app: title: Backstage Example App baseUrl: http://localhost:3000 packages: all # ✨ #datadogRum: # clientToken: '123456789' # applicationId: qwerty # site: # datadoghq.eu default = datadoghq.com # env: # optional # sessionSampleRate: 100 # sessionReplaySampleRate: 0 support: url: https://github.com/backstage/backstage/issues # Used by common ErrorPage items: # Used by common SupportButton component - title: Issues icon: github links: - url: https://github.com/backstage/backstage/issues title: GitHub Issues - title: Discord Chatroom icon: chat links: - url: https://discord.gg/backstage-687207715902193673 title: '#backstage' packageName: example-app routes: bindings: catalog.viewTechDoc: techdocs.docRoot org.catalogIndex: catalog.catalogIndex pluginOverrides: - match: pluginId: pages info: description: 'This description was overridden in app-config.yaml' - match: pluginId: /^catalog(-.*)?$/ info: ownerEntityRefs: [cubic-belugas] - match: packageName: '@backstage/plugin-scaffolder' info: ownerEntityRefs: [cubic-belugas] extensions: # set availableLanguages example - api:app/app-language: config: availableLanguages: ['en', 'es', 'fr', 'de', 'ja'] defaultLanguage: 'en' - entity-card:org/members-list: config: showAggregateMembersToggle: true initialRelationAggregation: aggregated - entity-card:org/ownership: config: ownedKinds: ['Component', 'API', 'System'] # - apis.plugin.graphiql.browse.gitlab: true # - graphiql-endpoint:graphiql/gitlab: true # Opt in to the experimental BUI scaffolder form theme - sub-page:scaffolder/templates: config: enableBackstageUi: true # Pages - page:catalog: config: exportSettings: enabled: true - page:catalog/entity: config: showNavItemIcons: true # default content order for all groups, can be 'title' or 'natural' # defaultContentOrder: title groups: # placing a tab at the beginning - overview: title: Overview # example disabling a default group # - development: false # example overriding a default group title - documentation: title: Docs icon: docs # example aliasing a group # aliases: # - docs - deployment: title: Deployments # example adding a new group - custom: title: Custom - sub-page:scaffolder/templates: config: groups: - title: Recommended Services filter: spec.type: service - title: Documentation filter: spec.type: documentation # Entity page cards - entity-card:catalog/about: config: type: info - entity-card:catalog/labels - entity-card:catalog/links: config: filter: kind: component metadata.links: $exists: true # filter: kind:component has:links type: info # - entity-card:linguist/languages - entity-card:catalog-graph/relations: config: height: 300 - entity-card:api-docs/has-apis - entity-card:api-docs/consumed-apis - entity-card:api-docs/provided-apis - entity-card:api-docs/providing-components - entity-card:api-docs/consuming-components # Org Plugin - entity-card:org/group-profile - entity-card:org/members-list - entity-card:org/ownership - entity-card:org/user-profile: config: maxRelations: 5 hideIcons: true # - entity-card:azure-devops/readme # Entity page contents - entity-content:catalog/overview - entity-content:api-docs/definition - entity-content:api-docs/apis: config: # example overriding the default group group: documentation icon: kind:api - entity-content:techdocs: config: icon: techdocs - entity-content:kubernetes/kubernetes: config: # example disassociating from the default group group: false # - entity-content:azure-devops/pipelines # - entity-content:azure-devops/pull-requests # - entity-content:azure-devops/git-tags # Disable the catalog-unprocessed-entities element outside devtools - page:catalog-unprocessed-entities: false backend: # Used for enabling authentication, secret is shared by all backend plugins # See https://backstage.io/docs/auth/service-to-service-auth for # information on the format # auth: # keys: # - secret: ${BACKEND_SECRET} # Used for testing rate limiting locally # rateLimit: # windowMs: 1m # incomingRequestLimit: 1 # ipAllowList: [] auth: # TODO: once plugins have been migrated we can remove this, but right now it # is require for the