Update to backstage 1.30.0

.dockerignore

@@ -6,3 +6,7 @@ packages/*/src
 packages/*/node_modules
 plugins
 *.local.yaml
+.github
+compose.yml
+*.md
+demo-catalog

.github/workflows/commit-stage.yml

@@ -10,7 +10,7 @@ env:
 jobs:
   build:
     name: Build
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       contents: read
     steps:
@@ -20,25 +20,41 @@ jobs:
       - name: Set up Node
         uses: actions/setup-node@v4
         with:
-          node-version-file: '.nvmrc'
+          node-version: 20
           cache: 'yarn'
 
       - name: Install dependencies
         run: |
           yarn install --frozen-lockfile
+
+      - name: Validate configuration
+        run: |
+          yarn backstage-cli config:check --lax
+
+      - name: Validate types and definitions
+        run: |
+          yarn tsc:full
 
       - name: Prettier
         run: |
-          yarn run prettier:check
+          yarn prettier:check
 
-      - name: Compile and test
+      - name: Build
+        run: |
+          yarn build:all
+
+      - name: Lint
+        run: |
+          yarn lint:all
+
+      - name: Test
         run: |
-          yarn run ci
+          yarn test:all
 
   package:
     if: ${{ github.ref == 'refs/heads/main' }}
     needs: [ build ]
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       contents: read
       packages: write
@@ -55,7 +71,7 @@ jobs:
       - name: Set up Node
         uses: actions/setup-node@v4
         with:
-          node-version-file: '.nvmrc'
+          node-version: 20
           cache: 'yarn'
 
       - name: Install dependencies
@@ -101,7 +117,7 @@ jobs:
           registry: ${{ env.REGISTRY }}
 
       - name: Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         id: build
         with:
           context: .
@@ -127,7 +143,7 @@ jobs:
   merge:
     if: ${{ github.ref == 'refs/heads/main' }}
     needs: [package]
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       contents: read
       packages: write
@@ -144,7 +160,7 @@ jobs:
         uses: docker/setup-buildx-action@v3
 
       - name: Install Cosign
-        uses: sigstore/cosign-installer@v3.4.0
+        uses: sigstore/cosign-installer@v3.6.0
 
       - name: Generate Docker meta information
         id: meta

.gitignore

@@ -24,6 +24,9 @@ node_modules/
 !.yarn/sdks
 !.yarn/versions
 
+# Node version directives
+.nvmrc
+
 # dotenv environment variables file
 .env
 .env.test

.prettierignore

@@ -3,6 +3,7 @@ dist-types
 coverage
 .vscode
 .github
-docker-compose.yml
+compose.yml
 CODE_OF_CONDUCT.md
-MAINTAINERS.md
+MAINTAINERS.md
+demo-catalog

app-config.production.yaml

@@ -1,25 +1,35 @@
 app:
+  # Should be the same as backend.baseUrl when using the `app-backend` plugin.
   baseUrl: ${BACKSTAGE_BASE_URL}
 
 backend:
-  auth:
-    keys:
-      - secret: ${BACKSTAGE_BACKEND_SECRET}
+  # Note that the baseUrl should be the URL that the browser and other clients
+  # should use when communicating with the backend, i.e. it needs to be
+  # reachable not just from within the backend host, but from all of your
+  # callers. When its value is "http://localhost:7007", it's strictly private
+  # and can't be reached by others.
   baseUrl: ${BACKSTAGE_BASE_URL}
   cors:
     origin: ${BACKSTAGE_BASE_URL}
+  # The listener can also be expressed as a single <host>:<port> string. In this case we bind to
+  # all interfaces, the most permissive setting. The right value depends on your specific deployment.
+  # listen: ':7007'
   listen:
     port: 7007
 
 auth:
-  autologout:
-    enabled: true
   environment: production
   providers:
+    # See https://backstage.io/docs/auth/github/provider
     github:
       production:
-        clientId: ${GITHUB_AUTH_PROVIDER_CLIENT_ID}
-        clientSecret: ${GITHUB_AUTH_PROVIDER_CLIENT_SECRET}
+        clientId: ${AUTH_GITHUB_CLIENT_ID}
+        clientSecret: ${AUTH_GITHUB_CLIENT_SECRET}
+        ## uncomment if using GitHub Enterprise
+        # enterpriseInstanceUrl: ${AUTH_GITHUB_ENTERPRISE_INSTANCE_URL}
+        signIn:
+          resolvers:
+            - resolver: usernameMatchingUserEntityName
 
