From 9fef218542c820320c61eace2b81bcafb5826a8b Mon Sep 17 00:00:00 2001
From: Tomas Kral <tkral@redhat.com>
Date: Fri, 27 Feb 2026 15:23:41 +0100
Subject: [PATCH 1/3] Enable scorecard plugin for test instance deployment

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 config/app-config-rhdh.yaml |  4 ++++
 config/dynamic-plugins.yaml | 29 +++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+)

diff --git a/config/app-config-rhdh.yaml b/config/app-config-rhdh.yaml
index c4e9986..1a88802 100644
--- a/config/app-config-rhdh.yaml
+++ b/config/app-config-rhdh.yaml
@@ -22,6 +22,10 @@ auth:
           resolvers:
             - resolver: emailLocalPartMatchingUserEntityName
 signInPage: oidc
+jira:
+  product: cloud
+  baseUrl: ${JIRA_URL}
+  token: ${JIRA_TOKEN}
 catalog:
   import:
     entityFilename: catalog-info.yaml
diff --git a/config/dynamic-plugins.yaml b/config/dynamic-plugins.yaml
index 1707b52..762dca7 100644
--- a/config/dynamic-plugins.yaml
+++ b/config/dynamic-plugins.yaml
@@ -3,4 +3,33 @@ includes:
 plugins:
   - package: ./dynamic-plugins/dist/backstage-community-plugin-catalog-backend-module-keycloak-dynamic
     disabled: false
+  # Scorecard backend
+  - package: 'oci://ghcr.io/redhat-developer/rhdh-plugin-export-overlays/red-hat-developer-hub-backstage-plugin-scorecard-backend:bs_1.45.3__2.3.5!red-hat-developer-hub-backstage-plugin-scorecard-backend'
+    disabled: false
+  # Scorecard backend module - GitHub
+  - package: 'oci://ghcr.io/redhat-developer/rhdh-plugin-export-overlays/red-hat-developer-hub-backstage-plugin-scorecard-backend-module-github:bs_1.45.3__2.3.5!red-hat-developer-hub-backstage-plugin-scorecard-backend-module-github'
+    disabled: false
+  # Scorecard backend module - Jira
+  - package: 'oci://ghcr.io/redhat-developer/rhdh-plugin-export-overlays/red-hat-developer-hub-backstage-plugin-scorecard-backend-module-jira:bs_1.45.3__2.3.5!red-hat-developer-hub-backstage-plugin-scorecard-backend-module-jira'
+    disabled: false
+  # Scorecard frontend
+  - package: 'oci://ghcr.io/redhat-developer/rhdh-plugin-export-overlays/red-hat-developer-hub-backstage-plugin-scorecard:bs_1.45.3__2.3.5!red-hat-developer-hub-backstage-plugin-scorecard'
+    disabled: false
+    pluginConfig:
+      dynamicPlugins:
+        frontend:
+          red-hat-developer-hub.backstage-plugin-scorecard:
+            entityTabs:
+              - path: '/scorecard'
+                title: Scorecard
+                mountPoint: entity.page.scorecard
+            mountPoints:
+              - mountPoint: entity.page.scorecard/cards
+                importName: EntityScorecardContent
+                config:
+                  layout:
+                    gridColumn: 1 / -1
+                if:
+                  allOf:
+                    - isKind: component
   
\ No newline at end of file

From fab125f5903058780d66dc581386dc270f41032e Mon Sep 17 00:00:00 2001
From: Tomas Kral <tkral@redhat.com>
Date: Fri, 27 Feb 2026 15:51:23 +0100
Subject: [PATCH 2/3] Disable scorecard Jira module (missing
 JIRA_URL/JIRA_TOKEN)

