Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🐛 Bug Report: Scaffolder action 'github:environment:create' throws 401 when reviewer is specified #27515

Open
2 tasks done
stegosaurus21 opened this issue Nov 6, 2024 · 2 comments · May be fixed by #27796
Open
2 tasks done
Labels
area:scaffolder Everything and all things related to the scaffolder project area bug Something isn't working

Comments

@stegosaurus21
Copy link

📜 Description

When running the github:environment:create Scaffolder action from @backstage/plugin-scaffolder-backend-module-github, if teams/users are present in the reviewers list, the step errors out with a 401 Unauthorized.

👍 Expected behavior

It should resolve the users/groups from the catalog and add their GitHub IDs as reviewers to the new environment.

👎 Actual Behavior with Screenshots

The step fails with the following error:

ResponseError: Request failed with 401 Unauthorized
    at Function.fromResponse (/path/to/backstage/node_modules/@backstage/errors/src/errors/ResponseError.ts:76:12)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at CatalogClient.getEntitiesByRefs (/path/to/backstage/node_modules/@backstage/catalog-client/src/CatalogClient.ts:168:13
    at Object.handler (/path/to/backstage/node_modules/@backstage/plugin-scaffolder-backend-module-github/src/actions/githubEnvironment.ts:193:33
    at NunjucksWorkflowRunner.executeStep (/path/to/backstage/node_modules/@backstage/plugin-scaffolder-backend/src/scaffolder/tasks/NunjucksWorkflowRunner.ts:367:9
    at NunjucksWorkflowRunner.execute (/path/to/backstage/node_modules/@backstage/plugin-scaffolder-backend/src/scaffolder/tasks/NunjucksWorkflowRunner.ts:499:9)

👟 Reproduction steps

  1. Bootstrap the Backstage app as per the Getting Started guide.
  2. Add and configure the GitHub catalog and scaffolder backend plugins, remove guest auth provider and configure the GitHub auth provider.
  3. Attempt to create a new repository with a protected environment using this workflow:
apiVersion: scaffolder.backstage.io/v1beta3
kind: Template
metadata:
  name: skeleton
  title: Empty Repository Template
  description: Creates a new repository with an environment
spec:
  owner: my-team
  type: service
  parameters:
    - title: Repository details
      required:
        - repoUrl
        - owner
        - description
      properties:
        repoUrl:
          title: Repository location
          type: string
          ui:field: RepoUrlPicker
          ui:options:
            allowedHosts:
              - github.com
            allowedOwners:
              - test-org
        owner:
          title: Owning team
          type: string
          enum:
            - team-a
            - team-b
        description:
          title: Repository description
          type: string
  steps:
    - id: fetch-base
      name: Fetch Base
      action: fetch:template
      input:
        url: ./content
        values:
          name: ${{ parameters.name }}

    - id: publish
      name: Publish
      action: publish:github
      input:
        allowedHosts: ['github.com']
        description: ${{ parameters.description }}
        repoUrl: ${{ parameters.repoUrl }}

    - id: add-env
      name: Add environment
      action: github:environment:create
      input:
        repoUrl: ${{ parameters.repoUrl }}
        name: Production
        reviewers:
          - group:default/${{ parameters.owner }}

📃 Provide the context for the Bug.

No response

🖥️ Your Environment

backend/src/index.ts:

import { createBackend } from '@backstage/backend-defaults';

const backend = createBackend();

backend.add(import('@backstage/plugin-app-backend/alpha'));
backend.add(import('@backstage/plugin-proxy-backend/alpha'));
backend.add(import('@backstage/plugin-scaffolder-backend/alpha'));
backend.add(import('@backstage/plugin-techdocs-backend/alpha'));

backend.add(import('@backstage/plugin-scaffolder-backend-module-github'));

// auth plugin
backend.add(import('@backstage/plugin-auth-backend'));
backend.add(import('@backstage/plugin-auth-backend-module-github-provider'));
// See https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin
// backend.add(import('@backstage/plugin-auth-backend-module-guest-provider'));
// See https://backstage.io/docs/auth/guest/provider

// catalog plugin
backend.add(import('@backstage/plugin-catalog-backend/alpha'));
backend.add(import('@backstage/plugin-catalog-backend-module-github-org'));
backend.add(
  import('@backstage/plugin-catalog-backend-module-scaffolder-entity-model'),
);

// See https://backstage.io/docs/features/software-catalog/configuration#subscribing-to-catalog-errors
backend.add(import('@backstage/plugin-catalog-backend-module-logs'));