 catalog:
   locations: []

app-config.yaml

@@ -9,13 +9,17 @@ backend:
   baseUrl: http://localhost:7007
   listen:
     port: 7007
+    # Uncomment the following host directive to bind to specific interfaces
+    # host: 127.0.0.1
   csp:
-    # Content-Security-Policy directives follow the Helmet format: https://helmetjs.github.io/#reference
     connect-src: ["'self'", 'http:', 'https:']
+    # Content-Security-Policy directives follow the Helmet format: https://helmetjs.github.io/#reference
+    # Default Helmet Content-Security-Policy values can be removed by setting the key to false
   cors:
     origin: http://localhost:3000
     methods: [GET, HEAD, PATCH, POST, PUT, DELETE]
     credentials: true
+  # Config options: https://node-postgres.com/apis/client
   database:
     client: pg
     connection:
@@ -29,11 +33,29 @@ backend:
       # ssl:
       #   ca: # if you have a CA file and want to verify it you can uncomment this section
       #     $file: <file-path>/ca/server.crt
+  # workingDirectory: /tmp # Use this to configure a working directory for the scaffolder, defaults to the OS temp-dir
+  # reading:
+  #   allow:
+  #     - host: "*.swagger.io"
 
 integrations:
   github:
     - host: github.com
+      # This is a Personal Access Token or PAT from GitHub. You can find out how to generate this token, and more information
+      # about setting up the GitHub integration here: https://backstage.io/docs/integrations/github/locations#configuration
       token: ${GITHUB_TOKEN}
+    ### Example for how to add your GitHub Enterprise instance using the API:
+    # - host: ghe.example.net
+    #   apiBaseUrl: https://ghe.example.net/api/v3
+    #   token: ${GHE_TOKEN}
+
+proxy:
+  ### Example for how to add a proxy endpoint for the frontend.
+  ### A typical reason to do this is to handle HTTPS and CORS for internal services.
+  # endpoints:
+  #   '/test':
+  #     target: 'https://example.com'
+  #     changeOrigin: true
 
 # Reference documentation http://backstage.io/docs/features/techdocs/configuration
 # Note: After experimenting with basic setup, use CI/CD to generate docs
@@ -47,38 +69,70 @@ techdocs:
     type: 'local' # Alternatives - 'googleGcs' or 'awsS3'. Read documentation for using alternatives.
 
 auth:
+  # See https://backstage.io/docs/auth/autologout
   autologout:
     enabled: false
+    idleTimeoutMinutes: 60
+    promptBeforeIdleSeconds: 10
+    useWorkerTimers: true
+    logoutIfDisconnected: true
   environment: development
+  # See https://backstage.io/docs/auth
   providers:
+    # See https://backstage.io/docs/auth/github/provider
     github:
       development:
-        clientId: ${GITHUB_AUTH_PROVIDER_CLIENT_ID}
-        clientSecret: ${GITHUB_AUTH_PROVIDER_CLIENT_SECRET}
+        clientId: ${AUTH_GITHUB_CLIENT_ID}
+        clientSecret: ${AUTH_GITHUB_CLIENT_SECRET}
+        ## uncomment if using GitHub Enterprise
+        # enterpriseInstanceUrl: ${AUTH_GITHUB_ENTERPRISE_INSTANCE_URL}
+        signIn:
+          resolvers:
+            - resolver: usernameMatchingUserEntityName
+            # - resolver: emailMatchingUserEntityProfileEmail
+            # - resolver: emailLocalPartMatchingUserEntityName
+
+enableExperimentalRedirectFlow: false
 
 scaffolder:
+  # see https://backstage.io/docs/features/software-templates/configuration for software template options
   defaultAuthor:
     name: Kadras Developer Portal
-    email: scaffolder@backstage.io
+    email: scaffolder@kadras.io
   defaultCommitMessage: 'Initial commit'
 
