From 8124924544a90d6bfaee1434c6412640154a91af Mon Sep 17 00:00:00 2001 From: Tom McLaughlin Date: Thu, 12 Jun 2025 18:31:36 -0400 Subject: [PATCH 1/6] add an app-config for home usage --- src/app-config.home.yaml | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 src/app-config.home.yaml diff --git a/src/app-config.home.yaml b/src/app-config.home.yaml new file mode 100644 index 0000000..7ae3362 --- /dev/null +++ b/src/app-config.home.yaml @@ -0,0 +1,4 @@ +backend: + database: + connection: + ssl: null \ No newline at end of file From eafa3dcf0b8adc640c0d944aea45c6fd4b68cd0c Mon Sep 17 00:00:00 2001 From: Tom McLaughlin Date: Thu, 12 Jun 2025 18:50:43 -0400 Subject: [PATCH 2/6] fix inconsistency between builds --- .github/workflows/feature-branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml index b3b3204..7e209f4 100644 --- a/.github/workflows/feature-branch.yml +++ b/.github/workflows/feature-branch.yml @@ -68,7 +68,7 @@ jobs: env: CONTENTS: ${{ secrets.X_GITHUB_APP_CREDS }} run: | - echo -e "$CONTENTS" > src/app-config.d/github-app-credentials.yaml + echo -e "$CONTENTS" > src/app-config.d/credentials/github-app-credentials.yaml # Couldn't store JSON creds while retaining proper formatting so going to do this in two steps - name: Write Google Admin API creds From 999a1dadd728d11d9e971fb0f86e6e576e5fca8e Mon Sep 17 00:00:00 2001 From: Tom McLaughlin Date: Thu, 12 Jun 2025 20:16:30 -0400 Subject: [PATCH 3/6] front and backend port stuff --- src/app-config.home.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/app-config.home.yaml b/src/app-config.home.yaml index 7ae3362..6d0b329 100644 --- a/src/app-config.home.yaml +++ b/src/app-config.home.yaml @@ -1,4 +1,9 @@ +app: + title: Backstage Portal + baseUrl: http://${DNS_NAME}:7007 + backend: + baseUrl: http://${DNS_NAME}:7007 database: connection: ssl: null \ No newline at end of file From 3d68777c80186d10d35db17c92ca866501156041 Mon Sep 17 00:00:00 2001 From: Tom McLaughlin Date: Fri, 13 Jun 2025 11:51:32 -0400 Subject: [PATCH 4/6] Add github as home auth provider Google won't let us use our home domain which is not an official TLD. Github appears to allow this. --- src/app-config.home.yaml | 14 ++- src/packages/app/src/App.tsx | 38 +++++--- src/packages/backend/package.json | 2 +- src/packages/backend/src/index.ts | 1 + src/yarn.lock | 144 +++++++++++++++++++++++++++++- 5 files changed, 184 insertions(+), 15 deletions(-) diff --git a/src/app-config.home.yaml b/src/app-config.home.yaml index 6d0b329..f22e3ac 100644 --- a/src/app-config.home.yaml +++ b/src/app-config.home.yaml @@ -6,4 +6,16 @@ backend: baseUrl: http://${DNS_NAME}:7007 database: connection: - ssl: null \ No newline at end of file + ssl: null + +auth: + environment: home + providers: + guest: null + github: + home: + clientId: ${GITHUB_AUTH_CLIENT_ID} + clientSecret: ${GITHUB_AUTH_CLIENT_SECRET} + signIn: + resolvers: + - resolver: emailMatchingUserEntityProfileEmail \ No newline at end of file diff --git a/src/packages/app/src/App.tsx b/src/packages/app/src/App.tsx index e9bf2c5..99908b9 100644 --- a/src/packages/app/src/App.tsx +++ b/src/packages/app/src/App.tsx @@ -39,7 +39,7 @@ import { catalogEntityCreatePermission } from '@backstage/plugin-catalog-common/ import { ScaffolderFieldExtensions } from '@backstage/plugin-scaffolder-react'; // Added