
     }
-    if (!project) {
-      throw new errors.InputError(`Invalid repo URL passed to publisher: ${repoUrl}, missing project`);
-    }
-  } else {
-    if (!owner) {
-      throw new errors.InputError(`Invalid repo URL passed to publisher: ${repoUrl}, missing owner`);
+  }
+  if (topics) {
+    try {
+      await client.rest.repos.replaceAllTopics({
+        owner,
+        repo,
+        names: topics.map((t) => t.toLowerCase())
+      });
+    } catch (e) {
+      errors.assertError(e);
+      logger.warn(`Skipping topics ${topics.join(" ")}, ${e.message}`);
     }
   }
-  const repo = parsed.searchParams.get("repo");
-  if (!repo) {
-    throw new errors.InputError(`Invalid repo URL passed to publisher: ${repoUrl}, missing repo`);
+  return newRepo;
+}
+async function initRepoPushAndProtect(remoteUrl, password, workspacePath, sourcePath, defaultBranch, protectDefaultBranch, owner, client, repo, requireCodeOwnerReviews, requiredStatusCheckContexts, config, logger, gitCommitMessage, gitAuthorName, gitAuthorEmail) {
+  const gitAuthorInfo = {
+    name: gitAuthorName ? gitAuthorName : config.getOptionalString("scaffolder.defaultAuthor.name"),
+    email: gitAuthorEmail ? gitAuthorEmail : config.getOptionalString("scaffolder.defaultAuthor.email")
+  };
+  const commitMessage = gitCommitMessage ? gitCommitMessage : config.getOptionalString("scaffolder.defaultCommitMessage");
+  await initRepoAndPush({
+    dir: getRepoSourceDirectory(workspacePath, sourcePath),
+    remoteUrl,
+    defaultBranch,
+    auth: {
+      username: "x-access-token",
+      password
+    },
+    logger,
+    commitMessage,
+    gitAuthorInfo
+  });
+  if (protectDefaultBranch) {
+    try {
+      await enableBranchProtectionOnDefaultRepoBranch({
+        owner,
+        client,
+        repoName: repo,
+        logger,
+        defaultBranch,
+        requireCodeOwnerReviews,
+        requiredStatusCheckContexts
+      });
+    } catch (e) {
+      errors.assertError(e);
+      logger.warn(`Skipping: default branch protection on '${repo}', ${e.message}`);
+    }
   }
-  return { host, owner, repo, organization, workspace, project };
-};
+}
+function extractCollaboratorName(collaborator) {
+  if ("username" in collaborator)
+    return collaborator.username;
+  if ("user" in collaborator)
+    return collaborator.user;
+  return collaborator.team;
+}
 
-function createPublishAzureAction(options) {
-  const { integrations, config } = options;
+function createGithubActionsDispatchAction(options) {
+  const { integrations, githubCredentialsProvider } = options;
   return createTemplateAction({
-    id: "publish:azure",
-    description: "Initializes a git repository of the content in the workspace, and publishes it to Azure.",
+    id: "github:actions:dispatch",
+    description: "Dispatches a GitHub Action workflow for a given branch or tag",
     schema: {
       input: {
         type: "object",
-        required: ["repoUrl"],
+        required: ["repoUrl", "workflowId", "branchOrTagName"],
         properties: {
           repoUrl: {
             title: "Repository Location",
+            description: `Accepts the format 'github.com?repo=reponame&owner=owner' where 'reponame' is the new repository name and 'owner' is an organization or username`,
             type: "string"
           },
-          description: {
-            title: "Repository Description",
+          workflowId: {
+            title: "Workflow ID",
+            description: "The GitHub Action Workflow filename",
             type: "string"
           },
-          defaultBranch: {
-            title: "Default Branch",
-            type: "string",
-            description: `Sets the default branch on the repository. The default value is 'master'`
-          },
-          gitCommitMessage: {
-            title: "Git Commit Message",
-            type: "string",
-            description: `Sets the commit message on the repository. The default value is 'initial commit'`
-          },
-          gitAuthorName: {
-            title: "Default Author Name",
-            type: "string",
-            description: `Sets the default author name for the commit. The default value is 'Scaffolder'`
-          },
-          gitAuthorEmail: {
-            title: "Default Author Email",
-            type: "string",
-            description: `Sets the default author email for the commit.`
-          },
-          sourcePath: {
-            title: "Source Path",
-            description: "Path within the workspace that will be used as the repository root. If omitted, the entire workspace will be published as the repository.",
+          branchOrTagName: {
+            title: "Branch or Tag name",
+            description: "The git branch or tag name used to dispatch the workflow",
             type: "string"
           },
+          workflowInputs: {
+            title: "Workflow Inputs",
+            description: "Inputs keys and values to send to GitHub Action configured on the workflow file. The maximum number of properties is 10. ",
+            type: "object"
+          },
           token: {
             title: "Authentication Token",
             type: "string",
-            description: "The token to use for authorization to Azure"
-          }
-        }
-      },
-      output: {
-        type: "object",
-        properties: {
-          remoteUrl: {
-            title: "A URL to the repository with the provider",
-            type: "string"
-          },
-          repoContentsUrl: {
-            title: "A URL to the root of the repository",
-            type: "string"
+            description: "The GITHUB_TOKEN to use for authorization to GitHub"
           }
         }
       }
     },
     async handler(ctx) {
-      var _a;
       const {
         repoUrl,
-        defaultBranch = "master",
-        gitCommitMessage = "initial commit",
-        gitAuthorName,
-        gitAuthorEmail
+        workflowId,
+        branchOrTagName,
+        workflowInputs,
+        token: providedToken
       } = ctx.input;
-      const { owner, repo, host, organization } = parseRepoUrl(repoUrl, integrations);
-      if (!organization) {
-        throw new errors.InputError(`Invalid URL provider was included in the repo URL to create ${ctx.input.repoUrl}, missing organization`);
-      }
-      const integrationConfig = integrations.azure.byHost(host);
-      if (!integrationConfig) {
-        throw new errors.InputError(`No matching integration configuration for host ${host}, please check your integrations config`);
+      ctx.logger.info(`Dispatching workflow ${workflowId} for repo ${repoUrl} on ${branchOrTagName}`);
+      const { owner, repo } = parseRepoUrl(repoUrl, integrations);
+      if (!owner) {
+        throw new errors.InputError("Invalid repository owner provided in repoUrl");
       }
-      if (!integrationConfig.config.token && !ctx.input.token) {
-        throw new errors.InputError(`No token provided for Azure Integration ${host}`);
-      }
-      const token = (_a = ctx.input.token) != null ? _a : integrationConfig.config.token;
-      const authHandler = azureDevopsNodeApi.getPersonalAccessTokenHandler(token);
-      const webApi = new azureDevopsNodeApi.WebApi(`https://${host}/${organization}`, authHandler);
-      const client = await webApi.getGitApi();
-      const createOptions = { name: repo };
-      const returnedRepo = await client.createRepository(createOptions, owner);
-      if (!returnedRepo) {
-        throw new errors.InputError(`Unable to create the repository with Organization ${organization}, Project ${owner} and Repo ${repo}.
-          Please make sure that both the Org and Project are typed corrected and exist.`);
-      }
-      const remoteUrl = returnedRepo.remoteUrl;
-      if (!remoteUrl) {
-        throw new errors.InputError("No remote URL returned from create repository for Azure");
-      }
-      const repoContentsUrl = remoteUrl;
-      const gitAuthorInfo = {
-        name: gitAuthorName ? gitAuthorName : config.getOptionalString("scaffolder.defaultAuthor.name"),
-        email: gitAuthorEmail ? gitAuthorEmail : config.getOptionalString("scaffolder.defaultAuthor.email")
-      };
-      await initRepoAndPush({
-        dir: getRepoSourceDirectory(ctx.workspacePath, ctx.input.sourcePath),
-        remoteUrl,
-        defaultBranch,
-        auth: {
-          username: "notempty",
-          password: token
-        },
-        logger: ctx.logger,
-        commitMessage: gitCommitMessage ? gitCommitMessage : config.getOptionalString("scaffolder.defaultCommitMessage"),
-        gitAuthorInfo
+      const client = new octokit.Octokit(await getOctokitOptions({
+        integrations,
+        repoUrl,
+        credentialsProvider: githubCredentialsProvider,
+        token: providedToken
+      }));
+      await client.rest.actions.createWorkflowDispatch({
+        owner,
+        repo,
+        workflow_id: workflowId,
+        ref: branchOrTagName,
+        inputs: workflowInputs
       });
-      ctx.output("remoteUrl", remoteUrl);
-      ctx.output("repoContentsUrl", repoContentsUrl);
+      ctx.logger.info(`Workflow ${workflowId} dispatched successfully`);
     }
   });
 }
 
-const createBitbucketCloudRepository = async (opts) => {
-  const {
-    workspace,
-    project,
-    repo,
-    description,
-    repoVisibility,
-    mainBranch,
-    authorization,
-    apiBaseUrl
-  } = opts;
-  const options = {
-    method: "POST",
-    body: JSON.stringify({
-      scm: "git",
-      description,
-      is_private: repoVisibility === "private",
-      project: { key: project }
-    }),
-    headers: {
-      Authorization: authorization,
-      "Content-Type": "application/json"
-    }
-  };
-  let response;
-  try {
-    response = await fetch__default["default"](`${apiBaseUrl}/repositories/${workspace}/${repo}`, options);
-  } catch (e) {
-    throw new Error(`Unable to create repository, ${e}`);
-  }
-  if (response.status !== 200) {
-    throw new Error(`Unable to create repository, ${response.status} ${response.statusText}, ${await response.text()}`);
-  }
-  const r = await response.json();
-  let remoteUrl = "";
-  for (const link of r.links.clone) {
-    if (link.name === "https") {
-      remoteUrl = link.href;
-    }
-  }
-  const repoContentsUrl = `${r.links.html.href}/src/${mainBranch}`;
-  return { remoteUrl, repoContentsUrl };
-};
-const createBitbucketServerRepository = async (opts) => {
-  const {
-    project,
-    repo,
-    description,
-    authorization,
-    repoVisibility,
-    apiBaseUrl
-  } = opts;
-  let response;
-  const options = {
-    method: "POST",
-    body: JSON.stringify({
-      name: repo,
-      description,
-      public: repoVisibility === "public"
-    }),
-    headers: {
-      Authorization: authorization,
-      "Content-Type": "application/json"
-    }
-  };
-  try {
-    response = await fetch__default["default"](`${apiBaseUrl}/projects/${project}/repos`, options);
-  } catch (e) {
-    throw new Error(`Unable to create repository, ${e}`);
-  }
-  if (response.status !== 201) {
-    throw new Error(`Unable to create repository, ${response.status} ${response.statusText}, ${await response.text()}`);
-  }
-  const r = await response.json();
-  let remoteUrl = "";
-  for (const link of r.links.clone) {
-    if (link.name === "http") {
-      remoteUrl = link.href;
-    }
-  }
-  const repoContentsUrl = `${r.links.self[0].href}`;
-  return { remoteUrl, repoContentsUrl };
-};
-const getAuthorizationHeader$2 = (config) => {
-  if (config.username && config.appPassword) {
-    const buffer = Buffer.from(`${config.username}:${config.appPassword}`, "utf8");
-    return `Basic ${buffer.toString("base64")}`;
-  }
-  if (config.token) {
-    return `Bearer ${config.token}`;
-  }
-  throw new Error(`Authorization has not been provided for Bitbucket. Please add either username + appPassword or token to the Integrations config`);
-};
-const performEnableLFS$1 = async (opts) => {
-  const { authorization, host, project, repo } = opts;
-  const options = {
-    method: "PUT",
-    headers: {
-      Authorization: authorization
-    }
-  };
-  const { ok, status, statusText } = await fetch__default["default"](`https://${host}/rest/git-lfs/admin/projects/${project}/repos/${repo}/enabled`, options);
-  if (!ok)
-    throw new Error(`Failed to enable LFS in the repository, ${status}: ${statusText}`);
-};
-function createPublishBitbucketAction(options) {
-  const { integrations, config } = options;
+function createGithubIssuesLabelAction(options) {
+  const { integrations, githubCredentialsProvider } = options;
   return createTemplateAction({
-    id: "publish:bitbucket",
-    description: "Initializes a git repository of the content in the workspace, and publishes it to Bitbucket.",
+    id: "github:issues:label",
+    description: "Adds labels to a pull request or issue on GitHub.",
     schema: {
       input: {
         type: "object",
-        required: ["repoUrl"],
+        required: ["repoUrl", "number", "labels"],
         properties: {
           repoUrl: {
             title: "Repository Location",
+            description: `Accepts the format 'github.com?repo=reponame&owner=owner' where 'reponame' is the repository name and 'owner' is an organization or username`,
             type: "string"
           },
-          description: {
-            title: "Repository Description",
-            type: "string"
-          },
-          repoVisibility: {
-            title: "Repository Visibility",
-            type: "string",
-            enum: ["private", "public"]
-          },
-          defaultBranch: {
-            title: "Default Branch",
-            type: "string",
-            description: `Sets the default branch on the repository. The default value is 'master'`
-          },
-          sourcePath: {
-            title: "Source Path",
-            description: "Path within the workspace that will be used as the repository root. If omitted, the entire workspace will be published as the repository.",
-            type: "string"
+          number: {
+            title: "Pull Request or issue number",
+            description: "The pull request or issue number to add labels to",
+            type: "number"
           },
-          enableLFS: {
-            title: "Enable LFS?",
-            description: "Enable LFS for the repository. Only available for hosted Bitbucket.",
-            type: "boolean"
+          labels: {
+            title: "Labels",
+            description: "The labels to add to the pull request or issue",
+            type: "array",
+            items: {
+              type: "string"
+            }
           },
           token: {
