BitBucket

Integration Setup

To configure the BitBucket integration, follow these steps (either during the onboarding wizard, or once you have access to the Gomboc platform):

Go to Settings > Integrations > BitBucket

Click on your profile drop down in the top right corner and access your Gomboc settings and create a personal or workspace token.

Once the Gomboc token is created copy the generated token.
Click on the BitBucket integration button to open the form for creating the integration
Paste in the generated Gomboc token under the input Gomboc Access Token
In BitBucket, go to your workspace settings to create an access token Workspace Access Token that has Repositories (Read & Write), Pull requests (Read & Write), and Webhooks (Read & Write) permissions. Once generated, copy the workspace access token. Also keep in mind the workspace ID, which can be found within your workspace settings as well.
You can now complete the integration form by inputting your Workspace ID and copied workspace access token from BitBucket

3. Click "Integrate" to complete the initial SCM integration. Please note that we do create a workspace webhook to complete the integration and keep track of PR's that we have opened.

Pipeline

A BitBucket pipeline can use the following yaml to run the Gomboc CLI on every pull request to main, will only try to remediate directories with code differences

image: gombocai/cli:latest

pipelines:
  pull-requests:
    '**':
      - step:
          oidc: true
          name: 'Run Gomboc CLI'
          script:
          - if [ "${BITBUCKET_PR_DESTINATION_BRANCH}" != "main" ]; then printf 'not a target branch we want to check'; exit; fi
          - before=$(git rev-parse origin/$BITBUCKET_PR_DESTINATION_BRANCH)
          - after=$(git rev-parse origin/$BITBUCKET_BRANCH)
          - target_directories=$(for i in $(git diff --name-only --diff-filter=ACMRT $before $after) ; do dirname $i ; done | sort -u | xargs)
          - >
            if [ -z "$target_directories" ]; then
              echo -e "\033[0;31mNo changes detected\033[0m"
              exit 0
            fi
          - gomboc terraform remediate remote submit-for-review --auth-token $BITBUCKET_STEP_OIDC_TOKEN --target-directories $target_directories --pull-request $BITBUCKET_PR_ID

PreviousGitLab NextAPI

Last updated 26 days ago

image: gombocai/cli:latest pipelines: pull-requests: '**': - step: oidc: true name: 'Run Gomboc CLI' script: - if [ "${BITBUCKET_PR_DESTINATION_BRANCH}" != "main" ]; then printf 'not a target branch we want to check'; exit; fi - before=$(git rev-parse origin/$BITBUCKET_PR_DESTINATION_BRANCH) - after=$(git rev-parse origin/$BITBUCKET_BRANCH) - target_directories=$(for i in $(git diff --name-only --diff-filter=ACMRT $before $after) ; do dirname $i ; done | sort -u | xargs) - > if [ -z "$target_directories" ]; then echo -e "\033[0;31mNo changes detected\033[0m" exit 0 fi - gomboc terraform remediate remote submit-for-review --auth-token $BITBUCKET_STEP_OIDC_TOKEN --target-directories $target_directories --pull-request $BITBUCKET_PR_ID