redhat-developer · coreydaley · Jan 27, 2025
diff --git a/charts/backstage/Chart.yaml b/charts/backstage/Chart.yaml
@@ -44,4 +44,4 @@ sources:
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.29.0
+version: 2.30.0
diff --git a/charts/backstage/README.md b/charts/backstage/README.md
@@ -2,7 +2,7 @@
 # RHDH Backstage Helm Chart for OpenShift (Community Version)
 
 [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/rhdh-chart&style=flat-square)](https://artifacthub.io/packages/search?repo=rhdh-chart)
-![Version: 2.29.0](https://img.shields.io/badge/Version-2.29.0-informational?style=flat-square)
+![Version: 2.30.0](https://img.shields.io/badge/Version-2.30.0-informational?style=flat-square)
 ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 A Helm chart for deploying Red Hat Developer Hub.

diff --git a/charts/backstage/values.schema.json b/charts/backstage/values.schema.json
@@ -2628,6 +2628,10 @@
                                 {
                                     "mountPath": "/opt/app-root/src/dynamic-plugins-root",
                                     "name": "dynamic-plugins-root"
+                                },
+                                {
+                                    "mountPath": "/tmp",
+                                    "name": "temp"
                                 }
                             ],
                             "items": {
@@ -2706,6 +2710,14 @@
                                 {
                                     "emptyDir": {},
                                     "name": "npmcacache"
+                                },
+                                {
+                                    "emptyDir": {},
+                                    "name": "init-container-temp"
+                                },
+                                {
+                                    "emptyDir": {},
+                                    "name": "temp"
                                 }
                             ],
                             "items": {
@@ -4383,6 +4395,10 @@
                                         {
                                             "mountPath": "/opt/app-root/src/.npm/_cacache",
                                             "name": "npmcacache"
+                                        },
+                                        {
+                                            "mountPath": "/tmp",
+                                            "name": "init-container-temp"
                                         }
                                     ],
                                     "workingDir": "/opt/app-root/src"

diff --git a/charts/backstage/values.yaml b/charts/backstage/values.yaml
@@ -5,7 +5,7 @@ global:
     includes:
       # -- List of dynamic plugins included inside the `janus-idp/backstage-showcase` container image, some of which are disabled by default.
       # This file ONLY works with the `janus-idp/backstage-showcase` container image.
-      - 'dynamic-plugins.default.yaml'
+      - "dynamic-plugins.default.yaml"
 
     # -- List of dynamic plugins, possibly overriding the plugins listed in `includes` files.
     # Every item defines the plugin `package` as a [NPM package spec](https://docs.npmjs.com/cli/v10/using-npm/package-spec),
@@ -67,6 +67,7 @@ upstream:
                 subject: legacy-default-config
                 secret: ${BACKEND_SECRET}
     containerSecurityContext:
+      readOnlyRootFilesystem: true
       allowPrivilegeEscalation: false
       capabilities:
         drop: ["ALL"]
@@ -134,12 +135,14 @@ upstream:
             name: '{{- include "janus-idp.postgresql.secretName" . }}'
     args:
       # This additional `app-config`` file is generated by the initContainer below, and contains the merged configuration of installed dynamic plugins.
-      - '--config'
+      - "--config"
       - dynamic-plugins-root/app-config.dynamic-plugins.yaml
     extraVolumeMounts:
       # The initContainer below will install dynamic plugins in this volume mount.
       - name: dynamic-plugins-root
         mountPath: /opt/app-root/src/dynamic-plugins-root
+      - name: temp
+        mountPath: /tmp
     extraVolumes:
       - name: dynamic-plugins-root
         persistentVolumeClaim:
@@ -167,6 +170,10 @@ upstream:
           secretName: '{{ printf "%s-dynamic-plugins-registry-auth" .Release.Name }}'
       - name: npmcacache
         emptyDir: {}
+      - name: init-container-temp
+        emptyDir: {}
+      - name: temp
+        emptyDir: {}
     initContainers:
       - name: install-dynamic-plugins
         resources:
@@ -211,6 +218,8 @@ upstream:
             readOnly: true
           - mountPath: /opt/app-root/src/.npm/_cacache
             name: npmcacache
+          - mountPath: /tmp
+            name: init-container-temp
         workingDir: /opt/app-root/src
     installDir: /opt/app-root/src
     podAnnotations: