npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@veecode-platform/backstage-plugin-github-workflows-backend

v1.3.6

Published

This backend plugin provides secure GitHub workflows API endpoints for Backstage, moving GitHub API interactions from the frontend to the backend for better security, CORS handling, and potential caching.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

veecode-adminveecode-adminandrevtgandrevtglmtxr.veecodeslmtxr.veecodes

Keywords

Readme

GitHub Workflows Backend Plugin

This backend plugin provides secure GitHub workflows API endpoints for Backstage, moving GitHub API interactions from the frontend to the backend for better security, CORS handling, and potential caching.

💡 Frontend Plugin: This backend plugin is required by the GitHub Workflows frontend plugin. Install both plugins to enable GitHub workflow management in Backstage.

Features

  • Exposes GitHub workflows API endpoints at /gh-workflows
  • Handles GitHub authentication securely on the backend
  • Supports all GitHub workflow operations:
    • List workflows
    • List branches
    • Get default branch
    • Start workflow runs
    • Stop workflow runs
    • List jobs for workflow runs
    • Get workflow run details
    • Download job logs
    • List environments

Installation

This plugin supports both static linking (traditional Backstage) and dynamic plugin loading (VeeCode DevPortal and Red Hat Developer Hub).

Static Installation

Install the backend plugin package:

# From your root directory
yarn --cwd packages/backend add @veecode-platform/backstage-plugin-github-workflows-backend

Then add the plugin to your backend in packages/backend/src/index.ts:

const backend = createBackend();
// ...
backend.add(import('@veecode-platform/backstage-plugin-github-workflows-backend'));

Dynamic Installation

Dynamic plugin installation is available for both VeeCode DevPortal and Red Hat Developer Hub (RHDH).

VeeCode DevPortal

The plugin is bundled in the file system and ready to use. Enable it in dynamic-plugins.yaml:

plugins:
  - package: ./dynamic-plugins/dist/veecode-platform-backstage-plugin-github-workflows-backend-dynamic
    disabled: false

Red Hat Developer Hub (RHDH)

RHDH can download the plugin at runtime using NPM. Add it to dynamic-plugins.yaml:

plugins:
  - package: '@veecode-platform/backstage-plugin-github-workflows-backend-dynamic@^1.0.0'
    disabled: false
    integrity: sha512-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

💡 Tip: Check the npm registry for the latest version and integrity hash.

Configuration

The following configuration applies to all installation methods and must be added to your app-config.yaml:

Option 1: GitHub App (Recommended)

GitHub Apps are preferred over personal access tokens for better security and permissions. The plugin uses Backstage's standard ScmIntegrations which automatically handles GitHub App authentication.

integrations:
  github:
    - host: github.com
      apps:
        - appId: ${GITHUB_APP_ID}
          clientId: ${GITHUB_CLIENT_ID}
          clientSecret: ${GITHUB_CLIENT_SECRET}
          privateKey: |
            ${GITHUB_PRIVATE_KEY}
      # Optional fallback token if GitHub App auth fails
      # token: ${GITHUB_TOKEN}

Required Environment Variables:

  • GITHUB_APP_ID - Your GitHub App ID
  • GITHUB_CLIENT_ID - Your GitHub App Client ID
  • GITHUB_CLIENT_SECRET - Your GitHub App Client Secret
  • GITHUB_PRIVATE_KEY - Your GitHub App Private Key (PEM format, with newlines)

For GitHub Enterprise:

integrations:
  github:
    - host: github.yourcompany.com
      apps:
        - appId: ${GITHUB_APP_ID}
          clientId: ${GITHUB_CLIENT_ID}
          clientSecret: ${GITHUB_CLIENT_SECRET}
          privateKey: |
            ${GITHUB_PRIVATE_KEY}
      apiBaseUrl: https://github.yourcompany.com/api/v3

Required Permissions:

This GitHub App must have the following permissions on repos:

  • Actions: Read and write
  • Contents: Read-only

How to verify GitHub App authentication:

When the plugin starts, you'll see log messages indicating which authentication method is being used:

info: GitHub integration using GitHub App installation token for github.com/owner/repo

Option 2: Personal Access Token Only

If you don't have a GitHub App, you can use a personal access token:

integrations:
  github:
    - host: github.com
      token: ${GITHUB_TOKEN}

Required Permissions:

  • repo - Full control of private repositories
  • workflow - Update GitHub Action workflows

Note: The plugin will automatically try GitHub App authentication first, then fall back to the token if the app fails or isn't configured.

