@backstage/plugin-scaffolder-backend 1.5.1 → 1.6.0-next.2

package/dist/index.cjs.js

@@ -20,6 +20,7 @@ var azureDevopsNodeApi = require('azure-devops-node-api');
 var fetch = require('node-fetch');
 var crypto = require('crypto');
 var octokitPluginCreatePullRequest = require('octokit-plugin-create-pull-request');
+var fs$1 = require('fs');
 var limiterFactory = require('p-limit');
 var node = require('@gitbeaker/node');
 var uuid = require('uuid');
@@ -283,13 +284,8 @@ async function recursiveReadDir(dir) {
   return files.reduce((a, f) => a.concat(f), []);
 }
 
-async function fetchContents({
-  reader,
-  integrations,
-  baseUrl,
-  fetchUrl = ".",
-  outputPath
-}) {
+async function fetchContents(options) {
+  const { reader, integrations, baseUrl, fetchUrl = ".", outputPath } = options;
   let fetchUrlIsAbsolute = false;
   try {
     new URL(fetchUrl);
@@ -1043,7 +1039,7 @@ async function getOctokitOptions(options) {
     previews: ["nebula-preview"]
   };
 }
-async function createGithubRepoWithCollaboratorsAndTopics(client, repo, owner, repoVisibility, description, deleteBranchOnMerge, allowMergeCommit, allowSquashMerge, allowRebaseMerge, access, collaborators, topics, logger) {
+async function createGithubRepoWithCollaboratorsAndTopics(client, repo, owner, repoVisibility, description, homepage, deleteBranchOnMerge, allowMergeCommit, allowSquashMerge, allowRebaseMerge, access, collaborators, topics, logger) {
   const user = await client.rest.users.getByUsername({
     username: owner
   });
@@ -1056,7 +1052,8 @@ async function createGithubRepoWithCollaboratorsAndTopics(client, repo, owner, r
     delete_branch_on_merge: deleteBranchOnMerge,
     allow_merge_commit: allowMergeCommit,
     allow_squash_merge: allowSquashMerge,
-    allow_rebase_merge: allowRebaseMerge
+    allow_rebase_merge: allowRebaseMerge,
+    homepage
   }) : client.rest.repos.createForAuthenticatedUser({
     name: repo,
     private: repoVisibility === "private",
@@ -1064,7 +1061,8 @@ async function createGithubRepoWithCollaboratorsAndTopics(client, repo, owner, r
     delete_branch_on_merge: deleteBranchOnMerge,
     allow_merge_commit: allowMergeCommit,
     allow_squash_merge: allowSquashMerge,
-    allow_rebase_merge: allowRebaseMerge
+    allow_rebase_merge: allowRebaseMerge,
+    homepage
   });
   let newRepo;
   try {
@@ -1335,6 +1333,10 @@ const description = {
   title: "Repository Description",
   type: "string"
 };
+const homepage = {
+  title: "Repository Homepage",
+  type: "string"
+};
 const access = {
   title: "Repository Access",
   description: `Sets an admin collaborator on the repository. Can either be a user reference different from 'owner' in 'repoUrl' or team reference, eg. 'org/team-name'`,
@@ -1473,6 +1475,7 @@ function createGithubRepoCreateAction(options) {
         properties: {
           repoUrl: repoUrl,
           description: description,
+          homepage: homepage,
           access: access,
           requireCodeOwnerReviews: requireCodeOwnerReviews,
           requiredStatusCheckContexts: requiredStatusCheckContexts,
@@ -1498,6 +1501,7 @@ function createGithubRepoCreateAction(options) {
       const {
         repoUrl,
         description,
+        homepage,
         access,
         repoVisibility = "private",
         deleteBranchOnMerge = false,
@@ -1525,6 +1529,7 @@ function createGithubRepoCreateAction(options) {
         owner,
         repoVisibility,
         description,
+        homepage,
         deleteBranchOnMerge,
         allowMergeCommit,
         allowSquashMerge,
@@ -1800,6 +1805,10 @@ function createPublishAzureAction(options) {
           repoContentsUrl: {
             title: "A URL to the root of the repository",
             type: "string"
+          },
+          repositoryId: {
+            title: "The Id of the created repository",
+            type: "string"
           }
         }
       }
@@ -1849,6 +1858,10 @@ function createPublishAzureAction(options) {
