Bitbucket Server Implementation? about checks-api-plugin HOT 21 OPEN

Bitbucket Cloud appears to have a "reports" API that has the same concepts as Code Insights in Bitbucket Server. However, the URL templates, JSON property names, and enumeration types are different, so it would not be possible to develop the plugin against Bitbucket Cloud and have it just work on Bitbucket Server (and Data Center) as well.

from checks-api-plugin.

@regicsolutions I have a Jenkins plugin basically working but…

• need to discuss licensing etc. with employer
• would need somebody else to take over as maintainer
• no tests
• does not support a Job without a Run, thus no "status checks"
• support for reading API URLs and credentials from Bitbucket Server Integration Plugin relies on "internal" classes so might break in the future
• missing features in Bitbucket Server make Code Insights less useful than GitHub Checks, and Atlassian isn't responding to the issues that have been filed, so it feels like a dead end

from checks-api-plugin.

@KalleOlaviNiemitalo just checking in to see if this is something that could potentially be contributed?

from checks-api-plugin.

No determined plan but we'd love to have implementations for other platforms!
I've no experience with bitbucket but will look into it, thanks for the link.

from checks-api-plugin.

To all: any contributions or a POC are always welcomed!

from checks-api-plugin.

For volunteers that are going to implement support for GitLab, BitBucket, etc.: you can get some inspirations from the https://plugins.jenkins.io/violation-comments-to-stash/ and https://plugins.jenkins.io/violation-comments-to-gitlab/ plugins. Maybe it is possible to extract the API calls from there.

from checks-api-plugin.

Bitbucket Server has Code Insights feature that is an alternative to GitHub Checks:

• https://developer.atlassian.com/server/bitbucket/how-tos/code-insights/
• https://docs.atlassian.com/bitbucket-server/rest/latest/bitbucket-code-insights-rest.html

from checks-api-plugin.

I had requested something like this from Atlassian earlier and the request was split to BSERV-11477.

Difficulties:

• Code Insights does not support Markdown (BSERV-11523), so the plugin would have to render that to plain text. The Markdown renderer would have to be secure against malicious input, e.g. not follow any URLs to check sizes of images.
• Cannot support ChecksAction.
• Cannot support ChecksImage.
• ChecksOutput has getTitle, getSummary, and getText, while Code Insights has only title and details. Could concatenate the summary and the text.
• How to set the data property. Could perhaps use it for ChecksConclusion (if the value cannot be mapped to PASS/FAIL), ChecksStatus, and timestamps.
• If multiple checks run during a build, should each of them be able to set distinct values for reporter and logoUrl? Could perhaps extend ChecksDetails (or ChecksOutput?) so that consumer plugins can provide those values, and then also extend ChecksInfo and WithChecksStep so that the pipeline can override them.

from checks-api-plugin.

I don't think the Checks API implementation should necessarily be part of the Bitbucket Branch Source plugin. A separate plugin could easily locate the BitbucketSCMSource instance and call its public methods to read the REST API parameters (base URL, project, repository, and credential). Such a separate plugin could later be extended to support the other BitbucketSCMSource from Atlassian's Bitbucket Server Integration plugin as well, or the REST API parameters could even be provided in a BranchProperty or an SCMSourceTrait if the project uses neither of those SCM sources.

from checks-api-plugin.

violation-comments-to-stash sends warnings to Bitbucket Server as comments in a pull request. It does not use the newer Code Insights feature, which supports reports on all commits even if they are not in a pull request.

from checks-api-plugin.

In addition to the Code Insights API, Bitbucket Server has two ways to report build statuses:

• The older /rest/build-status/1.0/commits/{commitId} associates a build status with a commit ID. The build status will appear in every repository that contains a matching commit.
• Bitbucket Server 7.4 adds /rest/api/1.0/projects/{projectKey}/repos/{repositorySlug}/commits/{commitId}/builds, which also supports statistics about failing and passing tests.

The Bitbucket Branch Source plugin supports only the older build status API. The Bitbucket Server Integration plugin supports both and asks Bitbucket Server whether the newer API is available.

Neither of those build status APIs supports annotations on lines of files. The Code Insights API supports that.

from checks-api-plugin.

Cannot support ChecksAction.

This would not be a problem in practice, because consumer plugins (e.g. the JUnit plugin) do not use ChecksAction yet. Checks API does not currently provide a way for a consumer plugin to be notified when a user chooses an action.

