@backstage/plugin-scaffolder-backend 1.6.0-next.1 → 1.6.0-next.3

package/CHANGELOG.md

@@ -1,5 +1,47 @@
 # @backstage/plugin-scaffolder-backend
 
+## 1.6.0-next.3
+
+### Patch Changes
+
+- 50467bc15b: The number of task workers used to execute templates now default to 3, rather than 1.
+- Updated dependencies
+  - @backstage/plugin-catalog-node@1.1.0-next.2
+  - @backstage/backend-plugin-api@0.1.2-next.2
+  - @backstage/catalog-client@1.1.0-next.2
+  - @backstage/catalog-model@1.1.1-next.0
+  - @backstage/config@1.0.2-next.0
+  - @backstage/errors@1.1.1-next.0
+  - @backstage/integration@1.3.1-next.2
+  - @backstage/plugin-catalog-backend@1.4.0-next.3
+  - @backstage/backend-common@0.15.1-next.3
+  - @backstage/plugin-scaffolder-common@1.2.0-next.1
+  - @backstage/plugin-auth-node@0.2.5-next.3
+
+## 1.6.0-next.2
+
+### Minor Changes
+
+- d1f7ba58e3: Added `repositoryId` output when create a repository in Azure
+
+### Patch Changes
+
+- eadf56bbbf: Bump `git-url-parse` version to `^13.0.0`
+- 096631e571: Added support for handling broken symlinks within the scaffolder backend. This is intended for templates that may hold a symlink that is invalid at build time but valid within the destination repo.
+- 667d917488: Updated dependency `msw` to `^0.47.0`.
+- 87ec2ba4d6: Updated dependency `msw` to `^0.46.0`.
+- 6b9f6c0a4d: Added alpha `scaffolderPlugin` to be used with experimental backend system.
+- 83c037cd46: Disable octokit throttling in publish:github:pull-request
+- 2cbd533426: Uptake the `IdentityApi` change to use `getIdentity` instead of `authenticate` for retrieving the logged in users identity.
+- Updated dependencies
+  - @backstage/backend-plugin-api@0.1.2-next.1
+  - @backstage/plugin-catalog-node@1.0.2-next.1
+  - @backstage/backend-common@0.15.1-next.2
+  - @backstage/integration@1.3.1-next.1
+  - @backstage/plugin-catalog-backend@1.4.0-next.2
+  - @backstage/plugin-auth-node@0.2.5-next.2
+  - @backstage/catalog-client@1.0.5-next.1
+
 ## 1.6.0-next.1
 
 ### Minor Changes

package/alpha/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-scaffolder-backend",
-  "version": "1.6.0-next.1",
+  "version": "1.6.0-next.3",
   "main": "../dist/index.cjs.js",
   "types": "../dist/index.alpha.d.ts"
 }

package/dist/index.alpha.d.ts

@@ -15,6 +15,7 @@ import { createPullRequest } from 'octokit-plugin-create-pull-request';
 import { Entity } from '@backstage/catalog-model';
 import express from 'express';
 import { GithubCredentialsProvider } from '@backstage/integration';
+import { IdentityApi } from '@backstage/plugin-auth-node';
 import { JsonObject } from '@backstage/types';
 import { JsonValue } from '@backstage/types';
 import { Knex } from 'knex';
@@ -692,6 +693,7 @@ export declare interface RouterOptions {
     taskWorkers?: number;
     taskBroker?: TaskBroker;
     additionalTemplateFilters?: Record<string, TemplateFilter>;
+    identity?: IdentityApi;
 }
 
 /** @public */
@@ -710,7 +712,7 @@ export declare type RunCommandOptions = {
  * @alpha
  * Registers the ScaffolderEntitiesProcessor with the catalog processing extension point.
  */
-export declare const scaffolderCatalogModule: (options?: unknown) => BackendFeature;
+export declare const scaffolderCatalogModule: (options?: undefined) => BackendFeature;
 
 /** @public */
 export declare class ScaffolderEntitiesProcessor implements CatalogProcessor {
@@ -720,6 +722,23 @@ export declare class ScaffolderEntitiesProcessor implements CatalogProcessor {
     postProcessEntity(entity: Entity, _location: LocationSpec, emit: CatalogProcessorEmit): Promise<Entity>;
 }
 