           "No remote URL returned from create repository for Azure"
         );
       }
+      const repositoryId = returnedRepo.id;
+      if (!repositoryId) {
+        throw new errors.InputError("No Id returned from create repository for Azure");
+      }
       const repoContentsUrl = remoteUrl;
       const gitAuthorInfo = {
         name: gitAuthorName ? gitAuthorName : config.getOptionalString("scaffolder.defaultAuthor.name"),
@@ -1868,6 +1881,7 @@ function createPublishAzureAction(options) {
       });
       ctx.output("remoteUrl", remoteUrl);
       ctx.output("repoContentsUrl", repoContentsUrl);
+      ctx.output("repositoryId", repositoryId);
     }
   });
 }
@@ -2544,37 +2558,6 @@ function createPublishBitbucketServerAction(options) {
   });
 }
 
-function createPublishFileAction() {
-  return createTemplateAction({
-    id: "publish:file",
-    description: "Writes contents of the workspace to a local directory",
-    schema: {
-      input: {
-        type: "object",
-        required: ["path"],
-        properties: {
-          path: {
-            title: "Path to a directory where the output will be written",
-            type: "string"
-          }
-        }
-      }
-    },
-    async handler(ctx) {
-      ctx.logger.warn(
-        "[DEPRECATED] This action will be removed, prefer testing templates using the template editor instead."
-      );
-      const { path: path$1 } = ctx.input;
-      const exists = await fs__default["default"].pathExists(path$1);
-      if (exists) {
-        throw new errors.InputError("Output path already exists");
-      }
-      await fs__default["default"].ensureDir(path.dirname(path$1));
-      await fs__default["default"].copy(ctx.workspacePath, path$1);
-    }
-  });
-}
-
 const createGerritProject = async (config, options) => {
   const { projectName, parent, owner, description } = options;
   const fetchOptions = {
@@ -2843,6 +2826,7 @@ function createPublishGithubAction(options) {
         properties: {
           repoUrl: repoUrl,
           description: description,
+          homepage: homepage,
           access: access,
           requireCodeOwnerReviews: requireCodeOwnerReviews,
           requiredStatusCheckContexts: requiredStatusCheckContexts,
@@ -2875,6 +2859,7 @@ function createPublishGithubAction(options) {
       const {
         repoUrl,
         description,
+        homepage,
         access,
         requireCodeOwnerReviews = false,
         requiredStatusCheckContexts = [],
@@ -2910,6 +2895,7 @@ function createPublishGithubAction(options) {
         owner,
         repoVisibility,
         description,
+        homepage,
         deleteBranchOnMerge,
         allowMergeCommit,
         allowSquashMerge,
@@ -2955,6 +2941,10 @@ const isExecutable = (fileMode) => {
   const res = fileMode & executeBitMask;
   return res > 0;
 };
+async function asyncFilter(array, callback) {
+  const filterMap = await Promise.all(array.map(callback));
+  return array.filter((_value, index) => filterMap[index]);
+}
 async function serializeDirectoryContents(sourcePath, options) {
   var _a;
   const paths = await globby__default["default"]((_a = options == null ? void 0 : options.globPatterns) != null ? _a : DEFAULT_GLOB_PATTERNS, {
@@ -2962,17 +2952,36 @@ async function serializeDirectoryContents(sourcePath, options) {
     dot: true,
     gitignore: options == null ? void 0 : options.gitignore,
     followSymbolicLinks: false,
+    onlyFiles: false,
     objectMode: true,
     stats: true
   });
   const limiter = limiterFactory__default["default"](10);
+  const valid = await asyncFilter(paths, async ({ dirent, path }) => {
+    if (dirent.isDirectory())
+      return false;
+    if (!dirent.isSymbolicLink())
+      return true;
+    const safePath = backendCommon.resolveSafeChildPath(sourcePath, path);
+    try {
+      await fs$1.promises.stat(safePath);
+      return false;
+    } catch (e) {
+      return errors.isError(e) && e.code === "ENOENT";
+    }
+  });
   return Promise.all(