backend-next to work in this repo dangerouslyDisableDefaultAuthPolicy: true baseUrl: http://localhost:7007 listen: port: 7007 database: client: better-sqlite3 connection: ':memory:' cors: origin: http://localhost:3000 methods: [GET, HEAD, PATCH, POST, PUT, DELETE] credentials: true csp: connect-src: ["'self'", 'http:', 'https:'] # Content-Security-Policy directives follow the Helmet format: https://helmetjs.github.io/#reference # Default Helmet Content-Security-Policy values can be removed by setting the key to false reading: allow: - host: example.com - host: '*.mozilla.org' # workingDirectory: /tmp # Use this to configure a working directory for the scaffolder, defaults to the OS temp-dir actions: pluginSources: - catalog - scaffolder - search # See README.md in the proxy-backend plugin for information on the configuration format proxy: endpoints: '/pagerduty': target: https://api.pagerduty.com headers: Authorization: Token token=${PAGERDUTY_TOKEN} organization: name: My Company # Reference documentation http://backstage.io/docs/features/techdocs/configuration # Note: After experimenting with basic setup, use CI/CD to generate docs # and an external cloud storage when deploying TechDocs for production use-case. # https://backstage.io/docs/features/techdocs/how-to-guides#how-to-migrate-from-techdocs-basic-to-recommended-deployment-approach techdocs: builder: 'local' # Alternatives - 'external' generator: runIn: 'docker' # dockerImage: my-org/techdocs # use a custom docker image # pullImage: true # or false to disable automatic pulling of image (e.g. if custom docker login is required) publisher: type: 'local' # Alternatives - 'googleGcs' or 'awsS3' or 'azureBlobStorage' or 'openStackSwift'. Read documentation for using alternatives. integrations: github: - host: github.com token: ${GITHUB_TOKEN} ### Example for how to add your GitHub Enterprise instance using the API: # - host: ghe.example.net # apiBaseUrl: https://ghe.example.net/api/v3 # token: ${GHE_TOKEN} ### Example for how to add your GitHub Enterprise instance using raw HTTP fetches (token is optional): # - host: ghe.example.net # rawBaseUrl: https://ghe.example.net/raw # token: ${GHE_TOKEN} gitlab: - host: gitlab.com token: ${GITLAB_TOKEN} ### Example for how to add a bitbucket cloud integration # bitbucketCloud: # # Using API token # - username: ${BITBUCKET_USERNAME} # token: ${BITBUCKET_API_TOKEN} # # Using OAuth # - clientId: ${BITBUCKET_CLIENT_ID} # clientSecret: ${BITBUCKET_CLIENT_SECRET} ### Example for how to add your bitbucket server instance using the API: # - host: server.bitbucket.com # apiBaseUrl: server.bitbucket.com # username: ${BITBUCKET_SERVER_USERNAME} # appPassword: ${BITBUCKET_SERVER_APP_PASSWORD} # azureBlobStorage: # - accountName: ${ACCOUNT_NAME} # required # endpoint: ${CUSTOM_ENDPOINT} # custom endpoint will require either aadCredentials or sasToken # sasToken: ${SAS_TOKEN} # aadCredential: # clientId: ${CLIENT_ID} # tenantId: ${TENANT_ID} # clientSecret: ${CLIENT_SECRET} # accountKey: ${ACCOUNT_KEY} azure: - host: dev.azure.com token: ${AZURE_TOKEN} # googleGcs: # clientEmail: 'example@example.com' # privateKey: ${GCS_PRIVATE_KEY} awsS3: - endpoint: ${AWS_S3_ENDPOINT} accessKeyId: ${AWS_ACCESS_KEY_ID} secretAccessKey: ${AWS_SECRET_ACCESS_KEY} catalog: import: entityFilename: catalog-info.yaml pullRequestBranchName: backstage-integration rules: - allow: - AiResource - Component - API - Resource - System - Domain - Location providers: azureBlob: accountName: ${ACCOUNT_NAME} containerName: ${CONTAINER_NAME} schedule: # same options as in TaskScheduleDefinition # supports cron, ISO duration, "human duration" as used in code frequency: { minutes: 30 } # supports ISO duration, "human duration" as used in code timeout: { minutes: 3 } backstageOpenapi: plugins: - catalog - search locations: # Add a location here to ingest it, for example from a URL: # # - type: url # target: https://github.com/backstage/backstage/blob/master/packages/catalog-model/examples/all.yaml # # For local development you can use a file location instead: # # - type: file # target: ../catalog-model/examples/all-components.yaml # # File locations are relative to the current working directory of the # backend, for example packages/backend/. # Backstage example entities - type: file target: ../catalog-model/examples/all.yaml # Backstage example groups and users - type: file target: ../catalog-model/examples/acme-corp.yaml rules: - allow: [User, Group] # Example component for TechDocs - type: file target: ../../plugins/techdocs-backend/examples/documented-component/catalog-info.yaml # Backstage example templates - type: file target: ../../plugins/scaffolder-backend/sample-templates/all-templates.yaml rules: - allow: [Template] scaffolder: auditor: taskParameterMaxLength: 256 # Use to customize default commit author info used when new components are created defaultAuthor: name: Scaffolder email: scaffolder@backstage.io # Use to customize the default commit message when new components are created defaultCommitMessage: 'Initial commit' defaultEnvironment: parameters: region: eu-west-1 secrets: environment: ${NODE_ENV} auth: experimentalDynamicClientRegistration: enabled: true experimentalClientIdMetadataDocuments: enabled: true ### Add auth.keyStore.provider to more granularly control how to store JWK data when running # the auth-backend. # # keyStore: # provider: firestore # firestore: # projectId: my-project # path: my-sessions environment: development ### Providing an auth.session.secret will enable session support in the auth-backend # session: # secret: custom session secret providers: google: development: clientId: ${AUTH_GOOGLE_CLIENT_ID} clientSecret: ${AUTH_GOOGLE_CLIENT_SECRET} github: development: clientId: ${AUTH_GITHUB_CLIENT_ID} clientSecret: ${AUTH_GITHUB_CLIENT_SECRET} enterpriseInstanceUrl: ${AUTH_GITHUB_ENTERPRISE_INSTANCE_URL} gitlab: development: clientId: ${AUTH_GITLAB_CLIENT_ID} clientSecret: ${AUTH_GITLAB_CLIENT_SECRET} audience: ${GITLAB_BASE_URL} saml: entryPoint: 'http://localhost:7001/' issuer: 'passport-saml' cert: 'fake-cert-base64' okta: development: clientId: ${AUTH_OKTA_CLIENT_ID} clientSecret: ${AUTH_OKTA_CLIENT_SECRET} audience: ${AUTH_OKTA_AUDIENCE} oauth2: development: clientId: ${AUTH_OAUTH2_CLIENT_ID} clientSecret: ${AUTH_OAUTH2_CLIENT_SECRET} authorizationUrl: ${AUTH_OAUTH2_AUTH_URL} tokenUrl: ${AUTH_OAUTH2_TOKEN_URL} ### # provide a list of scopes as needed for your OAuth2 Server: # # scope: saml-login-selector openid profile email oidc: # Note that you must define a session secret (see above) since the oidc provider requires session support. # Note that by default, this provider will use the 'none' prompt which assumes that your are already logged on in the IDP. # You should set prompt to: # - auto: will let the IDP decide if you need to log on or if you can skip login when you have an active SSO session # - login: will force the IDP to always present a login form to the user development: metadataUrl: ${AUTH_OIDC_METADATA_URL} clientId: ${AUTH_OIDC_CLIENT_ID} clientSecret: ${AUTH_OIDC_CLIENT_SECRET} tokenEndpointAuthMethod: ${AUTH_OIDC_TOKEN_ENDPOINT_AUTH_METHOD} # default='client_secret_basic' tokenSignedResponseAlg: ${AUTH_OIDC_TOKEN_SIGNED_RESPONSE_ALG} # default='RS256' scope: ${AUTH_OIDC_SCOPE} # default='openid profile email' prompt: ${AUTH_OIDC_PROMPT} # default=none (allowed values: auto, none, consent, login) auth0: development: clientId: ${AUTH_AUTH0_CLIENT_ID} clientSecret: ${AUTH_AUTH0_CLIENT_SECRET} domain: ${AUTH_AUTH0_DOMAIN} microsoft: development: clientId: ${AUTH_MICROSOFT_CLIENT_ID} clientSecret: ${AUTH_MICROSOFT_CLIENT_SECRET} tenantId: ${AUTH_MICROSOFT_TENANT_ID} onelogin: development: clientId: ${AUTH_ONELOGIN_CLIENT_ID} clientSecret: ${AUTH_ONELOGIN_CLIENT_SECRET} issuer: ${AUTH_ONELOGIN_ISSUER} bitbucket: development: clientId: ${AUTH_BITBUCKET_CLIENT_ID} clientSecret: ${AUTH_BITBUCKET_CLIENT_SECRET} atlassian: development: clientId: ${AUTH_ATLASSIAN_CLIENT_ID} clientSecret: ${AUTH_ATLASSIAN_CLIENT_SECRET} scope: ${AUTH_ATLASSIAN_SCOPES} myproxy: {} guest: {} permission: enabled: true devTools: scheduledTasks: plugins: - catalog