+/**
+ * Catalog plugin
+ * @alpha
+ */
+export declare const scaffolderPlugin: (options: ScaffolderPluginOptions) => BackendFeature;
+
+/**
+ * Catalog plugin options
+ * @alpha
+ */
+export declare type ScaffolderPluginOptions = {
+    actions?: TemplateAction<any>[];
+    taskWorkers?: number;
+    taskBroker?: TaskBroker;
+    additionalTemplateFilters?: Record<string, TemplateFilter>;
+};
+
 /**
  * SerializedTask
  *

package/dist/index.beta.d.ts

@@ -15,6 +15,7 @@ import { createPullRequest } from 'octokit-plugin-create-pull-request';
 import { Entity } from '@backstage/catalog-model';
 import express from 'express';
 import { GithubCredentialsProvider } from '@backstage/integration';
+import { IdentityApi } from '@backstage/plugin-auth-node';
 import { JsonObject } from '@backstage/types';
 import { JsonValue } from '@backstage/types';
 import { Knex } from 'knex';
@@ -692,6 +693,7 @@ export declare interface RouterOptions {
     taskWorkers?: number;
     taskBroker?: TaskBroker;
     additionalTemplateFilters?: Record<string, TemplateFilter>;
+    identity?: IdentityApi;
 }
 
 /** @public */
@@ -716,6 +718,10 @@ export declare class ScaffolderEntitiesProcessor implements CatalogProcessor {
     postProcessEntity(entity: Entity, _location: LocationSpec, emit: CatalogProcessorEmit): Promise<Entity>;
 }
 
+/* Excluded from this release type: scaffolderPlugin */
+
+/* Excluded from this release type: ScaffolderPluginOptions */
+
 /**
  * SerializedTask
  *

