feat(install-dynamic-plugins): add @red-hat-developer-hub/cli-module-install-dynamic-plugins#3246
Merged
gustavolira merged 9 commits intoJun 5, 2026
Conversation
Migrates scripts/install-dynamic-plugins/ from redhat-developer/rhdh#4574 into this repo as @red-hat-developer-hub/install-dynamic-plugins so it can be published to npm and consumed by the RHDH init-container without curl-by-SHA. Runtime contract (CLI args, env vars, plugin-hash format, on-disk layout, tar/OCI security guards) preserved verbatim. Build remains a single self-contained .cjs via esbuild. Tests migrated from vitest to jest to align with the repo's backstage-cli pipeline (14 suites / 166 tests pass). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
|
This pull request adds a new top-level directory under |
|
Important This PR includes changes that affect public-facing API. Please ensure you are adding/updating documentation for new features or behavior. Changed Packages
|
Code Review by Qodo
1.
|
Review Summary by QodoAdd @red-hat-developer-hub/install-dynamic-plugins workspace with TypeScript/Node.js port
WalkthroughsDescription• Imports scripts/install-dynamic-plugins/ from redhat-developer/rhdh as a new workspace package @red-hat-developer-hub/install-dynamic-plugins for npm publication • Implements TypeScript/Node.js port of the original Python init-container CLI with byte-compatible behavior • Core functionality: materializes plugins on disk from dynamic-plugins.yaml config, supporting OCI (via skopeo) and NPM sources • Preserves runtime contract unchanged — same CLI surface, environment variables, and plugin hash values for in-place upgrades • Implements comprehensive security guards: path-traversal rejection, zip-bomb detection, link-target containment, and allowed-type whitelisting in tar-extract.ts and catalog-index.ts • Migrated test suite from vitest to jest with 14 test suites and 166 passing tests • Configured single bundled .cjs via esbuild for init-container image compatibility • Nested workspace layout (workspaces/install-dynamic-plugins/packages/install-dynamic-plugins/) matches monorepo structure and release pipeline • Implements concurrency control with semaphore-based worker management for OCI and NPM installations • Includes OCI image caching, manifest handling, pull policy support (IfNotPresent/Always), and registry fallback logic • Provides SRI integrity verification for NPM packages with streaming hash computation • Implements lock file management with signal cleanup to prevent concurrent installs Diagramflowchart LR
A["Python init-container<br/>install-dynamic-plugins.py"] -->|"Port to TypeScript/Node.js"| B["@red-hat-developer-hub/<br/>install-dynamic-plugins"]
B --> C["CLI orchestration<br/>index.ts"]
C --> D["Config merging<br/>merger.ts"]
C --> E["OCI installation<br/>installer-oci.ts"]
C --> F["NPM installation<br/>installer-npm.ts"]
E --> G["Image caching<br/>image-cache.ts"]
E --> H["Skopeo wrapper<br/>skopeo.ts"]
F --> I["Integrity verification<br/>integrity.ts"]
E --> J["Secure extraction<br/>tar-extract.ts"]
F --> J
C --> K["Catalog index<br/>catalog-index.ts"]
K --> H
C --> L["Lock management<br/>lock-file.ts"]
C --> M["Finalization<br/>finalize-install.ts"]
B -->|"Published to npm"| N["RHDH init-container<br/>consumes via npm install"]
File Changes1. workspaces/install-dynamic-plugins/packages/install-dynamic-plugins/src/index.ts
|
- Add bin/install-dynamic-plugins shim and have package.json bin point at it (matches the convention used by extensions-cli, translations-cli, and rhdh-repo-tools). Split src/cli.ts as the esbuild entry so the bundle no longer needs the require.main guard or a shebang banner. - Stop committing dist/install-dynamic-plugins.cjs; the release pipeline rebuilds via the customBuild path, and a new prepack script makes yarn npm publish self-healing for local runs. - Drop the .js suffix from relative imports across src/ so the package matches the rest of the repo and the jest moduleNameMapper workaround is no longer needed. - Consolidate the tsconfigs: the inner package extends the workspace tsconfig and only declares what differs. - Add why-it's-intentional comments to the two eslint-disable lines (PullPolicy const+type pair, tar.x filter inside a sequential loop). - README now leads with the npm/npx usage path; the RHDH init-container section is below. tar/yaml stay in dependencies (not devDependencies as the review suggested) — @backstage/no-undeclared-imports flagged the source imports, and the repo convention treats bundling as opaque. 166/166 tests pass, tsc/lint/prettier clean, bin shim and bundle both exit 0 on the empty-config smoke run. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The CI step "check api reports and generate API reference" runs
`backstage-repo-tools api-reports --ci` before the build, and that tool
requires the bin file to introspect the CLI. The previous shim did a
plain `require('../dist/install-dynamic-plugins.cjs')`, which failed
under CI because dist/ is no longer committed and the build hasn't run
yet.