             title: "Authentication Token",
             type: "string",
-            description: "The token to use for authorization to BitBucket"
-          },
-          gitCommitMessage: {
-            title: "Git Commit Message",
-            type: "string",
-            description: `Sets the commit message on the repository. The default value is 'initial commit'`
-          },
-          gitAuthorName: {
-            title: "Default Author Name",
-            type: "string",
-            description: `Sets the default author name for the commit. The default value is 'Scaffolder'`
-          },
-          gitAuthorEmail: {
-            title: "Default Author Email",
-            type: "string",
-            description: `Sets the default author email for the commit.`
+            description: "The GITHUB_TOKEN to use for authorization to GitHub"
           }
         }
+      }
+    },
+    async handler(ctx) {
+      const { repoUrl, number, labels, token: providedToken } = ctx.input;
+      const { owner, repo } = parseRepoUrl(repoUrl, integrations);
+      ctx.logger.info(`Adding labels to ${number} issue on repo ${repo}`);
+      if (!owner) {
+        throw new errors.InputError("Invalid repository owner provided in repoUrl");
+      }
+      const client = new octokit.Octokit(await getOctokitOptions({
+        integrations,
+        credentialsProvider: githubCredentialsProvider,
+        repoUrl,
+        token: providedToken
+      }));
+      try {
+        await client.rest.issues.addLabels({
+          owner,
+          repo,
+          issue_number: number,
+          labels
+        });
+      } catch (e) {
+        errors.assertError(e);
+        ctx.logger.warn(`Failed: adding labels to issue: '${number}' on repo: '${repo}', ${e.message}`);
+      }
+    }
+  });
+}
+
+const repoUrl = {
+  title: "Repository Location",
+  description: `Accepts the format 'github.com?repo=reponame&owner=owner' where 'reponame' is the new repository name and 'owner' is an organization or username`,
+  type: "string"
+};
+const description = {
+  title: "Repository Description",
+  type: "string"
+};
+const access = {
+  title: "Repository Access",
+  description: `Sets an admin collaborator on the repository. Can either be a user reference different from 'owner' in 'repoUrl' or team reference, eg. 'org/team-name'`,
+  type: "string"
+};
+const requireCodeOwnerReviews = {
+  title: "Require CODEOWNER Reviews?",
+  description: "Require an approved review in PR including files with a designated Code Owner",
+  type: "boolean"
+};
+const requiredStatusCheckContexts = {
+  title: "Required Status Check Contexts",
+  description: "The list of status checks to require in order to merge into this branch",
+  type: "array",
+  items: {
+    type: "string"
+  }
+};
+const repoVisibility = {
+  title: "Repository Visibility",
+  type: "string",
+  enum: ["private", "public", "internal"]
+};
+const deleteBranchOnMerge = {
+  title: "Delete Branch On Merge",
+  type: "boolean",
+  description: `Delete the branch after merging the PR. The default value is 'false'`
+};
+const gitAuthorName = {
+  title: "Default Author Name",
+  type: "string",
+  description: `Sets the default author name for the commit. The default value is 'Scaffolder'`
+};
+const gitAuthorEmail = {
+  title: "Default Author Email",
+  type: "string",
+  description: `Sets the default author email for the commit.`
+};
+const allowMergeCommit = {
+  title: "Allow Merge Commits",
+  type: "boolean",
+  description: `Allow merge commits. The default value is 'true'`
+};
+const allowSquashMerge = {
+  title: "Allow Squash Merges",
+  type: "boolean",
+  description: `Allow squash merges. The default value is 'true'`
+};
+const allowRebaseMerge = {
+  title: "Allow Rebase Merges",
+  type: "boolean",
+  description: `Allow rebase merges. The default value is 'true'`
+};
+const collaborators = {
+  title: "Collaborators",
+  description: "Provide additional users or teams with permissions",
+  type: "array",
+  items: {
+    type: "object",
+    additionalProperties: false,
+    required: ["access"],
+    properties: {
+      access: {
+        type: "string",
+        description: "The type of access for the user",
+        enum: ["push", "pull", "admin", "maintain", "triage"]
+      },
+      user: {
+        type: "string",
+        description: "The name of the user that will be added as a collaborator"
+      },
+      team: {
+        type: "string",
+        description: "The name of the team that will be added as a collaborator"
+      }
+    },
+    oneOf: [{ required: ["user"] }, { required: ["team"] }]
+  }
+};
+const token = {
+  title: "Authentication Token",
+  type: "string",
+  description: "The token to use for authorization to GitHub"
+};
+const topics = {
+  title: "Topics",
+  type: "array",
+  items: {
+    type: "string"
+  }
+};
+const defaultBranch = {
+  title: "Default Branch",
+  type: "string",
+  description: `Sets the default branch on the repository. The default value is 'master'`
+};
+const protectDefaultBranch = {
+  title: "Protect Default Branch",
+  type: "boolean",
+  description: `Protect the default branch after creating the repository. The default value is 'true'`
+};
+const gitCommitMessage = {
+  title: "Git Commit Message",
+  type: "string",
+  description: `Sets the commit message on the repository. The default value is 'initial commit'`
+};
+const sourcePath = {
+  title: "Source Path",
+  description: "Path within the workspace that will be used as the repository root. If omitted, the entire workspace will be published as the repository.",
+  type: "string"
+};
+
+const remoteUrl = {
+  title: "A URL to the repository with the provider",
+  type: "string"
+};
+const repoContentsUrl = {
+  title: "A URL to the root of the repository",
+  type: "string"
+};
+
+function createGithubRepoCreateAction(options) {
+  const { integrations, githubCredentialsProvider } = options;
+  return createTemplateAction({
+    id: "github:repo:create",
+    description: "Creates a GitHub repository.",
+    schema: {
+      input: {
+        type: "object",
+        required: ["repoUrl"],
+        properties: {
+          repoUrl: repoUrl,
+          description: description,
+          access: access,
+          requireCodeOwnerReviews: requireCodeOwnerReviews,
+          requiredStatusCheckContexts: requiredStatusCheckContexts,
+          repoVisibility: repoVisibility,
+          deleteBranchOnMerge: deleteBranchOnMerge,
+          allowMergeCommit: allowMergeCommit,
+          allowSquashMerge: allowSquashMerge,
+          allowRebaseMerge: allowRebaseMerge,
+          collaborators: collaborators,
+          token: token,
+          topics: topics
+        }
+      },
+      output: {
+        type: "object",
+        properties: {
+          remoteUrl: remoteUrl,
+          repoContentsUrl: repoContentsUrl
+        }
+      }
+    },
+    async handler(ctx) {
+      const {
+        repoUrl,
+        description,
+        access,
+        repoVisibility = "private",
+        deleteBranchOnMerge = false,
+        allowMergeCommit = true,
+        allowSquashMerge = true,
+        allowRebaseMerge = true,
+        collaborators,
+        topics,
+        token: providedToken
+      } = ctx.input;
+      const octokitOptions = await getOctokitOptions({
+        integrations,
+        credentialsProvider: githubCredentialsProvider,
+        token: providedToken,
+        repoUrl
+      });
+      const client = new octokit.Octokit(octokitOptions);
+      const { owner, repo } = parseRepoUrl(repoUrl, integrations);
+      if (!owner) {
+        throw new errors.InputError("Invalid repository owner provided in repoUrl");
+      }
+      const newRepo = await createGithubRepoWithCollaboratorsAndTopics(client, repo, owner, repoVisibility, description, deleteBranchOnMerge, allowMergeCommit, allowSquashMerge, allowRebaseMerge, access, collaborators, topics, ctx.logger);
+      ctx.output("remoteUrl", newRepo.clone_url);
+    }
+  });
+}
+
+function createGithubRepoPushAction(options) {
+  const { integrations, config, githubCredentialsProvider } = options;
+  return createTemplateAction({
+    id: "github:repo:push",
+    description: "Initializes a git repository of contents in workspace and publishes it to GitHub.",
+    schema: {
+      input: {
+        type: "object",
+        required: ["repoUrl"],
+        properties: {
+          repoUrl: repoUrl,
+          requireCodeOwnerReviews: requireCodeOwnerReviews,
+          requiredStatusCheckContexts: requiredStatusCheckContexts,
+          defaultBranch: defaultBranch,
+          protectDefaultBranch: protectDefaultBranch,
+          gitCommitMessage: gitCommitMessage,
+          gitAuthorName: gitAuthorName,
+          gitAuthorEmail: gitAuthorEmail,
+          sourcePath: sourcePath,
+          token: token
+        }
       },
       output: {
         type: "object",
         properties: {
-          remoteUrl: {
-            title: "A URL to the repository with the provider",
-            type: "string"
-          },
-          repoContentsUrl: {
-            title: "A URL to the root of the repository",
-            type: "string"
-          }
+          remoteUrl: remoteUrl,
+          repoContentsUrl: repoContentsUrl
         }
       }
     },
     async handler(ctx) {
-      var _a;
-      ctx.logger.warn(`[Deprecated] Please migrate the use of action "publish:bitbucket" to "publish:bitbucketCloud" or "publish:bitbucketServer".`);
       const {
         repoUrl,
-        description,
         defaultBranch = "master",
-        repoVisibility = "private",
-        enableLFS = false,
+        protectDefaultBranch = true,
         gitCommitMessage = "initial commit",
         gitAuthorName,
-        gitAuthorEmail
+        gitAuthorEmail,
+        requireCodeOwnerReviews = false,
+        requiredStatusCheckContexts = [],
+        token: providedToken
       } = ctx.input;
-      const { workspace, project, repo, host } = parseRepoUrl(repoUrl, integrations);
-      if (host === "bitbucket.org") {
-        if (!workspace) {
-          throw new errors.InputError(`Invalid URL provider was included in the repo URL to create ${ctx.input.repoUrl}, missing workspace`);
-        }
-      }
-      if (!project) {
-        throw new errors.InputError(`Invalid URL provider was included in the repo URL to create ${ctx.input.repoUrl}, missing project`);
-      }
-      const integrationConfig = integrations.bitbucket.byHost(host);
-      if (!integrationConfig) {
-        throw new errors.InputError(`No matching integration configuration for host ${host}, please check your integrations config`);
-      }
-      const authorization = getAuthorizationHeader$2(ctx.input.token ? {
-        host: integrationConfig.config.host,
-        apiBaseUrl: integrationConfig.config.apiBaseUrl,
-        token: ctx.input.token
-      } : integrationConfig.config);
-      const apiBaseUrl = integrationConfig.config.apiBaseUrl;
-      const createMethod = host === "bitbucket.org" ? createBitbucketCloudRepository : createBitbucketServerRepository;
-      const { remoteUrl, repoContentsUrl } = await createMethod({
-        authorization,
-        workspace: workspace || "",
-        project,
-        repo,
-        repoVisibility,
-        mainBranch: defaultBranch,
-        description,
-        apiBaseUrl
-      });
-      const gitAuthorInfo = {
-        name: gitAuthorName ? gitAuthorName : config.getOptionalString("scaffolder.defaultAuthor.name"),
-        email: gitAuthorEmail ? gitAuthorEmail : config.getOptionalString("scaffolder.defaultAuthor.email")
-      };
-      let auth;
-      if (ctx.input.token) {
-        auth = {
-          username: "x-token-auth",
-          password: ctx.input.token
-        };
-      } else {
-        auth = {
-          username: integrationConfig.config.username ? integrationConfig.config.username : "x-token-auth",
-          password: integrationConfig.config.appPassword ? integrationConfig.config.appPassword : (_a = integrationConfig.config.token) != null ? _a : ""
-        };
+      const { owner, repo } = parseRepoUrl(repoUrl, integrations);
+      if (!owner) {
+        throw new errors.InputError("Invalid repository owner provided in repoUrl");
       }
-      await initRepoAndPush({
-        dir: getRepoSourceDirectory(ctx.workspacePath, ctx.input.sourcePath),
-        remoteUrl,
-        auth,
-        defaultBranch,
-        logger: ctx.logger,
-        commitMessage: gitCommitMessage ? gitCommitMessage : config.getOptionalString("scaffolder.defaultCommitMessage"),
-        gitAuthorInfo
+      const octokitOptions = await getOctokitOptions({
+        integrations,
+        credentialsProvider: githubCredentialsProvider,
+        token: providedToken,
+        repoUrl
       });
-      if (enableLFS && host !== "bitbucket.org") {
-        await performEnableLFS$1({ authorization, host, project, repo });
-      }
+      const client = new octokit.Octokit(octokitOptions);
+      const targetRepo = await client.rest.repos.get({ owner, repo });
+      const remoteUrl = targetRepo.data.clone_url;
+      const repoContentsUrl = `${targetRepo.data.html_url}/blob/${defaultBranch}`;
+      await initRepoPushAndProtect(remoteUrl, octokitOptions.auth, ctx.workspacePath, ctx.input.sourcePath, defaultBranch, protectDefaultBranch, owner, client, repo, requireCodeOwnerReviews, requiredStatusCheckContexts, config, ctx.logger, gitCommitMessage, gitAuthorName, gitAuthorEmail);
       ctx.output("remoteUrl", remoteUrl);
       ctx.output("repoContentsUrl", repoContentsUrl);
     }
   });
 }
 
-const createRepository$1 = async (opts) => {
-  const {
-    workspace,
-    project,
-    repo,
-    description,
-    repoVisibility,
-    mainBranch,
-    authorization,
-    apiBaseUrl
-  } = opts;
-  const options = {
-    method: "POST",
-    body: JSON.stringify({
-      scm: "git",
-      description,
-      is_private: repoVisibility === "private",
-      project: { key: project }
-    }),
-    headers: {
-      Authorization: authorization,
-      "Content-Type": "application/json"
-    }
-  };
-  let response;
-  try {
-    response = await fetch__default["default"](`${apiBaseUrl}/repositories/${workspace}/${repo}`, options);
-  } catch (e) {
-    throw new Error(`Unable to create repository, ${e}`);
-  }
-  if (response.status !== 200) {
-    throw new Error(`Unable to create repository, ${response.status} ${response.statusText}, ${await response.text()}`);
-  }
-  const r = await response.json();
-  let remoteUrl = "";
-  for (const link of r.links.clone) {
-    if (link.name === "https") {
-      remoteUrl = link.href;
-    }