 catalog:
   import:
     entityFilename: catalog-info.yaml
     pullRequestBranchName: backstage-integration
   rules:
-    - allow: [Component, System, API, Resource, Location]
+    - allow: [API, Component, Location, Resource, System]
   locations:
-    ## Uncomment these lines to add more example data
-    # - type: url
-    #   target: https://github.com/backstage/backstage/blob/master/packages/catalog-model/examples/all.yaml
-
-    - type: url
-      target: https://github.com/ThomasVitale/symphony-for-dev-and-platform/blob/main/platform/catalog/organization/catalog-info.yml
+    # Users and Groups
+    - type: file
+      target: ../../demo-catalog/organizations/organization-kadras.yml
+      rules:
+        - allow: [Group, Location, User]
+    - type: file
+      target: ../../demo-catalog/organizations/organization-guest.yml
       rules:
-        - allow: [User, Group, Location]
+        - allow: [Group, User]
 
-    - type: url
-      target: https://github.com/ThomasVitale/symphony-for-dev-and-platform/blob/main/platform/catalog/templates/catalog-info.yml
+    # Templates
+    - type: file
+      target: ../../demo-catalog/templates/templates.yml
       rules:
-        - allow: [Template, Location]
+        - allow: [Location, Template]
+
+# see https://backstage.io/docs/features/kubernetes/configuration for kubernetes configuration options
+kubernetes:
+  serviceLocatorMethod:
+    type: 'multiTenant'
+  clusterLocatorMethods:
+    - type: 'config'
+      clusters: []
+
+# see https://backstage.io/docs/permissions/getting-started for more on the permission framework
+permission:
+  # setting this to `false` will disable permissions
+  enabled: true

backstage.json

@@ -1,3 +1,3 @@
 {
-  "version": "1.23.4"
+  "version": "1.30.0"
 }

docker-compose.yml → compose.yml

@@ -1,8 +1,7 @@
-version: "3.8"
 services:
 
   postgres:
-    image: postgres:16.2-alpine
+    image: docker.io/library/postgres:16.4-alpine
     container_name: "postgres"
     ports:
       - 5432:5432
@@ -13,15 +12,16 @@ services:
   backstage:
     image: backstage
     container_name: "backstage"
+    depends_on:
+      - postgres
     ports:
       - 7007:7007
     environment:
       - BACKSTAGE_BASE_URL=http://localhost:7007
-      - BACKSTAGE_BACKEND_SECRET=lYXoL2XuDhIJE07CMTOunVB0pdZNCgS2
       - POSTGRES_HOST=postgres
       - POSTGRES_PORT=5432
       - POSTGRES_USER=user
       - POSTGRES_PASSWORD=password
       - GITHUB_TOKEN
-      - GITHUB_AUTH_PROVIDER_CLIENT_ID
-      - GITHUB_AUTH_PROVIDER_CLIENT_SECRET
+      - AUTH_GITHUB_CLIENT_ID
+      - AUTH_GITHUB_CLIENT_SECRET

demo-catalog/organizations/organization-guest.yml

@@ -0,0 +1,16 @@
+---
+apiVersion: backstage.io/v1alpha1
+kind: Group
+metadata:
+  name: guests
+spec:
+  type: team
+  children: []
+
+---
+apiVersion: backstage.io/v1alpha1
+kind: User
+metadata:
+  name: guest
+spec:
+  memberOf: [guests]

demo-catalog/organizations/organization-kadras.yml

@@ -0,0 +1,32 @@
+---
+apiVersion: backstage.io/v1alpha1
+kind: Group
+metadata:
+  name: kadras
+  title: Kadras
+  description: Researching technology to power your path from idea to production on Kubernetes
+  links:
+    - url: https://www.kadras.io
+      title: Website
+    - url: https://github.com/kadras-io
+      title: GitHub
+      icon: github
+spec:
+  type: organization
+  profile:
+    displayName: Kadras
+    picture: https://avatars.githubusercontent.com/u/122495299?s=400&u=b7253f864937e362b42c0b390da51ea9492194f4&v=4
+  children: []
+
+---
+apiVersion: backstage.io/v1alpha1
+kind: User
+metadata:
+  name: ThomasVitale
+  title: Thomas Vitale
+spec:
+  memberOf: [kadras]
+  profile:
+    displayName: Thomas Vitale
+    email: [email protected]
+    picture: https://avatars.githubusercontent.com/u/8523418?s=400&u=0ff9935d7aef1e1a735c661da9703c85513320ca&v=4