feat: New baseline on Backstage 1.30.0

Author: ThomasVitale

.dockerignore

@@ -6,3 +6,7 @@ packages/*/src
 packages/*/node_modules
 plugins
 *.local.yaml
+.github
+compose.yml
+*.md
+demo-catalog

.github/workflows/commit-stage.yml

@@ -10,7 +10,7 @@ env:
 jobs:
   build:
     name: Build
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       contents: read
     steps:
@@ -20,25 +20,41 @@ jobs:
       - name: Set up Node
         uses: actions/setup-node@v4
         with:
-          node-version-file: '.nvmrc'
+          node-version: 20
           cache: 'yarn'
 
       - name: Install dependencies
         run: |
           yarn install --frozen-lockfile
+      
+      - name: Validate configuration
+        run: |
+          yarn backstage-cli config:check --lax
+      
+      - name: Validate types and definitions
+        run: |
+          yarn tsc:full
 
       - name: Prettier
         run: |
-          yarn run prettier:check
+          yarn prettier:check
 
-      - name: Compile and test
+      - name: Build
+        run: |
+          yarn build:all
+      
+      - name: Lint
+        run: |
+          yarn lint:all
+      
+      - name: Test
         run: |
-          yarn run ci
+          yarn test:all
 
   package:
     if: ${{ github.ref == 'refs/heads/main' }}
     needs: [ build ]
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       contents: read
       packages: write
@@ -55,7 +71,7 @@ jobs:
       - name: Set up Node
         uses: actions/setup-node@v4
         with:
-          node-version-file: '.nvmrc'
+          node-version: 20
           cache: 'yarn'
 
       - name: Install dependencies
@@ -127,7 +143,7 @@ jobs:
   merge:
     if: ${{ github.ref == 'refs/heads/main' }}
     needs: [package]
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       contents: read
       packages: write
@@ -144,7 +160,7 @@ jobs:
         uses: docker/setup-buildx-action@v3
 
       - name: Install Cosign
-        uses: sigstore/cosign-installer@v3.4.0
+        uses: sigstore/cosign-installer@v3.5.0
 
       - name: Generate Docker meta information
         id: meta

.prettierignore

@@ -5,4 +5,5 @@ coverage
 .github
 compose.yml
 CODE_OF_CONDUCT.md
-MAINTAINERS.md
+MAINTAINERS.md
+demo-catalog

app-config.production.yaml

@@ -1,55 +1,35 @@
 app:
   # Should be the same as backend.baseUrl when using the `app-backend` plugin.
-  baseUrl: http://localhost:7007
+  baseUrl: ${BACKSTAGE_BASE_URL}
 
 backend:
   # Note that the baseUrl should be the URL that the browser and other clients
   # should use when communicating with the backend, i.e. it needs to be
   # reachable not just from within the backend host, but from all of your
   # callers. When its value is "http://localhost:7007", it's strictly private
   # and can't be reached by others.
-  baseUrl: http://localhost:7007
+  baseUrl: ${BACKSTAGE_BASE_URL}
+  cors:
+    origin: ${BACKSTAGE_BASE_URL}
   # The listener can also be expressed as a single <host>:<port> string. In this case we bind to
   # all interfaces, the most permissive setting. The right value depends on your specific deployment.
   listen: ':7007'
-
-  # config options: https://node-postgres.com/apis/client
-  database:
-    client: pg
-    connection:
-      host: ${POSTGRES_HOST}
-      port: ${POSTGRES_PORT}
-      user: ${POSTGRES_USER}
-      password: ${POSTGRES_PASSWORD}
-      # https://node-postgres.com/features/ssl
-      # you can set the sslmode configuration option via the `PGSSLMODE` environment variable
-      # see https://www.postgresql.org/docs/current/libpq-ssl.html Table 33.1. SSL Mode Descriptions (e.g. require)
-      # ssl:
-      #   ca: # if you have a CA file and want to verify it you can uncomment this section
-      #     $file: <file-path>/ca/server.crt
+  # listen:
+  #   port: 7007
 