-  }
-  const repoContentsUrl = `${r.links.html.href}/src/${mainBranch}`;
-  return { remoteUrl, repoContentsUrl };
-};
-const getAuthorizationHeader$1 = (config) => {
-  if (config.username && config.appPassword) {
-    const buffer = Buffer.from(`${config.username}:${config.appPassword}`, "utf8");
-    return `Basic ${buffer.toString("base64")}`;
-  }
-  if (config.token) {
-    return `Bearer ${config.token}`;
-  }
-  throw new Error(`Authorization has not been provided for Bitbucket Cloud. Please add either username + appPassword to the Integrations config or a user login auth token`);
-};
-function createPublishBitbucketCloudAction(options) {
-  const { integrations, config } = options;
+function createGithubWebhookAction(options) {
+  const { integrations, defaultWebhookSecret, githubCredentialsProvider } = options;
+  const eventNames = webhooks.emitterEventNames.filter((event) => !event.includes("."));
   return createTemplateAction({
-    id: "publish:bitbucketCloud",
-    description: "Initializes a git repository of the content in the workspace, and publishes it to Bitbucket Cloud.",
+    id: "github:webhook",
+    description: "Creates webhook for a repository on GitHub.",
     schema: {
       input: {
         type: "object",
-        required: ["repoUrl"],
+        required: ["repoUrl", "webhookUrl"],
         properties: {
           repoUrl: {
             title: "Repository Location",
+            description: `Accepts the format 'github.com?repo=reponame&owner=owner' where 'reponame' is the new repository name and 'owner' is an organization or username`,
             type: "string"
           },
-          description: {
-            title: "Repository Description",
+          webhookUrl: {
+            title: "Webhook URL",
+            description: "The URL to which the payloads will be delivered",
             type: "string"
           },
-          repoVisibility: {
-            title: "Repository Visibility",
-            type: "string",
-            enum: ["private", "public"]
-          },
-          defaultBranch: {
-            title: "Default Branch",
-            type: "string",
-            description: `Sets the default branch on the repository. The default value is 'master'`
-          },
-          sourcePath: {
-            title: "Source Path",
-            description: "Path within the workspace that will be used as the repository root. If omitted, the entire workspace will be published as the repository.",
+          webhookSecret: {
+            title: "Webhook Secret",
+            description: "Webhook secret value. The default can be provided internally in action creation",
             type: "string"
           },
-          token: {
-            title: "Authentication Token",
-            type: "string",
-            description: "The token to use for authorization to BitBucket Cloud"
-          }
-        }
-      },
-      output: {
-        type: "object",
-        properties: {
-          remoteUrl: {
-            title: "A URL to the repository with the provider",
-            type: "string"
+          events: {
+            title: "Triggering Events",
+            description: "Determines what events the hook is triggered for. Default: push",
+            type: "array",
+            oneOf: [
+              {
+                items: {
+                  type: "string",
+                  enum: eventNames
+                }
+              },
+              {
+                items: {
+                  type: "string",
+                  const: "*"
+                }
+              }
+            ]
           },
-          repoContentsUrl: {
-            title: "A URL to the root of the repository",
-            type: "string"
-          }
-        }
-      }
-    },
-    async handler(ctx) {
-      const {
-        repoUrl,
-        description,
-        defaultBranch = "master",
-        repoVisibility = "private"
-      } = ctx.input;
-      const { workspace, project, repo, host } = parseRepoUrl(repoUrl, integrations);
-      if (!workspace) {
-        throw new errors.InputError(`Invalid URL provider was included in the repo URL to create ${ctx.input.repoUrl}, missing workspace`);
-      }
-      if (!project) {
-        throw new errors.InputError(`Invalid URL provider was included in the repo URL to create ${ctx.input.repoUrl}, missing project`);
-      }
-      const integrationConfig = integrations.bitbucketCloud.byHost(host);
-      if (!integrationConfig) {
-        throw new errors.InputError(`No matching integration configuration for host ${host}, please check your integrations config`);
-      }
-      const authorization = getAuthorizationHeader$1(ctx.input.token ? { token: ctx.input.token } : integrationConfig.config);
-      const apiBaseUrl = integrationConfig.config.apiBaseUrl;
-      const { remoteUrl, repoContentsUrl } = await createRepository$1({
-        authorization,
-        workspace: workspace || "",
-        project,
-        repo,
-        repoVisibility,
-        mainBranch: defaultBranch,
-        description,
-        apiBaseUrl
-      });
-      const gitAuthorInfo = {
-        name: config.getOptionalString("scaffolder.defaultAuthor.name"),
-        email: config.getOptionalString("scaffolder.defaultAuthor.email")
-      };
-      let auth;
-      if (ctx.input.token) {
-        auth = {
-          username: "x-token-auth",
-          password: ctx.input.token
-        };
-      } else {
-        if (!integrationConfig.config.username || !integrationConfig.config.appPassword) {
-          throw new Error("Credentials for Bitbucket Cloud integration required for this action.");
+          active: {
+            title: "Active",
+            type: "boolean",
+            description: `Determines if notifications are sent when the webhook is triggered. Default: true`
+          },
+          contentType: {
+            title: "Content Type",
+            type: "string",
+            enum: ["form", "json"],
+            description: `The media type used to serialize the payloads. The default is 'form'`
+          },
+          insecureSsl: {
+            title: "Insecure SSL",
+            type: "boolean",
+            description: `Determines whether the SSL certificate of the host for url will be verified when delivering payloads. Default 'false'`
+          },
+          token: {
+            title: "Authentication Token",
+            type: "string",
+            description: "The GITHUB_TOKEN to use for authorization to GitHub"
+          }
         }
-        auth = {
-          username: integrationConfig.config.username,
-          password: integrationConfig.config.appPassword
-        };
       }
-      await initRepoAndPush({
-        dir: getRepoSourceDirectory(ctx.workspacePath, ctx.input.sourcePath),
-        remoteUrl,
-        auth,
-        defaultBranch,
-        logger: ctx.logger,
-        commitMessage: config.getOptionalString("scaffolder.defaultCommitMessage"),
-        gitAuthorInfo
-      });
-      ctx.output("remoteUrl", remoteUrl);
-      ctx.output("repoContentsUrl", repoContentsUrl);
+    },
+    async handler(ctx) {
+      const {
+        repoUrl,
+        webhookUrl,
+        webhookSecret = defaultWebhookSecret,
+        events = ["push"],
+        active = true,
+        contentType = "form",
+        insecureSsl = false,
+        token: providedToken
+      } = ctx.input;
+      ctx.logger.info(`Creating webhook ${webhookUrl} for repo ${repoUrl}`);
+      const { owner, repo } = parseRepoUrl(repoUrl, integrations);
+      if (!owner) {
+        throw new errors.InputError("Invalid repository owner provided in repoUrl");
+      }
+      const client = new octokit.Octokit(await getOctokitOptions({
+        integrations,
+        credentialsProvider: githubCredentialsProvider,
+        repoUrl,
+        token: providedToken
+      }));
+      try {
+        const insecure_ssl = insecureSsl ? "1" : "0";
+        await client.rest.repos.createWebhook({
+          owner,
+          repo,
+          config: {
+            url: webhookUrl,
+            content_type: contentType,
+            secret: webhookSecret,
+            insecure_ssl
+          },
+          events,
+          active
+        });
+        ctx.logger.info(`Webhook '${webhookUrl}' created successfully`);
+      } catch (e) {
+        errors.assertError(e);
+        ctx.logger.warn(`Failed: create webhook '${webhookUrl}' on repo: '${repo}', ${e.message}`);
+      }
     }
   });
 }
 
-const createRepository = async (opts) => {
-  const {
-    project,
-    repo,
-    description,
-    authorization,
-    repoVisibility,
-    apiBaseUrl
-  } = opts;
-  let response;
-  const options = {
-    method: "POST",
-    body: JSON.stringify({
-      name: repo,
-      description,
-      public: repoVisibility === "public"
-    }),
-    headers: {
-      Authorization: authorization,
-      "Content-Type": "application/json"
-    }
-  };
-  try {
-    response = await fetch__default["default"](`${apiBaseUrl}/projects/${project}/repos`, options);
-  } catch (e) {
-    throw new Error(`Unable to create repository, ${e}`);
-  }
-  if (response.status !== 201) {
-    throw new Error(`Unable to create repository, ${response.status} ${response.statusText}, ${await response.text()}`);
-  }
-  const r = await response.json();
-  let remoteUrl = "";
-  for (const link of r.links.clone) {
-    if (link.name === "http") {
-      remoteUrl = link.href;
-    }
-  }
-  const repoContentsUrl = `${r.links.self[0].href}`;
-  return { remoteUrl, repoContentsUrl };
-};
-const getAuthorizationHeader = (config) => {
-  return `Bearer ${config.token}`;
-};
-const performEnableLFS = async (opts) => {
-  const { authorization, host, project, repo } = opts;
-  const options = {
-    method: "PUT",
-    headers: {
-      Authorization: authorization
-    }
-  };
-  const { ok, status, statusText } = await fetch__default["default"](`https://${host}/rest/git-lfs/admin/projects/${project}/repos/${repo}/enabled`, options);
-  if (!ok)
-    throw new Error(`Failed to enable LFS in the repository, ${status}: ${statusText}`);
-};
-function createPublishBitbucketServerAction(options) {
+function createPublishAzureAction(options) {
   const { integrations, config } = options;
   return createTemplateAction({
-    id: "publish:bitbucketServer",
-    description: "Initializes a git repository of the content in the workspace, and publishes it to Bitbucket Server.",
+    id: "publish:azure",
+    description: "Initializes a git repository of the content in the workspace, and publishes it to Azure.",
     schema: {
       input: {
         type: "object",
@@ -1473,30 +1543,35 @@ function createPublishBitbucketServerAction(options) {
             title: "Repository Description",
             type: "string"
           },
-          repoVisibility: {
-            title: "Repository Visibility",
-            type: "string",
-            enum: ["private", "public"]
-          },
           defaultBranch: {
             title: "Default Branch",
             type: "string",
             description: `Sets the default branch on the repository. The default value is 'master'`
           },
+          gitCommitMessage: {
+            title: "Git Commit Message",
+            type: "string",
+            description: `Sets the commit message on the repository. The default value is 'initial commit'`
+          },
+          gitAuthorName: {
+            title: "Default Author Name",
+            type: "string",
+            description: `Sets the default author name for the commit. The default value is 'Scaffolder'`
+          },
+          gitAuthorEmail: {
+            title: "Default Author Email",
+            type: "string",
+            description: `Sets the default author email for the commit.`
+          },
           sourcePath: {
             title: "Source Path",
             description: "Path within the workspace that will be used as the repository root. If omitted, the entire workspace will be published as the repository.",
             type: "string"
           },
-          enableLFS: {
-            title: "Enable LFS?",
-            description: "Enable LFS for the repository.",
-            type: "boolean"
-          },
           token: {
             title: "Authentication Token",
             type: "string",
-            description: "The token to use for authorization to BitBucket Server"
+            description: "The token to use for authorization to Azure"
           }
         }
       },
@@ -1518,119 +1593,169 @@ function createPublishBitbucketServerAction(options) {
       var _a;
       const {
         repoUrl,
-        description,
         defaultBranch = "master",
-        repoVisibility = "private",
-        enableLFS = false
+        gitCommitMessage = "initial commit",
+        gitAuthorName,
+        gitAuthorEmail
       } = ctx.input;
-      const { project, repo, host } = parseRepoUrl(repoUrl, integrations);
-      if (!project) {
-        throw new errors.InputError(`Invalid URL provider was included in the repo URL to create ${ctx.input.repoUrl}, missing project`);
+      const { owner, repo, host, organization } = parseRepoUrl(repoUrl, integrations);
+      if (!organization) {
+        throw new errors.InputError(`Invalid URL provider was included in the repo URL to create ${ctx.input.repoUrl}, missing organization`);
       }
-      const integrationConfig = integrations.bitbucketServer.byHost(host);
+      const integrationConfig = integrations.azure.byHost(host);
       if (!integrationConfig) {
         throw new errors.InputError(`No matching integration configuration for host ${host}, please check your integrations config`);
       }
+      if (!integrationConfig.config.token && !ctx.input.token) {
+        throw new errors.InputError(`No token provided for Azure Integration ${host}`);
+      }
       const token = (_a = ctx.input.token) != null ? _a : integrationConfig.config.token;
-      if (!token) {
-        throw new Error(`Authorization has not been provided for ${integrationConfig.config.host}. Please add either token to the Integrations config or a user login auth token`);
+      const authHandler = azureDevopsNodeApi.getPersonalAccessTokenHandler(token);
+      const webApi = new azureDevopsNodeApi.WebApi(`https://${host}/${organization}`, authHandler);
+      const client = await webApi.getGitApi();
+      const createOptions = { name: repo };
+      const returnedRepo = await client.createRepository(createOptions, owner);
+      if (!returnedRepo) {
+        throw new errors.InputError(`Unable to create the repository with Organization ${organization}, Project ${owner} and Repo ${repo}.
+          Please make sure that both the Org and Project are typed corrected and exist.`);
       }
-      const authorization = getAuthorizationHeader({ token });
-      const apiBaseUrl = integrationConfig.config.apiBaseUrl;
-      const { remoteUrl, repoContentsUrl } = await createRepository({
-        authorization,
-        project,
-        repo,
-        repoVisibility,
-        description,
-        apiBaseUrl
-      });
+      const remoteUrl = returnedRepo.remoteUrl;
+      if (!remoteUrl) {
+        throw new errors.InputError("No remote URL returned from create repository for Azure");
+      }
+      const repoContentsUrl = remoteUrl;
       const gitAuthorInfo = {
-        name: config.getOptionalString("scaffolder.defaultAuthor.name"),
-        email: config.getOptionalString("scaffolder.defaultAuthor.email")
-      };
-      const auth = {
-        username: "x-token-auth",
-        password: token
+        name: gitAuthorName ? gitAuthorName : config.getOptionalString("scaffolder.defaultAuthor.name"),
+        email: gitAuthorEmail ? gitAuthorEmail : config.getOptionalString("scaffolder.defaultAuthor.email")
       };
-      await initRepoAndPush({
-        dir: getRepoSourceDirectory(ctx.workspacePath, ctx.input.sourcePath),
-        remoteUrl,
-        auth,
-        defaultBranch,
-        logger: ctx.logger,
-        commitMessage: config.getOptionalString("scaffolder.defaultCommitMessage"),
-        gitAuthorInfo
-      });
-      if (enableLFS) {
-        await performEnableLFS({ authorization, host, project, repo });
-      }
-      ctx.output("remoteUrl", remoteUrl);
-      ctx.output("repoContentsUrl", repoContentsUrl);
-    }
-  });
-}
-
-function createPublishFileAction() {
-  return createTemplateAction({
-    id: "publish:file",
-    description: "Writes contents of the workspace to a local directory",
-    schema: {
-      input: {
-        type: "object",
-        required: ["path"],
-        properties: {
-          path: {
-            title: "Path to a directory where the output will be written",
-            type: "string"
-          }
-        }
-      }
-    },
-    async handler(ctx) {
-      const { path: path$1 } = ctx.input;
-      const exists = await fs__default["default"].pathExists(path$1);
-      if (exists) {
-        throw new errors.InputError("Output path already exists");
-      }
-      await fs__default["default"].ensureDir(path.dirname(path$1));
-      await fs__default["default"].copy(ctx.workspacePath, path$1);
+      await initRepoAndPush({
+        dir: getRepoSourceDirectory(ctx.workspacePath, ctx.input.sourcePath),
+        remoteUrl,
+        defaultBranch,
+        auth: {
+          username: "notempty",
+          password: token
+        },
+        logger: ctx.logger,
+        commitMessage: gitCommitMessage ? gitCommitMessage : config.getOptionalString("scaffolder.defaultCommitMessage"),
+        gitAuthorInfo
+      });
+      ctx.output("remoteUrl", remoteUrl);
+      ctx.output("repoContentsUrl", repoContentsUrl);
     }
   });
 }
 
-const createGerritProject = async (config, options) => {
-  const { projectName, parent, owner, description } = options;
-  const fetchOptions = {
-    method: "PUT",
+const createBitbucketCloudRepository = async (opts) => {
+  const {
+    workspace,
+    project,
+    repo,
+    description,
+    repoVisibility,
+    mainBranch,
+    authorization,
+    apiBaseUrl
+  } = opts;
+  const options = {
+    method: "POST",
     body: JSON.stringify({
-      parent,
+      scm: "git",
       description,
-      owners: [owner],
-      create_empty_commit: false
+      is_private: repoVisibility === "private",
+      project: { key: project }
     }),
     headers: {
-      ...integration.getGerritRequestOptions(config).headers,
+      Authorization: authorization,
       "Content-Type": "application/json"
     }
   };
-  const response = await fetch__default["default"](`${config.baseUrl}/a/projects/${encodeURIComponent(projectName)}`, fetchOptions);
+  let response;
+  try {
+    response = await fetch__default["default"](`${apiBaseUrl}/repositories/${workspace}/${repo}`, options);
+  } catch (e) {
+    throw new Error(`Unable to create repository, ${e}`);
+  }
+  if (response.status !== 200) {
+    throw new Error(`Unable to create repository, ${response.status} ${response.statusText}, ${await response.text()}`);
+  }
+  const r = await response.json();
+  let remoteUrl = "";
+  for (const link of r.links.clone) {
+    if (link.name === "https") {
+      remoteUrl = link.href;
+    }
+  }
+  const repoContentsUrl = `${r.links.html.href}/src/${mainBranch}`;
+  return { remoteUrl, repoContentsUrl };
+};
+const createBitbucketServerRepository = async (opts) => {
+  const {
+    project,
+    repo,
+    description,
+    authorization,
+    repoVisibility,
+    apiBaseUrl
+  } = opts;
+  let response;
+  const options = {
+    method: "POST",
+    body: JSON.stringify({
+      name: repo,
+      description,
+      public: repoVisibility === "public"
+    }),
+    headers: {
+      Authorization: authorization,
+      "Content-Type": "application/json"
+    }
+  };
+  try {
+    response = await fetch__default["default"](`${apiBaseUrl}/projects/${project}/repos`, options);
+  } catch (e) {
+    throw new Error(`Unable to create repository, ${e}`);
+  }
   if (response.status !== 201) {
     throw new Error(`Unable to create repository, ${response.status} ${response.statusText}, ${await response.text()}`);
   }
+  const r = await response.json();
+  let remoteUrl = "";
+  for (const link of r.links.clone) {
+    if (link.name === "http") {
+      remoteUrl = link.href;
+    }
+  }
+  const repoContentsUrl = `${r.links.self[0].href}`;
+  return { remoteUrl, repoContentsUrl };
 };
-const generateCommitMessage = (config, commitSubject) => {
-  const changeId = crypto__default["default"].randomBytes(20).toString("hex");
-  const msg = `${config.getOptionalString("scaffolder.defaultCommitMessage") || commitSubject}
-
-Change-Id: I${changeId}`;
-  return msg;
+const getAuthorizationHeader$2 = (config) => {
+  if (config.username && config.appPassword) {
+    const buffer = Buffer.from(`${config.username}:${config.appPassword}`, "utf8");
+    return `Basic ${buffer.toString("base64")}`;
+  }
+  if (config.token) {
+    return `Bearer ${config.token}`;
+  }
+  throw new Error(`Authorization has not been provided for Bitbucket. Please add either username + appPassword or token to the Integrations config`);
 };
-function createPublishGerritAction(options) {
+const performEnableLFS$1 = async (opts) => {
+  const { authorization, host, project, repo } = opts;
+  const options = {
+    method: "PUT",
+    headers: {
+      Authorization: authorization
+    }
+  };
+  const { ok, status, statusText } = await fetch__default["default"](`https://${host}/rest/git-lfs/admin/projects/${project}/repos/${repo}/enabled`, options);
+  if (!ok)
+    throw new Error(`Failed to enable LFS in the repository, ${status}: ${statusText}`);
+};
+function createPublishBitbucketAction(options) {
   const { integrations, config } = options;
   return createTemplateAction({
-    id: "publish:gerrit",
-    description: "Initializes a git repository of the content in the workspace, and publishes it to Gerrit.",
+    id: "publish:bitbucket",
+    description: "Initializes a git repository of the content in the workspace, and publishes it to Bitbucket.",
     schema: {
       input: {
         type: "object",
@@ -1644,11 +1769,31 @@ function createPublishGerritAction(options) {
             title: "Repository Description",
             type: "string"
           },
+          repoVisibility: {
+            title: "Repository Visibility",
+            type: "string",
+            enum: ["private", "public"]
+          },
           defaultBranch: {
             title: "Default Branch",
             type: "string",
             description: `Sets the default branch on the repository. The default value is 'master'`
           },
+          sourcePath: {
+            title: "Source Path",
+            description: "Path within the workspace that will be used as the repository root. If omitted, the entire workspace will be published as the repository.",
+            type: "string"
+          },
+          enableLFS: {
+            title: "Enable LFS?",
+            description: "Enable LFS for the repository. Only available for hosted Bitbucket.",
+            type: "boolean"
+          },
+          token: {
+            title: "Authentication Token",
+            type: "string",
+            description: "The token to use for authorization to BitBucket"
+          },
           gitCommitMessage: {
             title: "Git Commit Message",
             type: "string",
@@ -1681,98 +1826,140 @@ function createPublishGerritAction(options) {
       }
     },
     async handler(ctx) {
+      var _a;
+      ctx.logger.warn(`[Deprecated] Please migrate the use of action "publish:bitbucket" to "publish:bitbucketCloud" or "publish:bitbucketServer".`);
       const {
         repoUrl,
         description,
         defaultBranch = "master",
+        repoVisibility = "private",
+        enableLFS = false,
+        gitCommitMessage = "initial commit",
         gitAuthorName,
-        gitAuthorEmail,
-        gitCommitMessage = "initial commit"
+        gitAuthorEmail
       } = ctx.input;
-      const { repo, host, owner, workspace } = parseRepoUrl(repoUrl, integrations);
-      const integrationConfig = integrations.gerrit.byHost(host);
-      if (!integrationConfig) {
-        throw new errors.InputError(`No matching integration configuration for host ${host}, please check your integrations config`);
+      const { workspace, project, repo, host } = parseRepoUrl(repoUrl, integrations);
+      if (host === "bitbucket.org") {
+        if (!workspace) {
+          throw new errors.InputError(`Invalid URL provider was included in the repo URL to create ${ctx.input.repoUrl}, missing workspace`);
+        }
       }
-      if (!owner) {
-        throw new errors.InputError(`Invalid URL provider was included in the repo URL to create ${ctx.input.repoUrl}, missing owner`);
+      if (!project) {
+        throw new errors.InputError(`Invalid URL provider was included in the repo URL to create ${ctx.input.repoUrl}, missing project`);
       }
-      if (!workspace) {
-        throw new errors.InputError(`Invalid URL provider was included in the repo URL to create ${ctx.input.repoUrl}, missing workspace`);
+      const integrationConfig = integrations.bitbucket.byHost(host);
+      if (!integrationConfig) {
+        throw new errors.InputError(`No matching integration configuration for host ${host}, please check your integrations config`);
       }
-      await createGerritProject(integrationConfig.config, {
+      const authorization = getAuthorizationHeader$2(ctx.input.token ? {
+        host: integrationConfig.config.host,
+        apiBaseUrl: integrationConfig.config.apiBaseUrl,
+        token: ctx.input.token
+      } : integrationConfig.config);
+      const apiBaseUrl = integrationConfig.config.apiBaseUrl;
+      const createMethod = host === "bitbucket.org" ? createBitbucketCloudRepository : createBitbucketServerRepository;
+      const { remoteUrl, repoContentsUrl } = await createMethod({
+        authorization,
+        workspace: workspace || "",
+        project,
+        repo,
+        repoVisibility,
+        mainBranch: defaultBranch,
         description,
-        owner,
-        projectName: repo,
-        parent: workspace
+        apiBaseUrl
       });
-      const auth = {
-        username: integrationConfig.config.username,
-        password: integrationConfig.config.password
-      };
       const gitAuthorInfo = {
         name: gitAuthorName ? gitAuthorName : config.getOptionalString("scaffolder.defaultAuthor.name"),
         email: gitAuthorEmail ? gitAuthorEmail : config.getOptionalString("scaffolder.defaultAuthor.email")
       };
-      const remoteUrl = `${integrationConfig.config.cloneUrl}/a/${repo}`;
+      let auth;
+      if (ctx.input.token) {
+        auth = {
+          username: "x-token-auth",
+          password: ctx.input.token
+        };
+      } else {
+        auth = {
+          username: integrationConfig.config.username ? integrationConfig.config.username : "x-token-auth",
+          password: integrationConfig.config.appPassword ? integrationConfig.config.appPassword : (_a = integrationConfig.config.token) != null ? _a : ""
+        };
+      }
       await initRepoAndPush({
-        dir: getRepoSourceDirectory(ctx.workspacePath, void 0),
+        dir: getRepoSourceDirectory(ctx.workspacePath, ctx.input.sourcePath),
         remoteUrl,
         auth,
         defaultBranch,
         logger: ctx.logger,
-        commitMessage: generateCommitMessage(config, gitCommitMessage),
+        commitMessage: gitCommitMessage ? gitCommitMessage : config.getOptionalString("scaffolder.defaultCommitMessage"),
         gitAuthorInfo
       });
-      const repoContentsUrl = `${integrationConfig.config.gitilesBaseUrl}/${repo}/+/refs/heads/${defaultBranch}`;
+      if (enableLFS && host !== "bitbucket.org") {
+        await performEnableLFS$1({ authorization, host, project, repo });
+      }
       ctx.output("remoteUrl", remoteUrl);
       ctx.output("repoContentsUrl", repoContentsUrl);
     }
   });
 }
 
-const DEFAULT_TIMEOUT_MS = 6e4;
-async function getOctokitOptions(options) {
-  var _a;
-  const { integrations, credentialsProvider, repoUrl, token } = options;
-  const { owner, repo, host } = parseRepoUrl(repoUrl, integrations);
-  const requestOptions = {
-    timeout: DEFAULT_TIMEOUT_MS
+const createRepository$1 = async (opts) => {
+  const {
+    workspace,
+    project,
+    repo,
+    description,
+    repoVisibility,
+    mainBranch,
+    authorization,
+    apiBaseUrl
+  } = opts;
+  const options = {
+    method: "POST",
+    body: JSON.stringify({
+      scm: "git",
+      description,
+      is_private: repoVisibility === "private",
+      project: { key: project }
+    }),
+    headers: {
+      Authorization: authorization,
+      "Content-Type": "application/json"
+    }
   };
-  if (!owner) {
-    throw new errors.InputError(`No owner provided for repo ${repoUrl}`);
+  let response;
+  try {
+    response = await fetch__default["default"](`${apiBaseUrl}/repositories/${workspace}/${repo}`, options);
+  } catch (e) {
+    throw new Error(`Unable to create repository, ${e}`);
+  }
+  if (response.status !== 200) {
+    throw new Error(`Unable to create repository, ${response.status} ${response.statusText}, ${await response.text()}`);
   }
-  const integrationConfig = (_a = integrations.github.byHost(host)) == null ? void 0 : _a.config;
-  if (!integrationConfig) {
-    throw new errors.InputError(`No integration for host ${host}`);
+  const r = await response.json();
+  let remoteUrl = "";
+  for (const link of r.links.clone) {
+    if (link.name === "https") {
+      remoteUrl = link.href;
+    }
   }
-  if (token) {
-    return {
-      auth: token,
-      baseUrl: integrationConfig.apiBaseUrl,
-      previews: ["nebula-preview"],
-      request: requestOptions
-    };
+  const repoContentsUrl = `${r.links.html.href}/src/${mainBranch}`;
+  return { remoteUrl, repoContentsUrl };
+};
+const getAuthorizationHeader$1 = (config) => {
+  if (config.username && config.appPassword) {
+    const buffer = Buffer.from(`${config.username}:${config.appPassword}`, "utf8");
+    return `Basic ${buffer.toString("base64")}`;
   }
-  const githubCredentialsProvider = credentialsProvider != null ? credentialsProvider : integration.DefaultGithubCredentialsProvider.fromIntegrations(integrations);
-  const { token: credentialProviderToken } = await githubCredentialsProvider.getCredentials({
-    url: `https://${host}/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}`
-  });
-  if (!credentialProviderToken) {
-    throw new errors.InputError(`No token available for host: ${host}, with owner ${owner}, and repo ${repo}`);
+  if (config.token) {
+    return `Bearer ${config.token}`;
   }
-  return {
-    auth: credentialProviderToken,
-    baseUrl: integrationConfig.apiBaseUrl,
-    previews: ["nebula-preview"]
-  };
-}
-
-function createPublishGithubAction(options) {
-  const { integrations, config, githubCredentialsProvider } = options;
+  throw new Error(`Authorization has not been provided for Bitbucket Cloud. Please add either username + appPassword to the Integrations config or a user login auth token`);
+};
+function createPublishBitbucketCloudAction(options) {
+  const { integrations, config } = options;
   return createTemplateAction({
-    id: "publish:github",
-    description: "Initializes a git repository of contents in workspace and publishes it to GitHub.",
+    id: "publish:bitbucketCloud",
+    description: "Initializes a git repository of the content in the workspace, and publishes it to Bitbucket Cloud.",
     schema: {
       input: {
         type: "object",
@@ -1780,131 +1967,31 @@ function createPublishGithubAction(options) {
         properties: {
           repoUrl: {
             title: "Repository Location",
-            description: `Accepts the format 'github.com?repo=reponame&owner=owner' where 'reponame' is the new repository name and 'owner' is an organization or username`,
             type: "string"
           },
           description: {
             title: "Repository Description",
             type: "string"
           },
-          access: {
-            title: "Repository Access",
-            description: `Sets an admin collaborator on the repository. Can either be a user reference different from 'owner' in 'repoUrl' or team reference, eg. 'org/team-name'`,
-            type: "string"
-          },
-          requireCodeOwnerReviews: {
-            title: "Require CODEOWNER Reviews?",
-            description: "Require an approved review in PR including files with a designated Code Owner",
-            type: "boolean"
-          },
-          requiredStatusCheckContexts: {
-            title: "Required Status Check Contexts",
-            description: "The list of status checks to require in order to merge into this branch",
-            type: "array",
-            items: {
-              type: "string"
-            }
-          },
           repoVisibility: {
             title: "Repository Visibility",
             type: "string",
-            enum: ["private", "public", "internal"]
+            enum: ["private", "public"]
           },
           defaultBranch: {
             title: "Default Branch",
             type: "string",
             description: `Sets the default branch on the repository. The default value is 'master'`
           },
-          protectDefaultBranch: {
-            title: "Protect Default Branch",
-            type: "boolean",
-            description: `Protect the default branch after creating the repository. The default value is 'true'`
-          },
-          deleteBranchOnMerge: {
-            title: "Delete Branch On Merge",
-            type: "boolean",
-            description: `Delete the branch after merging the PR. The default value is 'false'`
-          },
-          gitCommitMessage: {
-            title: "Git Commit Message",
-            type: "string",
-            description: `Sets the commit message on the repository. The default value is 'initial commit'`
-          },
-          gitAuthorName: {
-            title: "Default Author Name",
-            type: "string",
-            description: `Sets the default author name for the commit. The default value is 'Scaffolder'`
-          },
-          gitAuthorEmail: {
-            title: "Default Author Email",
-            type: "string",
-            description: `Sets the default author email for the commit.`
-          },
-          allowMergeCommit: {
-            title: "Allow Merge Commits",
-            type: "boolean",
-            description: `Allow merge commits. The default value is 'true'`
-          },
-          allowSquashMerge: {
-            title: "Allow Squash Merges",
-            type: "boolean",
-            description: `Allow squash merges. The default value is 'true'`
-          },
-          allowRebaseMerge: {
-            title: "Allow Rebase Merges",
-            type: "boolean",
-            description: `Allow rebase merges. The default value is 'true'`
-          },
           sourcePath: {
             title: "Source Path",
             description: "Path within the workspace that will be used as the repository root. If omitted, the entire workspace will be published as the repository.",
             type: "string"
           },
-          collaborators: {
-            title: "Collaborators",
-            description: "Provide additional users or teams with permissions",
-            type: "array",
-            items: {
-              type: "object",
-              additionalProperties: false,
-              required: ["access"],
-              properties: {
-                access: {
-                  type: "string",
-                  description: "The type of access for the user",
-                  enum: ["push", "pull", "admin", "maintain", "triage"]
-                },
-                user: {
-                  type: "string",
-                  description: "The name of the user that will be added as a collaborator"
-                },
-                username: {
-                  type: "string",
-                  description: "Deprecated. Use the `team` or `user` field instead."