- Switch the bin shim to the local-vs-installed pattern used by every
other CLI in the repo (extensions-cli, translations-cli,
rhdh-repo-tools): when `src/` exists (monorepo), load TS directly via
`@backstage/cli/config/nodeTransform`; otherwise require the built
bundle (npm-installed scenario).
- Add `--help` / `-h` handling to main() so the api-reports tool can
introspect the CLI usage without creating a stray `--help/` directory.
- Commit the generated `cli-report.md`.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #3246 +/- ##
==========================================
+ Coverage 53.23% 53.28% +0.04%
==========================================
Files 2413 2435 +22
Lines 86358 87617 +1259
Branches 23897 24197 +300
==========================================
+ Hits 45975 46683 +708
- Misses 40049 40600 +551
Partials 334 334
*This pull request uses carry forward flags. Click here to find out more. Continue to review full report in Codecov by Harness.
🚀 New features to boost your workflow:
|
- Use String.raw for strings containing backslash literals so the source
reads with one '\' instead of '\\\\' (catalog-index.ts log message,
extra-catalog-index.test.ts subdirectory fixtures, skopeo.test.ts shell
escape).
- Switch the OCI regex builder to a joined string array — eliminates the
nested template literals SonarCloud was flagging on oci-key.ts (and
reads much better).
- Object.prototype.hasOwnProperty.call -> Object.hasOwn in
merger.test.ts (ES2022, available since Node 16.9).
- String#replace(/'/g, ...) -> String#replaceAll("'", ...) in
skopeo.test.ts (ES2021).
- Hoist test helpers (stageLayer, fakeImageCache) out of their describe
blocks so they aren't re-defined on every test.
- Drop the redundant parseMaxEntrySize(undefined) call in types.test.ts —
the parameter already defaults to process.env.MAX_ENTRY_SIZE.
166/166 tests still pass.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Switches the hand-rolled `process.argv` + USAGE-string handling in main() to `cleye` — the same parser every `@backstage/cli-module-*` package uses (already in our transitive deps). Aligns with the Backstage CLI convention requested during PR review. Existing surface preserved: - positional `<dynamic-plugins-root>` (required, exit 1 if absent) - `--help` / `-h` prints usage and exits 0 - normal run still exits with the installer's status code Bundle grew from 226 kB -> 267 kB (cleye + type-flag minified). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
4 tasks
…keeping the bundled bin Aligns with the @backstage/cli-module-* convention without losing the self-contained bundled artifact: - Rename to @red-hat-developer-hub/cli-module-install-dynamic-plugins, backstage.role: cli-module. - src/installer.ts holds the install pipeline and main() (formerly src/index.ts). - New src/index.ts default-exports `createCliModule(...)` registering an `install` command whose loader is src/command.ts. Exposes the package through backstage-cli discovery — `backstage-cli install <dir>` works when the package is a dependency. - src/cli.ts (the esbuild entry) keeps invoking installer.main() directly, so the bundled .cjs stays self-contained: no @backstage/cli-node and no keytar gymnastics in the bin path. - Build is dual now — `backstage-cli package build && node esbuild.config.mjs`. backstage-cli emits dist/index.cjs.js (the cli-module export) and the unbundled supporting modules; esbuild emits dist/install-dynamic-plugins.cjs (the standalone bin). Both are published. - bin shim's installed branch now requires the bundled .cjs explicitly rather than going through `main` — that keeps direct/npx/init-container invocations at ~60 ms cold start instead of paying the cli-module dispatch cost. - main() now takes optional `args` and `programName` so the cli-module loader can pass the command's argv slice and have `--help` print the real invocation (`install-dynamic-plugins install …`). - @backstage/cli-node added as a runtime dependency. It is only loaded by the cli-module discovery path; the bundled bin never imports it. 166/166 tests pass; tsc/lint/prettier/api-reports clean. Bundle size unchanged at ~267 KB. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
gustavolira
changed the title
