# BitBucket Pipelines To configure how different types of SCM actions trigger a scan in Gomboc see [CI Pipeline Configuration](/integrations/continuous-integration-ci-build-systems/ci-pipeline-configuration.md). ### Pull Request Pipeline A BitBucket pipeline can use the following YAML to run the Gomboc CLI on every pull request to main, will only try to remediate directories with code differences. When running the the `Gomboc` cli command you can replace `submit-for-review` argument with `preview` if no pull request is desired. Please note that with `preview`, the pipelines will pass regardless of any remediations that are produced. ``` image: node:18 pipelines: pull-requests: '**': - step: name: "Run Gomboc CLI" oidc: true services: - docker script: - git fetch origin +refs/heads/*:refs/remotes/origin/* - before="$(git rev-parse origin/$BITBUCKET_PR_DESTINATION_BRANCH)" - after="$(git rev-parse origin/$BITBUCKET_BRANCH)" - echo "before $before" - echo "after $after" - target_directories=$(for i in $(git diff --name-only --diff-filter=ACMRT "$before" "$after") ; do dirname $i ; done | sort -u | xargs) - | if [ -z "$target_directories" ]; then echo -e "\033[0;31mNo changes detected\033[0m" exit 0 fi - | docker run --rm --platform=linux/amd64 \ -e FORCE_COLOR=3 \ gombocai/cli:latest \ sh -c "gomboc submit-for-review on-pull-request \ --auth-token $BITBUCKET_STEP_OIDC_TOKEN \ --target-directories \"$target_directories\" \ --pull-request $BITBUCKET_PR_ID \ --iac terraform cloudformation" ``` ### Scheduled Pipeline The Gomboc pipeline can be executed on a schedule to support detecting remediations in code that happen due to changes in IaC modules or improvements in Gomboc remediation coverage. To configure a scheduled pipeline, use the custom pipeline option in Bitbucket pipelines and set up your Gomboc pipeline following the instructions [here](https://support.atlassian.com/bitbucket-cloud/docs/pipeline-triggers/#On-schedule). Note that the values provided for the `target_directories`variable is an example and must be modified to point to the folder in your IaC repository to scan for the pipeline to execute successfully. ``` image: node:18 pipelines: custom: 'gomboc_scheduled': - step: oidc: true name: 'Run Gomboc CLI' script: - | target_directories=("." "tf" "iac") docker run --rm --platform=linux/amd64 \ -e FORCE_COLOR=3 \ gombocai/cli:latest \ sh -c "gomboc submit-for-review on-schedule \ --auth-token $BITBUCKET_STEP_OIDC_TOKEN \ --target-directories \"${target_directories[@]}\" \ --pull-request $BITBUCKET_PR_ID \ --iac terraform cloudformation" ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.gomboc.ai/integrations/continuous-integration-ci-build-systems/bitbucket-pipelines.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.