// permission plugin
backend.add(import('@backstage/plugin-permission-backend/alpha'));
// See https://backstage.io/docs/permissions/getting-started for how to create your own permission policy
backend.add(
  import('@backstage/plugin-permission-backend-module-allow-all-policy'),
);

// search plugin
backend.add(import('@backstage/plugin-search-backend/alpha'));

// search engine
// See https://backstage.io/docs/features/search/search-engines
backend.add(import('@backstage/plugin-search-backend-module-pg/alpha'));

// search collators
backend.add(import('@backstage/plugin-search-backend-module-catalog/alpha'));
backend.add(import('@backstage/plugin-search-backend-module-techdocs/alpha'));

// kubernetes
backend.add(import('@backstage/plugin-kubernetes-backend/alpha'));

backend.start();
OS:   Linux 5.15.153.1-microsoft-standard-WSL2 - linux/x64
node: v18.20.4
yarn: 4.4.1
cli:  0.28.2 (installed)
backstage:  1.32.0

Dependencies:
  @backstage/app-defaults                                          1.5.12
  @backstage/backend-app-api                                       1.0.1
  @backstage/backend-common                                        0.25.0
  @backstage/backend-defaults                                      0.5.2
  @backstage/backend-dev-utils                                     0.1.5
  @backstage/backend-openapi-utils                                 0.2.0
  @backstage/backend-plugin-api                                    1.0.1
  @backstage/catalog-client                                        1.7.1
  @backstage/catalog-model                                         1.7.0
  @backstage/cli-common                                            0.1.14
  @backstage/cli-node                                              0.2.9
  @backstage/cli                                                   0.28.2
  @backstage/config-loader                                         1.9.1
  @backstage/config                                                1.2.0
  @backstage/core-app-api                                          1.15.1
  @backstage/core-compat-api                                       0.3.1
  @backstage/core-components                                       0.15.1
  @backstage/core-plugin-api                                       1.10.0
  @backstage/e2e-test-utils                                        0.1.1
  @backstage/errors                                                1.2.4
  @backstage/eslint-plugin                                         0.1.10
  @backstage/frontend-app-api                                      0.10.0
  @backstage/frontend-defaults                                     0.1.1
  @backstage/frontend-plugin-api                                   0.9.0
  @backstage/frontend-test-utils                                   0.2.1
  @backstage/integration-aws-node                                  0.1.12
  @backstage/integration-react                                     1.2.0
  @backstage/integration                                           1.15.1
  @backstage/plugin-api-docs                                       0.11.11
  @backstage/plugin-app-backend                                    0.3.76
  @backstage/plugin-app-node                                       0.1.26
  @backstage/plugin-app                                            0.1.1
  @backstage/plugin-auth-backend-module-atlassian-provider         0.3.1
  @backstage/plugin-auth-backend-module-auth0-provider             0.1.1
  @backstage/plugin-auth-backend-module-aws-alb-provider           0.2.1
  @backstage/plugin-auth-backend-module-azure-easyauth-provider    0.2.1
  @backstage/plugin-auth-backend-module-bitbucket-provider         0.2.1
  @backstage/plugin-auth-backend-module-bitbucket-server-provider  0.1.1
  @backstage/plugin-auth-backend-module-cloudflare-access-provider 0.3.1
  @backstage/plugin-auth-backend-module-gcp-iap-provider           0.3.1
  @backstage/plugin-auth-backend-module-github-provider            0.2.1
  @backstage/plugin-auth-backend-module-gitlab-provider            0.2.1
  @backstage/plugin-auth-backend-module-google-provider            0.2.1
  @backstage/plugin-auth-backend-module-guest-provider             0.2.1
  @backstage/plugin-auth-backend-module-microsoft-provider         0.2.1
  @backstage/plugin-auth-backend-module-oauth2-provider            0.3.1
  @backstage/plugin-auth-backend-module-oauth2-proxy-provider      0.2.1
  @backstage/plugin-auth-backend-module-oidc-provider              0.3.1
  @backstage/plugin-auth-backend-module-okta-provider              0.1.1
  @backstage/plugin-auth-backend-module-onelogin-provider          0.2.1
  @backstage/plugin-auth-backend                                   0.23.1
  @backstage/plugin-auth-node                                      0.5.3
  @backstage/plugin-auth-react                                     0.1.7
  @backstage/plugin-bitbucket-cloud-common                         0.2.24
  @backstage/plugin-catalog-backend-module-github-org              0.3.3
  @backstage/plugin-catalog-backend-module-github                  0.7.6
  @backstage/plugin-catalog-backend-module-logs                    0.1.3
  @backstage/plugin-catalog-backend-module-scaffolder-entity-model 0.2.1
  @backstage/plugin-catalog-backend                                1.27.1
  @backstage/plugin-catalog-common                                 1.1.0