The Jira backend module requires JIRA_URL and JIRA_TOKEN env vars
which are not configured, causing RHDH to fail startup.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 config/app-config-rhdh.yaml | 4 ----
 config/dynamic-plugins.yaml | 4 ++--
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/config/app-config-rhdh.yaml b/config/app-config-rhdh.yaml
index 1a88802..c4e9986 100644
--- a/config/app-config-rhdh.yaml
+++ b/config/app-config-rhdh.yaml
@@ -22,10 +22,6 @@ auth:
           resolvers:
             - resolver: emailLocalPartMatchingUserEntityName
 signInPage: oidc
-jira:
-  product: cloud
-  baseUrl: ${JIRA_URL}
-  token: ${JIRA_TOKEN}
 catalog:
   import:
     entityFilename: catalog-info.yaml
diff --git a/config/dynamic-plugins.yaml b/config/dynamic-plugins.yaml
index 762dca7..8d3cb14 100644
--- a/config/dynamic-plugins.yaml
+++ b/config/dynamic-plugins.yaml
@@ -9,9 +9,9 @@ plugins:
   # Scorecard backend module - GitHub
   - package: 'oci://ghcr.io/redhat-developer/rhdh-plugin-export-overlays/red-hat-developer-hub-backstage-plugin-scorecard-backend-module-github:bs_1.45.3__2.3.5!red-hat-developer-hub-backstage-plugin-scorecard-backend-module-github'
     disabled: false
-  # Scorecard backend module - Jira
+  # Scorecard backend module - Jira (disabled - requires JIRA_URL and JIRA_TOKEN)
   - package: 'oci://ghcr.io/redhat-developer/rhdh-plugin-export-overlays/red-hat-developer-hub-backstage-plugin-scorecard-backend-module-jira:bs_1.45.3__2.3.5!red-hat-developer-hub-backstage-plugin-scorecard-backend-module-jira'
-    disabled: false
+    disabled: true
   # Scorecard frontend
   - package: 'oci://ghcr.io/redhat-developer/rhdh-plugin-export-overlays/red-hat-developer-hub-backstage-plugin-scorecard:bs_1.45.3__2.3.5!red-hat-developer-hub-backstage-plugin-scorecard'
     disabled: false

From 974ea2a2d9eaa94d6721857ecd4cf4c32c75d85a Mon Sep 17 00:00:00 2001
From: Tomas Kral <tkral@redhat.com>
Date: Fri, 27 Feb 2026 16:37:17 +0100
Subject: [PATCH 3/3] Add GitHub integration and backstage/backstage catalog
 entity

- Configure GitHub integration using GH_BOT_PAT from Vault
- Add backstage/backstage catalog-info.yaml as a catalog location
- The upstream entity already has github.com/project-slug annotation
  so the scorecard GitHub module will collect metrics for it

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 config/app-config-rhdh.yaml | 6 ++++++
 config/rhdh-secrets.yaml    | 3 ++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/config/app-config-rhdh.yaml b/config/app-config-rhdh.yaml
index c4e9986..b4103f2 100644
--- a/config/app-config-rhdh.yaml
+++ b/config/app-config-rhdh.yaml
@@ -22,6 +22,10 @@ auth:
           resolvers:
             - resolver: emailLocalPartMatchingUserEntityName
 signInPage: oidc
+integrations:
+  github:
+    - host: github.com
+      token: ${GH_BOT_PAT}
 catalog:
   import:
     entityFilename: catalog-info.yaml
@@ -34,6 +38,8 @@ catalog:
       target: https://github.com/redhat-developer/rhdh/blob/main/catalog-entities/all.yaml
     - type: url
       target: https://github.com/redhat-developer/red-hat-developer-hub-software-templates/blob/main/templates.yaml
+    - type: url
+      target: https://github.com/backstage/backstage/blob/master/catalog-info.yaml
   providers:
     keycloakOrg:
       default:
diff --git a/config/rhdh-secrets.yaml b/config/rhdh-secrets.yaml
index 26085c3..9e745be 100644
--- a/config/rhdh-secrets.yaml
+++ b/config/rhdh-secrets.yaml
@@ -10,4 +10,5 @@ stringData:
   KEYCLOAK_LOGIN_REALM: $KEYCLOAK_LOGIN_REALM
   KEYCLOAK_REALM: $KEYCLOAK_REALM
   KEYCLOAK_CLIENT_ID: $KEYCLOAK_CLIENT_ID
-  KEYCLOAK_CLIENT_SECRET: $KEYCLOAK_CLIENT_SECRET
\ No newline at end of file
+  KEYCLOAK_CLIENT_SECRET: $KEYCLOAK_CLIENT_SECRET
+  GH_BOT_PAT: $GH_BOT_PAT
\ No newline at end of file