package/dist/index.cjs.js

@@ -20,6 +20,7 @@ var azureDevopsNodeApi = require('azure-devops-node-api');
 var fetch = require('node-fetch');
 var crypto = require('crypto');
 var octokitPluginCreatePullRequest = require('octokit-plugin-create-pull-request');
+var fs$1 = require('fs');
 var limiterFactory = require('p-limit');
 var node = require('@gitbeaker/node');
 var uuid = require('uuid');
@@ -1804,6 +1805,10 @@ function createPublishAzureAction(options) {
           repoContentsUrl: {
             title: "A URL to the root of the repository",
             type: "string"
+          },
+          repositoryId: {
+            title: "The Id of the created repository",
+            type: "string"
           }
         }
       }
@@ -1853,6 +1858,10 @@ function createPublishAzureAction(options) {
           "No remote URL returned from create repository for Azure"
         );
       }
+      const repositoryId = returnedRepo.id;
+      if (!repositoryId) {
+        throw new errors.InputError("No Id returned from create repository for Azure");
+      }
       const repoContentsUrl = remoteUrl;
       const gitAuthorInfo = {
         name: gitAuthorName ? gitAuthorName : config.getOptionalString("scaffolder.defaultAuthor.name"),
@@ -1872,6 +1881,7 @@ function createPublishAzureAction(options) {
       });
       ctx.output("remoteUrl", remoteUrl);
       ctx.output("repoContentsUrl", repoContentsUrl);
+      ctx.output("repositoryId", repositoryId);
     }
   });
 }
@@ -2931,6 +2941,10 @@ const isExecutable = (fileMode) => {
   const res = fileMode & executeBitMask;
   return res > 0;
 };
+async function asyncFilter(array, callback) {
+  const filterMap = await Promise.all(array.map(callback));
+  return array.filter((_value, index) => filterMap[index]);
+}
 async function serializeDirectoryContents(sourcePath, options) {
   var _a;
   const paths = await globby__default["default"]((_a = options == null ? void 0 : options.globPatterns) != null ? _a : DEFAULT_GLOB_PATTERNS, {
@@ -2938,17 +2952,36 @@ async function serializeDirectoryContents(sourcePath, options) {
     dot: true,
     gitignore: options == null ? void 0 : options.gitignore,
     followSymbolicLinks: false,
+    onlyFiles: false,
     objectMode: true,
     stats: true
   });
   const limiter = limiterFactory__default["default"](10);
+  const valid = await asyncFilter(paths, async ({ dirent, path }) => {
+    if (dirent.isDirectory())
+      return false;
+    if (!dirent.isSymbolicLink())
+      return true;
+    const safePath = backendCommon.resolveSafeChildPath(sourcePath, path);
+    try {
+      await fs$1.promises.stat(safePath);
+      return false;
+    } catch (e) {
+      return errors.isError(e) && e.code === "ENOENT";
+    }
+  });
   return Promise.all(
-    paths.map(async ({ path: path$1, stats }) => ({
-      path: path$1,
-      content: await limiter(
-        async () => fs__default["default"].readFile(path.join(sourcePath, path$1))
-      ),
-      executable: isExecutable(stats == null ? void 0 : stats.mode)
+    valid.map(async ({ dirent, path, stats }) => ({
+      path,
+      content: await limiter(async () => {
+        const absFilePath = backendCommon.resolveSafeChildPath(sourcePath, path);
+        if (dirent.isSymbolicLink()) {
+          return fs$1.promises.readlink(absFilePath, "buffer");
+        }
+        return fs$1.promises.readFile(absFilePath);
+      }),
+      executable: isExecutable(stats == null ? void 0 : stats.mode),
+      symlink: dirent.isSymbolicLink()
     }))
   );
 }
@@ -2981,7 +3014,10 @@ const defaultClientFactory = async ({
     token: providedToken
   });
   const OctokitPR = octokit.Octokit.plugin(octokitPluginCreatePullRequest.createPullRequest);
-  return new OctokitPR(octokitOptions);
+  return new OctokitPR({
+    ...octokitOptions,
+    ...{ throttle: { enabled: false } }
+  });
 };
 const createPublishGithubPullRequestAction = ({
   integrations,
@@ -3101,13 +3137,21 @@ const createPublishGithubPullRequestAction = ({
       const directoryContents = await serializeDirectoryContents(fileRoot, {
         gitignore: true
       });
+      const determineFileMode = (file) => {
+        if (file.symlink)
+          return "120000";
+        if (file.executable)
+          return "100755";
+        return "100644";
+      };
+      const determineFileEncoding = (file) => file.symlink ? "utf-8" : "base64";
       const files = Object.fromEntries(
         directoryContents.map((file) => [
           targetPath ? path__default["default"].posix.join(targetPath, file.path) : file.path,
           {
-            mode: file.executable ? "100755" : "100644",
-            encoding: "base64",
-            content: file.content.toString("base64")
+            mode: determineFileMode(file),
+            encoding: determineFileEncoding(file),
+            content: file.content.toString(determineFileEncoding(file))
           }
         ])
       );
@@ -4450,6 +4494,48 @@ async function findTemplate(options) {
 function isSupportedTemplate(entity) {
   return entity.apiVersion === "scaffolder.backstage.io/v1beta3";
 }
+function buildDefaultIdentityClient({
+  logger
+}) {
+  return {
+    getIdentity: async ({ request }) => {
+      var _a;
+      const header = request.headers.authorization;
+      if (!header) {
+        return void 0;
+      }
+      try {
+        const token = (_a = header.match(/^Bearer\s(\S+\.\S+\.\S+)$/i)) == null ? void 0 : _a[1];
+        if (!token) {
+          throw new TypeError("Expected Bearer with JWT");
+        }
+        const [_header, rawPayload, _signature] = token.split(".");
+        const payload = JSON.parse(
