Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bitbucket Server Implementation? #65

Open
nickbroon opened this issue Dec 23, 2020 · 24 comments
Open

Bitbucket Server Implementation? #65

nickbroon opened this issue Dec 23, 2020 · 24 comments
Labels
help wanted Extra attention is needed

Comments

@nickbroon
Copy link

nickbroon commented Dec 23, 2020
edited

Are there any plans to add an implementation of this check api to the bitbucket branch source?
https://plugins.jenkins.io/cloudbees-bitbucket-branch-source/

Bitbucket has build status api, https://developer.atlassian.com/server/bitbucket/how-tos/updating-build-status-for-commits/ that might be similar enough to the Github Checks API

See also: https://jira.atlassian.com/browse/BSERV-11477
@XiongKezhi XiongKezhi added the help wanted Extra attention is needed label Dec 24, 2020
@XiongKezhi
Copy link
Contributor

No determined plan but we'd love to have implementations for other platforms!
I've no experience with bitbucket but will look into it, thanks for the link.

@XiongKezhi
Copy link
Contributor

To all: any contributions or a POC are always welcomed!

@uhafner
Copy link
Member

uhafner commented Dec 28, 2020

For volunteers that are going to implement support for GitLab, BitBucket, etc.: you can get some inspirations from the https://plugins.jenkins.io/violation-comments-to-stash/ and https://plugins.jenkins.io/violation-comments-to-gitlab/ plugins. Maybe it is possible to extract the API calls from there.

@pantosha
Copy link

pantosha commented Jan 6, 2021

Bitbucket Server has Code Insights feature that is an alternative to GitHub Checks:

@KalleOlaviNiemitalo
Copy link

I had requested something like this from Atlassian earlier and the request was split to BSERV-11477.

Difficulties:

  • Code Insights does not support Markdown (BSERV-11523), so the plugin would have to render that to plain text. The Markdown renderer would have to be secure against malicious input, e.g. not follow any URLs to check sizes of images.
  • Cannot support ChecksAction.
  • Cannot support ChecksImage.
  • ChecksOutput has getTitle, getSummary, and getText, while Code Insights has only title and details. Could concatenate the summary and the text.
  • How to set the data property. Could perhaps use it for ChecksConclusion (if the value cannot be mapped to PASS/FAIL), ChecksStatus, and timestamps.
  • If multiple checks run during a build, should each of them be able to set distinct values for reporter and logoUrl? Could perhaps extend ChecksDetails (or ChecksOutput?) so that consumer plugins can provide those values, and then also extend ChecksInfo and WithChecksStep so that the pipeline can override them.

@KalleOlaviNiemitalo
Copy link

I don't think the Checks API implementation should necessarily be part of the Bitbucket Branch Source plugin. A separate plugin could easily locate the BitbucketSCMSource instance and call its public methods to read the REST API parameters (base URL, project, repository, and credential). Such a separate plugin could later be extended to support the other BitbucketSCMSource from Atlassian's Bitbucket Server Integration plugin as well, or the REST API parameters could even be provided in a BranchProperty or an SCMSourceTrait if the project uses neither of those SCM sources.

@KalleOlaviNiemitalo
Copy link

violation-comments-to-stash sends warnings to Bitbucket Server as comments in a pull request. It does not use the newer Code Insights feature, which supports reports on all commits even if they are not in a pull request.

@KalleOlaviNiemitalo
Copy link

Bitbucket Cloud appears to have a "reports" API that has the same concepts as Code Insights in Bitbucket Server. However, the URL templates, JSON property names, and enumeration types are different, so it would not be possible to develop the plugin against Bitbucket Cloud and have it just work on Bitbucket Server (and Data Center) as well.

@KalleOlaviNiemitalo
Copy link

In addition to the Code Insights API, Bitbucket Server has two ways to report build statuses:

The Bitbucket Branch Source plugin supports only the older build status API. The Bitbucket Server Integration plugin supports both and asks Bitbucket Server whether the newer API is available.

Neither of those build status APIs supports annotations on lines of files. The Code Insights API supports that.

@KalleOlaviNiemitalo
Copy link

Cannot support ChecksAction.

This would not be a problem in practice, because consumer plugins (e.g. the JUnit plugin) do not use ChecksAction yet. Checks API does not currently provide a way for a consumer plugin to be notified when a user chooses an action.

The GitHub Checks plugin does not provide that capability, either. Its CheckRunGHEventSubscriber class recognises only "action": "rerequested" generated by GitHub. The plugin does not recognise "action": "requested_action", "requested_action": {…}, which would correspond to a ChecksAction.

@KalleOlaviNiemitalo
Copy link

  • How to set the data property. Could perhaps use it for ChecksConclusion (if the value cannot be mapped to PASS/FAIL), ChecksStatus, and timestamps.

AFAICT, consumer plugins and WithChecksStep do not set the startedAt and completedAt timestamps yet. They could easily start doing so, though.

@KalleOlaviNiemitalo
Copy link

  • Code Insights does not support Markdown (BSERV-11523), so the plugin would have to render that to plain text.

Consumer plugins post HTML tags and emoji shortcodes as well. I guess the Markdown would first have to be rendered to HTML and then stripped of tags.

