Forte/launchpad
6
0
Fork 0
Code Issues Pull Requests Actions Packages Wiki Activity

feature/backstage #13

Merged
gitea_admin merged 5 commits from feature/backstage into main 2026-04-23 18:45:57 +00:00
Conversation 16 Commits 5 Files Changed 7 +305
Ghost commented 2026-04-23 18:36:02 +00:00
Copy Link
No description provided.
Ghost added 3 commits 2026-04-23 18:36:03 +00:00
backstage 8ba6bff315
RHDH backstage dc7074312b
config
Some checks failed
AI Code Review / ai-review (pull_request) Failing after 2s
Details
34ff37edbf
Ghost added the ai-review label 2026-04-23 18:36:11 +00:00
gitea_admin added 1 commit 2026-04-23 18:37:39 +00:00
review token
All checks were successful
AI Code Review / ai-review (pull_request) Successful in 25s
Details
3fd3206d96
gitea_admin reviewed 2026-04-23 18:37:46 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
infra/base/kustomization.yaml
@@ -22,3 +22,4 @@ resources:
- tempo.yaml
- grafana-dashboards.yaml
- network-policies-application.yaml
- backstage.yaml
gitea_admin commented 2026-04-23 18:37:46 +00:00
Owner
Copy Link

Consider verifying that backstage.yaml exists in the same directory to avoid kustomize build errors.

#ai-review-inline

Consider verifying that backstage.yaml exists in the same directory to avoid kustomize build errors. #ai-review-inline
Ghost marked this conversation as resolved
gitea_admin reviewed 2026-04-23 18:37:49 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
cluster-resources/backstage-keycloak-client-config.yaml
@@ -0,0 +14,4 @@
{
"clientId": "backstage",
"name": "Backstage Developer Portal",
"redirectUris": ["https://backstage.forteapps.net/api/auth/oidc/handler/frame"],
gitea_admin commented 2026-04-23 18:37:49 +00:00
Owner
Copy Link

Consider using a variable or ConfigMap for the domain to make this configuration environment-agnostic.

#ai-review-inline

Consider using a variable or ConfigMap for the domain to make this configuration environment-agnostic. #ai-review-inline
Ghost marked this conversation as resolved
cluster-resources/backstage-keycloak-client-config.yaml
@@ -0,0 +15,4 @@
"clientId": "backstage",
"name": "Backstage Developer Portal",
"redirectUris": ["https://backstage.forteapps.net/api/auth/oidc/handler/frame"],
"webOrigins": ["https://backstage.forteapps.net"],
gitea_admin commented 2026-04-23 18:37:49 +00:00
Owner
Copy Link

Consider using a variable or ConfigMap for the domain to make this configuration environment-agnostic.

#ai-review-inline

Consider using a variable or ConfigMap for the domain to make this configuration environment-agnostic. #ai-review-inline
Ghost marked this conversation as resolved
gitea_admin reviewed 2026-04-23 18:37:49 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
gitea_admin reviewed 2026-04-23 18:37:49 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
infra/values/upc-dev/backstage-values.yaml
@@ -0,0 +1,12 @@
global:
host: backstage.forteapps.net
gitea_admin commented 2026-04-23 18:37:49 +00:00
Owner
Copy Link

Host configuration appears twice which may cause conflicts or confusion in the Helm chart.

#ai-review-inline

Host configuration appears twice which may cause conflicts or confusion in the Helm chart. #ai-review-inline
Ghost marked this conversation as resolved
infra/values/upc-dev/backstage-values.yaml
@@ -0,0 +5,4 @@
backstage:
appConfig:
app:
baseUrl: https://backstage.forteapps.net
gitea_admin commented 2026-04-23 18:37:49 +00:00
Owner
Copy Link

Backend baseUrl should typically use a different path or port than the frontend app baseUrl to avoid routing conflicts.

        baseUrl: https://backstage.forteapps.net/api

#ai-review-inline

Backend baseUrl should typically use a different path or port than the frontend app baseUrl to avoid routing conflicts. ```suggestion baseUrl: https://backstage.forteapps.net/api ``` #ai-review-inline
Ghost marked this conversation as resolved
gitea_admin reviewed 2026-04-23 18:37:49 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
gitea_admin reviewed 2026-04-23 18:37:51 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
infra/base/backstage.yaml
@@ -0,0 +17,4 @@
sources:
- repoURL: https://redhat-developer.github.io/rhdh-chart
chart: backstage
targetRevision: "5.8.0"
gitea_admin commented 2026-04-23 18:37:51 +00:00
Owner
Copy Link

Consider pinning to a specific chart version digest instead of semantic version for better security and reproducibility.

