@backstage/plugin-scaffolder-backend 1.4.0-next.3 → 1.4.0

package/CHANGELOG.md

@@ -1,5 +1,58 @@
 # @backstage/plugin-scaffolder-backend
 
+## 1.4.0
+
+### Minor Changes
+
+- e1a08d872c: Added optional assignee parameter for Gitlab Merge Request action
+- dab9bcf2e7: Add `protectEnforceAdmins` as an option to GitHub publish actions
+- 4baf8a4ece: Update GitLab Merge Request Action to allow source branch to be deleted
+- 91c1d12123: Export experimental `scaffolderCatalogExtension` for the new backend system. This export is not considered stable and should not be used in production.
+- d10ccc2ed1: Introduced audit log message when a new scaffolder task is created
+- 2db07887cb: Added two new scaffolder actions: `github:repo:create` and `github:repo:push`
+
+### Patch Changes
+
+- ff316b86d8: Add `copyWithoutTemplating` to the fetch template action input. `copyWithoutTemplating` also accepts an array of glob patterns. Contents of matched files or directories are copied without being processed, but paths are subject to rendering.
+
+  Deprecate `copyWithoutRender` in favor of `copyWithoutTemplating`.
+
+- 801d606909: Improve error messaging when passing in malformed auth
+- 089d846962: Fix issues with optional directories and files
+- ea6dcb84a4: Don't resolve symlinks, treat them as binary files and copy them as-is
+- af02f54483: new setUserAsOwner flag for publish:gitlab action
+
+  The field default is `false`. When true it will use the token configured in the gitlab integration for the matching host, to try and set the user logged in via `repoUrlPicker` `requestUserCredentials` OAuth flow as owner of the repository created in GitLab.
+
+- a70869e775: Updated dependency `msw` to `^0.43.0`.
+- 4e9a90e307: Updated dependency `luxon` to `^3.0.0`.
+- 72622d9143: Updated dependency `yaml` to `^2.0.0`.
+- 8006d0f9bf: Updated dependency `msw` to `^0.44.0`.
+- 679b32172e: Updated dependency `knex` to `^2.0.0`.
+- 511f49ee43: Updated dependency `octokit` to `^2.0.0`.
+- 735853353b: Updated dependency `@octokit/webhooks` to `^10.0.0`.
+- e2d7b76f43: Upgrade git-url-parse to 12.0.0.
+
+  Motivation for upgrade is transitively upgrading parse-url which is vulnerable
+  to several CVEs detected by Snyk.
+
+  - SNYK-JS-PARSEURL-2935944
+  - SNYK-JS-PARSEURL-2935947
+  - SNYK-JS-PARSEURL-2936249
+
+- 945a27fa6a: Add sourcePath option to publish:gerrit action
+- 1764296a68: Allow to create Gerrit project using default owner
+- Updated dependencies
+  - @backstage/backend-plugin-api@0.1.0
+  - @backstage/plugin-catalog-backend@1.3.0
+  - @backstage/backend-common@0.14.1
+  - @backstage/catalog-model@1.1.0
+  - @backstage/plugin-catalog-node@1.0.0
+  - @backstage/integration@1.2.2
+  - @backstage/catalog-client@1.0.4
+  - @backstage/errors@1.1.0
+  - @backstage/plugin-scaffolder-common@1.1.2
+
 ## 1.4.0-next.3
 
 ### Minor Changes

package/alpha/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-scaffolder-backend",
-  "version": "1.4.0-next.3",
+  "version": "1.4.0",
   "main": "../dist/index.cjs.js",
   "types": "../dist/index.alpha.d.ts"
 }

package/dist/index.alpha.d.ts

@@ -161,7 +161,11 @@ url: string;
 targetPath?: string | undefined;
 values: any;
 templateFileExtension?: string | boolean | undefined;
+/**
+* @deprecated This field is deprecated in favor of copyWithoutTemplating.
+*/
 copyWithoutRender?: string[] | undefined;
+copyWithoutTemplating?: string[] | undefined;
 cookiecutterCompat?: boolean | undefined;
 }>;
 