…nbundled cli-module Replaces the dual build (esbuild bundle + backstage-cli) with plain `backstage-cli package build` — the standard Backstage cli-module pattern. The bundle and the keytar gymnastics only existed to satisfy RHDH's init-container `COPY` of a single self-contained `.cjs`; that consumption model is moving to `npm install` (redhat-developer/rhdh#4908), so the single-file requirement is going away. What's left in the package: - `src/installer.ts`: install pipeline + `main(args, programName)`. - `src/index.ts`: `createCliModule(...)` default export, registers the `install` command. Discovered by `backstage-cli` when this package is a dependency of a host project. - `src/command.ts`: thin loader that calls `installer.main`. - `bin/install-dynamic-plugins`: fast-path shim that loads `dist/installer.cjs.js` directly and runs `main(process.argv.slice(2))`, bypassing `@backstage/cli-node`'s `runCliModule` dispatch — saves ~80 ms of cold start for direct/`npx`/init-container invocations. The cli-module discovery path still goes through `runCliModule` and pays the dispatch cost where it belongs. Removed: - `esbuild.config.mjs` (the custom bundle config) - `src/cli.ts` (the esbuild entry) - `dist/install-dynamic-plugins.cjs` from `files` (no longer produced) - `esbuild` devDependency 166/166 tests pass; tsc/lint/prettier/api-reports clean. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…undle The README and the createCliModule docstring still referenced the self-contained bundle that the package no longer ships: - `npm run build` description and committed-bundle CI-check section. - `node install-dynamic-plugins.cjs "$1"` wrapper line in "How RHDH consumes it" — replaced with a pointer to redhat-developer/rhdh#4908. - `src/index.ts` describing the bin path as the bundle. - Source layout was missing `index.ts` / `command.ts` / `installer.ts`. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
schultzp2020
requested changes
Jun 5, 2026
schultzp2020
left a comment
schultzp2020
left a comment
Contributor
There was a problem hiding this comment.
The inline comments are about aligning package.json and the bin wrapper with the upstream cli-module-* contract in backstage/backstage. These affect local dev resolution and what consumers get from npm. A couple smaller items on the config loader and shell wrapper.
… cli-module contract Applies the four findings from @schultzp2020's review: - package.json reshaped to match the upstream `@backstage/cli-module-*` contract: `main`/`types` point at `src/index.ts` for local dev, `publishConfig` overrides with `dist/index.cjs.js`/`dist/index.d.ts`, `prepack` and `postpack` wire up `backstage-cli package prepack/postpack` so the published artifact has the correct entry points, and `files` is `["bin", "dist"]` (the old `dist/**/*.js` glob excluded `.d.ts`). - bin wrapper now uses `@backstage/cli-node/config/nodeTransform.cjs` (the cli-node variant) instead of `@backstage/cli/config/nodeTransform.cjs`. `@backstage/cli` is only a devDependency — the previous import would have broken `npx`/installed-package invocations. - bin wrapper now goes through `runCliModule(...)` like every other `@backstage/cli-module-*` package. The earlier fast path bypassed it to save ~80 ms of cold start, but per @schultzp2020 that cost is one-time per init-container run (not per-plugin), and going through the standard dispatch gives us `--version`/`--help` and future runCliModule improvements for free. - installer.ts: added an `isPlainObject` guard for the parsed main config, mirroring the existing guard on include files. A YAML scalar or array in `dynamic-plugins.yaml` now throws a clear `InstallException` instead of a confusing downstream `TypeError`. Also drops the stale `install-dynamic-plugins.sh` wrapper from the package — it pointed at the long-removed esbuild bundle and was no longer listed in `files`. 166/166 tests pass; tsc/lint/prettier/api-reports clean. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
gustavolira
added a commit
to gustavolira/rhdh
that referenced
this pull request
Jun 5, 2026
The rhdh-plugins side reverted the bin shim to the standard `runCliModule` dispatch (redhat-developer/rhdh-plugins#3246 review), so the installed bin now expects an `install` subcommand. Updating the wrapper to match and to forward `"$@"` instead of `"$1"` so any extra positional argument the Helm chart or Operator passes is preserved. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
gustavolira
added a commit
to gustavolira/rhdh
that referenced
this pull request
Jun 10, 2026