 auth:
+  environment: production
   providers:
-    guest: {}
+    # See https://backstage.io/docs/auth/github/provider
+    github:
+      production:
+        clientId: ${AUTH_GITHUB_CLIENT_ID}
+        clientSecret: ${AUTH_GITHUB_CLIENT_SECRET}
+        ## uncomment if using GitHub Enterprise
+        # enterpriseInstanceUrl: ${AUTH_GITHUB_ENTERPRISE_INSTANCE_URL}
+        signIn:
+          resolvers:
+            - resolver: usernameMatchingUserEntityName
 
 catalog:
-  # Overrides the default list locations from app-config.yaml as these contain example data.
-  # See https://backstage.io/docs/features/software-catalog/#adding-components-to-the-catalog for more details
-  # on how to get entities into the catalog.
-  locations:
-    # Local example data, replace this with your production config, these are intended for demo use only.
-    # File locations are relative to the backend process, typically in a deployed context, such as in a Docker container, this will be the root
-    - type: file
-      target: ./examples/entities.yaml
-
-    # Local example template
-    - type: file
-      target: ./examples/template/template.yaml
-      rules:
-        - allow: [Template]
-
-    # Local example organizational data
-    - type: file
-      target: ./examples/org.yaml
-      rules:
-        - allow: [User, Group]
+  locations: []

app-config.yaml

@@ -1,17 +1,11 @@
 app:
-  title: Scaffolded Backstage App
+  title: Kadras Developer Portal
   baseUrl: http://localhost:3000
 
 organization:
-  name: My Company
+  name: Kadras
 
 backend:
-  # Used for enabling authentication, secret is shared by all backend plugins
-  # See https://backstage.io/docs/auth/service-to-service-auth for
-  # information on the format
-  # auth:
-  #   keys:
-  #     - secret: ${BACKEND_SECRET}
   baseUrl: http://localhost:7007
   listen:
     port: 7007
@@ -25,12 +19,24 @@ backend:
     origin: http://localhost:3000
     methods: [GET, HEAD, PATCH, POST, PUT, DELETE]
     credentials: true
-  # This is for local development only, it is not recommended to use this in production
-  # The production database configuration is stored in app-config.production.yaml
+  # Config options: https://node-postgres.com/apis/client
   database:
-    client: better-sqlite3
-    connection: ':memory:'
+    client: pg
+    connection:
+      host: ${POSTGRES_HOST}
+      port: ${POSTGRES_PORT}
+      user: ${POSTGRES_USER}
+      password: ${POSTGRES_PASSWORD}
+      # https://node-postgres.com/features/ssl
+      # you can set the sslmode configuration option via the `PGSSLMODE` environment variable
+      # see https://www.postgresql.org/docs/current/libpq-ssl.html Table 33.1. SSL Mode Descriptions (e.g. require)
+      # ssl:
+      #   ca: # if you have a CA file and want to verify it you can uncomment this section
+      #     $file: <file-path>/ca/server.crt
   # workingDirectory: /tmp # Use this to configure a working directory for the scaffolder, defaults to the OS temp-dir
+  # reading:
+  #   allow:
+  #     - host: "*.swagger.io"
 
 integrations:
   github:
@@ -63,49 +69,68 @@ techdocs:
     type: 'local' # Alternatives - 'googleGcs' or 'awsS3'. Read documentation for using alternatives.
 
 auth:
-  # see https://backstage.io/docs/auth/ to learn about auth providers
+  # See https://backstage.io/docs/auth/autologout
+  autologout:
+    enabled: false
+    idleTimeoutMinutes: 60
+    promptBeforeIdleSeconds: 10
+    useWorkerTimers: true
+    logoutIfDisconnected: true
+  environment: development
+  # See https://backstage.io/docs/auth
   providers:
-    # See https://backstage.io/docs/auth/guest/provider
-    guest: {}
+    # See https://backstage.io/docs/auth/github/provider
+    github:
+      development:
+        clientId: ${AUTH_GITHUB_CLIENT_ID}
+        clientSecret: ${AUTH_GITHUB_CLIENT_SECRET}
+        ## uncomment if using GitHub Enterprise
+        # enterpriseInstanceUrl: ${AUTH_GITHUB_ENTERPRISE_INSTANCE_URL}
+        signIn:
+          resolvers:
+            - resolver: usernameMatchingUserEntityName
+            # - resolver: emailMatchingUserEntityProfileEmail
+            # - resolver: emailLocalPartMatchingUserEntityName
+
+enableExperimentalRedirectFlow: false
 
