Commit Graph

264 Commits

Author SHA1 Message Date
github-actions[bot] 4a93128245 Version Packages 2021-06-10 12:18:06 +00:00
github-actions[bot] fa92d70fba Version Packages 2021-06-03 13:23:54 +02:00
Patrik Oldsberg dae35dc48f Merge pull request from GHSA-pwhf-39xg-4rxw
Fix Advisory 1
2021-06-03 10:09:06 +02:00
Oliver Sand 0905947550 Support parsing mkdocs.yml files that are using custom yaml tags (#5860)
Signed-off-by: Oliver Sand <oliver.sand@sda-se.com>
2021-06-01 10:29:49 +02:00
Eric Peterson 33f6e98685 More explicit tests, and tidier helper.
Signed-off-by: Eric Peterson <ericpeterson@spotify.com>
2021-05-31 17:51:33 +02:00
Eric Peterson 104d2d44ee Account for SVG/XML files too.
Signed-off-by: Eric Peterson <ericpeterson@spotify.com>
2021-05-28 17:40:52 +02:00
Eric Peterson 58ba10677a Enforce plain text header for html files
Signed-off-by: Eric Peterson <ericpeterson@spotify.com>
2021-05-28 14:13:30 +02:00
Eric Peterson dc6cf3b14f Test for sanitization bypass
Signed-off-by: Eric Peterson <ericpeterson@spotify.com>
2021-05-28 14:06:44 +02:00
Eric Peterson f2b339a30c Fix existing GCS tests to match others.
Signed-off-by: Eric Peterson <ericpeterson@spotify.com>
2021-05-28 14:02:15 +02:00
github-actions[bot] b5a0d1c5d7 Version Packages 2021-05-27 10:23:15 +00:00
Patrik Oldsberg 4aab5cb0d0 Merge pull request #5748 from RoadieHQ/docs_dir_vuln
Add validation to prevent docs_dir from being an absolute path
2021-05-27 11:39:55 +02:00
Jussi Hallila 8cefadca04 Add validation to prevent docs_dir from being an absolute path
* Adds a new validation function to helpers to prevent generation when mkdocs.yml is not present or is invalid
* Handles vulnerability where docs_dir can be put in as an absolute path which copies and exposes the files from that absolute path in the file system

Signed-off-by: Jussi Hallila <jussi@hallila.com>
2021-05-27 11:21:47 +02:00
github-actions[bot] 18285453eb Version Packages 2021-05-20 11:48:46 +00:00
jrusso1020 65e6c45410 Remove circular dependencies
In reference to issue #5563 this does the initial work to remove
all the circular dependencies that we have encountered while
building backstage using bazel. The next step will be to implement
a method to catch these circular dependencies before they get
merged in

Signed-off-by: jrusso1020 <jrusso@brex.com>
2021-05-15 11:17:05 -06:00
github-actions[bot] df31bdca8f Version Packages 2021-05-12 09:39:51 +00:00
Eric Peterson 0c491a1c5e Clean up tests and imports
Signed-off-by: Eric Peterson <ericpeterson@spotify.com>
2021-05-10 11:25:11 +02:00
Eric Peterson 4042b6e140 Decode req.path before loading object from OpenStack Swift
Signed-off-by: Eric Peterson <ericpeterson@spotify.com>
2021-05-09 15:20:08 +02:00
Eric Peterson 9570335f24 Decode req.path before loading object from Azure
Signed-off-by: Eric Peterson <ericpeterson@spotify.com>
2021-05-09 15:20:08 +02:00
Eric Peterson 3ebfa8f189 Decode req.path before loading object from S3 bucket.
Signed-off-by: Eric Peterson <ericpeterson@spotify.com>
2021-05-09 15:20:08 +02:00
Eric Peterson 4916a6e23d Decode req.path before loading object from GCS
Signed-off-by: Eric Peterson <ericpeterson@spotify.com>
2021-05-09 15:20:08 +02:00
github-actions[bot] d397eb470f Version Packages 2021-05-06 08:25:18 +00:00
Dominik Henneke 1d7a40101a Update the API reports of backend-common and techdocs-common
Signed-off-by: Dominik Henneke <dominik.henneke@sda-se.com>
2021-05-03 16:33:05 +02:00
Dominik Henneke e0bfd3d448 Refactor the runDockerContainer function to a ContainerRunner interface.
Signed-off-by: Dominik Henneke <dominik.henneke@sda-se.com>
2021-05-03 14:16:28 +02:00
Anders Näsman 55d84d7ce4 Merge pull request #5523 from RoadieHQ/tech-docs-s3-like-services
Tech docs with s3-like services
2021-04-30 11:48:55 +02:00
github-actions[bot] 44abfaada6 Version Packages 2021-04-29 13:35:03 +02:00
Fredrik Adelöw 4b1ce5edb0 fix master lint errors
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2021-04-29 12:19:57 +02:00
Jussi Hallila e9e56b01ac Add possibility to use path style discovery on S3 tech docs. Enables the possibility to support S3-like buckets that rely on path style API like Localstack.
Signed-off-by: Jussi Hallila <jussi@hallila.com>
2021-04-29 10:54:42 +02:00
Patrik Oldsberg 9d3fb9a30a scripts/api-extractor: sync API definitions
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2021-04-26 20:51:12 +02:00
Patrik Oldsberg 658de01647 scripts/api-extractor: disable all inline warnings
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2021-04-26 20:42:37 +02:00
Patrik Oldsberg 0eda63fe9d scripts/api-extractor: disable inline compilation warnings
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2021-04-26 20:42:36 +02:00
Patrik Oldsberg a904d8ba5e packages: add api-reports for all included packages
Co-authored-by: Gustaf Räntilä <g.rantila@gmail.com>
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2021-04-26 20:42:35 +02:00
Taras f940c38378 Prevent uncaught exception in download of Techdocs Azure Blob Storage publisher
Signed-off-by: Taras <tarasm@gmail.com>
2021-04-24 11:24:08 -04:00
github-actions[bot] 70be53c939 Version Packages 2021-04-15 15:40:08 +02:00
Dominik Henneke d541d9fd07 Include review comments
Signed-off-by: Dominik Henneke <dominik.henneke@sda-se.com>
2021-04-12 18:50:15 +02:00
Dominik Henneke bc9d62f4f7 Create a new method to check the configuration of a techdocs publisher to not crash the application on errors
Signed-off-by: Dominik Henneke <dominik.henneke@sda-se.com>
2021-04-12 18:50:14 +02:00
github-actions[bot] 718eea4f08 Version Packages 2021-03-18 12:31:44 +00:00
Fredrik Adelöw e589d1ecca Merge pull request #4939 from backstage/dependabot/npm_and_yarn/types/js-yaml-4.0.0
chore(deps-dev): bump @types/js-yaml from 3.12.5 to 4.0.0
2021-03-15 12:55:44 +01:00
Himanshu Mishra 2dd8cef6fc docs/techdocs: Add doc string about etag in Metadata type
Signed-off-by: Himanshu Mishra <himanshu@orkohunter.net>
2021-03-12 11:34:39 +01:00
Himanshu Mishra a6067fe42d techdocs: Add missing await when checking for existing docs
Signed-off-by: Himanshu Mishra <himanshu@orkohunter.net>
2021-03-12 11:23:35 +01:00
dependabot[bot] f7504fd789 chore(deps-dev): bump @types/js-yaml from 3.12.5 to 4.0.0
Bumps [@types/js-yaml](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/js-yaml) from 3.12.5 to 4.0.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/js-yaml)