#ai-review-inline

Consider pinning to a specific chart version digest instead of semantic version for better security and reproducibility. #ai-review-inline
Ghost marked this conversation as resolved
infra/base/backstage.yaml
@@ -0,0 +24,4 @@
- $values/infra/values/base/backstage-values.yaml
- $values/infra/values/upc-dev/backstage-values.yaml
- repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
gitea_admin commented 2026-04-23 18:37:51 +00:00
Owner
Copy Link

SSH Git URL exposes internal infrastructure details and may create dependency issues.

#ai-review-inline

SSH Git URL exposes internal infrastructure details and may create dependency issues. #ai-review-inline
Ghost marked this conversation as resolved
infra/base/backstage.yaml
@@ -0,0 +25,4 @@
- $values/infra/values/upc-dev/backstage-values.yaml
- repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
targetRevision: HEAD
gitea_admin commented 2026-04-23 18:37:51 +00:00
Owner
Copy Link

Using HEAD for targetRevision can cause unexpected deployments when main branch changes.

    targetRevision: "main"

#ai-review-inline

Using HEAD for targetRevision can cause unexpected deployments when main branch changes. ```suggestion targetRevision: "main" ``` #ai-review-inline
Ghost marked this conversation as resolved
gitea_admin reviewed 2026-04-23 18:37:51 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
infra/base/backstage.yaml
@@ -0,0 +17,4 @@
sources:
- repoURL: https://redhat-developer.github.io/rhdh-chart
chart: backstage
targetRevision: "5.8.0"
gitea_admin commented 2026-04-23 18:37:51 +00:00
Owner
Copy Link

Consider pinning to a specific chart version digest instead of semantic version for better security and reproducibility.

#ai-review-inline

Consider pinning to a specific chart version digest instead of semantic version for better security and reproducibility. #ai-review-inline
Ghost marked this conversation as resolved
infra/base/backstage.yaml
@@ -0,0 +24,4 @@
- $values/infra/values/base/backstage-values.yaml
- $values/infra/values/upc-dev/backstage-values.yaml
- repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
gitea_admin commented 2026-04-23 18:37:51 +00:00
Owner
Copy Link

SSH Git URL exposes internal infrastructure details and may create dependency issues.

#ai-review-inline

SSH Git URL exposes internal infrastructure details and may create dependency issues. #ai-review-inline
Ghost marked this conversation as resolved
infra/base/backstage.yaml
@@ -0,0 +25,4 @@
- $values/infra/values/upc-dev/backstage-values.yaml
- repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
targetRevision: HEAD
gitea_admin commented 2026-04-23 18:37:51 +00:00
Owner
Copy Link

Using HEAD for targetRevision can cause unexpected deployments when main branch changes.

    targetRevision: "main"

#ai-review-inline

Using HEAD for targetRevision can cause unexpected deployments when main branch changes. ```suggestion targetRevision: "main" ``` #ai-review-inline
Ghost marked this conversation as resolved
gitea_admin reviewed 2026-04-23 18:37:51 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
infra/base/backstage.yaml
@@ -0,0 +15,4 @@
project: default
sources:
- repoURL: https://redhat-developer.github.io/rhdh-chart
gitea_admin commented 2026-04-23 18:37:51 +00:00
Owner
Copy Link

External Helm repository should be verified for security and reliability.

#ai-review-inline

External Helm repository should be verified for security and reliability. #ai-review-inline
Ghost marked this conversation as resolved
gitea_admin reviewed 2026-04-23 18:37:51 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
infra/base/backstage.yaml
@@ -0,0 +15,4 @@
project: default
sources:
- repoURL: https://redhat-developer.github.io/rhdh-chart
gitea_admin commented 2026-04-23 18:37:51 +00:00
Owner
Copy Link

External Helm repository should be verified for security and reliability.

