Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@harnessio/backstage-plugin-ci-cd
Advanced tools
Website: https://harness.io/
Welcome to the Harness NextGen CI/CD plugin for Backstage!
We have video tutorial for the plugin.
yarn add --cwd packages/app @harnessio/backstage-plugin-ci-cd
yarn install
If you are looking to get started with Backstage, check out backstage.io/docs.
For testing purposes, you can also clone this repository to try out the plugin. It contains an example Backstage app setup which is pre-installed with Harness plugins. However, you must create a new Backstage app if you are looking to get started with Backstage.
app-config.yaml
under the proxy
config. Add your Harness Personal Access Token or Service Account Token for x-api-key
. See the Harness docs for generating an API Key.# In app-config.yaml
proxy:
# ... existing proxy settings
'/harness/prod':
target: 'https://app.harness.io/'
headers:
'x-api-key': '<YOUR PAT/SAT>'
# ...
Notes:
Plugin uses token configured here to make Harness API calls. Make sure the user creating this API token has necessary permissions, which include project view
permission along with pipeline view
and execute
permissions and same applies for service accounts as well it must have a role assigned that has the roles with adequate permissions as described before.
Set the value of target to your on-prem URL if you are using the Harness on-prem offering
EntityPage.tsx
, update the cicdContent
component to render <EntityHarnessCiCdContent />
whenever the service is using Harness CI/CD. Something like this -// In packages/app/src/components/catalog/EntityPage.tsx
import {
isHarnessCiCdAvailable,
EntityHarnessCiCdContent,
} from '@harnessio/backstage-plugin-ci-cd';
const cicdContent = (
// ...
<EntitySwitch.Case if={isHarnessCiCdAvailable}>
<EntityHarnessCiCdContent />
</EntitySwitch.Case>
// ...
);
Note: If you have separate providers for CI and CD apart from Harness, you need to add a new tab for Harness CI/CD plugin like below instead of replacing your existing CI/CD tab mentioned above.
// In packages/app/src/components/catalog/EntityPage.tsx
import {
isHarnessCiCdAvailable,
EntityHarnessCiCdContent,
} from '@harnessio/backstage-plugin-ci-cd';
const serviceEntityPage = (
// ...
<EntityLayout.Route
path="/harness-ci-cd"
title="Harness CI/CD"
if={isHarnessCiCdAvailable}
>
<EntityHarnessCiCdContent />
</EntityLayout.Route>
// ...
);
catalog-info.yaml
file.Here is an example: catalog-info-new.yaml
apiVersion: backstage.io/v1alpha1
kind: Component
metadata:
# ...
annotations:
# optional annotation
harness.io/pipelines: |
labelA: <harness_pipeline_url>
labelB: <harness_pipeline_url>
# here labelA / labelB denotes the value you will see in dropdown in execution list. Refer screentshot 1
# optional annotation
harness.io/services: |
labelA: <harness_service_url>
labelB: <harness_service_url>
spec:
type: service
# ...
Here is an example: https://github.com/harness/backstage-plugins/blob/main/examples/catalog-harness-cicd.yaml
apiVersion: backstage.io/v1alpha1
kind: Component
metadata:
# ...
annotations:
# mandatory annotation
harness.io/project-url: <harness_project_url>
# optional annotations
# harness.io/ci-pipelineIds: <pipelineId1,pipelineId2,pipelineId3 etc>
# harness.io/cd-serviceId: <serviceId>
spec:
type: service
# ...
Note: If new annotation is present then old annotation will be ignored for that particular catalog.
Note: Refer to this page on how to get these values from your Harness account.
By default, the plugin will take all the pipelines inside the configured Harness project and show their executions. However, if your service has quiet a few pipelines, you can additionally configure the pipelines as well as associated services to show those specific execution details for the display.
If you have a separate Harness hosted URL other than https://app.harness.io
, you can configure baseUrl
for harness
in app-config.yaml
This step is optional. The default value of harness.baseUrl
is https://app.harness.io/
# In app-config.yaml
harness:
baseUrl: https://app.harness.io/
By default, Backstage users will be able to re-run pipelines from the plugin. However, if your Backstage app doesn't have a good RBAC policy, users can technically re-run pipelines for any service. Due to this, we have a way to disable the re-run pipeline feature. You can do this by configuring harness.disableRunPipeline
.
# app-config.yaml
harness:
# (Optional) Change it true to remove "Run Pipeline" option on the pipeline executions table
disableRunPipeline: false
Checkout the next milestone for the CI/CD plugin to learn about the planned features. If you have some ideas and want to give feedback, feel free to create a new GitHub issue and suggest a feature request.
FAQs
Website: [https://harness.io/](https://harness.io/)
The npm package @harnessio/backstage-plugin-ci-cd receives a total of 540 weekly downloads. As such, @harnessio/backstage-plugin-ci-cd popularity was classified as not popular.
We found that @harnessio/backstage-plugin-ci-cd demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.