Summary

Workspace yarn.lock files are polluted with rhdh-cli dependencies, causing non-deterministic version drift in @backstage/cli-node and related packages.

Problem

The current approach adds @red-hat-developer-hub/cli as a devDependency to each workspace's package.json. This causes all of rhdh-cli's transitive dependencies to be resolved into each workspace's yarn.lock.

rhdh-cli v1.9.1 depends on older Backstage packages:

• @backstage/cli@0.34.1 (which needs @backstage/cli-node@^0.2.14)
• @backstage/cli-node@^0.2.12

These conflict with the workspace's actual Backstage version (e.g., 1.45.3 which uses @backstage/cli-node@0.2.15).

When yarn install --no-immutable runs, yarn sees multiple compatible specs and may upgrade to newer versions (0.2.16 or 0.2.17), causing non-deterministic drift.

Impact

Proposed Solution

Install rhdh-cli in a standalone central location instead of adding it to each workspace.

build/rhdh-cli/
├── package.json          ← depends on rhdh-cli
├── yarn.lock             ← isolated, committed
└── node_modules/.bin/rhdh-cli  ← binary used by export scripts

Changes Required

1. Create build/rhdh-cli/package.json

{
  "name": "rhdh-cli-standalone",
  "private": true,
  "dependencies": {
    "@red-hat-developer-hub/cli": "1.9.1"
  }
}

2. Generate yarn.lock

cd build/rhdh-cli && yarn install

Commit the generated yarn.lock file.

3. Modify offline-rhdh-cli.sh

Remove the logic that adds rhdh-cli to each workspace's package.json.

4. Modify exportPlugin.sh

Point INPUTS_CLI_CALLER to the central binary:

export INPUTS_CLI_CALLER="${ROOTPATH}/build/rhdh-cli/node_modules/.bin/rhdh-cli"

5. Update Konflux prefetch configuration

Add build/rhdh-cli as an additional path for dependency prefetching.

Benefits

Acceptance Criteria

• rhdh-cli is installed in build/rhdh-cli/ only
• No workspace package.json contains @red-hat-developer-hub/cli
• No workspace yarn.lock contains @backstage/cli-node@^0.2.12
• Plugin exports continue to work correctly
• Konflux builds succeed with prefetch