search

jenkinsci / bitbucket-branch-source-plugin

Bitbucket Branch Source Plugin
https://plugins.jenkins.io/cloudbees-bitbucket-branch-source
MIT License
217 stars 352 forks source link

Add support for Workspace Tokens on Bitbucket Cloud #748

Open reuben-james opened 1 year ago

reuben-james commented 1 year ago

What feature do you want to see added?

The docs say the following credential types are supported: Scan Credentials: Credentials used to access Bitbucket API in order to discover repositories, branches and pull requests. If not set then anonymous access is used, so only public repositories, branches and pull requests are discovered and managed. HTTP Basic Authentication, Access Token and OAuth credentials are supported.

Please add support for a Workspace Token (NOT a project-specific Access Token), as described in Bitbucket docs here: https://support.atlassian.com/bitbucket-cloud/docs/workspace-access-tokens/

Bitbucket docs describe how these can be used in-place of legacy username:password format here: https://support.atlassian.com/bitbucket-cloud/docs/using-workspace-access-tokens/

So in theory they should work in the same way that OAuth tokens do by setting jenkins:credentials:username to x-token-auth, however, this currently doesn't work.

Attempting to configure this in Jenkins for Respository Sources > Bitbucket Team/Project under an Organisational Folder does not successfully scan the bitbucket project and retrieve any repos/branches/PRs.

Upstream changes

No response

Jonny-vb commented 10 months ago

I can get a workspace access token to work for scanning by using a secret text credential set to the token, but that doesn't then work for checking out repos. This could be worked around if the separate checkout credentials option was still present, but it looks like we just currently can't use workspace access tokens

fran-pastor commented 9 months ago

I can get a workspace access token to work for scanning by using a secret text credential set to the token, but that doesn't then work for checking out repos. This could be worked around if the separate checkout credentials option was still present, but it looks like we just currently can't use workspace access tokens

same behaviour for us We can provide "Checkout over SSH" in advanced preferences but we prefer to user username/pass(or also the workspace access token) for checkout, and workspace access token for scan repos via Organisational Folder

jbowers-celartem commented 6 months ago

We are looking for this as well. Using user-based app passwords for build systems isn't ideal

eightnoneone commented 1 month ago

@reuben-james I'm facing the same/similar issues. I was confused by your parenthetical "(NOT a project-specific Access Token)" as I don't see that this scope of token works with Cloud today. Did I miss understand?

Is the need specifically "Workspace Access Tokens" or really any Access Token within Bitbucket Cloud? The plugin docs mention:

Access Token The plugin can make use of a personal access token (Bitbucket Server only) instead of the standard username/password.

Which to mean means Cloud has no support for Access Tokens at any level (Workspace, Project, Repository). I'd very much like to have Project-level Access Tokens included, if that doesn't change the definition of your request.