@veecode-platform/backstage-plugin-github-workflows-backend
Advanced tools
This backend plugin provides secure GitHub workflows API endpoints for Backstage, moving GitHub API interactions from the frontend to the backend for better security, CORS handling, and potential caching.
This backend plugin provides secure GitHub workflows API endpoints for Backstage, moving GitHub API interactions from the frontend to the backend for better security, CORS handling, and potential caching.
💡 Frontend Plugin: This backend plugin is required by the GitHub Workflows frontend plugin. Install both plugins to enable GitHub workflow management in Backstage.
/gh-workflowsThis plugin supports both static linking (traditional Backstage) and dynamic plugin loading (VeeCode DevPortal and Red Hat Developer Hub).
Install the backend plugin package:
# From your root directory
yarn --cwd packages/backend add @veecode-platform/backstage-plugin-github-workflows-backend
Then add the plugin to your backend in packages/backend/src/index.ts:
const backend = createBackend();
// ...
backend.add(import('@veecode-platform/backstage-plugin-github-workflows-backend'));
Dynamic plugin installation is available for both VeeCode DevPortal and Red Hat Developer Hub (RHDH).
The plugin is bundled in the file system and ready to use. Enable it in dynamic-plugins.yaml:
plugins:
- package: ./dynamic-plugins/dist/veecode-platform-backstage-plugin-github-workflows-backend-dynamic
disabled: false
RHDH can download the plugin at runtime using NPM. Add it to dynamic-plugins.yaml:
plugins:
- package: '@veecode-platform/backstage-plugin-github-workflows-backend-dynamic@^1.0.0'
disabled: false
integrity: sha512-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
💡 Tip: Check the npm registry for the latest version and integrity hash.
The following configuration applies to all installation methods and must be added to your app-config.yaml:
GitHub Apps are preferred over personal access tokens for better security and permissions. The plugin uses Backstage's standard ScmIntegrations which automatically handles GitHub App authentication.
integrations:
github:
- host: github.com
apps:
- appId: ${GITHUB_APP_ID}
clientId: ${GITHUB_CLIENT_ID}
clientSecret: ${GITHUB_CLIENT_SECRET}
privateKey: |
${GITHUB_PRIVATE_KEY}
# Optional fallback token if GitHub App auth fails
# token: ${GITHUB_TOKEN}
Required Environment Variables:
GITHUB_APP_ID - Your GitHub App IDGITHUB_CLIENT_ID - Your GitHub App Client IDGITHUB_CLIENT_SECRET - Your GitHub App Client SecretGITHUB_PRIVATE_KEY - Your GitHub App Private Key (PEM format, with newlines)For GitHub Enterprise:
integrations:
github:
- host: github.yourcompany.com
apps:
- appId: ${GITHUB_APP_ID}
clientId: ${GITHUB_CLIENT_ID}
clientSecret: ${GITHUB_CLIENT_SECRET}
privateKey: |
${GITHUB_PRIVATE_KEY}
apiBaseUrl: https://github.yourcompany.com/api/v3
Required Permissions:
This GitHub App must have the following permissions on repos:
How to verify GitHub App authentication:
When the plugin starts, you'll see log messages indicating which authentication method is being used:
info: GitHub integration using GitHub App installation token for github.com/owner/repo
If you don't have a GitHub App, you can use a personal access token:
integrations:
github:
- host: github.com
token: ${GITHUB_TOKEN}
Required Permissions:
repo - Full control of private repositoriesworkflow - Update GitHub Action workflowsNote: The plugin will automatically try GitHub App authentication first, then fall back to the token if the app fails or isn't configured.
This plugin backend can be started in a standalone mode from directly in this
package with yarn start. It is a limited setup that is most convenient when
developing the plugin backend itself.
When running the backend in isolation with yarn start, you can test the endpoints directly with curl. The dev setup uses mock authentication, so no auth headers are required.
Set your environment variables:
export GITHUB_TOKEN=your_github_token_here
export REPO_SLUG=veecode-platform/devportal-base # e.g., octocat/Hello-World
Then test the endpoints:
# List workflows
curl "http://localhost:7007/api/github-workflow-backend/workflows?hostname=github.com&githubRepoSlug=${REPO_SLUG}&branch=main"
# List branches
curl "http://localhost:7007/api/github-workflow-backend/branches?hostname=github.com&githubRepoSlug=${REPO_SLUG}"
# Get default branch
curl "http://localhost:7007/api/github-workflow-backend/default-branch?hostname=github.com&githubRepoSlug=${REPO_SLUG}"
# List environments
curl "http://localhost:7007/api/github-workflow-backend/environments?hostname=github.com&githubRepoSlug=${REPO_SLUG}"
# Start a workflow (replace workflowId with actual workflow ID)
curl -X POST "http://localhost:7007/api/github-workflow-backend/start" \
-H "Content-Type: application/json" \
-d "{
\"hostname\": \"github.com\",
\"githubRepoSlug\": \"${REPO_SLUG}\",
\"workflowId\": 12345,
\"branch\": \"main\",
\"inputs\": {}
}"
# Get workflow run details (replace 123456 with actual run ID)
curl "http://localhost:7007/api/github-workflow-backend/run/123456?hostname=github.com&githubRepoSlug=${REPO_SLUG}"
# List jobs for a workflow run (replace 123456 with actual run ID)
curl "http://localhost:7007/api/github-workflow-backend/jobs?hostname=github.com&githubRepoSlug=${REPO_SLUG}&id=123456"
# Download job logs (replace 987654 with actual job ID)
curl "http://localhost:7007/api/github-workflow-backend/logs/987654?hostname=github.com&githubRepoSlug=${REPO_SLUG}"
# Stop a workflow run (replace 123456 with actual run ID)
curl -X POST "http://localhost:7007/api/github-workflow-backend/stop" \
-H "Content-Type: application/json" \
-d "{
\"hostname\": \"github.com\",
\"githubRepoSlug\": \"${REPO_SLUG}\",
\"runId\": 123456
}"
The plugin exposes the following endpoints under /api/github-workflow-backend:
GET /workflows - List workflows for a repositoryGET /branches - List repository branchesGET /default-branch - Get the default branchPOST /start - Start a workflow runPOST /stop - Stop a workflow runGET /jobs - List jobs for a workflow runGET /run/:id - Get workflow run detailsGET /logs/:jobId - Download job logsGET /environments - List repository environmentsIf you want to run the entire project, including the frontend, run yarn start from the root directory.
This backend plugin is a critical component of the GitHub Workflows integration:
packages/backend/src/index.tsdynamic-plugins.yamldynamic-plugins.yamlapp-config.yamlFAQs
This backend plugin provides secure GitHub workflows API endpoints for Backstage, moving GitHub API interactions from the frontend to the backend for better security, CORS handling, and potential caching.
The npm package @veecode-platform/backstage-plugin-github-workflows-backend receives a total of 15 weekly downloads. As such, @veecode-platform/backstage-plugin-github-workflows-backend popularity was classified as not popular.
We found that @veecode-platform/backstage-plugin-github-workflows-backend demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports PHP with full Composer and Packagist integration, enabling developers to search packages, generate SBOMs, and protect their PHP dependencies from supply chain threats.
Security News
An AI agent is merging PRs into major OSS projects and cold-emailing maintainers to drum up more work.
Research
/Security News
Chrome extension CL Suite by @CLMasters neutralizes 2FA for Facebook and Meta Business accounts while exfiltrating Business Manager contact and analytics data.