The GitHub Checks plugin does not provide that capability, either. Its CheckRunGHEventSubscriber class recognises only "action": "rerequested" generated by GitHub. The plugin does not recognise "action": "requested_action", "requested_action": {…}, which would correspond to a ChecksAction.

from checks-api-plugin.

• How to set the data property. Could perhaps use it for ChecksConclusion (if the value cannot be mapped to PASS/FAIL), ChecksStatus, and timestamps.

AFAICT, consumer plugins and WithChecksStep do not set the startedAt and completedAt timestamps yet. They could easily start doing so, though.

from checks-api-plugin.

• Code Insights does not support Markdown (BSERV-11523), so the plugin would have to render that to plain text.

Consumer plugins post HTML tags and emoji shortcodes as well. I guess the Markdown would first have to be rendered to HTML and then stripped of tags.

from checks-api-plugin.

ChecksOutput.getSummary() and ChecksOutput.getText() assigned by Warnings Next Generation seem to mainly contain Markdown tables that would be difficult to render usefully for Bitbucket Server. I think the mapping should go like this:

• Code Insights report key in the URL = percent-encoded ChecksDetails.getName(). If that is not set, then don't publish anything. If checks are published to the same commit from multiple branches, then the last one overwrites earlier ones; if that is not desired, then the pipeline can use withChecks to change the name.
• Code Insights report title = ChecksDetails.getName(). Don't use ChecksOutput.getTitle() here because it is too long and depends on analysis results.
• Code Insights report details = ChecksOutput.getTitle(). Could also add the names of the job and the run here but they cannot be made hyperlinks.
• Code Insights report reporter = hardcode "Jenkins" or omit the property.
• Code Insights report logoUrl = root URL + "favicon.ico". Because the Code Insights UI stretches this to a square, jenkins.svg would look ugly.
• Don't use ChecksOutput.getSummary() and ChecksOutput.getText() at all, because of the Markdown.

There are also some difficulties in converting the annotations. Checks API does not yet seem to support a property that could be mapped to the VULNERABILITY, CODE_SMELL, BUG enumeration used by Code Insights. The warning codes parsed from MSBuild output are also missing but perhaps that is a problem in Warnings NG rather than Checks API.

Microsoft's C# compiler is apparently able to save warnings to a SARIF file. I should compare the SARIF specification to the ChecksAnnotation model; perhaps it defines some properties that would be useful to add.

from checks-api-plugin.

• Code Insights does not support Markdown (BSERV-11523)

Bitbucket Server supports Markdown in pull request descriptions, pull request comments, and commit comments. There, it renders [Link text](http://example.org/) as a hyperlink all right. However, it renders <a href="http://example.org/">Link text</a> as markup and not as a hyperlink. Thus, even if Atlassian eventually copies the Markdown support to Code Insights, it still might not correctly render the hyperlink that WarningChecksPublisher.extractReferenceBuild adds as HTML. 😞

from checks-api-plugin.

There are a few difficulties in having a separate plugin read the REST API URL and credentials from Atlassian's Bitbucket Server Integration plugin:

• The necessary classes in Atlassian's plugin are public, but the package names (javadoc) include the word internal, which suggests that Atlassian might not want to support them as a stable API. The plugin does not have any @Restricted annotations at all.
  Filed JENKINS-64691.
• Its pom.xml does not use https://github.com/jenkinsci/bom, and it depends directly on okhttp and other libraries, instead of going through API plugins. This leads to build-time version mismatch errors that need several dependency exclusions or managed dependencies to solve.
• Its BitbucketSCMSource class does not know the server URL but rather a server identifier whose meaning has to looked up with BitbucketPluginConfiguration.getServerById. To find the BitbucketPluginConfiguration instance, classes use @Inject, which is a bit annoying to do in a separate plugin that would not otherwise use this form of dependency injection. I suspect that @Inject might not play nice with dynamic loading of Bitbucket Server Integration as an optional dependency, either.

from checks-api-plugin.

@KalleOlaviNiemitalo just starting to explore using the Bitbucket Server Code Insights feature within a Jenkins shared library, was wondering if you were able to come up with a solution?

from checks-api-plugin.

That's great that hear that you got a working plugin, would love to test it out if you are clear to release it.

from checks-api-plugin.

@KalleOlaviNiemitalo friendly ping 😀

from checks-api-plugin.

Hi,

Also posted on the Jira ticket.

More than happy to test anything if published to the Jenkins release center.

Regards,

from checks-api-plugin.