imports -import { googleAuthApiRef } from '@backstage/core-plugin-api'; +import { configApiRef, githubAuthApiRef, googleAuthApiRef, useApi } from '@backstage/core-plugin-api'; // ServerlessOps Catalog import { @@ -68,23 +68,37 @@ const app = createApp({ }); }, components: { - SignInPage: props => ( - { + const configApi = useApi(configApiRef); + if (configApi.getString('auth.environment') === 'home') { + return ( + + ); + } + return ( + - ), + } + /> + ); + }, }, }); diff --git a/src/packages/backend/package.json b/src/packages/backend/package.json index 557a537..64fab03 100644 --- a/src/packages/backend/package.json +++ b/src/packages/backend/package.json @@ -20,7 +20,7 @@ "@backstage/config": "^1.2.0", "@backstage/plugin-app-backend": "^0.3.74", "@backstage/plugin-auth-backend": "^0.23.0", - "@backstage/plugin-auth-backend-module-github-provider": "^0.2.0", + "@backstage/plugin-auth-backend-module-github-provider": "^0.3.4", "@backstage/plugin-auth-backend-module-google-provider": "^0.2.0", "@backstage/plugin-auth-backend-module-guest-provider": "^0.2.0", "@backstage/plugin-auth-node": "^0.5.2", diff --git a/src/packages/backend/src/index.ts b/src/packages/backend/src/index.ts index 6d78c78..a405764 100644 --- a/src/packages/backend/src/index.ts +++ b/src/packages/backend/src/index.ts @@ -21,6 +21,7 @@ backend.add(import('@backstage/plugin-auth-backend')); // backend.add(import('@backstage/plugin-auth-backend-module-guest-provider')); // See https://backstage.io/docs/auth/guest/provider backend.add(import('@backstage/plugin-auth-backend-module-google-provider')); +backend.add(import('@backstage/plugin-auth-backend-module-github-provider')); // catalog plugin diff --git a/src/yarn.lock b/src/yarn.lock index 9412c98..fdfcab1 100644 --- a/src/yarn.lock +++ b/src/yarn.lock @@ -3356,6 +3356,28 @@ __metadata: languageName: node linkType: hard +"@backstage/backend-plugin-api@npm:^1.4.0": + version: 1.4.0 + resolution: "@backstage/backend-plugin-api@npm:1.4.0" + dependencies: + "@backstage/cli-common": "npm:^0.1.15" + "@backstage/config": "npm:^1.3.2" + "@backstage/errors": "npm:^1.2.7" + "@backstage/plugin-auth-node": "npm:^0.6.4" + "@backstage/plugin-permission-common": "npm:^0.9.0" + "@backstage/plugin-permission-node": "npm:^0.10.1" + "@backstage/types": "npm:^1.2.1" + "@types/express": "npm:^4.17.6" + "@types/json-schema": "npm:^7.0.6" + "@types/luxon": "npm:^3.0.0" + json-schema: "npm:^0.4.0" + knex: "npm:^3.0.0" + luxon: "npm:^3.0.0" + zod: "npm:^3.22.4" + checksum: 10c0/bc8d9743c24ee8624d89fa89c0927658eba3c5f1cd1f8ba8defbcb43a9f949a4a602ef19986d9e69e252f016b642532300327d2f88f3940b32ce8fcec30efd49 + languageName: node + linkType: hard + "@backstage/backend-test-utils@npm:^1.0.0": version: 1.2.0 resolution: "@backstage/backend-test-utils@npm:1.2.0" @@ -3431,6 +3453,18 @@ __metadata: languageName: node linkType: hard +"@backstage/catalog-client@npm:^1.10.1": + version: 1.10.1 + resolution: "@backstage/catalog-client@npm:1.10.1" + dependencies: + "@backstage/catalog-model": "npm:^1.7.4" + "@backstage/errors": "npm:^1.2.7" + cross-fetch: "npm:^4.0.0" + uri-template: "npm:^2.0.0" + checksum: 10c0/e6664b19d91f8c1b3b60975887c4fc375d684a7729123986b4361f892fbd7599c43e727d83521335ee6d8ae0b216640dc4a8f30885d7e870ed175d0933cead65 + languageName: node + linkType: hard + "@backstage/catalog-client@npm:^1.7.0": version: 1.7.0 resolution: "@backstage/catalog-client@npm:1.7.0" @@ -3515,6 +3549,18 @@ __metadata: languageName: node linkType: hard +"@backstage/catalog-model@npm:^1.7.4": + version: 1.7.4 + resolution: "@backstage/catalog-model@npm:1.7.4" + dependencies: + "@backstage/errors": "npm:^1.2.7" + "@backstage/types": "npm:^1.2.1" + ajv: "npm:^8.10.0" + lodash: "npm:^4.17.21" + checksum: 10c0/220635c2e9968e22439cce7432cec75e2f9b8ea2ff333c6945ce7a9ea81c5b448a5dce32de69519ac4ab9d707ce9589b675cf602315a5a7edbe27993ae261be4 + languageName: node + linkType: hard + "@backstage/cli-common@npm:^0.1.14": version: 0.1.14 resolution: "@backstage/cli-common@npm:0.1.14" @@ -3793,6 +3839,17 @@ __metadata: languageName: node linkType: hard +"@backstage/config@npm:^1.3.2": + version: 1.3.2 + resolution: "@backstage/config@npm:1.3.2" + dependencies: + "@backstage/errors": "npm:^1.2.7" + "@backstage/types": "npm:^1.2.1" + ms: "npm:^2.1.3" + checksum: 10c0/9d3dfac9b359727b727567834c2576cc2af96e149b3a0b45565251b02f2dfda9559ee3719d1eed240f5cae4f6b8bb9babfbffc3a35d2d2d8fbe5c408c41c42e3 + languageName: node + linkType: hard + "@backstage/core-app-api@npm:^1.15.0": version: 1.15.0 resolution: "@backstage/core-app-api@npm:1.15.0" @@ -4216,6 +4273,16 @@ __metadata: languageName: node linkType: hard +"@backstage/errors@npm:^1.2.7": + version: 1.2.7 + resolution: "@backstage/errors@npm:1.2.7" + dependencies: + "@backstage/types": "npm:^1.2.1" + serialize-error: "npm:^8.0.1" + checksum: 10c0/ce04dccc96c49bf121f1de86a589bbe3a613a32f63546b100a9d074bf2cb79c8ba889e1e7ba39c44c717b1bc7dea7654de85b1229fb7e4106e31dd60327c10c1 + languageName: node + linkType: hard + "@backstage/eslint-plugin@npm:^0.1.9": version: 0.1.9 resolution: "@backstage/eslint-plugin@npm:0.1.9" @@ -4882,6 +4949,18 @@ __metadata: languageName: node linkType: hard +"@backstage/plugin-auth-backend-module-github-provider@npm:^0.3.4": + version: 0.3.4 + resolution: "@backstage/plugin-auth-backend-module-github-provider@npm:0.3.4" + dependencies: + "@backstage/backend-plugin-api": "npm:^1.4.0" + "@backstage/plugin-auth-node": "npm:^0.6.4" + passport-github2: "npm:^0.1.12" + zod: "npm:^3.22.4" + checksum: 10c0/dd61c52690aab16c4769b05cb33a9576fdde17119c67c534f69946f64f2f448553f1fbce67129f6faaadec46a3798de1b51258a4bc4894905446f88bbf360ad6 + languageName: node + linkType: hard + "@backstage/plugin-auth-backend-module-gitlab-provider@npm:^0.2.0": version: 0.2.0 resolution: "@backstage/plugin-auth-backend-module-gitlab-provider@npm:0.2.0" @@ -5142,6 +5221,29 @@ __metadata: languageName: node linkType: hard +"@backstage/plugin-auth-node@npm:^0.6.4": + version: 0.6.4 + resolution: "@backstage/plugin-auth-node@npm:0.6.4" + dependencies: + "@backstage/backend-plugin-api": "npm:^1.4.0" + "@backstage/catalog-client": "npm:^1.10.1" + "@backstage/catalog-model": "npm:^1.7.4" + "@backstage/config": "npm:^1.3.2" + "@backstage/errors": "npm:^1.2.7" + "@backstage/types": "npm:^1.2.1" + "@types/express": "npm:^4.17.6" + "@types/passport": "npm:^1.0.3" + express: "npm:^4.17.1" + jose: "npm:^5.0.0" + lodash: "npm:^4.17.21" + passport: "npm:^0.7.0" + zod: "npm:^3.22.4" + zod-to-json-schema: "npm:^3.21.4" + zod-validation-error: "npm:^3.4.0" + checksum: 10c0/597ee8bb1ec234f47300a4a66cdb34240d574a1467ba67c362d931cc277d196f20f685b3ea67b7c2d0b725c739ef850c38cb68edc864a545f7895d2bd5791b2b + languageName: node + linkType: hard + "@backstage/plugin-auth-react@npm:^0.1.6": version: 0.1.6 resolution: "@backstage/plugin-auth-react@npm:0.1.6" @@ -5930,6 +6032,39 @@ __metadata: languageName: node linkType: hard +"@backstage/plugin-permission-common@npm:^0.9.0": + version: 0.9.0 + resolution: "@backstage/plugin-permission-common@npm:0.9.0" + dependencies: + "@backstage/config": "npm:^1.3.2" + "@backstage/errors": "npm:^1.2.7" + "@backstage/types": "npm:^1.2.1" + cross-fetch: "npm:^4.0.0" + uuid: "npm:^11.0.0" + zod: "npm:^3.22.4" + zod-to-json-schema: "npm:^3.20.4" + checksum: 10c0/24f5f400d08be016610e93fb8550cccd1c4a5f621e5242cda67b0165ba3ad0a3b425c8d98ea5d1612b4482fec0fa8954a61b7177e52a2f03d3245fbc85bdc15f + languageName: node + linkType: hard + +"@backstage/plugin-permission-node@npm:^0.10.1": + version: 0.10.1 + resolution: "@backstage/plugin-permission-node@npm:0.10.1" + dependencies: + "@backstage/backend-plugin-api": "npm:^1.4.0" + "@backstage/config": "npm:^1.3.2" + "@backstage/errors": "npm:^1.2.7" + "@backstage/plugin-auth-node": "npm:^0.6.4" + "@backstage/plugin-permission-common": "npm:^0.9.0" + "@types/express": "npm:^4.17.6" + express: "npm:^4.17.1" + express-promise-router: "npm:^4.1.0" + zod: "npm:^3.22.4" + zod-to-json-schema: "npm:^3.20.4" + checksum: 10c0/f631192af30f9e7ea6ae39a020d632cf52c8f5a5cf48cdfe61b59658be1fec9f8b8f2c3c6a1e4cf5985789c6eb2f69b078ce1b0dd87bb4fef414d1fc27d73ea3 + languageName: node + linkType: hard + "@backstage/plugin-permission-node@npm:^0.8.3": version: 0.8.3 resolution: "@backstage/plugin-permission-node@npm:0.8.3" @@ -7325,6 +7460,13 @@ __metadata: languageName: node linkType: hard +"@backstage/types@npm:^1.2.1": + version: 1.2.1 + resolution: "@backstage/types@npm:1.2.1" + checksum: 10c0/e7ed5ee0c4e6afa997a3885b7851ce51fc8c1c99cec98a2724da79dbc626f3f9055c5c72f097a2e2f762293e74ecd6b5d30617c27c3b27aa9a63a436f07b576d + languageName: node + linkType: hard + "@backstage/version-bridge@npm:^1.0.10": version: 1.0.10 resolution: "@backstage/version-bridge@npm:1.0.10" @@ -16273,7 +16415,7 @@ __metadata: "@backstage/config": "npm:^1.2.0" "@backstage/plugin-app-backend": "npm:^0.3.74" "@backstage/plugin-auth-backend": "npm:^0.23.0" - "@backstage/plugin-auth-backend-module-github-provider": "npm:^0.2.0" + "@backstage/plugin-auth-backend-module-github-provider": "npm:^0.3.4" "@backstage/plugin-auth-backend-module-google-provider": "npm:^0.2.0" "@backstage/plugin-auth-backend-module-guest-provider": "npm:^0.2.0" "@backstage/plugin-auth-node": "npm:^0.5.2" From 0b85a8599afe21be8c592e525e9c2d33fb588c82 Mon Sep 17 00:00:00 2001 From: Tom McLaughlin Date: Fri, 13 Jun 2025 12:01:52 -0400 Subject: [PATCH 5/6] chase update to test from previous commit --- src/packages/app/src/App.test.tsx | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/packages/app/src/App.test.tsx b/src/packages/app/src/App.test.tsx index ec8ba1d..6bcb152 100644 --- a/src/packages/app/src/App.test.tsx +++ b/src/packages/app/src/App.test.tsx @@ -14,6 +14,9 @@ describe('App', () => { techdocs: { storageUrl: 'http://localhost:7007/api/techdocs/static/docs', }, + auth: { + environment: 'production' + } }, context: 'test', }, From 8a3d2003022435916bbd3a7e09a8e53e8bb44c4f Mon Sep 17 00:00:00 2001 From: Tom McLaughlin Date: Wed, 25 