@@ -299,6 +303,7 @@ repoUrl: string;
 description?: string | undefined;
 defaultBranch?: string | undefined;
 protectDefaultBranch?: boolean | undefined;
+protectEnforceAdmins?: boolean | undefined;
 gitCommitMessage?: string | undefined;
 gitAuthorName?: string | undefined;
 gitAuthorEmail?: string | undefined;
@@ -433,6 +438,7 @@ defaultBranch?: string | undefined;
 gitCommitMessage?: string | undefined;
 gitAuthorName?: string | undefined;
 gitAuthorEmail?: string | undefined;
+sourcePath?: string | undefined;
 }>;
 
 /**
@@ -451,6 +457,7 @@ description?: string | undefined;
 access?: string | undefined;
 defaultBranch?: string | undefined;
 protectDefaultBranch?: boolean | undefined;
+protectEnforceAdmins?: boolean | undefined;
 deleteBranchOnMerge?: boolean | undefined;
 gitCommitMessage?: string | undefined;
 gitAuthorName?: string | undefined;
@@ -530,6 +537,7 @@ token?: string | undefined;
 /** @deprecated Use projectPath instead */
 projectid?: string | undefined;
 removeSourceBranch?: boolean | undefined;
+assignee?: string | undefined;
 }>;
 
 /**

package/dist/index.beta.d.ts

@@ -161,7 +161,11 @@ url: string;
 targetPath?: string | undefined;
 values: any;
 templateFileExtension?: string | boolean | undefined;
+/**
+* @deprecated This field is deprecated in favor of copyWithoutTemplating.
+*/
 copyWithoutRender?: string[] | undefined;
+copyWithoutTemplating?: string[] | undefined;
 cookiecutterCompat?: boolean | undefined;
 }>;
 
@@ -299,6 +303,7 @@ repoUrl: string;
 description?: string | undefined;
 defaultBranch?: string | undefined;
 protectDefaultBranch?: boolean | undefined;
+protectEnforceAdmins?: boolean | undefined;
 gitCommitMessage?: string | undefined;
 gitAuthorName?: string | undefined;
 gitAuthorEmail?: string | undefined;
@@ -433,6 +438,7 @@ defaultBranch?: string | undefined;
 gitCommitMessage?: string | undefined;
 gitAuthorName?: string | undefined;
 gitAuthorEmail?: string | undefined;
+sourcePath?: string | undefined;
 }>;
 
 /**
@@ -451,6 +457,7 @@ description?: string | undefined;
 access?: string | undefined;
 defaultBranch?: string | undefined;
 protectDefaultBranch?: boolean | undefined;
+protectEnforceAdmins?: boolean | undefined;
 deleteBranchOnMerge?: boolean | undefined;
 gitCommitMessage?: string | undefined;
 gitAuthorName?: string | undefined;
@@ -530,6 +537,7 @@ token?: string | undefined;
 /** @deprecated Use projectPath instead */
 projectid?: string | undefined;
 removeSourceBranch?: boolean | undefined;
+assignee?: string | undefined;
 }>;
 
 /**

package/dist/index.cjs.js

@@ -473,13 +473,21 @@ function createFetchTemplateAction(options) {
             type: "object"
           },
           copyWithoutRender: {
-            title: "Copy Without Render",
+            title: "[Deprecated] Copy Without Render",
             description: "An array of glob patterns. Any files or directories which match are copied without being processed as templates.",
             type: "array",
             items: {
               type: "string"
             }
           },
+          copyWithoutTemplating: {
+            title: "Copy Without Templating",
+            description: "An array of glob patterns. Contents of matched files or directories are copied without being processed, but paths are subject to rendering.",
+            type: "array",
+            items: {
+              type: "string"
+            }
+          },
           cookiecutterCompat: {
             title: "Cookiecutter compatibility mode",
             description: "Enable features to maximise compatibility with templates built for fetch:cookiecutter",
@@ -501,11 +509,24 @@ function createFetchTemplateAction(options) {
       const templateDir = backendCommon.resolveSafeChildPath(workDir, "template");
       const targetPath = (_a = ctx.input.targetPath) != null ? _a : "./";
       const outputDir = backendCommon.resolveSafeChildPath(ctx.workspacePath, targetPath);
-      if (ctx.input.copyWithoutRender && !Array.isArray(ctx.input.copyWithoutRender)) {
-        throw new errors.InputError("Fetch action input copyWithoutRender must be an Array");
+      if (ctx.input.copyWithoutRender && ctx.input.copyWithoutTemplating) {
+        throw new errors.InputError("Fetch action input copyWithoutRender and copyWithoutTemplating can not be used at the same time");
+      }
+      let copyOnlyPatterns;
+      let renderFilename;
+      if (ctx.input.copyWithoutRender) {
+        ctx.logger.warn("[Deprecated] Please use copyWithoutTemplating instead.");
+        copyOnlyPatterns = ctx.input.copyWithoutRender;
+        renderFilename = false;
+      } else {
+        copyOnlyPatterns = ctx.input.copyWithoutTemplating;
+        renderFilename = true;
+      }
+      if (copyOnlyPatterns && !Array.isArray(copyOnlyPatterns)) {
+        throw new errors.InputError("Fetch action input copyWithoutRender/copyWithoutTemplating must be an Array");
       }
-      if (ctx.input.templateFileExtension && (ctx.input.copyWithoutRender || ctx.input.cookiecutterCompat)) {
-        throw new errors.InputError("Fetch action input extension incompatible with copyWithoutRender and cookiecutterCompat");
+      if (ctx.input.templateFileExtension && (copyOnlyPatterns || ctx.input.cookiecutterCompat)) {
+        throw new errors.InputError("Fetch action input extension incompatible with copyWithoutRender/copyWithoutTemplating and cookiecutterCompat");
       }
       let extension = false;
       if (ctx.input.templateFileExtension) {
@@ -529,7 +550,7 @@ function createFetchTemplateAction(options) {
         markDirectories: true,
         followSymbolicLinks: false
       });
-      const nonTemplatedEntries = new Set((await Promise.all((ctx.input.copyWithoutRender || []).map((pattern) => globby__default["default"](pattern, {
+      const nonTemplatedEntries = new Set((await Promise.all((copyOnlyPatterns || []).map((pattern) => globby__default["default"](pattern, {
         cwd: templateDir,
         dot: true,
         onlyFiles: false,
@@ -546,23 +567,27 @@ function createFetchTemplateAction(options) {
         additionalTemplateFilters
       });
       for (const location of allEntriesInTemplate) {
-        let renderFilename;
         let renderContents;
         let localOutputPath = location;
         if (extension) {
-          renderFilename = true;
           renderContents = path.extname(localOutputPath) === extension;
           if (renderContents) {
             localOutputPath = localOutputPath.slice(0, -extension.length);
           }
+          localOutputPath = renderTemplate(localOutputPath, context);
         } else {
-          renderFilename = renderContents = !nonTemplatedEntries.has(location);
+          renderContents = !nonTemplatedEntries.has(location);
+          if (renderFilename) {
+            localOutputPath = renderTemplate(localOutputPath, context);
+          } else {
+            localOutputPath = renderContents ? renderTemplate(localOutputPath, context) : localOutputPath;
+          }
         }
-        if (renderFilename) {
-          localOutputPath = renderTemplate(localOutputPath, context);
+        if (containsSkippedContent(localOutputPath)) {
+          continue;
         }
         const outputPath = backendCommon.resolveSafeChildPath(outputDir, localOutputPath);
-        if (outputDir === outputPath) {
+        if (fs__default["default"].existsSync(outputPath)) {
           continue;
         }
         if (!renderContents && !extension) {
@@ -589,6 +614,9 @@ function createFetchTemplateAction(options) {
     }
   });
 }
+function containsSkippedContent(localOutputPath) {
+  return localOutputPath === "" || path__default["default"].isAbsolute(localOutputPath) || localOutputPath.includes(`${path__default["default"].sep}${path__default["default"].sep}`);
+}
 