+          Buffer.from(rawPayload, "base64").toString()
+        );
+        if (typeof payload !== "object" || payload === null || Array.isArray(payload)) {
+          throw new TypeError("Malformed JWT payload");
+        }
+        const sub = payload.sub;
+        if (typeof sub !== "string") {
+          throw new TypeError("Expected string sub claim");
+        }
+        catalogModel.parseEntityRef(sub);
+        return {
+          identity: {
+            userEntityRef: sub,
+            ownershipEntityRefs: [],
+            type: "user"
+          },
+          token
+        };
+      } catch (e) {
+        logger.error(`Invalid authorization header: ${errors.stringifyError(e)}`);
+        return void 0;
+      }
+    }
+  };
+}
 async function createRouter(options) {
   const router = Router__default["default"]();
   router.use(express__default["default"].json());
@@ -4464,6 +4550,7 @@ async function createRouter(options) {
     additionalTemplateFilters
   } = options;
   const logger = parentLogger.child({ plugin: "scaffolder" });
+  const identity = options.identity || buildDefaultIdentityClient({ logger });
   const workingDirectory = await getWorkingDirectory(config, logger);
   const integrations = integration.ScmIntegrations.fromConfig(config);
   let taskBroker;
@@ -4475,7 +4562,7 @@ async function createRouter(options) {
   }
   const actionRegistry = new TemplateActionRegistry();
   const workers = [];
-  for (let i = 0; i < (taskWorkers || 1); i++) {
+  for (let i = 0; i < (taskWorkers || 3); i++) {
     const worker = await TaskWorker.create({
       taskBroker,
       actionRegistry,
@@ -4507,10 +4594,10 @@ async function createRouter(options) {
     async (req, res) => {
       var _a, _b;
       const { namespace, kind, name } = req.params;
-      const { token } = parseBearerToken({
-        header: req.headers.authorization,
-        logger
+      const userIdentity = await identity.getIdentity({
+        request: req
       });
+      const token = userIdentity == null ? void 0 : userIdentity.token;
       const template = await findTemplate({
         catalogApi: catalogClient,
         entityRef: { kind, namespace, name },
@@ -4551,10 +4638,11 @@ async function createRouter(options) {
     const { kind, namespace, name } = catalogModel.parseEntityRef(templateRef, {
       defaultKind: "template"
     });
-    const { token, entityRef: userEntityRef } = parseBearerToken({
-      header: req.headers.authorization,
-      logger
+    const callerIdentity = await identity.getIdentity({
+      request: req
     });
+    const token = callerIdentity == null ? void 0 : callerIdentity.token;
+    const userEntityRef = callerIdentity == null ? void 0 : callerIdentity.identity.userEntityRef;
     const userEntity = userEntityRef ? await catalogClient.getEntityByRef(userEntityRef, { token }) : void 0;
     let auditLog = `Scaffolding task for ${templateRef}`;
     if (userEntityRef) {
@@ -4703,7 +4791,7 @@ data: ${JSON.stringify(event)}
       clearTimeout(timeout);
     });
   }).post("/v2/dry-run", async (req, res) => {
-    var _a, _b, _c;
+    var _a, _b, _c, _d;
     const bodySchema = zod.z.object({
       template: zod.z.unknown(),
       values: zod.z.record(zod.z.unknown()),
@@ -4719,11 +4807,10 @@ data: ${JSON.stringify(event)}
     if (!await pluginScaffolderCommon.templateEntityV1beta3Validator.check(template)) {
       throw new errors.InputError("Input template is not a template");
     }
-    const { token } = parseBearerToken({
-      header: req.headers.authorization,
-      logger
-    });
-    for (const parameters of [(_a = template.spec.parameters) != null ? _a : []].flat()) {
+    const token = (_a = await identity.getIdentity({
+      request: req
+    })) == null ? void 0 : _a.token;
+    for (const parameters of [(_b = template.spec.parameters) != null ? _b : []].flat()) {
       const result2 = jsonschema.validate(body.values, parameters);
       if (!result2.valid) {
         res.status(400).json({ errors: result2.errors });
@@ -4742,10 +4829,10 @@ data: ${JSON.stringify(event)}
       spec: {
         apiVersion: template.apiVersion,
         steps,
-        output: (_b = template.spec.output) != null ? _b : {},
+        output: (_c = template.spec.output) != null ? _c : {},
         parameters: body.values
       },
-      directoryContents: ((_c = body.directoryContents) != null ? _c : []).map((file) => ({
+      directoryContents: ((_d = body.directoryContents) != null ? _d : []).map((file) => ({
         path: file.path,
         content: Buffer.from(file.base64Content, "base64")
       })),
@@ -4769,37 +4856,6 @@ data: ${JSON.stringify(event)}
   app.use("/", router);
   return app;
 }
-function parseBearerToken({
-  header,
-  logger
-}) {
-  var _a;
-  if (!header) {
-    return {};
-  }
-  try {
-    const token = (_a = header.match(/^Bearer\s(\S+\.\S+\.\S+)$/i)) == null ? void 0 : _a[1];
-    if (!token) {
-      throw new TypeError("Expected Bearer with JWT");
-    }
-    const [_header, rawPayload, _signature] = token.split(".");
-    const payload = JSON.parse(
-      Buffer.from(rawPayload, "base64").toString()
-    );
-    if (typeof payload !== "object" || payload === null || Array.isArray(payload)) {
-      throw new TypeError("Malformed JWT payload");
-    }
-    const sub = payload.sub;
-    if (typeof sub !== "string") {
-      throw new TypeError("Expected string sub claim");
-    }
-    catalogModel.parseEntityRef(sub);
-    return { entityRef: sub, token };
-  } catch (e) {
-    logger.error(`Invalid authorization header: ${errors.stringifyError(e)}`);
-    return {};
-  }
-}
 