Signed-off-by: dependabot[bot] <support@github.com>
2021-03-12 04:20:02 +00:00
Himanshu Mishra df905636ff techdocs: Missing type updates in tests
Signed-off-by: Himanshu Mishra <himanshu@orkohunter.net>
2021-03-12 01:29:04 +01:00
Himanshu Mishra 5190e8d80a techdocs: Add etag as techdocs metadata type
Signed-off-by: Himanshu Mishra <himanshu@orkohunter.net>
2021-03-12 00:58:41 +01:00
Fredrik Adelöw 8686eb38cf Introduce the @backstage/errors package.
Encode thrown errors in the backend as a JSON payload using a facility in that package, and render helpful frontend displays of those errors.

Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2021-03-11 14:31:21 +01:00
github-actions[bot] 0e120c5c66 Version Packages
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2021-03-11 13:45:44 +01:00
Fredrik Adelöw 702b837b8b Remove all dot-folder imports everywhere
We aren't supposed to import from '.' or '../..' etc; point to the actual node being imported instead. I did allow e.g. '../../bigfolder' however. Going all the way to the individual file could be done too, but is a matter of taste perhaps.

Also ran Organize Imports on all the touched files :)

No changeset since there are no functional changes at all - only the imports changed

Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2021-03-10 13:43:59 +01:00
Ben Lambert 8416da9ed4 Merge pull request #4881 from lowjoel/fix-aws-credentials-order
Implement proper AWS Credentials precedence
2021-03-10 08:37:33 +01:00
Himanshu Mishra 38a8734d89 Merge pull request #4744 from backstage/orkohunter/move-runDockerContainer 2021-03-09 10:47:26 +01:00
Joel Low 2ef5bc7ea1 Implement proper AWS Credentials precedence
This properly configures the precedence for explicit assume-role ARNs,
explicit AWS credentials (via access keys), and the default fallback for
the AWS SDK.

The general precedence of using:
 1. explicitly provided credentials
 2. AWS SDK config (AWS.config.credentials)
 3. AWS SDK credentials provider chain (AWS.config.credentialProviders)

has been respected. This removes the need to explicitly configure
`AWS.config.credentials` in Backstage installations also.

Signed-off-by: Joel Low <joel@joelsplace.sg>
2021-03-09 16:53:15 +08:00
Himanshu Mishra 3f2a0efe01 backend-common: Use Record<string, string> for envVars in runDockerContainer
Signed-off-by: Himanshu Mishra <himanshu@orkohunter.net>
2021-03-08 14:00:17 +01:00
r.bideau ca4a904f6b Add techdocs.publisher.awsS3.endpoint config option
Signed-off-by: r.bideau <7304827+rbideau@users.noreply.github.com>
2021-03-08 13:56:32 +01:00