 const createFilesystemDeleteAction = () => {
   return createTemplateAction({
@@ -729,7 +757,7 @@ const parseRepoUrl = (repoUrl, integrations) => {
       throw new errors.InputError(`Invalid repo URL passed to publisher: ${repoUrl}, missing project`);
     }
   } else {
-    if (!owner) {
+    if (!owner && type !== "gerrit") {
       throw new errors.InputError(`Invalid repo URL passed to publisher: ${repoUrl}, missing owner`);
     }
   }
@@ -813,7 +841,8 @@ const enableBranchProtectionOnDefaultRepoBranch = async ({
   logger,
   requireCodeOwnerReviews,
   requiredStatusCheckContexts = [],
-  defaultBranch = "master"
+  defaultBranch = "master",
+  enforceAdmins = true
 }) => {
   const tryOnce = async () => {
     try {
@@ -829,7 +858,7 @@ const enableBranchProtectionOnDefaultRepoBranch = async ({
           contexts: requiredStatusCheckContexts
         },
         restrictions: null,
-        enforce_admins: true,
+        enforce_admins: enforceAdmins,
         required_pull_request_reviews: {
           required_approving_review_count: 1,
           require_code_owner_reviews: requireCodeOwnerReviews
@@ -981,7 +1010,7 @@ async function createGithubRepoWithCollaboratorsAndTopics(client, repo, owner, r
   }
   return newRepo;
 }
-async function initRepoPushAndProtect(remoteUrl, password, workspacePath, sourcePath, defaultBranch, protectDefaultBranch, owner, client, repo, requireCodeOwnerReviews, requiredStatusCheckContexts, config, logger, gitCommitMessage, gitAuthorName, gitAuthorEmail) {
+async function initRepoPushAndProtect(remoteUrl, password, workspacePath, sourcePath, defaultBranch, protectDefaultBranch, protectEnforceAdmins, owner, client, repo, requireCodeOwnerReviews, requiredStatusCheckContexts, config, logger, gitCommitMessage, gitAuthorName, gitAuthorEmail) {
   const gitAuthorInfo = {
     name: gitAuthorName ? gitAuthorName : config.getOptionalString("scaffolder.defaultAuthor.name"),
     email: gitAuthorEmail ? gitAuthorEmail : config.getOptionalString("scaffolder.defaultAuthor.email")
@@ -1008,7 +1037,8 @@ async function initRepoPushAndProtect(remoteUrl, password, workspacePath, source
         logger,
         defaultBranch,
         requireCodeOwnerReviews,
-        requiredStatusCheckContexts
+        requiredStatusCheckContexts,
+        enforceAdmins: protectEnforceAdmins
       });
     } catch (e) {
       errors.assertError(e);
@@ -1267,6 +1297,11 @@ const protectDefaultBranch = {
   type: "boolean",
   description: `Protect the default branch after creating the repository. The default value is 'true'`
 };
+const protectEnforceAdmins = {
+  title: "Enforce Admins On Protected Branches",
+  type: "boolean",
+  description: `Enforce admins to adhere to default branch protection. The default value is 'true'`
+};
 const gitCommitMessage = {
   title: "Git Commit Message",
   type: "string",
@@ -1366,6 +1401,7 @@ function createGithubRepoPushAction(options) {
           requiredStatusCheckContexts: requiredStatusCheckContexts,
           defaultBranch: defaultBranch,
           protectDefaultBranch: protectDefaultBranch,
+          protectEnforceAdmins: protectEnforceAdmins,
           gitCommitMessage: gitCommitMessage,
           gitAuthorName: gitAuthorName,
           gitAuthorEmail: gitAuthorEmail,
@@ -1386,6 +1422,7 @@ function createGithubRepoPushAction(options) {
         repoUrl,
         defaultBranch = "master",
         protectDefaultBranch = true,
+        protectEnforceAdmins = true,
         gitCommitMessage = "initial commit",
         gitAuthorName,
         gitAuthorEmail,
@@ -1407,7 +1444,7 @@ function createGithubRepoPushAction(options) {