 class ScaffolderEntitiesProcessor {
   constructor() {
@@ -4869,6 +4925,94 @@ const scaffolderCatalogModule = backendPluginApi.createBackendModule({
   }
 });
 
+var __accessCheck = (obj, member, msg) => {
+  if (!member.has(obj))
+    throw TypeError("Cannot " + msg);
+};
+var __privateGet = (obj, member, getter) => {
+  __accessCheck(obj, member, "read from private field");
+  return getter ? getter.call(obj) : member.get(obj);
+};
+var __privateAdd = (obj, member, value) => {
+  if (member.has(obj))
+    throw TypeError("Cannot add the same private member more than once");
+  member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
+};
+var _actions;
+class ScaffolderActionsExtensionPointImpl {
+  constructor() {
+    __privateAdd(this, _actions, new Array());
+  }
+  addActions(...actions) {
+    __privateGet(this, _actions).push(...actions);
+  }
+  get actions() {
+    return __privateGet(this, _actions);
+  }
+}
+_actions = new WeakMap();
+const scaffolderActionsExtensionPoint = backendPluginApi.createExtensionPoint({
+  id: "scaffolder.actions"
+});
+const scaffolderPlugin = backendPluginApi.createBackendPlugin({
+  id: "scaffolder",
+  register(env, options) {
+    const actionsExtensions = new ScaffolderActionsExtensionPointImpl();
+    env.registerExtensionPoint(
+      scaffolderActionsExtensionPoint,
+      actionsExtensions
+    );
+    env.registerInit({
+      deps: {
+        logger: backendPluginApi.loggerServiceRef,
+        config: backendPluginApi.configServiceRef,
+        reader: backendPluginApi.urlReaderServiceRef,
+        permissions: backendPluginApi.permissionsServiceRef,
+        database: backendPluginApi.databaseServiceRef,
+        httpRouter: backendPluginApi.httpRouterServiceRef,
+        catalogClient: pluginCatalogNode.catalogServiceRef
+      },
+      async init({
+        logger,
+        config,
+        reader,
+        database,
+        httpRouter,
+        catalogClient
+      }) {
+        const { additionalTemplateFilters, taskBroker, taskWorkers } = options;
+        const log = backendPluginApi.loggerToWinstonLogger(logger);
+        const actions = options.actions || [
+          ...actionsExtensions.actions,
+          ...createBuiltinActions({
+            integrations: integration.ScmIntegrations.fromConfig(config),
+            catalogClient,
+            reader,
+            config,
+            additionalTemplateFilters
+          })
+        ];
+        const actionIds = actions.map((action) => action.id).join(", ");
+        log.info(
+          `Starting scaffolder with the following actions enabled ${actionIds}`
+        );
+        const router = await createRouter({
+          logger: log,
+          config,
+          database,
+          catalogClient,
+          reader,
+          actions,
+          taskBroker,
+          taskWorkers,
+          additionalTemplateFilters
+        });
+        httpRouter.use(router);
+      }
+    });
+  }
+});
+
 exports.DatabaseTaskStore = DatabaseTaskStore;
 exports.ScaffolderEntitiesProcessor = ScaffolderEntitiesProcessor;
 exports.TaskManager = TaskManager;
@@ -4902,4 +5046,5 @@ exports.createTemplateAction = createTemplateAction;
 exports.executeShellCommand = executeShellCommand;
 exports.fetchContents = fetchContents;
 exports.scaffolderCatalogModule = scaffolderCatalogModule;
+exports.scaffolderPlugin = scaffolderPlugin;
 //# sourceMappingURL=index.cjs.js.map