Since we're building these abstractions, we should start testing them on other systems. For this test, let's swap the GitHub SCM for BitBucket.
Todo:
For checking out a PR: http://stackoverflow.com/questions/25967034/checkout-bitbucket-pull-requests-locally
If we wanted to run our own copy: https://hub.docker.com/r/atlassian/bitbucket-server/
Do we want to support both GitHub and BitBucket at the same time?
Yes. Honestly, I think Github is more popular anyway. Why wouldn't we want to support both?
@d2lam I was referring to running them both on the same system.
For checking out a PR: http://stackoverflow.com/questions/25967034/checkout-bitbucket-pull-requests-locally
When testing it against bitbucket.org, we couldn't fetch the pull request refs. We actually came across a long-living issue tracking this feature: https://bitbucket.org/site/master/issues/5814/refify-pull-requests-by-making-them-a-ref Since this issue is still open, and how our local attempts have also failed, it seems like this feature isn't available on bitbucket.org
Looks like it doesn't work: https://bitbucket.org/site/master/issues/5814/refify-pull-requests-by-making-them-a-ref~~
EDIT: Moar words
For BitBucket Auth, I opened https://github.com/hapijs/bell/issues/275 to clarify how we give them a PR.
+1 would be good
Update 2/16/17:
We still haven't gotten to this issue yet. If you'd like to contribute, you can create a scm-bitbucket-server, similar to scm-bitbucket and scm-github. It should extend the functions here.
Feel free to let us know if you have any questions or concerns!
A few notes from my attempt here...
Bitbucket Server (also known as Stash) only supports oauth 1.0a with RSA-SHA1 siganture method. By what I can tell, (correct me if I'm wrong here) screwdriver assumes oauth2 right now. I say this because the token info saved in the database doesn't save all the required parts to make oauth1 requests even work.
_getBellConfiguration() {
// RSA key parsing is finicky..
const secret = this.config.oauthClientSecret.replace(/\\n/g, '\n');
return Promise.resolve({
provider: {
protocol: 'oauth',
signatureMethod: 'RSA-SHA1',
auth: 'https://bbs/plugins/servlet/oauth/authorize',
token: 'https://bbs/plugins/servlet/oauth/access-token',
temporary: 'https://bbs/plugins/servlet/oauth/request-token',
version: '1.0',
profile: function(cred, param, get, callback) {
get('https://bbs/plugins/servlet/applinks/whoami', null, (res) => {
var username;
// this is horrendous and I know there's a better way.. I just need it to work right now
Object.keys(res).forEach(function (key) {
username = key;
});
get('https://bbs/rest/api/1.0/users/' + username, null, (profile) => {
cred.profile = {
id: profile.id,
username: profile.name,
displayName: profile.displayName,
raw: profile
};
return callback();
});
});
}
},
clientId: this.config.oauthClientId,
clientSecret: secret,
password: this.config.oauthCookiePassword,
isSecure: this.config.https,
forceHttps: this.config.https
});
}
Guide used for bitbucket server oauth setup: https://developer.atlassian.com/cloud/jira/platform/jira-rest-api-oauth-authentication/
The api's are incomplete today.
Here are the docs for the api: https://developer.atlassian.com/stash/docs/latest/reference/rest-api.html
As an example.. if you look at the previous bell config code here, you'll notice that getting the user's profile is 2 calls. There is no profile or me endpoint equivalent, you need to hit a whoami which returns a plain text body with the username in it and then you need to send that to the users api.
Another such example is that there is no way to get a specific branch's info. You can get the list of branches and get the commit sha for that branch by iterating through the list of branches at the /branches endpoint for a repo and then feed that sha to the browse endpoint. I couldn't find a way to just give the refs/branches/foo directly to anything.
Hi @parabuzzle, were you able to make any further progress on this?
Most helpful comment
A few notes from my attempt here...
Authentication Woes
Bitbucket Server (also known as Stash) only supports oauth 1.0a with RSA-SHA1 siganture method. By what I can tell, (correct me if I'm wrong here) screwdriver assumes oauth2 right now. I say this because the token info saved in the database doesn't save all the required parts to make oauth1 requests even work.
The bell config from my custom scm-stash module
Guide used for bitbucket server oauth setup: https://developer.atlassian.com/cloud/jira/platform/jira-rest-api-oauth-authentication/
Missing Api's
The api's are incomplete today.
Here are the docs for the api: https://developer.atlassian.com/stash/docs/latest/reference/rest-api.html
As an example.. if you look at the previous bell config code here, you'll notice that getting the user's profile is 2 calls. There is no
profileormeendpoint equivalent, you need to hit awhoamiwhich returns a plain text body with the username in it and then you need to send that to theusersapi.Another such example is that there is no way to get a specific branch's info. You can get the list of branches and get the commit sha for that branch by iterating through the list of branches at the
/branchesendpoint for a repo and then feed that sha to thebrowseendpoint. I couldn't find a way to just give therefs/branches/foodirectly to anything.