Development

This plugin backend can be started in a standalone mode from directly in this package with yarn start. It is a limited setup that is most convenient when developing the plugin backend itself.

Testing in Isolation

When running the backend in isolation with yarn start, you can test the endpoints directly with curl. The dev setup uses mock authentication, so no auth headers are required.

Set your environment variables:

export GITHUB_TOKEN=your_github_token_here
export REPO_SLUG=veecode-platform/devportal-base  # e.g., octocat/Hello-World

Then test the endpoints:

# List workflows
curl "http://localhost:7007/api/github-workflow-backend/workflows?hostname=github.com&githubRepoSlug=${REPO_SLUG}&branch=main"

# List branches
curl "http://localhost:7007/api/github-workflow-backend/branches?hostname=github.com&githubRepoSlug=${REPO_SLUG}"

# Get default branch
curl "http://localhost:7007/api/github-workflow-backend/default-branch?hostname=github.com&githubRepoSlug=${REPO_SLUG}"

# List environments
curl "http://localhost:7007/api/github-workflow-backend/environments?hostname=github.com&githubRepoSlug=${REPO_SLUG}"

# Start a workflow (replace workflowId with actual workflow ID)
curl -X POST "http://localhost:7007/api/github-workflow-backend/start" \
  -H "Content-Type: application/json" \
  -d "{
    \"hostname\": \"github.com\",
    \"githubRepoSlug\": \"${REPO_SLUG}\",
    \"workflowId\": 12345,
    \"branch\": \"main\",
    \"inputs\": {}
  }"

# Get workflow run details (replace 123456 with actual run ID)
curl "http://localhost:7007/api/github-workflow-backend/run/123456?hostname=github.com&githubRepoSlug=${REPO_SLUG}"

# List jobs for a workflow run (replace 123456 with actual run ID)
curl "http://localhost:7007/api/github-workflow-backend/jobs?hostname=github.com&githubRepoSlug=${REPO_SLUG}&id=123456"

# Download job logs (replace 987654 with actual job ID)
curl "http://localhost:7007/api/github-workflow-backend/logs/987654?hostname=github.com&githubRepoSlug=${REPO_SLUG}"

# Stop a workflow run (replace 123456 with actual run ID)
curl -X POST "http://localhost:7007/api/github-workflow-backend/stop" \
  -H "Content-Type: application/json" \
  -d "{
    \"hostname\": \"github.com\",
    \"githubRepoSlug\": \"${REPO_SLUG}\",
    \"runId\": 123456
  }"

API Endpoints

The plugin exposes the following endpoints under /api/github-workflow-backend:

  • GET /workflows - List workflows for a repository
  • GET /branches - List repository branches
  • GET /default-branch - Get the default branch
  • POST /start - Start a workflow run
  • POST /stop - Stop a workflow run
  • GET /jobs - List jobs for a workflow run
  • GET /run/:id - Get workflow run details
  • GET /logs/:jobId - Download job logs
  • GET /environments - List repository environments

Full Stack Development

If you want to run the entire project, including the frontend, run yarn start from the root directory.

Summary

This backend plugin is a critical component of the GitHub Workflows integration:

  • Static Installation: Install via yarn and add to packages/backend/src/index.ts
  • Dynamic Installation:
    • VeeCode DevPortal: Bundled in file system, enable in dynamic-plugins.yaml
    • RHDH: Downloaded at runtime via NPM, configure in dynamic-plugins.yaml
  • Configuration: GitHub App (recommended) or Personal Access Token in app-config.yaml
  • Frontend: Works with the GitHub Workflows frontend plugin