-                },
-                team: {
-                  type: "string",
-                  description: "The name of the team that will be added as a collaborator"
-                }
-              },
-              oneOf: [
-                { required: ["user"] },
-                { required: ["username"] },
-                { required: ["team"] }
-              ]
-            }
-          },
           token: {
             title: "Authentication Token",
             type: "string",
-            description: "The token to use for authorization to GitHub"
-          },
-          topics: {
-            title: "Topics",
-            type: "array",
-            items: {
-              type: "string"
-            }
+            description: "The token to use for authorization to BitBucket Cloud"
           }
         }
       },
@@ -1926,370 +2013,297 @@ function createPublishGithubAction(options) {
       const {
         repoUrl,
         description,
-        access,
-        requireCodeOwnerReviews = false,
-        requiredStatusCheckContexts = [],
-        repoVisibility = "private",
         defaultBranch = "master",
-        protectDefaultBranch = true,
-        deleteBranchOnMerge = false,
-        gitCommitMessage = "initial commit",
-        gitAuthorName,
-        gitAuthorEmail,
-        allowMergeCommit = true,
-        allowSquashMerge = true,
-        allowRebaseMerge = true,
-        collaborators,
-        topics,
-        token: providedToken
+        repoVisibility = "private"
       } = ctx.input;
-      const { owner, repo } = parseRepoUrl(repoUrl, integrations);
-      if (!owner) {
-        throw new errors.InputError("Invalid repository owner provided in repoUrl");
-      }
-      const octokitOptions = await getOctokitOptions({
-        integrations,
-        credentialsProvider: githubCredentialsProvider,
-        token: providedToken,
-        repoUrl
-      });
-      const client = new octokit.Octokit(octokitOptions);
-      const user = await client.rest.users.getByUsername({
-        username: owner
-      });
-      const repoCreationPromise = user.data.type === "Organization" ? client.rest.repos.createInOrg({
-        name: repo,
-        org: owner,
-        private: repoVisibility === "private",
-        visibility: repoVisibility,
-        description,
-        delete_branch_on_merge: deleteBranchOnMerge,
-        allow_merge_commit: allowMergeCommit,
-        allow_squash_merge: allowSquashMerge,
-        allow_rebase_merge: allowRebaseMerge
-      }) : client.rest.repos.createForAuthenticatedUser({
-        name: repo,
-        private: repoVisibility === "private",
-        description,
-        delete_branch_on_merge: deleteBranchOnMerge,
-        allow_merge_commit: allowMergeCommit,
-        allow_squash_merge: allowSquashMerge,
-        allow_rebase_merge: allowRebaseMerge
-      });
-      let newRepo;
-      try {
-        newRepo = (await repoCreationPromise).data;
-      } catch (e) {
-        errors.assertError(e);
-        if (e.message === "Resource not accessible by integration") {
-          ctx.logger.warn(`The GitHub app or token provided may not have the required permissions to create the ${user.data.type} repository ${owner}/${repo}.`);
-        }
-        throw new Error(`Failed to create the ${user.data.type} repository ${owner}/${repo}, ${e.message}`);
-      }
-      if (access == null ? void 0 : access.startsWith(`${owner}/`)) {
-        const [, team] = access.split("/");
-        await client.rest.teams.addOrUpdateRepoPermissionsInOrg({
-          org: owner,
-          team_slug: team,
-          owner,
-          repo,
-          permission: "admin"
-        });
-      } else if (access && access !== owner) {
-        await client.rest.repos.addCollaborator({
-          owner,
-          repo,
-          username: access,
-          permission: "admin"
-        });
+      const { workspace, project, repo, host } = parseRepoUrl(repoUrl, integrations);
+      if (!workspace) {
+        throw new errors.InputError(`Invalid URL provider was included in the repo URL to create ${ctx.input.repoUrl}, missing workspace`);
       }
-      if (collaborators) {
-        for (const collaborator of collaborators) {
-          try {
-            if ("user" in collaborator) {
-              await client.rest.repos.addCollaborator({
-                owner,
-                repo,
-                username: collaborator.user,
-                permission: collaborator.access
-              });
-            } else if ("username" in collaborator) {
-              ctx.logger.warn("The field `username` is deprecated in favor of `team` and will be removed in the future.");
-              await client.rest.teams.addOrUpdateRepoPermissionsInOrg({
-                org: owner,
-                team_slug: collaborator.username,
-                owner,
-                repo,
-                permission: collaborator.access
-              });
-            } else if ("team" in collaborator) {
-              await client.rest.teams.addOrUpdateRepoPermissionsInOrg({
-                org: owner,
-                team_slug: collaborator.team,
-                owner,
-                repo,
-                permission: collaborator.access
-              });
-            }
-          } catch (e) {
-            errors.assertError(e);
-            const name = extractCollaboratorName(collaborator);
-            ctx.logger.warn(`Skipping ${collaborator.access} access for ${name}, ${e.message}`);
-          }
-        }
+      if (!project) {
+        throw new errors.InputError(`Invalid URL provider was included in the repo URL to create ${ctx.input.repoUrl}, missing project`);
       }
-      if (topics) {
-        try {
-          await client.rest.repos.replaceAllTopics({
-            owner,
-            repo,
-            names: topics.map((t) => t.toLowerCase())
-          });
-        } catch (e) {
-          errors.assertError(e);
-          ctx.logger.warn(`Skipping topics ${topics.join(" ")}, ${e.message}`);
-        }
+      const integrationConfig = integrations.bitbucketCloud.byHost(host);
+      if (!integrationConfig) {
+        throw new errors.InputError(`No matching integration configuration for host ${host}, please check your integrations config`);
       }
-      const remoteUrl = newRepo.clone_url;
-      const repoContentsUrl = `${newRepo.html_url}/blob/${defaultBranch}`;
+      const authorization = getAuthorizationHeader$1(ctx.input.token ? { token: ctx.input.token } : integrationConfig.config);
+      const apiBaseUrl = integrationConfig.config.apiBaseUrl;
+      const { remoteUrl, repoContentsUrl } = await createRepository$1({
+        authorization,
+        workspace: workspace || "",
+        project,
+        repo,
+        repoVisibility,
+        mainBranch: defaultBranch,
+        description,
+        apiBaseUrl
+      });
       const gitAuthorInfo = {
-        name: gitAuthorName ? gitAuthorName : config.getOptionalString("scaffolder.defaultAuthor.name"),
-        email: gitAuthorEmail ? gitAuthorEmail : config.getOptionalString("scaffolder.defaultAuthor.email")
+        name: config.getOptionalString("scaffolder.defaultAuthor.name"),
+        email: config.getOptionalString("scaffolder.defaultAuthor.email")
       };
+      let auth;
+      if (ctx.input.token) {
+        auth = {
+          username: "x-token-auth",
+          password: ctx.input.token
+        };
+      } else {
+        if (!integrationConfig.config.username || !integrationConfig.config.appPassword) {
+          throw new Error("Credentials for Bitbucket Cloud integration required for this action.");
+        }
+        auth = {
+          username: integrationConfig.config.username,
+          password: integrationConfig.config.appPassword
+        };
+      }
       await initRepoAndPush({
         dir: getRepoSourceDirectory(ctx.workspacePath, ctx.input.sourcePath),
         remoteUrl,
+        auth,
         defaultBranch,
-        auth: {
-          username: "x-access-token",
-          password: octokitOptions.auth
-        },
         logger: ctx.logger,
-        commitMessage: gitCommitMessage ? gitCommitMessage : config.getOptionalString("scaffolder.defaultCommitMessage"),
+        commitMessage: config.getOptionalString("scaffolder.defaultCommitMessage"),
         gitAuthorInfo
       });
-      if (protectDefaultBranch) {
-        try {
-          await enableBranchProtectionOnDefaultRepoBranch({
-            owner,
-            client,
-            repoName: newRepo.name,
-            logger: ctx.logger,
-            defaultBranch,
-            requireCodeOwnerReviews,
-            requiredStatusCheckContexts
-          });
-        } catch (e) {
-          errors.assertError(e);
-          ctx.logger.warn(`Skipping: default branch protection on '${newRepo.name}', ${e.message}`);
-        }
-      }
       ctx.output("remoteUrl", remoteUrl);
       ctx.output("repoContentsUrl", repoContentsUrl);
     }
-  });
-}
-function extractCollaboratorName(collaborator) {
-  if ("username" in collaborator)
-    return collaborator.username;
-  if ("user" in collaborator)
-    return collaborator.user;
-  return collaborator.team;
-}
-
-const DEFAULT_GLOB_PATTERNS = ["./**", "!.git"];
-const isExecutable = (fileMode) => {
-  if (!fileMode) {
-    return false;
-  }
-  const executeBitMask = 73;
-  const res = fileMode & executeBitMask;
-  return res > 0;
-};
-async function serializeDirectoryContents(sourcePath, options) {
-  var _a;
-  const paths = await globby__default["default"]((_a = options == null ? void 0 : options.globPatterns) != null ? _a : DEFAULT_GLOB_PATTERNS, {
-    cwd: sourcePath,
-    dot: true,
-    gitignore: options == null ? void 0 : options.gitignore,
-    followSymbolicLinks: false,
-    objectMode: true,
-    stats: true
-  });
-  const limiter = limiterFactory__default["default"](10);
-  return Promise.all(paths.map(async ({ path: path$1, stats }) => ({
-    path: path$1,
-    content: await limiter(async () => fs__default["default"].readFile(path.join(sourcePath, path$1))),
-    executable: isExecutable(stats == null ? void 0 : stats.mode)
-  })));
-}
-
-async function deserializeDirectoryContents(targetPath, files) {
-  for (const file of files) {
-    const filePath = backendCommon.resolveSafeChildPath(targetPath, file.path);
-    await fs__default["default"].ensureDir(path.dirname(filePath));
-    await fs__default["default"].writeFile(filePath, file.content);
-  }
+  });
 }
 
-class GithubResponseError extends errors.CustomErrorBase {
-}
-const defaultClientFactory = async ({
-  integrations,
-  githubCredentialsProvider,
-  owner,
-  repo,
-  host = "github.com",
-  token: providedToken
-}) => {
-  const [encodedHost, encodedOwner, encodedRepo] = [host, owner, repo].map(encodeURIComponent);
-  const octokitOptions = await getOctokitOptions({
-    integrations,
-    credentialsProvider: githubCredentialsProvider,
-    repoUrl: `${encodedHost}?owner=${encodedOwner}&repo=${encodedRepo}`,
-    token: providedToken
-  });
-  const OctokitPR = octokit.Octokit.plugin(octokitPluginCreatePullRequest.createPullRequest);
-  return new OctokitPR(octokitOptions);
+const createRepository = async (opts) => {
+  const {
+    project,
+    repo,
+    description,
+    authorization,
+    repoVisibility,
+    apiBaseUrl
+  } = opts;
+  let response;
+  const options = {
+    method: "POST",
+    body: JSON.stringify({
+      name: repo,
+      description,
+      public: repoVisibility === "public"
+    }),
+    headers: {
+      Authorization: authorization,
+      "Content-Type": "application/json"
+    }
+  };
+  try {
+    response = await fetch__default["default"](`${apiBaseUrl}/projects/${project}/repos`, options);
+  } catch (e) {
+    throw new Error(`Unable to create repository, ${e}`);
+  }
+  if (response.status !== 201) {
+    throw new Error(`Unable to create repository, ${response.status} ${response.statusText}, ${await response.text()}`);
+  }
+  const r = await response.json();
+  let remoteUrl = "";
+  for (const link of r.links.clone) {
+    if (link.name === "http") {
+      remoteUrl = link.href;
+    }
+  }
+  const repoContentsUrl = `${r.links.self[0].href}`;
+  return { remoteUrl, repoContentsUrl };
 };
-const createPublishGithubPullRequestAction = ({
-  integrations,
-  githubCredentialsProvider,
-  clientFactory = defaultClientFactory
-}) => {
+const getAuthorizationHeader = (config) => {
+  return `Bearer ${config.token}`;
+};
+const performEnableLFS = async (opts) => {
+  const { authorization, host, project, repo } = opts;
+  const options = {
+    method: "PUT",
+    headers: {
+      Authorization: authorization
+    }
+  };
+  const { ok, status, statusText } = await fetch__default["default"](`https://${host}/rest/git-lfs/admin/projects/${project}/repos/${repo}/enabled`, options);
+  if (!ok)
+    throw new Error(`Failed to enable LFS in the repository, ${status}: ${statusText}`);
+};
+function createPublishBitbucketServerAction(options) {
+  const { integrations, config } = options;
   return createTemplateAction({
-    id: "publish:github:pull-request",
+    id: "publish:bitbucketServer",
+    description: "Initializes a git repository of the content in the workspace, and publishes it to Bitbucket Server.",
     schema: {
       input: {
-        required: ["repoUrl", "title", "description", "branchName"],
         type: "object",
+        required: ["repoUrl"],
         properties: {
           repoUrl: {
             title: "Repository Location",
-            description: `Accepts the format 'github.com?repo=reponame&owner=owner' where 'reponame' is the repository name and 'owner' is an organization or username`,
             type: "string"
           },
-          branchName: {
-            type: "string",
-            title: "Branch Name",
-            description: "The name for the branch"
+          description: {
+            title: "Repository Description",
+            type: "string"
           },
-          title: {
+          repoVisibility: {
+            title: "Repository Visibility",
             type: "string",
-            title: "Pull Request Name",
-            description: "The name for the pull request"
+            enum: ["private", "public"]
           },
-          description: {
+          defaultBranch: {
+            title: "Default Branch",
             type: "string",
-            title: "Pull Request Description",
-            description: "The description of the pull request"
-          },
-          draft: {
-            type: "boolean",
-            title: "Create as Draft",
-            description: "Create a draft pull request"
+            description: `Sets the default branch on the repository. The default value is 'master'`
           },
           sourcePath: {
-            type: "string",
-            title: "Working Subdirectory",
-            description: "Subdirectory of working directory to copy changes from"
+            title: "Source Path",
+            description: "Path within the workspace that will be used as the repository root. If omitted, the entire workspace will be published as the repository.",
+            type: "string"
           },
-          targetPath: {
-            type: "string",
-            title: "Repository Subdirectory",