       const targetRepo = await client.rest.repos.get({ owner, repo });
       const remoteUrl = targetRepo.data.clone_url;
       const repoContentsUrl = `${targetRepo.data.html_url}/blob/${defaultBranch}`;
-      await initRepoPushAndProtect(remoteUrl, octokitOptions.auth, ctx.workspacePath, ctx.input.sourcePath, defaultBranch, protectDefaultBranch, owner, client, repo, requireCodeOwnerReviews, requiredStatusCheckContexts, config, ctx.logger, gitCommitMessage, gitAuthorName, gitAuthorEmail);
+      await initRepoPushAndProtect(remoteUrl, octokitOptions.auth, ctx.workspacePath, ctx.input.sourcePath, defaultBranch, protectDefaultBranch, protectEnforceAdmins, owner, client, repo, requireCodeOwnerReviews, requiredStatusCheckContexts, config, ctx.logger, gitCommitMessage, gitAuthorName, gitAuthorEmail);
       ctx.output("remoteUrl", remoteUrl);
       ctx.output("repoContentsUrl", repoContentsUrl);
     }
@@ -2282,7 +2319,7 @@ const createGerritProject = async (config, options) => {
     body: JSON.stringify({
       parent,
       description,
-      owners: [owner],
+      owners: owner ? [owner] : [],
       create_empty_commit: false
     }),
     headers: {
@@ -2339,6 +2376,11 @@ function createPublishGerritAction(options) {
             title: "Default Author Email",
             type: "string",
             description: `Sets the default author email for the commit.`
+          },
+          sourcePath: {
+            title: "Source Path",
+            type: "string",
+            description: `Path within the workspace that will be used as the repository root. If omitted, the entire workspace will be published as the repository.`
           }
         }
       },
@@ -2363,16 +2405,14 @@ function createPublishGerritAction(options) {
         defaultBranch = "master",
         gitAuthorName,
         gitAuthorEmail,
-        gitCommitMessage = "initial commit"
+        gitCommitMessage = "initial commit",
+        sourcePath
       } = ctx.input;
       const { repo, host, owner, workspace } = parseRepoUrl(repoUrl, integrations);
       const integrationConfig = integrations.gerrit.byHost(host);
       if (!integrationConfig) {
         throw new errors.InputError(`No matching integration configuration for host ${host}, please check your integrations config`);
       }
-      if (!owner) {
-        throw new errors.InputError(`Invalid URL provider was included in the repo URL to create ${ctx.input.repoUrl}, missing owner`);
-      }
       if (!workspace) {
         throw new errors.InputError(`Invalid URL provider was included in the repo URL to create ${ctx.input.repoUrl}, missing workspace`);
       }
@@ -2392,7 +2432,7 @@ function createPublishGerritAction(options) {
       };
       const remoteUrl = `${integrationConfig.config.cloneUrl}/a/${repo}`;
       await initRepoAndPush({
-        dir: getRepoSourceDirectory(ctx.workspacePath, void 0),
+        dir: getRepoSourceDirectory(ctx.workspacePath, sourcePath),
         remoteUrl,
         auth,
         defaultBranch,
@@ -2425,6 +2465,7 @@ function createPublishGithubAction(options) {
           repoVisibility: repoVisibility,
           defaultBranch: defaultBranch,
           protectDefaultBranch: protectDefaultBranch,
+          protectEnforceAdmins: protectEnforceAdmins,
           deleteBranchOnMerge: deleteBranchOnMerge,
           gitCommitMessage: gitCommitMessage,
           gitAuthorName: gitAuthorName,
@@ -2456,6 +2497,7 @@ function createPublishGithubAction(options) {
         repoVisibility = "private",
         defaultBranch = "master",
         protectDefaultBranch = true,
+        protectEnforceAdmins = true,