….lock redhat-developer/rhdh-plugins#3246 merged and the changesets release published @red-hat-developer-hub/cli-module-install-dynamic-plugins as 0.2.0 (the changesets minor bump rolled past 0.1.0 because of the existing `0.0.0` workspace version). Updates the dynamic-plugins/package.json pin to 0.2.0 and regenerates dynamic-plugins/yarn.lock so `yarn install --immutable` (line 151 of the Containerfile) and the hermeto yarn prefetch at scripts/local-hermeto-build.sh:213 both resolve the package. The Build Image GitHub Actions job should now go green. Verified locally: yarn install resolves the package, the bin symlink lands at dynamic-plugins/node_modules/.bin/install-dynamic-plugins, and invoking it with `install <dir>` exits 0 on an empty config (going through the standard @backstage/cli-node runCliModule dispatch like the final Containerfile shim does). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
gustavolira
added a commit
to gustavolira/rhdh
that referenced
this pull request
Jun 10, 2026
The rhdh-plugins side reverted the bin shim to the standard `runCliModule` dispatch (redhat-developer/rhdh-plugins#3246 review), so the installed bin now expects an `install` subcommand. Updating the wrapper to match and to forward `"$@"` instead of `"$1"` so any extra positional argument the Helm chart or Operator passes is preserved. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
gustavolira
added a commit
to gustavolira/rhdh
that referenced
this pull request
Jun 10, 2026
….lock redhat-developer/rhdh-plugins#3246 merged and the changesets release published @red-hat-developer-hub/cli-module-install-dynamic-plugins as 0.2.0 (the changesets minor bump rolled past 0.1.0 because of the existing `0.0.0` workspace version). Updates the dynamic-plugins/package.json pin to 0.2.0 and regenerates dynamic-plugins/yarn.lock so `yarn install --immutable` (line 151 of the Containerfile) and the hermeto yarn prefetch at scripts/local-hermeto-build.sh:213 both resolve the package. The Build Image GitHub Actions job should now go green. Verified locally: yarn install resolves the package, the bin symlink lands at dynamic-plugins/node_modules/.bin/install-dynamic-plugins, and invoking it with `install <dir>` exits 0 on an empty config (going through the standard @backstage/cli-node runCliModule dispatch like the final Containerfile shim does). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
openshift-merge-bot Bot
pushed a commit
to redhat-developer/rhdh
that referenced
this pull request
Jun 16, 2026
…arn workspace (#4908) * [DRAFT] chore(install-dynamic-plugins): consume installer from npm Replaces the COPY of scripts/install-dynamic-plugins/{install-dynamic-plugins.cjs, install-dynamic-plugins.sh} with an `npm install` of @red-hat-developer-hub/cli-module-install-dynamic-plugins (built and published out of redhat-developer/rhdh-plugins). This unblocks the cli-module structure on the rhdh-plugins side — it lets that package use the standard `backstage-cli package build` (unbundled, multi-file dist) instead of a custom esbuild bundle with a keytar stub. See the conversation context: redhat-developer/rhdh-plugins#3254 Backward compatibility is preserved by writing a tiny `/opt/app-root/src/install-dynamic-plugins.sh` shim that delegates to the npm-installed bin, so the Helm chart and Operator init-container spec continue to invoke `./install-dynamic-plugins.sh /dynamic-plugins-root` unchanged. DRAFT — DO NOT MERGE: blocked on redhat-developer/rhdh-plugins#3254 (or the unbundled successor) being merged and published to npm. Opened for review of the consumption pattern and to back the cold-start benchmark posted in Slack. Trade-off summary (cold-start benchmark on empty config): - Current (bundled .cjs, 231 KB single file): ~89 ms warm cache (median) - Proposed (npm install, 25 MB node_modules): ~180 ms warm cache (median) The ~90 ms gap is the module-resolution overhead of unbundled Node — paid once per pod start. Image build time also gets +`npm install` of ~25 MB (one extra layer), offset by deleting ~7000 lines of vendored installer script from this repo in a follow-up. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fixup: address PR review on the install-dynamic-plugins Containerfile step - Install into /opt/dynamic-plugins-installer (its own dir, no package.json) instead of /opt/app-root/src so npm cannot honor the yarn workspace and perturb the production tree that `yarn workspaces focus` built at line 208. - Delegate the shim to `node_modules/.bin/install-dynamic-plugins` (the symlink npm creates from the package's bin field) instead of reaching into the package's internal layout. - Add `--no-save --omit=dev` so npm doesn't write a package-lock.json into the installer dir and doesn't fetch devDependencies. - Pin the installer to an exact version (0.1.0) so image builds are reproducible. - Add a build-time smoke check (`install-dynamic-plugins --help`) so a missing or renamed CLI entrypoint fails the image build instead of the init container at pod start. The hermetic-build concern (npm reaching the public registry when this Containerfile runs under Konflux with networking disabled) is acknowledged separately in the PR description — it's the real gating work and is not addressed by this commit. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fixup: drop synthetic `install` subcommand from the shim The unbundled cli-module variant ships a fast-path bin that calls the installer directly (bypassing @backstage/cli-node's runCliModule dispatch), so the published binary takes the dynamic-plugins-root as a positional without a subcommand prefix — matching the original CLI surface. Verified locally: $ /opt/dynamic-plugins-installer/node_modules/.bin/install-dynamic-plugins /dynamic-plugins-root exits 0 on an empty config. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(install-dynamic-plugins): consume installer through dynamic-plugins yarn workspace Pivots #4908 from `RUN npm install …` to a plain yarn dependency in dynamic-plugins/package.json. The existing `yarn install --immutable` at line 151 of this Containerfile pulls the installer as part of the same yarn run that already brings in the rest of the dynamic-plugins deps, so the bin lands at /opt/app-root/src/dynamic-plugins/node_modules/.bin/install-dynamic-plugins and the final stage just writes a shim pointing there. Why yarn and not npm: scripts/local-hermeto-build.sh:213 already prefetches yarn deps for ./dynamic-plugins via cachi2/hermeto. No infra change is needed in this repo or in the midstream Konflux pipeline — the hermetic build "just works". The earlier npm-install approach required wiring npm into hermeto's fetch-deps, which is real work spanning two repos. Validated locally: yarn install of the unbundled cli-module variant (via a tarball of the fast-path build) produces .bin/install-dynamic-plugins and the smoke invocation on an empty dynamic-plugins.yaml exits 0. dynamic-plugins/yarn.lock is intentionally NOT regenerated in this commit — that has to happen against the published @red-hat-developer-hub/cli-module-install-dynamic-plugins@0.1.0 once redhat-developer/rhdh-plugins ships it. Marking the PR as Draft until then. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fixup: shim uses install subcommand + forwards all positional args The rhdh-plugins side reverted the bin shim to the standard `runCliModule` dispatch (redhat-developer/rhdh-plugins#3246 review), so the installed bin now expects an `install` subcommand. Updating the wrapper to match and to forward `"$@"` instead of `"$1"` so any extra positional argument the Helm chart or Operator passes is preserved. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore: pin cli-module-install-dynamic-plugins to 0.2.0 and regen yarn.lock redhat-developer/rhdh-plugins#3246 merged and the changesets release published @red-hat-developer-hub/cli-module-install-dynamic-plugins as 0.2.0 (the changesets minor bump rolled past 0.1.0 because of the existing `0.0.0` workspace version). Updates the dynamic-plugins/package.json pin to 0.2.0 and regenerates dynamic-plugins/yarn.lock so `yarn install --immutable` (line 151 of the Containerfile) and the hermeto yarn prefetch at scripts/local-hermeto-build.sh:213 both resolve the package. The Build Image GitHub Actions job should now go green. Verified locally: yarn install resolves the package, the bin symlink lands at dynamic-plugins/node_modules/.bin/install-dynamic-plugins, and invoking it with `install <dir>` exits 0 on an empty config (going through the standard @backstage/cli-node runCliModule dispatch like the final Containerfile shim does). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore: drop vendored scripts/install-dynamic-plugins/ now that it's on npm The dynamic-plugins installer is consumed from @red-hat-developer-hub/cli-module-install-dynamic-plugins via the yarn dependency declared in dynamic-plugins/package.json, so the vendored copy under scripts/install-dynamic-plugins/ is no longer used by the Containerfile and can be removed. Deletes: - scripts/install-dynamic-plugins/ (46 files, ~7000 lines) Cleans up the references that pointed at it: - .gitattributes: drop linguist-generated marker for the bundled .cjs - .dockerignore: drop the dist/ exceptions that kept the bundle in the build context - codecov.yml: drop the install-dynamic-plugins flag (used to track Python coverage from the pre-TS era) - .github/workflows/pr.yaml: drop the vitest + bundle-up-to-date checks - .github/workflows/coverage-baseline.yml: drop the pytest baseline - docs/dynamic-plugins/installing-plugins.md: link to the rhdh-plugins source instead of the vendored path - docs/coverage/e2e-rhdh.md: drop the vitest row from the coverage table - .rulesync/rules/ci-e2e-testing.md + the derived files under .claude/, .cursor/, .opencode/: update the installer link Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix: move installer dep to root package.json so the bin survives stage 3 The Containerfile's build stage at line 175 wipes everything under dynamic-plugins/ except dist/, which deleted dynamic-plugins/node_modules/.bin/ along with everything else. The final stage then failed at runtime with exit code 127 because the bin wasn't there: /bin/sh: line 1: /opt/app-root/src/dynamic-plugins/node_modules/.bin/install-dynamic-plugins: No such file or directory Moves @red-hat-developer-hub/cli-module-install-dynamic-plugins from dynamic-plugins/package.json to the repo root package.json. The bin then survives the `yarn workspaces focus --all --production` at line 208 and lands at /opt/app-root/src/node_modules/.bin/ where the final stage's shim can reach it. Hermeto already prefetches yarn deps for the repo root (scripts/local-hermeto-build.sh:213, `{"type": "yarn", "path": "."}`), so no infra change. Also corrects the shim path: the published package uses the string form of `bin` ("bin/install-dynamic-plugins"), and yarn names the symlink after the package's base name (after the scope), so the actual bin lands at node_modules/.bin/cli-module-install-dynamic-plugins, not node_modules/.bin/install-dynamic-plugins. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore: drop pytest residue left by the Python install-dynamic-plugins era The dynamic-plugins installer was migrated to TypeScript in #4574 and the vendored TypeScript copy was removed earlier in this PR, so the pytest test infrastructure no longer has anything live to test. - Deletes python/requirements-dev.in and python/requirements-dev.txt (pytest, pytest-cov, pytest-mock — and their transitive deps). - Drops the .github/workflows/pr.yaml "Install Python dependencies" step that installed all three requirements files; no subsequent step in the PR workflow uses Python. - Cleans the stale comment in codecov.yml referencing the removed install-dynamic-plugins pytest flag. python/requirements.txt and python/requirements-build.txt stay — they are consumed by the TechDocs venv build in the Containerfile (line 237) for mkdocs / mkdocs-techdocs-core / plantuml-markdown, which is unrelated. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore: stop tracking and ignore the Claude Code session lock file `.claude/scheduled_tasks.lock` is a Claude Code runtime artifact (per-session pid lock); it got accidentally included by `git add -A` in the previous commit. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix: address PR review — smoke check `install`, stop pointing at line numbers, drop orphaned comments - Build-time smoke check now invokes `install --help`, not just `--help`. A top-level `--help` only proves the bin resolves; the shim hardcodes the `install` subcommand, so if a future release of the package renames/removes it, the failure should land at image build time, not at pod start. cleye prints the subcommand help and exits 0 before validating the required `<dynamic-plugins-root>` positional, so this is a strict upgrade with no behavioural change for the current published package. - Replace hardcoded line-number references in the Containerfile comment (already drifted: line 175 → actual 173) with the step banners `=== YARN WORKSPACES FOCUS ===` and `=== DELETE DYNAMIC PLUGINS/* ===`, which survive edits to the surrounding RUN steps. Same treatment for scripts/local-hermeto-build.sh: point at the `{"type": "yarn", "path": "."