Jun 2025 14:40:05 -0400 Subject: [PATCH 6/6] refactor app and backend url config To fix issue in github auth redirect to wrong port --- cfn-parameters.json | 3 ++- src/app-config.home.yaml | 4 ++-- src/app-config.production.yaml | 6 +++--- template.yaml | 16 ++++++++++++---- 4 files changed, 19 insertions(+), 10 deletions(-) diff --git a/cfn-parameters.json b/cfn-parameters.json index bb944d4..2c4eecd 100644 --- a/cfn-parameters.json +++ b/cfn-parameters.json @@ -25,7 +25,8 @@ "PgPassword": $secrets.POSTGRES_PASSWORD, "AuthGoogleClientId": $secrets.AUTH_GOOGLE_CLIENT_ID, "AuthGoogleClientSecret": $secrets.AUTH_GOOGLE_CLIENT_SECRET, - "DnsName": $vars.DNS_NAME, + "BackstageAppUrl": $vars.BACKSTAGE_APP_URL, + "BackstageBackendUrl": $vars.BACKSTAGE_BACKEND_URL, "ServerlessOpsCatalogApiUrl": $vars.SERVERLESSOPS_CATALOG_API_URL, "ServerlessOpsAuthClientId": $secrets.SERVERLESSOPS_AUTH_CLIENT_ID, "ServerlessOpsAuthClientSecret": $secrets.SERVERLESSOPS_AUTH_CLIENT_SECRET, diff --git a/src/app-config.home.yaml b/src/app-config.home.yaml index f22e3ac..095d23c 100644 --- a/src/app-config.home.yaml +++ b/src/app-config.home.yaml @@ -1,9 +1,9 @@ app: title: Backstage Portal - baseUrl: http://${DNS_NAME}:7007 + baseUrl: ${BACKSTAGE_APP_URL} backend: - baseUrl: http://${DNS_NAME}:7007 + baseUrl: ${BACKSTAGE_BACKEND_URL} database: connection: ssl: null diff --git a/src/app-config.production.yaml b/src/app-config.production.yaml index 884679c..bf1ef15 100644 --- a/src/app-config.production.yaml +++ b/src/app-config.production.yaml @@ -1,6 +1,6 @@ app: # Should be the same as backend.baseUrl when using the `app-backend` plugin. - baseUrl: https://${DNS_NAME} + baseUrl: ${BACKSTAGE_APP_URL} backend: # Note that the baseUrl should be the URL that the browser and other clients @@ -8,12 +8,12 @@ backend: # reachable not just from within the backend host, but from all of your # callers. When its value is "http://localhost:7007", it's strictly private # and can't be reached by others. - baseUrl: https://${DNS_NAME} + baseUrl: ${BACKSTAGE_BACKEND_URL} # The listener can also be expressed as a single : string. In this case we bind to # all interfaces, the most permissive setting. The right value depends on your specific deployment. listen: listen: 0.0.0.0 # Bind to all interfaces - port: 7007 + port: ${BACKSTAGE_BACKEND_PORT} # config options: https://node-postgres.com/apis/client database: diff --git a/template.yaml b/template.yaml index 2876db5..753a824 100644 --- a/template.yaml +++ b/template.yaml @@ -114,9 +114,13 @@ Parameters: Description: Google OAuth client secret NoEcho: true - DnsName: + BackstageAppUrl: Type: String - Description: DNS name for the application + Description: URL of application frontend + + BackstageBackendUrl: + Type: String + Description: URL of application backend ServerlessOpsCatalogApiUrl: Type: String @@ -169,8 +173,12 @@ Resources: Value: !Ref AuthGoogleClientId - Name: AUTH_GOOGLE_CLIENT_SECRET Value: !Ref AuthGoogleClientSecret - - Name: DNS_NAME - Value: !Ref DnsName + - Name: BACKSTAGE_APP_URL + Value: !Ref BackstageAppUrl + - Name: BACKSTAGE_BACKEND_URL + Value: !Ref BackstageBackendUrl + - Name: BACKSTAGE_BACKEND_PORT + Value: !Ref ContainerPort - Name: SERVERLESSOPS_CATALOG_API_URL Value: !Ref ServerlessOpsCatalogApiUrl - Name: SERVERLESSOPS_AUTH_ENDPOINT