 scaffolder:
   # see https://backstage.io/docs/features/software-templates/configuration for software template options
+  defaultAuthor:
+    name: Kadras Developer Portal
+    email: [email protected]
+  defaultCommitMessage: 'Initial commit'
 
 catalog:
   import:
     entityFilename: catalog-info.yaml
     pullRequestBranchName: backstage-integration
   rules:
-    - allow: [Component, System, API, Resource, Location]
+    - allow: [API, Component, Location, Resource, System]
   locations:
-    # Local example data, file locations are relative to the backend process, typically `packages/backend`
+    # Users and Groups
     - type: file
-      target: ../../examples/entities.yaml
-
-    # Local example template
+      target: ../../demo-catalog/organizations/organization-kadras.yml
+      rules:
+        - allow: [Group, Location, User]
     - type: file
-      target: ../../examples/template/template.yaml
+      target: ../../demo-catalog/organizations/organization-guest.yml
       rules:
-        - allow: [Template]
+        - allow: [Group, User]
 
-    # Local example organizational data
+    # Templates
     - type: file
-      target: ../../examples/org.yaml
+      target: ../../demo-catalog/templates/templates.yml
       rules:
-        - allow: [User, Group]
-
-    ## Uncomment these lines to add more example data
-    # - type: url
-    #   target: https://github.com/backstage/backstage/blob/master/packages/catalog-model/examples/all.yaml
-
-    ## Uncomment these lines to add an example org
-    # - type: url
-    #   target: https://github.com/backstage/backstage/blob/master/packages/catalog-model/examples/acme-corp.yaml
-    #   rules:
-    #     - allow: [User, Group]
+        - allow: [Location, Template]
 
+# see https://backstage.io/docs/features/kubernetes/configuration for kubernetes configuration options
 kubernetes:
-  # see https://backstage.io/docs/features/kubernetes/configuration for kubernetes configuration options
+  serviceLocatorMethod:
+    type: 'multiTenant'
+  clusterLocatorMethods:
+    - type: 'config'
+      clusters: []
 
 # see https://backstage.io/docs/permissions/getting-started for more on the permission framework
 permission:

compose.yml

@@ -0,0 +1,27 @@
+services:
+
+  postgres:
+    image: docker.io/library/postgres:16.4-alpine
+    container_name: "postgres"
+    ports:
+      - 5432:5432
+    environment:
+      POSTGRES_USER: user
+      POSTGRES_PASSWORD: password
+  
+  backstage:
+    image: backstage
+    container_name: "backstage"
+    depends_on:
+      - postgres
+    ports:
+      - 7007:7007
+    environment:
+      - BACKSTAGE_BASE_URL=http://localhost:7007
+      - POSTGRES_HOST=postgres
+      - POSTGRES_PORT=5432
+      - POSTGRES_USER=user
+      - POSTGRES_PASSWORD=password
+      - GITHUB_TOKEN
+      - AUTH_GITHUB_CLIENT_ID
+      - AUTH_GITHUB_CLIENT_SECRET

examples/org.yaml renamed to demo-catalog/organizations/organization-guest.yml

@@ -1,17 +1,16 @@
 ---
-# https://backstage.io/docs/features/software-catalog/descriptor-format#kind-user
-apiVersion: backstage.io/v1alpha1
-kind: User
-metadata:
-  name: guest
-spec:
-  memberOf: [guests]
----
-# https://backstage.io/docs/features/software-catalog/descriptor-format#kind-group
 apiVersion: backstage.io/v1alpha1
 kind: Group
 metadata:
   name: guests
 spec:
   type: team
   children: []
+
+---
+apiVersion: backstage.io/v1alpha1
+kind: User
+metadata:
+  name: guest
+spec:
+  memberOf: [guests]