search

backstage / community-plugins

Community plugins for Backstage
Apache License 2.0
162 stars 199 forks source link

🙏 Help wanted: Deprecate old backend plugins #1176

Open jhaals opened 2 months ago

jhaals commented 2 months ago

TL;DR make sure that createRouter and other exports are marked as deprecated. For the majority of packages there should only be one default export of the backend plugin itself. The @backstage/backend-common package is deprecated so usages of that package should also be avoided.

Backstage’s new backend system is ready for general use; we are now asking for a full transition over to the new backend system, which involves stop supporting the old system. By old system we mean having exports of createRouter and related types. There should only need to be one export like this in the backend plugin’s index.ts file.

How do I help?

Run yarn community-cli lint legacy-backend-exports workspaces/<workspace> in the repository to get a full report of packages that require action.

Phase 1

Ensure that plugins contain a default export

Ensure that there is a default export of the backend plugin in index.ts, see this example.

If the plugin previously had a default export in plugins/<plugin-id>/src/alpha.ts, make sure that that export is deprecated and that the default export is moved to the non-alpha index.ts instead.

Deprecate createRouter, RouterOptions and similar types.

Here’s an example of a plugin’s createRouter being deprecated.

/**
+ * @deprecated Please migrate to the new backend system as this will be removed in the future.
 * @public
 * */
export async function createRouter(
  options: RouterOptions,
): Promise<express.Router> {

Phase 2

Remove deprecated exports

Ensure that deprecations have been out for at one mainline release before proceeding with removal of all deprecated exports. Removing exports from one release to another is not recommended

The complete migration story for a backend plugin (including deprecation) is also mentioned in our docs.

If you take on migrating a backend plugin, feel free to add a comment in this issue to avoid duplicate work.

We plan to have all createRouter exports and @backstage/backend-common usages removed by the end of this year. Your help would be much appreciated!

awanlin commented 2 months ago

This is a pretty good list of the backend plugins to start from: https://github.com/backstage/community-plugins/blob/main/docs/compatibility/new-backend-system.md

awanlin commented 2 months ago

I've started the work for Azure DevOps and Linguist:

knowacki23 commented 5 days ago

I believe that getting rid of @backstage/backend-common package usages would also reduce occurrences of Vulnerability (CVE-2024-21534)

There is a vulnerability with severity 9.3 in jsonpath-plus <= 10.0.7. See https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884

@backstage/backend-common package is using @kubernetes/client-node package which is using vulnerable jsonpath-plus@npm:7.2.0