-            description: "Subdirectory of repository to apply changes to"
+          enableLFS: {
+            title: "Enable LFS?",
+            description: "Enable LFS for the repository.",
+            type: "boolean"
           },
           token: {
             title: "Authentication Token",
             type: "string",
-            description: "The token to use for authorization to GitHub"
+            description: "The token to use for authorization to BitBucket Server"
           }
         }
       },
       output: {
-        required: ["remoteUrl"],
         type: "object",
         properties: {
           remoteUrl: {
-            type: "string",
-            title: "Pull Request URL",
-            description: "Link to the pull request in Github"
+            title: "A URL to the repository with the provider",
+            type: "string"
           },
-          pullRequestNumber: {
-            type: "number",
-            title: "Pull Request Number",
-            description: "The pull request number"
+          repoContentsUrl: {
+            title: "A URL to the root of the repository",
+            type: "string"
           }
         }
       }
     },
     async handler(ctx) {
+      var _a;
       const {
         repoUrl,
-        branchName,
-        title,
         description,
-        draft,
-        targetPath,
-        sourcePath,
-        token: providedToken
+        defaultBranch = "master",
+        repoVisibility = "private",
+        enableLFS = false
       } = ctx.input;
-      const { owner, repo, host } = parseRepoUrl(repoUrl, integrations);
-      if (!owner) {
-        throw new errors.InputError(`No owner provided for host: ${host}, and repo ${repo}`);
+      const { project, repo, host } = parseRepoUrl(repoUrl, integrations);
+      if (!project) {
+        throw new errors.InputError(`Invalid URL provider was included in the repo URL to create ${ctx.input.repoUrl}, missing project`);
       }
-      const client = await clientFactory({
-        integrations,
-        githubCredentialsProvider,
-        host,
-        owner,
+      const integrationConfig = integrations.bitbucketServer.byHost(host);
+      if (!integrationConfig) {
+        throw new errors.InputError(`No matching integration configuration for host ${host}, please check your integrations config`);
+      }
+      const token = (_a = ctx.input.token) != null ? _a : integrationConfig.config.token;
+      if (!token) {
+        throw new Error(`Authorization has not been provided for ${integrationConfig.config.host}. Please add either token to the Integrations config or a user login auth token`);
+      }
+      const authorization = getAuthorizationHeader({ token });
+      const apiBaseUrl = integrationConfig.config.apiBaseUrl;
+      const { remoteUrl, repoContentsUrl } = await createRepository({
+        authorization,
+        project,
         repo,
-        token: providedToken
+        repoVisibility,
+        description,
+        apiBaseUrl
       });
-      const fileRoot = sourcePath ? backendCommon.resolveSafeChildPath(ctx.workspacePath, sourcePath) : ctx.workspacePath;
-      const directoryContents = await serializeDirectoryContents(fileRoot, {
-        gitignore: true
+      const gitAuthorInfo = {
+        name: config.getOptionalString("scaffolder.defaultAuthor.name"),
+        email: config.getOptionalString("scaffolder.defaultAuthor.email")
+      };
+      const auth = {
+        username: "x-token-auth",
+        password: token
+      };
+      await initRepoAndPush({
+        dir: getRepoSourceDirectory(ctx.workspacePath, ctx.input.sourcePath),
+        remoteUrl,
+        auth,
+        defaultBranch,
+        logger: ctx.logger,
+        commitMessage: config.getOptionalString("scaffolder.defaultCommitMessage"),
+        gitAuthorInfo
       });
-      const files = Object.fromEntries(directoryContents.map((file) => [
-        targetPath ? path__default["default"].posix.join(targetPath, file.path) : file.path,
-        {
-          mode: file.executable ? "100755" : "100644",
-          encoding: "base64",
-          content: file.content.toString("base64")
-        }
-      ]));
-      try {
-        const response = await client.createPullRequest({
-          owner,
-          repo,
-          title,
-          changes: [
-            {
-              files,
-              commit: title
-            }
-          ],
-          body: description,
-          head: branchName,
-          draft
-        });
-        if (!response) {
-          throw new GithubResponseError("null response from Github");
+      if (enableLFS) {
+        await performEnableLFS({ authorization, host, project, repo });
+      }
+      ctx.output("remoteUrl", remoteUrl);
+      ctx.output("repoContentsUrl", repoContentsUrl);
+    }
+  });
+}
+
+function createPublishFileAction() {
+  return createTemplateAction({
+    id: "publish:file",
+    description: "Writes contents of the workspace to a local directory",
+    schema: {
+      input: {
+        type: "object",
+        required: ["path"],
+        properties: {
+          path: {
+            title: "Path to a directory where the output will be written",
+            type: "string"
+          }
         }
-        ctx.output("remoteUrl", response.data.html_url);
-        ctx.output("pullRequestNumber", response.data.number);
-      } catch (e) {
-        throw new GithubResponseError("Pull request creation failed", e);
       }
+    },
+    async handler(ctx) {
+      const { path: path$1 } = ctx.input;
+      const exists = await fs__default["default"].pathExists(path$1);
+      if (exists) {
+        throw new errors.InputError("Output path already exists");
+      }
+      await fs__default["default"].ensureDir(path.dirname(path$1));
+      await fs__default["default"].copy(ctx.workspacePath, path$1);
     }
   });
+}
+
+const createGerritProject = async (config, options) => {
+  const { projectName, parent, owner, description } = options;
+  const fetchOptions = {
+    method: "PUT",
+    body: JSON.stringify({
+      parent,
+      description,
+      owners: [owner],
+      create_empty_commit: false
+    }),
+    headers: {
+      ...integration.getGerritRequestOptions(config).headers,
+      "Content-Type": "application/json"
+    }
+  };
+  const response = await fetch__default["default"](`${config.baseUrl}/a/projects/${encodeURIComponent(projectName)}`, fetchOptions);
+  if (response.status !== 201) {
+    throw new Error(`Unable to create repository, ${response.status} ${response.statusText}, ${await response.text()}`);
+  }
 };
+const generateCommitMessage = (config, commitSubject) => {
+  const changeId = crypto__default["default"].randomBytes(20).toString("hex");
+  const msg = `${config.getOptionalString("scaffolder.defaultCommitMessage") || commitSubject}
 
-function createPublishGitlabAction(options) {
+Change-Id: I${changeId}`;
+  return msg;
+};
+function createPublishGerritAction(options) {
   const { integrations, config } = options;
   return createTemplateAction({
-    id: "publish:gitlab",
-    description: "Initializes a git repository of the content in the workspace, and publishes it to GitLab.",
+    id: "publish:gerrit",
+    description: "Initializes a git repository of the content in the workspace, and publishes it to Gerrit.",
     schema: {
       input: {
         type: "object",
@@ -2299,10 +2313,9 @@ function createPublishGitlabAction(options) {
             title: "Repository Location",
             type: "string"
           },
-          repoVisibility: {
-            title: "Repository Visibility",
-            type: "string",
-            enum: ["private", "public", "internal"]
+          description: {
+            title: "Repository Description",
+            type: "string"
           },
           defaultBranch: {
             title: "Default Branch",
@@ -2323,16 +2336,6 @@ function createPublishGitlabAction(options) {
             title: "Default Author Email",
             type: "string",
             description: `Sets the default author email for the commit.`
-          },
-          sourcePath: {
-            title: "Source Path",
-            description: "Path within the workspace that will be used as the repository root. If omitted, the entire workspace will be published as the repository.",
-            type: "string"
-          },
-          token: {
-            title: "Authentication Token",
-            type: "string",
-            description: "The token to use for authorization to GitLab"
           }
         }
       },
@@ -2353,223 +2356,257 @@ function createPublishGitlabAction(options) {
     async handler(ctx) {
       const {
         repoUrl,
-        repoVisibility = "private",
+        description,
         defaultBranch = "master",
-        gitCommitMessage = "initial commit",
         gitAuthorName,
-        gitAuthorEmail
+        gitAuthorEmail,
+        gitCommitMessage = "initial commit"
       } = ctx.input;
-      const { owner, repo, host } = parseRepoUrl(repoUrl, integrations);
-      if (!owner) {
-        throw new errors.InputError(`No owner provided for host: ${host}, and repo ${repo}`);
-      }
-      const integrationConfig = integrations.gitlab.byHost(host);
+      const { repo, host, owner, workspace } = parseRepoUrl(repoUrl, integrations);
+      const integrationConfig = integrations.gerrit.byHost(host);
       if (!integrationConfig) {
         throw new errors.InputError(`No matching integration configuration for host ${host}, please check your integrations config`);
       }
-      if (!integrationConfig.config.token && !ctx.input.token) {
-        throw new errors.InputError(`No token available for host ${host}`);
+      if (!owner) {
+        throw new errors.InputError(`Invalid URL provider was included in the repo URL to create ${ctx.input.repoUrl}, missing owner`);
       }
-      const token = ctx.input.token || integrationConfig.config.token;
-      const tokenType = ctx.input.token ? "oauthToken" : "token";
-      const client = new node.Gitlab({
-        host: integrationConfig.config.baseUrl,
-        [tokenType]: token
-      });
-      let { id: targetNamespace } = await client.Namespaces.show(owner);
-      if (!targetNamespace) {
-        const { id } = await client.Users.current();
-        targetNamespace = id;
+      if (!workspace) {
+        throw new errors.InputError(`Invalid URL provider was included in the repo URL to create ${ctx.input.repoUrl}, missing workspace`);
       }
-      const { http_url_to_repo } = await client.Projects.create({
-        namespace_id: targetNamespace,
-        name: repo,
-        visibility: repoVisibility
+      await createGerritProject(integrationConfig.config, {
+        description,
+        owner,
+        projectName: repo,
+        parent: workspace
       });
-      const remoteUrl = http_url_to_repo.replace(/\.git$/, "");
-      const repoContentsUrl = `${remoteUrl}/-/blob/${defaultBranch}`;
+      const auth = {
+        username: integrationConfig.config.username,
+        password: integrationConfig.config.password
+      };
       const gitAuthorInfo = {
         name: gitAuthorName ? gitAuthorName : config.getOptionalString("scaffolder.defaultAuthor.name"),
         email: gitAuthorEmail ? gitAuthorEmail : config.getOptionalString("scaffolder.defaultAuthor.email")
       };
+      const remoteUrl = `${integrationConfig.config.cloneUrl}/a/${repo}`;
       await initRepoAndPush({
-        dir: getRepoSourceDirectory(ctx.workspacePath, ctx.input.sourcePath),
-        remoteUrl: http_url_to_repo,
+        dir: getRepoSourceDirectory(ctx.workspacePath, void 0),
+        remoteUrl,
+        auth,
         defaultBranch,
-        auth: {
-          username: "oauth2",
-          password: token
-        },
         logger: ctx.logger,
-        commitMessage: gitCommitMessage ? gitCommitMessage : config.getOptionalString("scaffolder.defaultCommitMessage"),
+        commitMessage: generateCommitMessage(config, gitCommitMessage),
         gitAuthorInfo
       });
+      const repoContentsUrl = `${integrationConfig.config.gitilesBaseUrl}/${repo}/+/refs/heads/${defaultBranch}`;
       ctx.output("remoteUrl", remoteUrl);
       ctx.output("repoContentsUrl", repoContentsUrl);
     }
   });
 }
 
-const createPublishGitlabMergeRequestAction = (options) => {
-  const { integrations } = options;
+function createPublishGithubAction(options) {
+  const { integrations, config, githubCredentialsProvider } = options;
   return createTemplateAction({
-    id: "publish:gitlab:merge-request",
+    id: "publish:github",
+    description: "Initializes a git repository of contents in workspace and publishes it to GitHub.",
     schema: {
       input: {
-        required: ["repoUrl", "targetPath", "branchName"],
         type: "object",
+        required: ["repoUrl"],
         properties: {
-          repoUrl: {
-            type: "string",
-            title: "Repository Location",
-            description: `Accepts the format 'gitlab.com/group_name/project_name' where 'project_name' is the repository name and 'group_name' is a group or username`
-          },
-          projectid: {
-            type: "string",
-            title: "projectid",
-            description: "Project ID/Name(slug) of the Gitlab Project"
-          },
-          title: {
-            type: "string",
-            title: "Merge Request Name",
-            description: "The name for the merge request"
-          },
-          description: {
-            type: "string",
-            title: "Merge Request Description",
-            description: "The description of the merge request"
-          },
-          branchName: {
-            type: "string",
-            title: "Destination Branch name",
-            description: "The description of the merge request"
-          },
-          targetPath: {
-            type: "string",
-            title: "Repository Subdirectory",
-            description: "Subdirectory of repository to apply changes to"
-          },
-          token: {
-            title: "Authentication Token",
-            type: "string",
-            description: "The token to use for authorization to GitLab"
-          }
+          repoUrl: repoUrl,
+          description: description,
+          access: access,
+          requireCodeOwnerReviews: requireCodeOwnerReviews,
+          requiredStatusCheckContexts: requiredStatusCheckContexts,
+          repoVisibility: repoVisibility,
+          defaultBranch: defaultBranch,
+          protectDefaultBranch: protectDefaultBranch,
+          deleteBranchOnMerge: deleteBranchOnMerge,
+          gitCommitMessage: gitCommitMessage,
+          gitAuthorName: gitAuthorName,
+          gitAuthorEmail: gitAuthorEmail,
+          allowMergeCommit: allowMergeCommit,
+          allowSquashMerge: allowSquashMerge,
+          allowRebaseMerge: allowRebaseMerge,
+          sourcePath: sourcePath,
+          collaborators: collaborators,
+          token: token,
+          topics: topics
         }
       },
       output: {
         type: "object",
         properties: {
-          projectid: {
-            title: "Gitlab Project id/Name(slug)",
-            type: "string"
-          },
-          projectPath: {
-            title: "Gitlab Project path",