         deleteBranchOnMerge = false,
         gitCommitMessage = "initial commit",
         gitAuthorName,
@@ -2481,7 +2523,7 @@ function createPublishGithubAction(options) {
       const newRepo = await createGithubRepoWithCollaboratorsAndTopics(client, repo, owner, repoVisibility, description, deleteBranchOnMerge, allowMergeCommit, allowSquashMerge, allowRebaseMerge, access, collaborators, topics, ctx.logger);
       const remoteUrl = newRepo.clone_url;
       const repoContentsUrl = `${newRepo.html_url}/blob/${defaultBranch}`;
-      await initRepoPushAndProtect(remoteUrl, octokitOptions.auth, ctx.workspacePath, ctx.input.sourcePath, defaultBranch, protectDefaultBranch, owner, client, repo, requireCodeOwnerReviews, requiredStatusCheckContexts, config, ctx.logger, gitCommitMessage, gitAuthorName, gitAuthorEmail);
+      await initRepoPushAndProtect(remoteUrl, octokitOptions.auth, ctx.workspacePath, ctx.input.sourcePath, defaultBranch, protectDefaultBranch, protectEnforceAdmins, owner, client, repo, requireCodeOwnerReviews, requiredStatusCheckContexts, config, ctx.logger, gitCommitMessage, gitAuthorName, gitAuthorEmail);
       ctx.output("remoteUrl", remoteUrl);
       ctx.output("repoContentsUrl", repoContentsUrl);
     }
@@ -2862,6 +2904,11 @@ const createPublishGitlabMergeRequestAction = (options) => {
             title: "Delete source branch",
             type: "boolean",
             description: "Option to delete source branch once the MR has been merged. Default: false"
+          },
+          assignee: {
+            title: "Merge Request Assignee",
+            type: "string",
+            description: "User this merge request will be assigned to"
           }
         }
       },
@@ -2908,6 +2955,16 @@ const createPublishGitlabMergeRequestAction = (options) => {
         host: integrationConfig.config.baseUrl,
         [tokenType]: token
       });
+      const assignee = ctx.input.assignee;
+      let assigneeId = void 0;
+      if (assignee !== void 0) {
+        try {
+          const assigneeUser = await api.Users.username(assignee);
+          assigneeId = assigneeUser[0].id;
+        } catch (e) {
+          ctx.logger.warn(`Failed to find gitlab user id for ${assignee}: ${e}. Proceeding with MR creation without an assignee.`);
+        }
+      }
       const targetPath = backendCommon.resolveSafeChildPath(ctx.workspacePath, ctx.input.targetPath);
       const fileContents = await serializeDirectoryContents(targetPath, {
         gitignore: true
@@ -2934,7 +2991,8 @@ const createPublishGitlabMergeRequestAction = (options) => {
       try {
         const mergeRequestUrl = await api.MergeRequests.create(projectPath, destinationBranch, String(defaultBranch), ctx.input.title, {
           description: ctx.input.description,
-          removeSourceBranch: ctx.input.removeSourceBranch ? ctx.input.removeSourceBranch : false
+          removeSourceBranch: ctx.input.removeSourceBranch ? ctx.input.removeSourceBranch : false,
+          assigneeId
         }).then((mergeRequest) => {
           return mergeRequest.web_url;
         });
@@ -3883,6 +3941,11 @@ async function createRouter(options) {
     });
     const { token, entityRef: userEntityRef } = parseBearerToken(req.headers.authorization);
     const userEntity = userEntityRef ? await catalogClient.getEntityByRef(userEntityRef, { token }) : void 0;
+    let auditLog = `Scaffolding task for ${templateRef}`;
+    if (userEntityRef) {
+      auditLog += ` created by ${userEntityRef}`;
+    }
+    logger.info(auditLog);
     const values = req.body.values;
     const template = await findTemplate({
       catalogApi: catalogClient,