-    paths.map(async ({ path: path$1, stats }) => ({
-      path: path$1,
-      content: await limiter(
-        async () => fs__default["default"].readFile(path.join(sourcePath, path$1))
-      ),
-      executable: isExecutable(stats == null ? void 0 : stats.mode)
+    valid.map(async ({ dirent, path, stats }) => ({
+      path,
+      content: await limiter(async () => {
+        const absFilePath = backendCommon.resolveSafeChildPath(sourcePath, path);
+        if (dirent.isSymbolicLink()) {
+          return fs$1.promises.readlink(absFilePath, "buffer");
+        }
+        return fs$1.promises.readFile(absFilePath);
+      }),
+      executable: isExecutable(stats == null ? void 0 : stats.mode),
+      symlink: dirent.isSymbolicLink()
     }))
   );
 }
@@ -3005,7 +3014,10 @@ const defaultClientFactory = async ({
     token: providedToken
   });
   const OctokitPR = octokit.Octokit.plugin(octokitPluginCreatePullRequest.createPullRequest);
-  return new OctokitPR(octokitOptions);
+  return new OctokitPR({
+    ...octokitOptions,
+    ...{ throttle: { enabled: false } }
+  });
 };
 const createPublishGithubPullRequestAction = ({
   integrations,
@@ -3125,13 +3137,21 @@ const createPublishGithubPullRequestAction = ({
       const directoryContents = await serializeDirectoryContents(fileRoot, {
         gitignore: true
       });
+      const determineFileMode = (file) => {
+        if (file.symlink)
+          return "120000";
+        if (file.executable)
+          return "100755";
+        return "100644";
+      };
+      const determineFileEncoding = (file) => file.symlink ? "utf-8" : "base64";
       const files = Object.fromEntries(
         directoryContents.map((file) => [
           targetPath ? path__default["default"].posix.join(targetPath, file.path) : file.path,
           {
-            mode: file.executable ? "100755" : "100644",
-            encoding: "base64",
-            content: file.content.toString("base64")
+            mode: determineFileMode(file),
+            encoding: determineFileEncoding(file),
+            content: file.content.toString(determineFileEncoding(file))
           }
         ])
       );
@@ -3261,6 +3281,10 @@ function createPublishGitlabAction(options) {
           repoContentsUrl: {
             title: "A URL to the root of the repository",
             type: "string"
+          },
+          projectId: {
+            title: "The ID of the project",
+            type: "string"
           }
         }
       }
@@ -3333,6 +3357,7 @@ function createPublishGitlabAction(options) {
       });
       ctx.output("remoteUrl", remoteUrl);
       ctx.output("repoContentsUrl", repoContentsUrl);
+      ctx.output("projectId", projectId);
     }
   });
 }
@@ -3639,6 +3664,9 @@ const migrationsDir = backendCommon.resolvePackagePath(
   "@backstage/plugin-scaffolder-backend",
   "migrations"
 );
+function isPluginDatabaseManager(opt) {
+  return opt.getClient !== void 0;
+}
 const parseSqlDateToIsoString = (input) => {
   if (typeof input === "string") {
     return luxon.DateTime.fromSQL(input, { zone: "UTC" }).toISO();
@@ -3647,13 +3675,33 @@ const parseSqlDateToIsoString = (input) => {
 };
 class DatabaseTaskStore {
   static async create(options) {
-    await options.database.migrate.latest({
-      directory: migrationsDir
-    });
-    return new DatabaseTaskStore(options);
+    const { database } = options;
+    const client = await this.getClient(database);
+    await this.runMigrations(database, client);
+    return new DatabaseTaskStore(client);
   }
-  constructor(options) {
-    this.db = options.database;
+  static async getClient(database) {
+    if (isPluginDatabaseManager(database)) {
+      return database.getClient();
+    }
+    return database;
+  }
+  static async runMigrations(database, client) {
+    var _a;
+    if (!isPluginDatabaseManager(database)) {
+      await client.migrate.latest({
+        directory: migrationsDir
+      });
+      return;
+    }
+    if (!((_a = database.migrations) == null ? void 0 : _a.skip)) {