-            type: "string"
-          },
-          mergeRequestURL: {
-            title: "MergeRequest(MR) URL",
-            type: "string",
-            description: "Link to the merge request in GitLab"
-          }
+          remoteUrl: remoteUrl,
+          repoContentsUrl: repoContentsUrl
         }
       }
     },
     async handler(ctx) {
-      var _a;
-      const repoUrl = ctx.input.repoUrl;
-      const { host, owner, repo } = parseRepoUrl(repoUrl, integrations);
-      const projectPath = `${owner}/${repo}`;
-      if (ctx.input.projectid) {
-        const deprecationWarning = `Property "projectid" is deprecated and no longer to needed to create a MR`;
-        ctx.logger.warn(deprecationWarning);
-        console.warn(deprecationWarning);
-      }
-      const integrationConfig = integrations.gitlab.byHost(host);
-      const destinationBranch = ctx.input.branchName;
-      if (!integrationConfig) {
-        throw new errors.InputError(`No matching integration configuration for host ${host}, please check your integrations config`);
-      }
-      if (!integrationConfig.config.token && !ctx.input.token) {
-        throw new errors.InputError(`No token available for host ${host}`);
-      }
-      const token = (_a = ctx.input.token) != null ? _a : integrationConfig.config.token;
-      const tokenType = ctx.input.token ? "oauthToken" : "token";
-      const api = new node.Gitlab({
-        host: integrationConfig.config.baseUrl,
-        [tokenType]: token
-      });
-      const targetPath = backendCommon.resolveSafeChildPath(ctx.workspacePath, ctx.input.targetPath);
-      const fileContents = await serializeDirectoryContents(targetPath, {
-        gitignore: true
+      const {
+        repoUrl,
+        description,
+        access,
+        requireCodeOwnerReviews = false,
+        requiredStatusCheckContexts = [],
+        repoVisibility = "private",
+        defaultBranch = "master",
+        protectDefaultBranch = true,
+        deleteBranchOnMerge = false,
+        gitCommitMessage = "initial commit",
+        gitAuthorName,
+        gitAuthorEmail,
+        allowMergeCommit = true,
+        allowSquashMerge = true,
+        allowRebaseMerge = true,
+        collaborators,
+        topics,
+        token: providedToken
+      } = ctx.input;
+      const octokitOptions = await getOctokitOptions({
+        integrations,
+        credentialsProvider: githubCredentialsProvider,
+        token: providedToken,
+        repoUrl
       });
-      const actions = fileContents.map((file) => ({
-        action: "create",
-        filePath: path__default["default"].posix.join(ctx.input.targetPath, file.path),
-        encoding: "base64",
-        content: file.content.toString("base64"),
-        execute_filemode: file.executable
-      }));
-      const projects = await api.Projects.show(projectPath);
-      const { default_branch: defaultBranch } = projects;
-      try {
-        await api.Branches.create(projectPath, destinationBranch, String(defaultBranch));
-      } catch (e) {
-        throw new errors.InputError(`The branch creation failed ${e}`);
-      }
-      try {
-        await api.Commits.create(projectPath, destinationBranch, ctx.input.title, actions);
-      } catch (e) {
-        throw new errors.InputError(`Committing the changes to ${destinationBranch} failed ${e}`);
-      }
-      try {
-        const mergeRequestUrl = await api.MergeRequests.create(projectPath, destinationBranch, String(defaultBranch), ctx.input.title, { description: ctx.input.description }).then((mergeRequest) => {
-          return mergeRequest.web_url;
-        });
-        ctx.output("projectid", projectPath);
-        ctx.output("projectPath", projectPath);
-        ctx.output("mergeRequestUrl", mergeRequestUrl);
-      } catch (e) {
-        throw new errors.InputError(`Merge request creation failed${e}`);
+      const client = new octokit.Octokit(octokitOptions);
+      const { owner, repo } = parseRepoUrl(repoUrl, integrations);
+      if (!owner) {
+        throw new errors.InputError("Invalid repository owner provided in repoUrl");
       }
+      const newRepo = await createGithubRepoWithCollaboratorsAndTopics(client, repo, owner, repoVisibility, description, deleteBranchOnMerge, allowMergeCommit, allowSquashMerge, allowRebaseMerge, access, collaborators, topics, ctx.logger);
+      const remoteUrl = newRepo.clone_url;
+      const repoContentsUrl = `${newRepo.html_url}/blob/${defaultBranch}`;
+      await initRepoPushAndProtect(remoteUrl, octokitOptions.auth, ctx.workspacePath, ctx.input.sourcePath, defaultBranch, protectDefaultBranch, owner, client, repo, requireCodeOwnerReviews, requiredStatusCheckContexts, config, ctx.logger, gitCommitMessage, gitAuthorName, gitAuthorEmail);
+      ctx.output("remoteUrl", remoteUrl);
+      ctx.output("repoContentsUrl", repoContentsUrl);
     }
   });
+}
+
+const DEFAULT_GLOB_PATTERNS = ["./**", "!.git"];
+const isExecutable = (fileMode) => {
+  if (!fileMode) {
+    return false;
+  }
+  const executeBitMask = 73;
+  const res = fileMode & executeBitMask;
+  return res > 0;
 };
+async function serializeDirectoryContents(sourcePath, options) {
+  var _a;
+  const paths = await globby__default["default"]((_a = options == null ? void 0 : options.globPatterns) != null ? _a : DEFAULT_GLOB_PATTERNS, {
+    cwd: sourcePath,
+    dot: true,
+    gitignore: options == null ? void 0 : options.gitignore,
+    followSymbolicLinks: false,
+    objectMode: true,
+    stats: true
+  });
+  const limiter = limiterFactory__default["default"](10);
+  return Promise.all(paths.map(async ({ path: path$1, stats }) => ({
+    path: path$1,
+    content: await limiter(async () => fs__default["default"].readFile(path.join(sourcePath, path$1))),
+    executable: isExecutable(stats == null ? void 0 : stats.mode)
+  })));
+}
 
-function createGithubActionsDispatchAction(options) {
-  const { integrations, githubCredentialsProvider } = options;
+async function deserializeDirectoryContents(targetPath, files) {
+  for (const file of files) {
+    const filePath = backendCommon.resolveSafeChildPath(targetPath, file.path);
+    await fs__default["default"].ensureDir(path.dirname(filePath));
+    await fs__default["default"].writeFile(filePath, file.content);
+  }
+}
+
+class GithubResponseError extends errors.CustomErrorBase {
+}
+const defaultClientFactory = async ({
+  integrations,
+  githubCredentialsProvider,
+  owner,
+  repo,
+  host = "github.com",
+  token: providedToken
+}) => {
+  const [encodedHost, encodedOwner, encodedRepo] = [host, owner, repo].map(encodeURIComponent);
+  const octokitOptions = await getOctokitOptions({
+    integrations,
+    credentialsProvider: githubCredentialsProvider,
+    repoUrl: `${encodedHost}?owner=${encodedOwner}&repo=${encodedRepo}`,
+    token: providedToken
+  });
+  const OctokitPR = octokit.Octokit.plugin(octokitPluginCreatePullRequest.createPullRequest);
+  return new OctokitPR(octokitOptions);
+};
+const createPublishGithubPullRequestAction = ({
+  integrations,
+  githubCredentialsProvider,
+  clientFactory = defaultClientFactory
+}) => {
   return createTemplateAction({
-    id: "github:actions:dispatch",
-    description: "Dispatches a GitHub Action workflow for a given branch or tag",
+    id: "publish:github:pull-request",
     schema: {
       input: {
+        required: ["repoUrl", "title", "description", "branchName"],
         type: "object",
-        required: ["repoUrl", "workflowId", "branchOrTagName"],
         properties: {
           repoUrl: {
             title: "Repository Location",
-            description: `Accepts the format 'github.com?repo=reponame&owner=owner' where 'reponame' is the new repository name and 'owner' is an organization or username`,
+            description: `Accepts the format 'github.com?repo=reponame&owner=owner' where 'reponame' is the repository name and 'owner' is an organization or username`,
             type: "string"
           },
-          workflowId: {
-            title: "Workflow ID",
-            description: "The GitHub Action Workflow filename",
-            type: "string"
+          branchName: {
+            type: "string",
+            title: "Branch Name",
+            description: "The name for the branch"
           },
-          branchOrTagName: {
-            title: "Branch or Tag name",
-            description: "The git branch or tag name used to dispatch the workflow",
-            type: "string"
+          title: {
+            type: "string",
+            title: "Pull Request Name",
+            description: "The name for the pull request"
           },
-          workflowInputs: {
-            title: "Workflow Inputs",
-            description: "Inputs keys and values to send to GitHub Action configured on the workflow file. The maximum number of properties is 10. ",
-            type: "object"
+          description: {
+            type: "string",
+            title: "Pull Request Description",
+            description: "The description of the pull request"
+          },
+          draft: {
+            type: "boolean",
+            title: "Create as Draft",
+            description: "Create a draft pull request"
+          },
+          sourcePath: {
+            type: "string",
+            title: "Working Subdirectory",
+            description: "Subdirectory of working directory to copy changes from"
+          },
+          targetPath: {
+            type: "string",
+            title: "Repository Subdirectory",
+            description: "Subdirectory of repository to apply changes to"
           },
           token: {
             title: "Authentication Token",
             type: "string",
-            description: "The GITHUB_TOKEN to use for authorization to GitHub"
+            description: "The token to use for authorization to GitHub"
+          }
+        }
+      },
+      output: {
+        required: ["remoteUrl"],
+        type: "object",
+        properties: {
+          remoteUrl: {
+            type: "string",
+            title: "Pull Request URL",
+            description: "Link to the pull request in Github"
+          },
+          pullRequestNumber: {
+            type: "number",
+            title: "Pull Request Number",
+            description: "The pull request number"
           }
         }
       }
@@ -2577,99 +2614,126 @@ function createGithubActionsDispatchAction(options) {
     async handler(ctx) {
       const {
         repoUrl,
-        workflowId,
-        branchOrTagName,
-        workflowInputs,
+        branchName,
+        title,
+        description,
+        draft,
+        targetPath,
+        sourcePath,
         token: providedToken
       } = ctx.input;
-      ctx.logger.info(`Dispatching workflow ${workflowId} for repo ${repoUrl} on ${branchOrTagName}`);
-      const { owner, repo } = parseRepoUrl(repoUrl, integrations);
+      const { owner, repo, host } = parseRepoUrl(repoUrl, integrations);
       if (!owner) {
-        throw new errors.InputError("Invalid repository owner provided in repoUrl");
+        throw new errors.InputError(`No owner provided for host: ${host}, and repo ${repo}`);
       }
-      const client = new octokit.Octokit(await getOctokitOptions({
+      const client = await clientFactory({
         integrations,
-        repoUrl,
-        credentialsProvider: githubCredentialsProvider,
-        token: providedToken
-      }));
-      await client.rest.actions.createWorkflowDispatch({
+        githubCredentialsProvider,
+        host,
         owner,
         repo,
-        workflow_id: workflowId,
-        ref: branchOrTagName,
-        inputs: workflowInputs
+        token: providedToken
       });
-      ctx.logger.info(`Workflow ${workflowId} dispatched successfully`);
+      const fileRoot = sourcePath ? backendCommon.resolveSafeChildPath(ctx.workspacePath, sourcePath) : ctx.workspacePath;
+      const directoryContents = await serializeDirectoryContents(fileRoot, {
+        gitignore: true
+      });
+      const files = Object.fromEntries(directoryContents.map((file) => [
+        targetPath ? path__default["default"].posix.join(targetPath, file.path) : file.path,
+        {
+          mode: file.executable ? "100755" : "100644",
+          encoding: "base64",
+          content: file.content.toString("base64")
+        }
+      ]));
+      try {
+        const response = await client.createPullRequest({
+          owner,
+          repo,
+          title,
+          changes: [
+            {
+              files,
+              commit: title
+            }
+          ],
+          body: description,
+          head: branchName,
+          draft
+        });
+        if (!response) {
+          throw new GithubResponseError("null response from Github");
+        }
+        ctx.output("remoteUrl", response.data.html_url);
+        ctx.output("pullRequestNumber", response.data.number);
+      } catch (e) {
+        throw new GithubResponseError("Pull request creation failed", e);
+      }
     }
   });
-}
+};
 
-function createGithubWebhookAction(options) {
-  const { integrations, defaultWebhookSecret, githubCredentialsProvider } = options;
-  const eventNames = webhooks.emitterEventNames.filter((event) => !event.includes("."));
+function createPublishGitlabAction(options) {
+  const { integrations, config } = options;
   return createTemplateAction({
-    id: "github:webhook",
-    description: "Creates webhook for a repository on GitHub.",
+    id: "publish:gitlab",
+    description: "Initializes a git repository of the content in the workspace, and publishes it to GitLab.",
     schema: {
       input: {
         type: "object",
-        required: ["repoUrl", "webhookUrl"],
+        required: ["repoUrl"],
         properties: {
           repoUrl: {
             title: "Repository Location",
-            description: `Accepts the format 'github.com?repo=reponame&owner=owner' where 'reponame' is the new repository name and 'owner' is an organization or username`,
-            type: "string"
-          },
-          webhookUrl: {
-            title: "Webhook URL",
-            description: "The URL to which the payloads will be delivered",
             type: "string"
           },
-          webhookSecret: {
-            title: "Webhook Secret",
-            description: "Webhook secret value. The default can be provided internally in action creation",
-            type: "string"
+          repoVisibility: {
+            title: "Repository Visibility",
+            type: "string",
+            enum: ["private", "public", "internal"]
           },
-          events: {
-            title: "Triggering Events",
-            description: "Determines what events the hook is triggered for. Default: push",
-            type: "array",
-            oneOf: [
-              {
-                items: {
-                  type: "string",
-                  enum: eventNames
-                }
-              },
-              {
-                items: {
-                  type: "string",
-                  const: "*"
-                }
-              }
-            ]
+          defaultBranch: {
+            title: "Default Branch",
+            type: "string",
+            description: `Sets the default branch on the repository. The default value is 'master'`
           },