#ai-review-inline

External Helm repository should be verified for security and reliability. #ai-review-inline
Ghost marked this conversation as resolved
gitea_admin reviewed 2026-04-23 18:37:54 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
infra/values/base/backstage-values.yaml
@@ -0,0 +21,4 @@
image:
registry: quay.io
repository: rhdh-community/rhdh
tag: next
gitea_admin commented 2026-04-23 18:37:54 +00:00
Owner
Copy Link

Using 'next' tag is unstable for production deployments; prefer a specific version tag or digest.

      tag: "1.0.0"  # Replace with specific stable version

#ai-review-inline

Using 'next' tag is unstable for production deployments; prefer a specific version tag or digest. ```suggestion tag: "1.0.0" # Replace with specific stable version ``` #ai-review-inline
Ghost marked this conversation as resolved
infra/values/base/backstage-values.yaml
@@ -0,0 +42,4 @@
appConfig:
app:
title: "Forte Backstage"
baseUrl: http://localhost:7007
gitea_admin commented 2026-04-23 18:37:54 +00:00
Owner
Copy Link

Hardcoded localhost URL will break in Kubernetes deployment; use proper ingress URL or environment variable.

        baseUrl: https://backstage.forteapps.net

#ai-review-inline

Hardcoded localhost URL will break in Kubernetes deployment; use proper ingress URL or environment variable. ```suggestion baseUrl: https://backstage.forteapps.net ``` #ai-review-inline
Ghost marked this conversation as resolved
infra/values/base/backstage-values.yaml
@@ -0,0 +45,4 @@
baseUrl: http://localhost:7007
backend:
baseUrl: http://localhost:7007
gitea_admin commented 2026-04-23 18:37:54 +00:00
Owner
Copy Link

Hardcoded localhost URL will break in Kubernetes deployment; use proper service URL or environment variable.

        baseUrl: https://backstage.forteapps.net

#ai-review-inline

Hardcoded localhost URL will break in Kubernetes deployment; use proper service URL or environment variable. ```suggestion baseUrl: https://backstage.forteapps.net ``` #ai-review-inline
Ghost marked this conversation as resolved
infra/values/base/backstage-values.yaml Outdated
@@ -0,0 +47,4 @@
backend:
baseUrl: http://localhost:7007
database:
client: better-sqlite3
gitea_admin commented 2026-04-23 18:37:54 +00:00
Owner
Copy Link

SQLite in-memory database will lose data on pod restart; use PostgreSQL for production.

          client: pg
          connection:
            host: ${POSTGRES_HOST}
            port: 5432
            user: ${POSTGRES_USER}
            password: ${POSTGRES_PASSWORD}
            database: ${POSTGRES_DB}

#ai-review-inline

SQLite in-memory database will lose data on pod restart; use PostgreSQL for production. ```suggestion client: pg connection: host: ${POSTGRES_HOST} port: 5432 user: ${POSTGRES_USER} password: ${POSTGRES_PASSWORD} database: ${POSTGRES_DB} ``` #ai-review-inline
Ghost marked this conversation as resolved
infra/values/base/backstage-values.yaml
@@ -0,0 +104,4 @@
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
gitea_admin commented 2026-04-23 18:37:54 +00:00
Owner
Copy Link

Missing TLS redirect configuration for secure HTTPS access.

      traefik.ingress.kubernetes.io/router.entrypoints: websecure
      traefik.ingress.kubernetes.io/router.tls: "true"

#ai-review-inline

Missing TLS redirect configuration for secure HTTPS access. ```suggestion traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" ``` #ai-review-inline
gitea_admin reviewed 2026-04-23 18:37:54 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
infra/values/base/backstage-values.yaml
@@ -0,0 +21,4 @@
image:
registry: quay.io
repository: rhdh-community/rhdh
tag: next
gitea_admin commented 2026-04-23 18:37:54 +00:00
Owner
Copy Link

Using 'next' tag is unstable for production deployments; prefer a specific version tag or digest.

      tag: "1.0.0"  # Replace with specific stable version

#ai-review-inline

Using 'next' tag is unstable for production deployments; prefer a specific version tag or digest. ```suggestion tag: "1.0.0" # Replace with specific stable version ``` #ai-review-inline
Ghost marked this conversation as resolved
infra/values/base/backstage-values.yaml
@@ -0,0 +42,4 @@
appConfig:
app:
title: "Forte Backstage"
baseUrl: http://localhost:7007
gitea_admin commented 2026-04-23 18:37:54 +00:00
Owner
Copy Link

Hardcoded localhost URL will break in Kubernetes deployment; use proper ingress URL or environment variable.

        baseUrl: https://backstage.forteapps.net

#ai-review-inline

Hardcoded localhost URL will break in Kubernetes deployment; use proper ingress URL or environment variable. ```suggestion baseUrl: https://backstage.forteapps.net ``` #ai-review-inline
Ghost marked this conversation as resolved
infra/values/base/backstage-values.yaml
@@ -0,0 +45,4 @@
baseUrl: http://localhost:7007
backend:
baseUrl: http://localhost:7007
gitea_admin commented 2026-04-23 18:37:54 +00:00
Owner
Copy Link

Hardcoded localhost URL will break in Kubernetes deployment; use proper service URL or environment variable.

        baseUrl: https://backstage.forteapps.net

#ai-review-inline

Hardcoded localhost URL will break in Kubernetes deployment; use proper service URL or environment variable. ```suggestion baseUrl: https://backstage.forteapps.net ``` #ai-review-inline
Ghost marked this conversation as resolved
infra/values/base/backstage-values.yaml Outdated
@@ -0,0 +47,4 @@
backend:
baseUrl: http://localhost:7007
database:
client: better-sqlite3
gitea_admin commented 2026-04-23 18:37:54 +00:00
Owner
Copy Link

SQLite in-memory database will lose data on pod restart; use PostgreSQL for production.

          client: pg
          connection:
            host: ${POSTGRES_HOST}
            port: 5432
            user: ${POSTGRES_USER}
            password: ${POSTGRES_PASSWORD}
            database: ${POSTGRES_DB}

#ai-review-inline

SQLite in-memory database will lose data on pod restart; use PostgreSQL for production. ```suggestion client: pg connection: host: ${POSTGRES_HOST} port: 5432 user: ${POSTGRES_USER} password: ${POSTGRES_PASSWORD} database: ${POSTGRES_DB} ``` #ai-review-inline
Ghost marked this conversation as resolved
infra/values/base/backstage-values.yaml
@@ -0,0 +104,4 @@
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
gitea_admin commented 2026-04-23 18:37:54 +00:00
Owner
Copy Link

Missing TLS redirect configuration for secure HTTPS access.

      traefik.ingress.kubernetes.io/router.entrypoints: websecure
      traefik.ingress.kubernetes.io/router.tls: "true"

#ai-review-inline

Missing TLS redirect configuration for secure HTTPS access. ```suggestion traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" ``` #ai-review-inline
gitea_admin reviewed 2026-04-23 18:37:54 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
infra/values/base/backstage-values.yaml
@@ -0,0 +21,4 @@
image:
registry: quay.io
repository: rhdh-community/rhdh
tag: next
gitea_admin commented 2026-04-23 18:37:54 +00:00
Owner
Copy Link

Using 'next' tag is unstable for production deployments; prefer a specific version tag or digest.

      tag: "1.0.0"  # Replace with specific stable version

#ai-review-inline

Using 'next' tag is unstable for production deployments; prefer a specific version tag or digest. ```suggestion tag: "1.0.0" # Replace with specific stable version ``` #ai-review-inline
Ghost marked this conversation as resolved
infra/values/base/backstage-values.yaml
@@ -0,0 +42,4 @@
appConfig:
app:
title: "Forte Backstage"
baseUrl: http://localhost:7007
gitea_admin commented 2026-04-23 18:37:54 +00:00
Owner
Copy Link

Hardcoded localhost URL will break in Kubernetes deployment; use proper ingress URL or environment variable.

        baseUrl: https://backstage.forteapps.net

#ai-review-inline

Hardcoded localhost URL will break in Kubernetes deployment; use proper ingress URL or environment variable. ```suggestion baseUrl: https://backstage.forteapps.net ``` #ai-review-inline
Ghost marked this conversation as resolved
infra/values/base/backstage-values.yaml
@@ -0,0 +45,4 @@
baseUrl: http://localhost:7007
backend:
baseUrl: http://localhost:7007
gitea_admin commented 2026-04-23 18:37:54 +00:00
Owner
Copy Link

Hardcoded localhost URL will break in Kubernetes deployment; use proper service URL or environment variable.

        baseUrl: https://backstage.forteapps.net

#ai-review-inline

Hardcoded localhost URL will break in Kubernetes deployment; use proper service URL or environment variable. ```suggestion baseUrl: https://backstage.forteapps.net ``` #ai-review-inline
Ghost marked this conversation as resolved
infra/values/base/backstage-values.yaml Outdated
@@ -0,0 +47,4 @@
backend:
baseUrl: http://localhost:7007
database:
client: better-sqlite3
gitea_admin commented 2026-04-23 18:37:54 +00:00
Owner
Copy Link

