Closed
Description
📜 Description
When running the github:environment:create Scaffolder action from @backstage/plugin-scaffolder-backend-module-github, if teams/users are present in the reviewers list, the step errors out with a 401 Unauthorized.
👍 Expected behavior
It should resolve the users/groups from the catalog and add their GitHub IDs as reviewers to the new environment.
👎 Actual Behavior with Screenshots
The step fails with the following error:
ResponseError: Request failed with 401 Unauthorized
at Function.fromResponse (/path/to/backstage/node_modules/@backstage/errors/src/errors/ResponseError.ts:76:12)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at CatalogClient.getEntitiesByRefs (/path/to/backstage/node_modules/@backstage/catalog-client/src/CatalogClient.ts:168:13
at Object.handler (/path/to/backstage/node_modules/@backstage/plugin-scaffolder-backend-module-github/src/actions/githubEnvironment.ts:193:33
at NunjucksWorkflowRunner.executeStep (/path/to/backstage/node_modules/@backstage/plugin-scaffolder-backend/src/scaffolder/tasks/NunjucksWorkflowRunner.ts:367:9
at NunjucksWorkflowRunner.execute (/path/to/backstage/node_modules/@backstage/plugin-scaffolder-backend/src/scaffolder/tasks/NunjucksWorkflowRunner.ts:499:9)
👟 Reproduction steps
- Bootstrap the Backstage app as per the Getting Started guide.
- Add and configure the GitHub catalog and scaffolder backend plugins, remove guest auth provider and configure the GitHub auth provider.
- Attempt to create a new repository with a protected environment using this workflow:
apiVersion: scaffolder.backstage.io/v1beta3
kind: Template
metadata:
name: skeleton
title: Empty Repository Template
description: Creates a new repository with an environment
spec:
owner: my-team
type: service
parameters:
- title: Repository details
required:
- repoUrl
- owner
- description
properties:
repoUrl:
title: Repository location
type: string
ui:field: RepoUrlPicker
ui:options:
allowedHosts:
- github.com
allowedOwners:
- test-org
owner:
title: Owning team
type: string
enum:
- team-a
- team-b
description:
title: Repository description
type: string
steps:
- id: fetch-base
name: Fetch Base
action: fetch:template
input:
url: ./content
values:
name: ${{ parameters.name }}
- id: publish
name: Publish
action: publish:github
input:
allowedHosts: ['github.com']
description: ${{ parameters.description }}
repoUrl: ${{ parameters.repoUrl }}
- id: add-env
name: Add environment
action: github:environment:create
input:
repoUrl: ${{ parameters.repoUrl }}
name: Production
reviewers:
- group:default/${{ parameters.owner }}
📃 Provide the context for the Bug.
No response
🖥️ Your Environment
backend/src/index.ts:
import { createBackend } from '@backstage/backend-defaults';
const backend = createBackend();
backend.add(import('@backstage/plugin-app-backend/alpha'));
backend.add(import('@backstage/plugin-proxy-backend/alpha'));
backend.add(import('@backstage/plugin-scaffolder-backend/alpha'));
backend.add(import('@backstage/plugin-techdocs-backend/alpha'));
backend.add(import('@backstage/plugin-scaffolder-backend-module-github'));
// auth plugin
backend.add(import('@backstage/plugin-auth-backend'));
backend.add(import('@backstage/plugin-auth-backend-module-github-provider'));
// See https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin
// backend.add(import('@backstage/plugin-auth-backend-module-guest-provider'));
// See https://backstage.io/docs/auth/guest/provider
// catalog plugin
backend.add(import('@backstage/plugin-catalog-backend/alpha'));
backend.add(import('@backstage/plugin-catalog-backend-module-github-org'));
backend.add(
import('@backstage/plugin-catalog-backend-module-scaffolder-entity-model'),
);
// See https://backstage.io/docs/features/software-catalog/configuration#subscribing-to-catalog-errors
backend.add(import('@backstage/plugin-catalog-backend-module-logs'));
// permission plugin
backend.add(import('@backstage/plugin-permission-backend/alpha'));
// See https://backstage.io/docs/permissions/getting-started for how to create your own permission policy
backend.add(
import('@backstage/plugin-permission-backend-module-allow-all-policy'),
);
// search plugin
backend.add(import('@backstage/plugin-search-backend/alpha'));
// search engine
// See https://backstage.io/docs/features/search/search-engines
backend.add(import('@backstage/plugin-search-backend-module-pg/alpha'));
// search collators
backend.add(import('@backstage/plugin-search-backend-module-catalog/alpha'));
backend.add(import('@backstage/plugin-search-backend-module-techdocs/alpha'));
// kubernetes
backend.add(import('@backstage/plugin-kubernetes-backend/alpha'));
backend.start();OS: Linux 5.15.153.1-microsoft-standard-WSL2 - linux/x64
node: v18.20.4
yarn: 4.4.1
cli: 0.28.2 (installed)
backstage: 1.32.0
Dependencies:
@backstage/app-defaults 1.5.12
@backstage/backend-app-api 1.0.1
@backstage/backend-common 0.25.0
@backstage/backend-defaults 0.5.2
@backstage/backend-dev-utils 0.1.5
@backstage/backend-openapi-utils 0.2.0
@backstage/backend-plugin-api 1.0.1
@backstage/catalog-client 1.7.1
@backstage/catalog-model 1.7.0
@backstage/cli-common 0.1.14
@backstage/cli-node 0.2.9
@backstage/cli 0.28.2
@backstage/config-loader 1.9.1
@backstage/config 1.2.0
@backstage/core-app-api 1.15.1
@backstage/core-compat-api 0.3.1
@backstage/core-components 0.15.1
@backstage/core-plugin-api 1.10.0
@backstage/e2e-test-utils 0.1.1
@backstage/errors 1.2.4
@backstage/eslint-plugin 0.1.10
@backstage/frontend-app-api 0.10.0
@backstage/frontend-defaults 0.1.1
@backstage/frontend-plugin-api 0.9.0
@backstage/frontend-test-utils 0.2.1
@backstage/integration-aws-node 0.1.12
@backstage/integration-react 1.2.0
@backstage/integration 1.15.1
@backstage/plugin-api-docs 0.11.11
@backstage/plugin-app-backend 0.3.76
@backstage/plugin-app-node 0.1.26
@backstage/plugin-app 0.1.1
@backstage/plugin-auth-backend-module-atlassian-provider 0.3.1
@backstage/plugin-auth-backend-module-auth0-provider 0.1.1
@backstage/plugin-auth-backend-module-aws-alb-provider 0.2.1
@backstage/plugin-auth-backend-module-azure-easyauth-provider 0.2.1
@backstage/plugin-auth-backend-module-bitbucket-provider 0.2.1
@backstage/plugin-auth-backend-module-bitbucket-server-provider 0.1.1
@backstage/plugin-auth-backend-module-cloudflare-access-provider 0.3.1
@backstage/plugin-auth-backend-module-gcp-iap-provider 0.3.1
@backstage/plugin-auth-backend-module-github-provider 0.2.1
@backstage/plugin-auth-backend-module-gitlab-provider 0.2.1
@backstage/plugin-auth-backend-module-google-provider 0.2.1
@backstage/plugin-auth-backend-module-guest-provider 0.2.1
@backstage/plugin-auth-backend-module-microsoft-provider 0.2.1
