Skip to main content

v1.36.0

These are the release notes for the v1.36.0 release of Backstage.

A huge thanks to the whole team of maintainers and contributors as well as the amazing Backstage Community for the hard work in getting this release developed and done.

Highlights

BREAKING: Support for native ESM in Node.js code

The tooling in the Backstage CLI now supports native ESM in Node.js code. A highlight of this is that you can now import ESM-only packages using a dynamic import(...) from CommonJS code. This is a breaking change because dynamic imports were previously transformed to require() calls. A quick fix is to replace any existing import(...) calls with require(...) as typeof import(...).

Support for ESM has been implemented in a way that maximizes compatibility with both existing code and code that’s bundled for browser environments. It keeps the existing module resolution logic intact, but adds support for explicit imports of files with the .mts and .cts extensions as well as their JavaScript counterparts.

You can read more about the new ESM support in the build system documentation.

Welcome Canon

We have released the first version of Canon, a new UI Library designed for Backstage. Canon is based on Base UI from MUI and is built to provide a better base and allow for greater flexibility in theming, but to be more restrictive in the styling of individual components. Canon is still in an early stage of development and it should not yet be used by plugins other than for experimentation. If you want to know more and join the discussion, we encourage you to head over to the original RFC. Contributed by @cdedreuille in #27843

New Auditor service

A new auditor service is now available to plugin authors for recording critical actions and events within Backstage. The auditor service has been integrated with catalog and scaffolder. Contributed by @schultzp2020 in #26372

yarn new: bring your own template

The new command is now powered by a new template system that allows you to define your own templates in a declarative way, as well as import existing templates from external sources. See the CLI templates documentation for more information on how to configure the templates used in your project and how to define your own.

As part of this change the template configuration is moving to the root package.json, and we have therefore deprecated the following options for the new command:

  • --license=<license>: Configure the global license instead.
  • --no-private: Configure the global private instead.
  • --baseVersion=<version>: Configure the global version instead.
  • --npmRegistry=<url>: Configure the global publishRegistry instead.
  • --scope=<scope>: Configure the global namePrefix and/or namePluginInfix instead.

Some of the prompts for the built-in templates have also changed. The following backwards compatibility mappings for the --select and --option flags are enabled when using the default set of templates, but are marked as deprecated and will be removed in the future:

  • --select=plugin is mapped to --select=frontend-plugin
  • --option=id=<id> is mapped to --option=pluginId=<id>

Contributed by @minkimcello in #27934

Make it easier to pass custom rules

We improved how plugins integrate with the permission framework, by introducing a new PermissionRegistryService as a replacement for the createPermissionIntegrationRouter middleware. This can be used to add additional permissions, rules, and resource types without the need to introduce extension points. As a result, the catalogPermissionExtensionPoint has been deprecated in favour of the new PermissionsRegistryService.

UrlReadersService improvements

In all the URL readers the search method has been updated to use the readUrl if the given URL doesn’t contain a pattern. For UrlReaders that didn't implement the search method, readUrl is now called internally and throws an error if the given URL doesn't contain a pattern. As a result, the UrlReaderProcessor accepts a new config flag catalog.useUrlReadersSearch to always call the search method of UrlReaders. This flag currently defaults to false, but adopters are encouraged to enable it as this behavior will be the default in a future release. Contributed by @tcardonne in #28379

Scaffolder GitHub autocompletion

We’ve added support for autocompletion for GitHub repositories and branches built into the RepoUrlPicker and RepoBranchPicker. This can be enabled by installing the @backstage/plugin-scaffolder-backend-module-github and configuring the GitHub Auth Provider.

Contributed by @benjidotsh in #28706

Configurable session duration for Auth providers

Added auth.providers.<providerId>.sessionDuration config for auth providers to allow the lifespan of user sessions to be configured. Contributed by @JessicaJHee in #27821

Experimental Graceful Shutdown for Scaffolder Workers

Introduced a new scaffolder.EXPERIMENTAL_gracefulShutdown flag in the scaffolder config to make the scaffolder block the shutdown process until all running tasks have completed. This is useful when there is a need to ensure that all tasks have completed before the scaffolder is shut down.

Please give this a try and let us know if it works for you!

Contributed by @drodil in #28705

New Kubernetes permissions

Added kubernetesResourcesReadPermission and kubernetesClustersReadPermission to the kubernetes plugins. Use these permissions to restrict access to kubernetes clusters and resources.

Contributed by @dzemanov in #27499

Security Fixes

This release does not contain any security fixes.

Upgrade path

We recommend that you keep your Backstage project up to date with this latest release. For more guidance on how to upgrade, check out the documentation for keeping Backstage updated.

Below you can find a list of links and references to help you learn about and start using this new release.

Sign up for our newsletter if you want to be informed about what is happening in the world of Backstage.