SQLite in-memory database will lose data on pod restart; use PostgreSQL for production.

          client: pg
          connection:
            host: ${POSTGRES_HOST}
            port: 5432
            user: ${POSTGRES_USER}
            password: ${POSTGRES_PASSWORD}
            database: ${POSTGRES_DB}

#ai-review-inline

SQLite in-memory database will lose data on pod restart; use PostgreSQL for production. ```suggestion client: pg connection: host: ${POSTGRES_HOST} port: 5432 user: ${POSTGRES_USER} password: ${POSTGRES_PASSWORD} database: ${POSTGRES_DB} ``` #ai-review-inline
Ghost marked this conversation as resolved
infra/values/base/backstage-values.yaml
@@ -0,0 +104,4 @@
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
gitea_admin commented 2026-04-23 18:37:54 +00:00
Owner
Copy Link

Missing TLS redirect configuration for secure HTTPS access.

      traefik.ingress.kubernetes.io/router.entrypoints: websecure
      traefik.ingress.kubernetes.io/router.tls: "true"

#ai-review-inline

Missing TLS redirect configuration for secure HTTPS access. ```suggestion traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" ``` #ai-review-inline
gitea_admin reviewed 2026-04-23 18:37:54 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
gitea_admin reviewed 2026-04-23 18:37:54 +00:00
gitea_admin left a comment
Owner
Copy Link

Inline review

Inline review
gitea_admin commented 2026-04-23 18:38:04 +00:00
Owner
Copy Link

Added Backstage developer portal deployment with automated Keycloak client registration and Gitea integration.

Affected services/namespaces: New backstage namespace with Backstage/RHDH application and PostgreSQL database.

Infrastructure impact: New ArgoCD application deploying Red Hat Developer Hub (v5.8.0) with resource limits (1 CPU, 2.5Gi memory for app; 250m CPU, 512Mi memory for PostgreSQL), 2Gi persistent storage for PostgreSQL, and Traefik ingress on websecure entrypoint.

Security notes: REQUIRES EXTRA REVIEW - Creates new Secret keycloak-client-backstage containing Keycloak OIDC client configuration with redirect URIs, and adds AI_REVIEW_TOKEN to CI workflow. Uses self-service Keycloak client registrar pattern to automatically provision OIDC credentials in backstage namespace.

#ai-review-summary

Added Backstage developer portal deployment with automated Keycloak client registration and Gitea integration. **Affected services/namespaces**: New `backstage` namespace with Backstage/RHDH application and PostgreSQL database. **Infrastructure impact**: New ArgoCD application deploying Red Hat Developer Hub (v5.8.0) with resource limits (1 CPU, 2.5Gi memory for app; 250m CPU, 512Mi memory for PostgreSQL), 2Gi persistent storage for PostgreSQL, and Traefik ingress on websecure entrypoint. **Security notes**: REQUIRES EXTRA REVIEW - Creates new Secret `keycloak-client-backstage` containing Keycloak OIDC client configuration with redirect URIs, and adds AI_REVIEW_TOKEN to CI workflow. Uses self-service Keycloak client registrar pattern to automatically provision OIDC credentials in backstage namespace. #ai-review-summary
gitea_admin added 1 commit 2026-04-23 18:43:20 +00:00
cleanup
All checks were successful
AI Code Review / ai-review (pull_request) Successful in 4s
Details
1f67ccab3f
gitea_admin approved these changes 2026-04-23 18:45:51 +00:00
gitea_admin merged commit 026bcb2b31 into main 2026-04-23 18:45:57 +00:00
gitea_admin deleted branch feature/backstage 2026-04-23 18:45:57 +00:00
gitea_admin referenced this issue from a commit 2026-04-23 18:45:57 +00:00
feature/backstage (#13)
Sign in to join this conversation.
Reviewers
No Reviewers
gitea_admin
Labels
Clear labels
ai-review
Request AI review on your pull request
No Label ai-review
Milestone
No items
No Milestone
Assignees
Clear assignees
danijel.simeunovic edvard.unsvag ellina.ivleva gitea_admin henrik.farstad jorgen.stensrud petter.schultz ragnhild.hande thomas.solbjor
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Forte/launchpad#13
Delete Branch "feature/backstage"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?