@backstage/plugin-auth-backend-module-oauth2-provider 0.3.1
@backstage/plugin-auth-backend-module-oauth2-proxy-provider 0.2.1
@backstage/plugin-auth-backend-module-oidc-provider 0.3.1
@backstage/plugin-auth-backend-module-okta-provider 0.1.1
@backstage/plugin-auth-backend-module-onelogin-provider 0.2.1
@backstage/plugin-auth-backend 0.23.1
@backstage/plugin-auth-node 0.5.3
@backstage/plugin-auth-react 0.1.7
@backstage/plugin-bitbucket-cloud-common 0.2.24
@backstage/plugin-catalog-backend-module-github-org 0.3.3
@backstage/plugin-catalog-backend-module-github 0.7.6
@backstage/plugin-catalog-backend-module-logs 0.1.3
@backstage/plugin-catalog-backend-module-scaffolder-entity-model 0.2.1
@backstage/plugin-catalog-backend 1.27.1
@backstage/plugin-catalog-common 1.1.0
@backstage/plugin-catalog-graph 0.4.11
@backstage/plugin-catalog-import 0.12.5
@backstage/plugin-catalog-node 1.13.1
@backstage/plugin-catalog-react 1.14.0
@backstage/plugin-catalog 1.24.0
@backstage/plugin-events-node 0.4.4
@backstage/plugin-kubernetes-backend 0.18.7
@backstage/plugin-kubernetes-common 0.8.3
@backstage/plugin-kubernetes-node 0.1.20
@backstage/plugin-kubernetes-react 0.4.4
@backstage/plugin-kubernetes 0.11.16
@backstage/plugin-org 0.6.31
@backstage/plugin-permission-backend-module-allow-all-policy 0.2.1
@backstage/plugin-permission-backend 0.5.50
@backstage/plugin-permission-common 0.8.1
@backstage/plugin-permission-node 0.8.4
@backstage/plugin-permission-react 0.4.27
@backstage/plugin-proxy-backend 0.5.7
@backstage/plugin-scaffolder-backend-module-azure 0.2.1
@backstage/plugin-scaffolder-backend-module-bitbucket-cloud 0.2.1
@backstage/plugin-scaffolder-backend-module-bitbucket-server 0.2.1
@backstage/plugin-scaffolder-backend-module-bitbucket 0.3.1
@backstage/plugin-scaffolder-backend-module-gerrit 0.2.1
@backstage/plugin-scaffolder-backend-module-gitea 0.2.1
@backstage/plugin-scaffolder-backend-module-github 0.5.1
@backstage/plugin-scaffolder-backend-module-gitlab 0.6.0
@backstage/plugin-scaffolder-backend 1.26.2
@backstage/plugin-scaffolder-common 1.5.6
@backstage/plugin-scaffolder-node 0.5.0
@backstage/plugin-scaffolder-react 1.13.2
@backstage/plugin-scaffolder 1.26.2
@backstage/plugin-search-backend-module-catalog 0.2.4
@backstage/plugin-search-backend-module-pg 0.5.37
@backstage/plugin-search-backend-module-techdocs 0.3.1
@backstage/plugin-search-backend-node 1.3.4
@backstage/plugin-search-backend 1.6.1
@backstage/plugin-search-common 1.2.14
@backstage/plugin-search-react 1.8.1
@backstage/plugin-search 1.4.18
@backstage/plugin-signals-react 0.0.6
@backstage/plugin-techdocs-backend 1.11.1
@backstage/plugin-techdocs-common 0.1.0
@backstage/plugin-techdocs-module-addons-contrib 1.1.16
@backstage/plugin-techdocs-node 1.12.12
@backstage/plugin-techdocs-react 1.2.9
@backstage/plugin-techdocs 1.11.0
@backstage/plugin-user-settings-common 0.0.1
@backstage/plugin-user-settings 0.8.14
@backstage/release-manifests 0.0.11
@backstage/test-utils 1.7.0
@backstage/theme 0.6.0
@backstage/types 1.1.1
@backstage/version-bridge 1.0.10
👀 Have you spent some time to check if this bug has been raised before?
- I checked and didn't find similar issue
🏢 Have you read the Code of Conduct?
- I have read the Code of Conduct
Are you willing to submit PR?
Yes I am willing to submit a PR!