  @backstage/plugin-catalog-graph                                  0.4.11
  @backstage/plugin-catalog-import                                 0.12.5
  @backstage/plugin-catalog-node                                   1.13.1
  @backstage/plugin-catalog-react                                  1.14.0
  @backstage/plugin-catalog                                        1.24.0
  @backstage/plugin-events-node                                    0.4.4
  @backstage/plugin-kubernetes-backend                             0.18.7
  @backstage/plugin-kubernetes-common                              0.8.3
  @backstage/plugin-kubernetes-node                                0.1.20
  @backstage/plugin-kubernetes-react                               0.4.4
  @backstage/plugin-kubernetes                                     0.11.16
  @backstage/plugin-org                                            0.6.31
  @backstage/plugin-permission-backend-module-allow-all-policy     0.2.1
  @backstage/plugin-permission-backend                             0.5.50
  @backstage/plugin-permission-common                              0.8.1
  @backstage/plugin-permission-node                                0.8.4
  @backstage/plugin-permission-react                               0.4.27
  @backstage/plugin-proxy-backend                                  0.5.7
  @backstage/plugin-scaffolder-backend-module-azure                0.2.1
  @backstage/plugin-scaffolder-backend-module-bitbucket-cloud      0.2.1
  @backstage/plugin-scaffolder-backend-module-bitbucket-server     0.2.1
  @backstage/plugin-scaffolder-backend-module-bitbucket            0.3.1
  @backstage/plugin-scaffolder-backend-module-gerrit               0.2.1
  @backstage/plugin-scaffolder-backend-module-gitea                0.2.1
  @backstage/plugin-scaffolder-backend-module-github               0.5.1
  @backstage/plugin-scaffolder-backend-module-gitlab               0.6.0
  @backstage/plugin-scaffolder-backend                             1.26.2
  @backstage/plugin-scaffolder-common                              1.5.6
  @backstage/plugin-scaffolder-node                                0.5.0
  @backstage/plugin-scaffolder-react                               1.13.2
  @backstage/plugin-scaffolder                                     1.26.2
  @backstage/plugin-search-backend-module-catalog                  0.2.4
  @backstage/plugin-search-backend-module-pg                       0.5.37
  @backstage/plugin-search-backend-module-techdocs                 0.3.1
  @backstage/plugin-search-backend-node                            1.3.4
  @backstage/plugin-search-backend                                 1.6.1
  @backstage/plugin-search-common                                  1.2.14
  @backstage/plugin-search-react                                   1.8.1
  @backstage/plugin-search                                         1.4.18
  @backstage/plugin-signals-react                                  0.0.6
  @backstage/plugin-techdocs-backend                               1.11.1
  @backstage/plugin-techdocs-common                                0.1.0
  @backstage/plugin-techdocs-module-addons-contrib                 1.1.16
  @backstage/plugin-techdocs-node                                  1.12.12
  @backstage/plugin-techdocs-react                                 1.2.9
  @backstage/plugin-techdocs                                       1.11.0
  @backstage/plugin-user-settings-common                           0.0.1
  @backstage/plugin-user-settings                                  0.8.14
  @backstage/release-manifests                                     0.0.11
  @backstage/test-utils                                            1.7.0
  @backstage/theme                                                 0.6.0
  @backstage/types                                                 1.1.1
  @backstage/version-bridge                                        1.0.10

👀 Have you spent some time to check if this bug has been raised before?

  • I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

Are you willing to submit PR?

Yes I am willing to submit a PR!

@stegosaurus21 stegosaurus21 added the bug Something isn't working label Nov 6, 2024
@github-actions github-actions bot added the area:scaffolder Everything and all things related to the scaffolder project area label Nov 6, 2024
@benjdlambert
Copy link
Member

Hey 👋

Thanks for raising this! I'm not sure that the action supports an entityRef as the input value here, it might be that you need to pass in a github slug for username or group here. That said, I have seen the entityRef pattern used in other places, so we should add support there for pulling the github slug from the entity in the Catalog if the input smells like an entityRef.

Have you tried using the github username or teamname directly to see if that works?

@stegosaurus21
Copy link
Author

Yep, I tried that first (and again just now to check) but didn't have much success. If the backend.auth.dangerouslyDisableDefaultAuthPolicy config is set to true, then the action works fine with an entityRef, so I believe that should be correct.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area:scaffolder Everything and all things related to the scaffolder project area bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants