Support BitBucket Server

[stjohnjohnson]

Since we're building these abstractions, we should start testing them on other systems. For this test, let's swap the GitHub SCM for BitBucket.

Todo:

• [ ] OAuth/Login
• [ ] Repo links on UI
• [ ] Webhook
• [ ] Pull Request status
• [ ] Checking out a repository and/or PR

[stjohnjohnson]

For checking out a PR: http://stackoverflow.com/questions/25967034/checkout-bitbucket-pull-requests-locally

[stjohnjohnson]

If we wanted to run our own copy: https://hub.docker.com/r/atlassian/bitbucket-server/

[d2lam]

Do we want to support both GitHub and BitBucket at the same time? Yes. Honestly, I think Github is more popular anyway. Why wouldn't we want to support both?

[stjohnjohnson]

@d2lam I was referring to running them both on the same system.

[FenrirUnbound]

For checking out a PR: http://stackoverflow.com/questions/25967034/checkout-bitbucket-pull-requests-locally

When testing it against bitbucket.org, we couldn't fetch the pull request refs. We actually came across a long-living issue tracking this feature: https://bitbucket.org/site/master/issues/5814/refify-pull-requests-by-making-them-a-ref Since this issue is still open, and how our local attempts have also failed, it seems like this feature isn't available on bitbucket.org

Looks like it doesn't work: https://bitbucket.org/site/master/issues/5814/refify-pull-requests-by-making-them-a-ref

EDIT: Moar words

[stjohnjohnson]

For BitBucket Auth, I opened https://github.com/hapijs/bell/issues/275 to clarify how we give them a PR.

[rosscdh]

+1 would be good

[d2lam]

Update 2/16/17: We still haven't gotten to this issue yet. If you'd like to contribute, you can create a scm-bitbucket-server, similar to scm-bitbucket and scm-github. It should extend the functions here.

Feel free to let us know if you have any questions or concerns!

[parabuzzle]

A few notes from my attempt here...

Authentication Woes

Bitbucket Server (also known as Stash) only supports oauth 1.0a with RSA-SHA1 siganture method. By what I can tell, (correct me if I'm wrong here) screwdriver assumes oauth2 right now. I say this because the token info saved in the database doesn't save all the required parts to make oauth1 requests even work.

The bell config from my custom scm-stash module

_getBellConfiguration() {
        // RSA key parsing is finicky..
        const secret = this.config.oauthClientSecret.replace(/\\n/g, '\n');
        return Promise.resolve({
            provider: {
                protocol: 'oauth',
                signatureMethod: 'RSA-SHA1',
                auth: 'https://bbs/plugins/servlet/oauth/authorize',
                token: 'https://bbs/plugins/servlet/oauth/access-token',
                temporary: 'https://bbs/plugins/servlet/oauth/request-token',
                version: '1.0',
                profile: function(cred, param, get, callback) {
                    get('https://bbs/plugins/servlet/applinks/whoami', null, (res) => {
                        var username;
                        // this is horrendous and I know there's a better way.. I just need it to work right now
                        Object.keys(res).forEach(function (key) {
                            username = key;
                        });
                        get('https://bbs/rest/api/1.0/users/' + username, null, (profile) => {
                            cred.profile = {
                            id: profile.id,
                            username: profile.name,
                            displayName: profile.displayName,
                            raw: profile
                        };
                        return callback();
                        });
                    });
                }
            },
            clientId: this.config.oauthClientId,
            clientSecret: secret,
            password: this.config.oauthCookiePassword,
            isSecure: this.config.https,
            forceHttps: this.config.https
        });
    }

Guide used for bitbucket server oauth setup: https://developer.atlassian.com/cloud/jira/platform/jira-rest-api-oauth-authentication/

Missing Api's

The api's are incomplete today.

Here are the docs for the api: https://developer.atlassian.com/stash/docs/latest/reference/rest-api.html

As an example.. if you look at the previous bell config code here, you'll notice that getting the user's profile is 2 calls. There is no profile or me endpoint equivalent, you need to hit a whoami which returns a plain text body with the username in it and then you need to send that to the users api.

Another such example is that there is no way to get a specific branch's info. You can get the list of branches and get the commit sha for that branch by iterating through the list of branches at the /branches endpoint for a repo and then feed that sha to the browse endpoint. I couldn't find a way to just give the refs/branches/foo directly to anything.

[servo1x]

Hi @parabuzzle, were you able to make any further progress on this?