Add Bitbucket PR comment support#206
Draft
Orlando Barrera II (obarrera) wants to merge 4 commits into
Draft
Conversation
Adds a Bitbucket SCM implementation mirroring the GitHub/GitLab modules so socketcli can post and update Dependency Overview and Security Issue comments on Bitbucket Cloud pull requests. Includes config from BITBUCKET_* Pipelines env vars (Bearer token or username/app-password auth), comment shape normalization onto the existing Comment dataclass, and unit tests covering env parsing, event detection, normalization, and POST/PUT payload shape. Refs CE-89 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
🚀 Preview package published! Install with: pip install --index-url https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple socketsecurity==2.2.92.dev1Docker image: |
- Fix paginated comment fetch: previous code passed base_url='' for the
absolute 'next' URL, which CliClient (falsy check) silently mapped to
Socket's API base. Split the URL into origin + path so the request
hits Bitbucket.
- Drop content.get('markup') body fallback (markup is the format name,
not body text); fall back to content.get('html') instead.
- Remove dead hasattr() branch in has_thumbsup_reaction.
- Move PROCESSED_MARKER to top of class with a comment explaining why
there's no Bearer/Basic auth-fallback retry like GitLab has.
- Document that --scm bitbucket exits 2 without BITBUCKET_TOKEN or
BITBUCKET_USERNAME+BITBUCKET_APP_PASSWORD set.
- Expand tests: pagination (origin split, no-next, error response,
no-PR), has_thumbsup_reaction (marker present/absent, no-PR,
exception swallowing), _mark_comment_processed (append, idempotence,
swallow update error), check_for_socket_comments classification, and
_split_absolute_url round-trip.
Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>
Required by the check_version workflow now that main is at 2.2.90. Bumps __version__ in socketsecurity/__init__.py and pyproject.toml; uv.lock regenerated. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Cache comment bodies in get_comments_for_pr so has_thumbsup_reaction
resolves from memory instead of issuing one extra GET per ignore
comment on every run. _mark_comment_processed refreshes the cache so
in-run repeat checks also hit it.
- Guard against {"values": null} responses from Bitbucket Cloud — the
previous .get("values", []) default only fires on missing key, so a
null value would TypeError on iteration.
- Fail fast in BitbucketConfig.from_env when workspace or repo_slug
can't be determined, rather than building 404-bound URLs deeper in
the request flow.
- Drop typing.Tuple in favor of built-in tuple (project targets 3.11+).
- Document BITBUCKET_DEFAULT_BRANCH in the example pipeline since
Bitbucket Pipelines doesn't export the repo default branch.
- Add tests for cache hits, cache fallback, mark-processed cache
refresh, null-values pagination, and the new workspace/repo
validation exit.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
socketsecurity/core/scm/bitbucket.pywithBitbucketConfig+BitbucketSCM that posts/updates Dependency Overview and Security Issue comments on Bitbucket Cloud PRs, mirroring the GitHub and GitLab modules.BITBUCKET_*Pipelines env vars; supports Bearer (BITBUCKET_TOKEN) or Basic auth (BITBUCKET_USERNAME+BITBUCKET_APP_PASSWORD).BITBUCKET_API_URLlets Server/Data Center users point at a self-hosted REST API.{content: {raw}, user: {nickname, uuid}}payload onto the sharedCommentdataclass so the existingCommentshelpers, ignore-command flow, and security-comment scrubbing all work unchanged.<!-- socket-ignore-processed -->marker thathas_thumbsup_reactionlooks for on subsequent runs.--scm bitbucketintosocketcli.pyand updatesworkflows/bitbucket-pipelines.ymlto use it.Why
The Bitbucket comment implementation was partially completed, but couldn't get the API to accept comments. Most likely culprit: GitHub-style
{"body": "..."}form-encoded payloads, where Bitbucket Cloud requires JSON{"content": {"raw": "..."}}withContent-Type: application/json. This PR uses that shape.Out of scope
Test plan
uv run pytest tests/unit/test_bitbucket.py— 15 new tests covering env parsing (Bearer + Basic + missing creds), default-branch detection, event-type detection, comment normalization (raw content, deleted, missing fields), POST/PUT payload shape, and create-vs-update dispatch.uv run pytest tests/unit -q --no-cov— 164 passed, 2 pre-existing skips.BITBUCKET_TOKENconfigured.BITBUCKET_USERNAME/BITBUCKET_APP_PASSWORDto confirm Basic auth path.@SocketSecurity ignore npm/foo@1.0.0, re-run, confirm alert filtered + hidden marker appended.BITBUCKET_API_URLoverride.