+      await client.migrate.latest({
+        directory: migrationsDir
+      });
+    }
+  }
+  constructor(client) {
+    this.db = client;
   }
   async list(options) {
     const queryBuilder = this.db("tasks");
@@ -3752,7 +3800,8 @@ class DatabaseTaskStore {
       throw new errors.ConflictError(`No running task with taskId ${taskId} found`);
     }
   }
-  async listStaleTasks({ timeoutS }) {
+  async listStaleTasks(options) {
+    const { timeoutS } = options;
     const rawRows = await this.db("tasks").where("status", "processing").andWhere(
       "last_heartbeat_at",
       "<=",
@@ -3766,11 +3815,8 @@ class DatabaseTaskStore {
     }));
     return { tasks };
   }
-  async completeTask({
-    taskId,
-    status,
-    eventBody
-  }) {
+  async completeTask(options) {
+    const { taskId, status, eventBody } = options;
     let oldStatus;
     if (status === "failed" || status === "completed") {
       oldStatus = "processing";
@@ -3818,10 +3864,8 @@ class DatabaseTaskStore {
       body: serializedBody
     });
   }
-  async listEvents({
-    taskId,
-    after
-  }) {
+  async listEvents(options) {
+    const { taskId, after } = options;
     const rawEvents = await this.db("task_events").where({
       task_id: taskId
     }).andWhere((builder) => {
@@ -4450,6 +4494,48 @@ async function findTemplate(options) {
 function isSupportedTemplate(entity) {
   return entity.apiVersion === "scaffolder.backstage.io/v1beta3";
 }
+function buildDefaultIdentityClient({
+  logger
+}) {
+  return {
+    getIdentity: async ({ request }) => {
+      var _a;
+      const header = request.headers.authorization;
+      if (!header) {
+        return void 0;
+      }
+      try {
+        const token = (_a = header.match(/^Bearer\s(\S+\.\S+\.\S+)$/i)) == null ? void 0 : _a[1];
+        if (!token) {
+          throw new TypeError("Expected Bearer with JWT");
+        }
+        const [_header, rawPayload, _signature] = token.split(".");
+        const payload = JSON.parse(
+          Buffer.from(rawPayload, "base64").toString()
+        );
+        if (typeof payload !== "object" || payload === null || Array.isArray(payload)) {
+          throw new TypeError("Malformed JWT payload");
+        }
+        const sub = payload.sub;
+        if (typeof sub !== "string") {
+          throw new TypeError("Expected string sub claim");
+        }
+        catalogModel.parseEntityRef(sub);
+        return {
+          identity: {
+            userEntityRef: sub,
+            ownershipEntityRefs: [],
+            type: "user"
+          },
+          token
+        };
+      } catch (e) {
+        logger.error(`Invalid authorization header: ${errors.stringifyError(e)}`);
+        return void 0;
+      }
+    }
+  };
+}
 async function createRouter(options) {
   const router = Router__default["default"]();
   router.use(express__default["default"].json());
@@ -4464,13 +4550,12 @@ async function createRouter(options) {
     additionalTemplateFilters
   } = options;
   const logger = parentLogger.child({ plugin: "scaffolder" });
+  const identity = options.identity || buildDefaultIdentityClient({ logger });
   const workingDirectory = await getWorkingDirectory(config, logger);
   const integrations = integration.ScmIntegrations.fromConfig(config);
   let taskBroker;
   if (!options.taskBroker) {
-    const databaseTaskStore = await DatabaseTaskStore.create({
-      database: await database.getClient()
-    });
+    const databaseTaskStore = await DatabaseTaskStore.create({ database });
     taskBroker = new StorageTaskBroker(databaseTaskStore, logger);
   } else {
     taskBroker = options.taskBroker;
@@ -4509,10 +4594,10 @@ async function createRouter(options) {
     async (req, res) => {
       var _a, _b;
       const { namespace, kind, name } = req.params;
-      const { token } = parseBearerToken({
-        header: req.headers.authorization,
-        logger
+      const userIdentity = await identity.getIdentity({
+        request: req