}` fetch-deps entry instead of a line number. - Drop the orphaned `.dockerignore` comment that explained the now-removed `!scripts/install-dynamic-plugins/dist` re-include lines and was reading as if it described `**/node_modules`. - Drop the orphaned `.gitattributes` section header `# Generated bundles — collapsed in GitHub diffs, …` left behind when the `dist/install-dynamic-plugins.cjs linguist-generated=true` entry was removed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix: move installer dep to packages/backend to satisfy monorepo:check The sherif rule in `yarn run monorepo:check` rejects `dependencies` on the private root package.json — the rationale being that dependencies vs devDependencies is a no-op for a private package and creates confusion. CI fails on that check today. Moves `@red-hat-developer-hub/cli-module-install-dynamic-plugins` from the root package.json to `packages/backend/package.json`, keeping the load-bearing behaviour: backend is `private: true` and gets included by `yarn workspaces focus --all --production`, so the bin still hoists to `/opt/app-root/src/node_modules/.bin/cli-module-install-dynamic-plugins` where the Containerfile shim picks it up. Semantically this is the right home anyway — the backend is the runtime that the init-container runs alongside. Containerfile comment updated to point at the new declaration site. Verified locally: - yarn run monorepo:check → No issues found - node_modules/.bin/cli-module-install-dynamic-plugins install --help exits 0 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Imports
scripts/install-dynamic-plugins/from redhat-developer/rhdh#4574 into this repo and packages it as a Backstage CLI module —@red-hat-developer-hub/cli-module-install-dynamic-plugins— so the overlay repo (and any other RHDH consumer) cannpm installit instead of vendoring the script.Builds with the standard
backstage-cli package buildand follows the@backstage/cli-module-*convention. No custom esbuild config, no keytar stub.Architecture
src/installer.ts— the install pipeline +main(args, programName). Single source of truth for the install logic.src/index.ts— default-exportscreateCliModule(...)registering theinstallcommand. Hosts that load this package viabackstage-cliget the command auto-discovered.src/command.ts— loader for theinstallcommand; callsinstaller.main.bin/install-dynamic-plugins— fast-path shim that loadsdist/installer.cjs.jsand invokesmain(process.argv.slice(2))directly. Bypasses@backstage/cli-node'srunCliModuledispatch for direct/npxinvocations — saves ~80 ms cold start (commander, zod, @manypkg/get-packages, @yarnpkg/lockfile, proper-lockfile, fs-extra, …). Thebackstage-clidiscovery path still goes throughrunCliModule.What's preserved verbatim
MAX_ENTRY_SIZE,SKIP_INTEGRITY_CHECK,CATALOG_INDEX_IMAGE,EXTRA_CATALOG_INDEX_IMAGES,DYNAMIC_PLUGINS_WORKERS,DYNAMIC_PLUGINS_NPM_WORKERS,DYNAMIC_PLUGINS_LOCK_TIMEOUT_MS,CATALOG_ENTITIES_EXTRACT_DIR).plugin-hash.ts: byte-compatible with the previous Python implementation — existing RHDH installs upgrade in place.tar-extract.tsandcatalog-index.tsuntouched.What changed during the move
@backstage/cli-module-*uses internally).backstage-cli package test. Mostly mechanical from the original vitest setup (dropvi.spyOn→jest.spyOn, co-locate tests intosrc/). 14 suites / 166 tests pass.@spotify/prettier-config.Consumption story
This package is built to be consumed two ways, both running the same install pipeline:
npx:npx @red-hat-developer-hub/cli-module-install-dynamic-plugins ./dynamic-plugins-root. Runs the fast-path bin.backstage-clihost: when listed as a dependency of a project that usesbackstage-cli, the command is registered automatically.backstage-cli install ./dynamic-plugins-rootworks out of the box.The follow-up RHDH PR (redhat-developer/rhdh#4908) switches RHDH's init-container from
COPY scripts/install-dynamic-plugins/dist/install-dynamic-plugins.cjsto consuming this package throughdynamic-plugins/package.json(yarn). After both PRs land,scripts/install-dynamic-plugins/can be deleted from RHDH in a subsequent cleanup.Test plan
yarn tsc/lint/prettier:check/build:api-reports:only --cicleanbin/install-dynamic-plugins ./tmp-empty-direxits 0 on an empty configrequire(dist/index.cjs.js).default.\$\$type === '@backstage/CliModule'🤖 Generated with Claude Code