-          active: {
-            title: "Active",
-            type: "boolean",
-            description: `Determines if notifications are sent when the webhook is triggered. Default: true`
+          gitCommitMessage: {
+            title: "Git Commit Message",
+            type: "string",
+            description: `Sets the commit message on the repository. The default value is 'initial commit'`
           },
-          contentType: {
-            title: "Content Type",
+          gitAuthorName: {
+            title: "Default Author Name",
             type: "string",
-            enum: ["form", "json"],
-            description: `The media type used to serialize the payloads. The default is 'form'`
+            description: `Sets the default author name for the commit. The default value is 'Scaffolder'`
           },
-          insecureSsl: {
-            title: "Insecure SSL",
-            type: "boolean",
-            description: `Determines whether the SSL certificate of the host for url will be verified when delivering payloads. Default 'false'`
+          gitAuthorEmail: {
+            title: "Default Author Email",
+            type: "string",
+            description: `Sets the default author email for the commit.`
+          },
+          sourcePath: {
+            title: "Source Path",
+            description: "Path within the workspace that will be used as the repository root. If omitted, the entire workspace will be published as the repository.",
+            type: "string"
           },
           token: {
             title: "Authentication Token",
             type: "string",
-            description: "The GITHUB_TOKEN to use for authorization to GitHub"
+            description: "The token to use for authorization to GitLab"
+          }
+        }
+      },
+      output: {
+        type: "object",
+        properties: {
+          remoteUrl: {
+            title: "A URL to the repository with the provider",
+            type: "string"
+          },
+          repoContentsUrl: {
+            title: "A URL to the root of the repository",
+            type: "string"
           }
         }
       }
@@ -2677,111 +2741,196 @@ function createGithubWebhookAction(options) {
     async handler(ctx) {
       const {
         repoUrl,
-        webhookUrl,
-        webhookSecret = defaultWebhookSecret,
-        events = ["push"],
-        active = true,
-        contentType = "form",
-        insecureSsl = false,
-        token: providedToken
+        repoVisibility = "private",
+        defaultBranch = "master",
+        gitCommitMessage = "initial commit",
+        gitAuthorName,
+        gitAuthorEmail
       } = ctx.input;
-      ctx.logger.info(`Creating webhook ${webhookUrl} for repo ${repoUrl}`);
-      const { owner, repo } = parseRepoUrl(repoUrl, integrations);
+      const { owner, repo, host } = parseRepoUrl(repoUrl, integrations);
       if (!owner) {
-        throw new errors.InputError("Invalid repository owner provided in repoUrl");
+        throw new errors.InputError(`No owner provided for host: ${host}, and repo ${repo}`);
       }
-      const client = new octokit.Octokit(await getOctokitOptions({
-        integrations,
-        credentialsProvider: githubCredentialsProvider,
-        repoUrl,
-        token: providedToken
-      }));
-      try {
-        const insecure_ssl = insecureSsl ? "1" : "0";
-        await client.rest.repos.createWebhook({
-          owner,
-          repo,
-          config: {
-            url: webhookUrl,
-            content_type: contentType,
-            secret: webhookSecret,
-            insecure_ssl
-          },
-          events,
-          active
-        });
-        ctx.logger.info(`Webhook '${webhookUrl}' created successfully`);
-      } catch (e) {
-        errors.assertError(e);
-        ctx.logger.warn(`Failed: create webhook '${webhookUrl}' on repo: '${repo}', ${e.message}`);
+      const integrationConfig = integrations.gitlab.byHost(host);
+      if (!integrationConfig) {
+        throw new errors.InputError(`No matching integration configuration for host ${host}, please check your integrations config`);
       }
+      if (!integrationConfig.config.token && !ctx.input.token) {
+        throw new errors.InputError(`No token available for host ${host}`);
+      }
+      const token = ctx.input.token || integrationConfig.config.token;
+      const tokenType = ctx.input.token ? "oauthToken" : "token";
+      const client = new node.Gitlab({
+        host: integrationConfig.config.baseUrl,
+        [tokenType]: token
+      });
+      let { id: targetNamespace } = await client.Namespaces.show(owner);
+      if (!targetNamespace) {
+        const { id } = await client.Users.current();
+        targetNamespace = id;
+      }
+      const { http_url_to_repo } = await client.Projects.create({
+        namespace_id: targetNamespace,
+        name: repo,
+        visibility: repoVisibility
+      });
+      const remoteUrl = http_url_to_repo.replace(/\.git$/, "");
+      const repoContentsUrl = `${remoteUrl}/-/blob/${defaultBranch}`;
+      const gitAuthorInfo = {
+        name: gitAuthorName ? gitAuthorName : config.getOptionalString("scaffolder.defaultAuthor.name"),
+        email: gitAuthorEmail ? gitAuthorEmail : config.getOptionalString("scaffolder.defaultAuthor.email")
+      };
+      await initRepoAndPush({
+        dir: getRepoSourceDirectory(ctx.workspacePath, ctx.input.sourcePath),
+        remoteUrl: http_url_to_repo,
+        defaultBranch,
+        auth: {
+          username: "oauth2",
+          password: token
+        },
+        logger: ctx.logger,
+        commitMessage: gitCommitMessage ? gitCommitMessage : config.getOptionalString("scaffolder.defaultCommitMessage"),
+        gitAuthorInfo
+      });
+      ctx.output("remoteUrl", remoteUrl);
+      ctx.output("repoContentsUrl", repoContentsUrl);
     }
   });
 }
 
-function createGithubIssuesLabelAction(options) {
-  const { integrations, githubCredentialsProvider } = options;
+const createPublishGitlabMergeRequestAction = (options) => {
+  const { integrations } = options;
   return createTemplateAction({
-    id: "github:issues:label",
-    description: "Adds labels to a pull request or issue on GitHub.",
+    id: "publish:gitlab:merge-request",
     schema: {
       input: {
+        required: ["repoUrl", "targetPath", "branchName"],
         type: "object",
-        required: ["repoUrl", "number", "labels"],
         properties: {
           repoUrl: {
+            type: "string",
             title: "Repository Location",
-            description: `Accepts the format 'github.com?repo=reponame&owner=owner' where 'reponame' is the repository name and 'owner' is an organization or username`,
-            type: "string"
+            description: `Accepts the format 'gitlab.com/group_name/project_name' where 'project_name' is the repository name and 'group_name' is a group or username`
           },
-          number: {
-            title: "Pull Request or issue number",
-            description: "The pull request or issue number to add labels to",
-            type: "number"
+          projectid: {
+            type: "string",
+            title: "projectid",
+            description: "Project ID/Name(slug) of the Gitlab Project"
           },
-          labels: {
-            title: "Labels",
-            description: "The labels to add to the pull request or issue",
-            type: "array",
-            items: {
-              type: "string"
-            }
+          title: {
+            type: "string",
+            title: "Merge Request Name",
+            description: "The name for the merge request"
+          },
+          description: {
+            type: "string",
+            title: "Merge Request Description",
+            description: "The description of the merge request"
+          },
+          branchName: {
+            type: "string",
+            title: "Destination Branch name",
+            description: "The description of the merge request"
+          },
+          targetPath: {
+            type: "string",
+            title: "Repository Subdirectory",
+            description: "Subdirectory of repository to apply changes to"
           },
           token: {
             title: "Authentication Token",
             type: "string",
-            description: "The GITHUB_TOKEN to use for authorization to GitHub"
+            description: "The token to use for authorization to GitLab"
+          },
+          removeSourceBranch: {
+            title: "Delete source branch",
+            type: "boolean",
+            description: "Option to delete source branch once the MR has been merged. Default: false"
+          }
+        }
+      },
+      output: {
+        type: "object",
+        properties: {
+          projectid: {
+            title: "Gitlab Project id/Name(slug)",
+            type: "string"
+          },
+          projectPath: {
+            title: "Gitlab Project path",
+            type: "string"
+          },
+          mergeRequestURL: {
+            title: "MergeRequest(MR) URL",
+            type: "string",
+            description: "Link to the merge request in GitLab"
           }
         }
       }
     },
     async handler(ctx) {
-      const { repoUrl, number, labels, token: providedToken } = ctx.input;
-      const { owner, repo } = parseRepoUrl(repoUrl, integrations);
-      ctx.logger.info(`Adding labels to ${number} issue on repo ${repo}`);
-      if (!owner) {
-        throw new errors.InputError("Invalid repository owner provided in repoUrl");
+      var _a;
+      const repoUrl = ctx.input.repoUrl;
+      const { host, owner, repo } = parseRepoUrl(repoUrl, integrations);
+      const projectPath = `${owner}/${repo}`;
+      if (ctx.input.projectid) {
+        const deprecationWarning = `Property "projectid" is deprecated and no longer to needed to create a MR`;
+        ctx.logger.warn(deprecationWarning);
+        console.warn(deprecationWarning);
       }
-      const client = new octokit.Octokit(await getOctokitOptions({
-        integrations,
-        credentialsProvider: githubCredentialsProvider,
-        repoUrl,
-        token: providedToken
+      const integrationConfig = integrations.gitlab.byHost(host);
+      const destinationBranch = ctx.input.branchName;
+      if (!integrationConfig) {
+        throw new errors.InputError(`No matching integration configuration for host ${host}, please check your integrations config`);
+      }
+      if (!integrationConfig.config.token && !ctx.input.token) {
+        throw new errors.InputError(`No token available for host ${host}`);
+      }
+      const token = (_a = ctx.input.token) != null ? _a : integrationConfig.config.token;
+      const tokenType = ctx.input.token ? "oauthToken" : "token";
+      const api = new node.Gitlab({
+        host: integrationConfig.config.baseUrl,
+        [tokenType]: token
+      });
+      const targetPath = backendCommon.resolveSafeChildPath(ctx.workspacePath, ctx.input.targetPath);
+      const fileContents = await serializeDirectoryContents(targetPath, {
+        gitignore: true
+      });
+      const actions = fileContents.map((file) => ({
+        action: "create",
+        filePath: path__default["default"].posix.join(ctx.input.targetPath, file.path),
+        encoding: "base64",
+        content: file.content.toString("base64"),
+        execute_filemode: file.executable
       }));
+      const projects = await api.Projects.show(projectPath);
+      const { default_branch: defaultBranch } = projects;
       try {
-        await client.rest.issues.addLabels({
-          owner,
-          repo,
-          issue_number: number,
-          labels
+        await api.Branches.create(projectPath, destinationBranch, String(defaultBranch));
+      } catch (e) {
+        throw new errors.InputError(`The branch creation failed ${e}`);
+      }
+      try {
+        await api.Commits.create(projectPath, destinationBranch, ctx.input.title, actions);
+      } catch (e) {
+        throw new errors.InputError(`Committing the changes to ${destinationBranch} failed ${e}`);
+      }
+      try {
+        const mergeRequestUrl = await api.MergeRequests.create(projectPath, destinationBranch, String(defaultBranch), ctx.input.title, {
+          description: ctx.input.description,
+          removeSourceBranch: ctx.input.removeSourceBranch ? ctx.input.removeSourceBranch : false
+        }).then((mergeRequest) => {
+          return mergeRequest.web_url;
         });
+        ctx.output("projectid", projectPath);
+        ctx.output("projectPath", projectPath);
+        ctx.output("mergeRequestUrl", mergeRequestUrl);
       } catch (e) {
-        errors.assertError(e);
-        ctx.logger.warn(`Failed: adding labels to issue: '${number}' on repo: '${repo}', ${e.message}`);
+        throw new errors.InputError(`Merge request creation failed${e}`);
       }
     }
   });
-}
+};
 
 const createBuiltinActions = (options) => {
   const {
@@ -2854,6 +3003,15 @@ const createBuiltinActions = (options) => {
     createGithubIssuesLabelAction({
       integrations,
       githubCredentialsProvider
+    }),
+    createGithubRepoCreateAction({
+      integrations,
+      githubCredentialsProvider
+    }),
+    createGithubRepoPushAction({
+      integrations,
+      config,
+      githubCredentialsProvider
     })
   ];
   return actions;
@@ -3898,15 +4056,27 @@ data: ${JSON.stringify(event)}
 }
 function parseBearerToken(header) {
   var _a;
-  const token = (_a = header == null ? void 0 : header.match(/Bearer\s+(\S+)/i)) == null ? void 0 : _a[1];
-  if (!token)
+  if (!header) {
     return {};
-  const [_header, rawPayload, _signature] = token.split(".");
-  const payload = JSON.parse(Buffer.from(rawPayload, "base64").toString());
-  return {
-    entityRef: payload.sub,
-    token
-  };
+  }
+  try {
+    const token = (_a = header.match(/^Bearer\s(\S+\.\S+\.\S+)$/i)) == null ? void 0 : _a[1];
+    if (!token) {
+      throw new TypeError("Expected Bearer with JWT");
+    }
+    const [_header, rawPayload, _signature] = token.split(".");
+    const payload = JSON.parse(Buffer.from(rawPayload, "base64").toString());
+    if (typeof payload !== "object" || payload === null || Array.isArray(payload)) {
+      throw new TypeError("Malformed JWT payload");
+    }
+    const sub = payload.sub;
+    if (typeof sub !== "string") {
+      throw new TypeError("Expected string sub claim");
+    }
+    return { entityRef: sub, token };
+  } catch (e) {
+    throw new errors.InputError(`Invalid authorization header: ${errors.stringifyError(e)}`);
+  }
 }
 
 class ScaffolderEntitiesProcessor {
@@ -3973,6 +4143,8 @@ exports.createFilesystemDeleteAction = createFilesystemDeleteAction;
 exports.createFilesystemRenameAction = createFilesystemRenameAction;
 exports.createGithubActionsDispatchAction = createGithubActionsDispatchAction;
 exports.createGithubIssuesLabelAction = createGithubIssuesLabelAction;
+exports.createGithubRepoCreateAction = createGithubRepoCreateAction;
+exports.createGithubRepoPushAction = createGithubRepoPushAction;
 exports.createGithubWebhookAction = createGithubWebhookAction;
 exports.createPublishAzureAction = createPublishAzureAction;
 exports.createPublishBitbucketAction = createPublishBitbucketAction;