@KalleOlaviNiemitalo
Copy link

ChecksOutput.getSummary() and ChecksOutput.getText() assigned by Warnings Next Generation seem to mainly contain Markdown tables that would be difficult to render usefully for Bitbucket Server. I think the mapping should go like this:

  • Code Insights report key in the URL = percent-encoded ChecksDetails.getName(). If that is not set, then don't publish anything. If checks are published to the same commit from multiple branches, then the last one overwrites earlier ones; if that is not desired, then the pipeline can use withChecks to change the name.
  • Code Insights report title = ChecksDetails.getName(). Don't use ChecksOutput.getTitle() here because it is too long and depends on analysis results.
  • Code Insights report details = ChecksOutput.getTitle(). Could also add the names of the job and the run here but they cannot be made hyperlinks.
  • Code Insights report reporter = hardcode "Jenkins" or omit the property.
  • Code Insights report logoUrl = root URL + "favicon.ico". Because the Code Insights UI stretches this to a square, jenkins.svg would look ugly.
  • Don't use ChecksOutput.getSummary() and ChecksOutput.getText() at all, because of the Markdown.

There are also some difficulties in converting the annotations. Checks API does not yet seem to support a property that could be mapped to the VULNERABILITY, CODE_SMELL, BUG enumeration used by Code Insights. The warning codes parsed from MSBuild output are also missing but perhaps that is a problem in Warnings NG rather than Checks API.

Microsoft's C# compiler is apparently able to save warnings to a SARIF file. I should compare the SARIF specification to the ChecksAnnotation model; perhaps it defines some properties that would be useful to add.

@KalleOlaviNiemitalo
Copy link

  • Code Insights does not support Markdown (BSERV-11523)

Bitbucket Server supports Markdown in pull request descriptions, pull request comments, and commit comments. There, it renders [Link text](http://example.org/) as a hyperlink all right. However, it renders <a href="http://example.org/">Link text</a> as markup and not as a hyperlink. Thus, even if Atlassian eventually copies the Markdown support to Code Insights, it still might not correctly render the hyperlink that WarningChecksPublisher.extractReferenceBuild adds as HTML. 😞

@KalleOlaviNiemitalo KalleOlaviNiemitalo mentioned this issue Jan 20, 2021
Merged
@KalleOlaviNiemitalo
Copy link

KalleOlaviNiemitalo commented Jan 22, 2021
edited

There are a few difficulties in having a separate plugin read the REST API URL and credentials from Atlassian's Bitbucket Server Integration plugin:

  • The necessary classes in Atlassian's plugin are public, but the package names (javadoc) include the word internal, which suggests that Atlassian might not want to support them as a stable API. The plugin does not have any @Restricted annotations at all.
    Filed JENKINS-64691.
  • Its pom.xml does not use https://github.com/jenkinsci/bom, and it depends directly on okhttp and other libraries, instead of going through API plugins. This leads to build-time version mismatch errors that need several dependency exclusions or managed dependencies to solve.
  • Its BitbucketSCMSource class does not know the server URL but rather a server identifier whose meaning has to looked up with BitbucketPluginConfiguration.getServerById. To find the BitbucketPluginConfiguration instance, classes use @Inject, which is a bit annoying to do in a separate plugin that would not otherwise use this form of dependency injection. I suspect that @Inject might not play nice with dynamic loading of Bitbucket Server Integration as an optional dependency, either.

@regicsolutions
Copy link

@KalleOlaviNiemitalo just starting to explore using the Bitbucket Server Code Insights feature within a Jenkins shared library, was wondering if you were able to come up with a solution?

@KalleOlaviNiemitalo
Copy link

@regicsolutions I have a Jenkins plugin basically working but…

  • need to discuss licensing etc. with employer
  • would need somebody else to take over as maintainer
  • no tests
  • does not support a Job without a Run, thus no "status checks"
  • support for reading API URLs and credentials from Bitbucket Server Integration Plugin relies on "internal" classes so might break in the future
  • missing features in Bitbucket Server make Code Insights less useful than GitHub Checks, and Atlassian isn't responding to the issues that have been filed, so it feels like a dead end

@regicsolutions
Copy link

That's great that hear that you got a working plugin, would love to test it out if you are clear to release it.

@KalleOlaviNiemitalo KalleOlaviNiemitalo mentioned this issue Sep 22, 2021
Open
@regicsolutions
Copy link

@KalleOlaviNiemitalo just checking in to see if this is something that could potentially be contributed?

@regicsolutions
Copy link

@KalleOlaviNiemitalo friendly ping 😀

@jonesbusy
Copy link

Hi,

Also posted on the Jira ticket.

More than happy to test anything if published to the Jenkins release center.

Regards,

@vijay-jangir
Copy link

vijay-jangir commented Mar 6, 2024
edited

has this been implemented?

@timja timja mentioned this issue Mar 6, 2024
Closed
@jonesbusy
Copy link

Apparently from a private plugin.

I would also need such integration, but is quite huge work. Also without the help from community or even Atlassian I don't see it coming soon.

Bitbucket Server in general lack some essential feature compared to SCM like GitHub or GitLab. Even after the release of Atlassian supported https://plugins.jenkins.io/atlassian-bitbucket-server-integration/ integration is still poor 😢

@Ketec
Copy link

Ketec commented May 17, 2024

On this similar topic - have there been any attempts for GitLab? It is much more complete as a SCM.
But Google search has not resulted in any valid hints (and search sucks these days).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@uhafner @jonesbusy @nickbroon @pantosha @regicsolutions @vijay-jangir @Ketec @XiongKezhi @KalleOlaviNiemitalo