       });
+      const token = userIdentity == null ? void 0 : userIdentity.token;
       const template = await findTemplate({
         catalogApi: catalogClient,
         entityRef: { kind, namespace, name },
@@ -4553,10 +4638,11 @@ async function createRouter(options) {
     const { kind, namespace, name } = catalogModel.parseEntityRef(templateRef, {
       defaultKind: "template"
     });
-    const { token, entityRef: userEntityRef } = parseBearerToken({
-      header: req.headers.authorization,
-      logger
+    const callerIdentity = await identity.getIdentity({
+      request: req
     });
+    const token = callerIdentity == null ? void 0 : callerIdentity.token;
+    const userEntityRef = callerIdentity == null ? void 0 : callerIdentity.identity.userEntityRef;
     const userEntity = userEntityRef ? await catalogClient.getEntityByRef(userEntityRef, { token }) : void 0;
     let auditLog = `Scaffolding task for ${templateRef}`;
     if (userEntityRef) {
@@ -4604,7 +4690,10 @@ async function createRouter(options) {
           namespace,
           name: (_c = template.metadata) == null ? void 0 : _c.name
         }),
-        baseUrl
+        baseUrl,
+        entity: {
+          metadata: template.metadata
+        }
       }
     };
     const result = await taskBroker.dispatch({
@@ -4702,7 +4791,7 @@ data: ${JSON.stringify(event)}
       clearTimeout(timeout);
     });
   }).post("/v2/dry-run", async (req, res) => {
-    var _a, _b, _c;
+    var _a, _b, _c, _d;
     const bodySchema = zod.z.object({
       template: zod.z.unknown(),
       values: zod.z.record(zod.z.unknown()),
@@ -4718,11 +4807,10 @@ data: ${JSON.stringify(event)}
     if (!await pluginScaffolderCommon.templateEntityV1beta3Validator.check(template)) {
       throw new errors.InputError("Input template is not a template");
     }
-    const { token } = parseBearerToken({
-      header: req.headers.authorization,
-      logger
-    });
-    for (const parameters of [(_a = template.spec.parameters) != null ? _a : []].flat()) {
+    const token = (_a = await identity.getIdentity({
+      request: req
+    })) == null ? void 0 : _a.token;
+    for (const parameters of [(_b = template.spec.parameters) != null ? _b : []].flat()) {
       const result2 = jsonschema.validate(body.values, parameters);
       if (!result2.valid) {
         res.status(400).json({ errors: result2.errors });
@@ -4741,10 +4829,10 @@ data: ${JSON.stringify(event)}
       spec: {
         apiVersion: template.apiVersion,
         steps,
-        output: (_b = template.spec.output) != null ? _b : {},
+        output: (_c = template.spec.output) != null ? _c : {},
         parameters: body.values
       },
-      directoryContents: ((_c = body.directoryContents) != null ? _c : []).map((file) => ({
+      directoryContents: ((_d = body.directoryContents) != null ? _d : []).map((file) => ({
         path: file.path,
         content: Buffer.from(file.base64Content, "base64")
       })),
@@ -4768,37 +4856,6 @@ data: ${JSON.stringify(event)}
   app.use("/", router);
   return app;
 }
-function parseBearerToken({
-  header,
-  logger
-}) {
-  var _a;
-  if (!header) {
-    return {};
-  }
-  try {
-    const token = (_a = header.match(/^Bearer\s(\S+\.\S+\.\S+)$/i)) == null ? void 0 : _a[1];
-    if (!token) {
-      throw new TypeError("Expected Bearer with JWT");
-    }
-    const [_header, rawPayload, _signature] = token.split(".");
-    const payload = JSON.parse(
-      Buffer.from(rawPayload, "base64").toString()
-    );
-    if (typeof payload !== "object" || payload === null || Array.isArray(payload)) {
-      throw new TypeError("Malformed JWT payload");
-    }
-    const sub = payload.sub;
-    if (typeof sub !== "string") {
-      throw new TypeError("Expected string sub claim");
-    }
-    catalogModel.parseEntityRef(sub);
-    return { entityRef: sub, token };
-  } catch (e) {
-    logger.error(`Invalid authorization header: ${errors.stringifyError(e)}`);
-    return {};
-  }
-}
 
 class ScaffolderEntitiesProcessor {
   constructor() {
@@ -4868,6 +4925,94 @@ const scaffolderCatalogModule = backendPluginApi.createBackendModule({
   }
 });
 
+var __accessCheck = (obj, member, msg) => {
+  if (!member.has(obj))
+    throw TypeError("Cannot " + msg);
+};
+var __privateGet = (obj, member, getter) => {
+  __accessCheck(obj, member, "read from private field");
+  return getter ? getter.call(obj) : member.get(obj);
+};
+var __privateAdd = (obj, member, value) => {
+  if (member.has(obj))
+    throw TypeError("Cannot add the same private member more than once");
+  member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
+};
+var _actions;
+class ScaffolderActionsExtensionPointImpl {
+  constructor() {
+    __privateAdd(this, _actions, new Array());
+  }
+  addActions(...actions) {
+    __privateGet(this, _actions).push(...actions);
+  }
+  get actions() {
+    return __privateGet(this, _actions);
+  }
+}
+_actions = new WeakMap();
+const scaffolderActionsExtensionPoint = backendPluginApi.createExtensionPoint({
+  id: "scaffolder.actions"
+});
+const scaffolderPlugin = backendPluginApi.createBackendPlugin({
+  id: "scaffolder",
+  register(env, options) {
+    const actionsExtensions = new ScaffolderActionsExtensionPointImpl();
+    env.registerExtensionPoint(
+      scaffolderActionsExtensionPoint,
+      actionsExtensions
+    );
+    env.registerInit({
+      deps: {
+        logger: backendPluginApi.loggerServiceRef,
+        config: backendPluginApi.configServiceRef,
+        reader: backendPluginApi.urlReaderServiceRef,
+        permissions: backendPluginApi.permissionsServiceRef,
+        database: backendPluginApi.databaseServiceRef,
+        httpRouter: backendPluginApi.httpRouterServiceRef,
+        catalogClient: pluginCatalogNode.catalogServiceRef
+      },
+      async init({
+        logger,
+        config,
+        reader,
+        database,
+        httpRouter,
+        catalogClient
+      }) {
+        const { additionalTemplateFilters, taskBroker, taskWorkers } = options;
+        const log = backendPluginApi.loggerToWinstonLogger(logger);
+        const actions = options.actions || [
+          ...actionsExtensions.actions,
+          ...createBuiltinActions({
+            integrations: integration.ScmIntegrations.fromConfig(config),
+            catalogClient,
+            reader,
+            config,
+            additionalTemplateFilters
+          })
+        ];
+        const actionIds = actions.map((action) => action.id).join(", ");
+        log.info(
+          `Starting scaffolder with the following actions enabled ${actionIds}`
+        );
+        const router = await createRouter({
+          logger: log,
+          config,
+          database,
+          catalogClient,
+          reader,
+          actions,
+          taskBroker,
+          taskWorkers,
+          additionalTemplateFilters
+        });
+        httpRouter.use(router);
+      }
+    });
+  }
+});
+
 exports.DatabaseTaskStore = DatabaseTaskStore;
 exports.ScaffolderEntitiesProcessor = ScaffolderEntitiesProcessor;
 exports.TaskManager = TaskManager;
@@ -4890,7 +5035,6 @@ exports.createPublishAzureAction = createPublishAzureAction;
 exports.createPublishBitbucketAction = createPublishBitbucketAction;
 exports.createPublishBitbucketCloudAction = createPublishBitbucketCloudAction;
 exports.createPublishBitbucketServerAction = createPublishBitbucketServerAction;
-exports.createPublishFileAction = createPublishFileAction;
 exports.createPublishGerritAction = createPublishGerritAction;
 exports.createPublishGerritReviewAction = createPublishGerritReviewAction;
 exports.createPublishGithubAction = createPublishGithubAction;
@@ -4902,4 +5046,5 @@ exports.createTemplateAction = createTemplateAction;
 exports.executeShellCommand = executeShellCommand;
 exports.fetchContents = fetchContents;
 exports.scaffolderCatalogModule = scaffolderCatalogModule;
+exports.scaffolderPlugin = scaffolderPlugin;
 //# sourceMappingURL=index.cjs.js.map