Feature/oauth bit bucket#3985
Open
NickTheDevOpsGuy wants to merge 3 commits into
Open
Conversation
There was a problem hiding this comment.
Pull request overview
This pull request introduces Bitbucket Cloud OAuth token support by adding a helper that can detect Bitbucket Cloud remotes and rewrite HTTPS remote URLs to include an x-token-auth userinfo token, and wires that behavior into UserRemoteConfig.
Changes:
- Added
BitbucketOAuthHelperutilities for Bitbucket Cloud remote detection, tokenized remote URL rewriting, and token masking for logs. - Added unit tests for
BitbucketOAuthHelper. - Updated
UserRemoteConfigto look up credentials and rewrite Bitbucket Cloud remote URLs when username/password credentials are configured.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
src/main/java/jenkins/plugins/git/BitbucketOAuthHelper.java |
New helper for detecting Bitbucket Cloud remotes and building tokenized remote URLs. |
src/test/java/jenkins/plugins/git/BitbucketOAuthHelperTest.java |
New unit tests covering Bitbucket Cloud detection, URL rewriting, and masking behavior. |
src/main/java/hudson/plugins/git/UserRemoteConfig.java |
Integrates Bitbucket OAuth remote rewriting and refactors credentials lookup usage. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+68
to
+76
| if (StringUtils.isNotBlank(this.url) && StringUtils.isNotBlank(this.credentialsId)) { | ||
| Jenkins jenkins = Jenkins.getInstanceOrNull(); | ||
| if (jenkins != null && BitbucketOAuthHelper.isBitbucketCloudRemote(this.url)) { | ||
| StandardCredentials credential = lookupCredentials(this.credentialsId, this.url); | ||
| if (credential instanceof StandardUsernamePasswordCredentials usernamePasswordCredentials) { | ||
| this.url = BitbucketOAuthHelper.buildOAuthRemoteUrl(this.url, usernamePasswordCredentials); | ||
| } | ||
| } | ||
| } |
| .using(GitTool.getDefaultInstallation().getGitExe()) | ||
| .getClient(); | ||
| StandardCredentials credential = lookupCredentials(item, credentialsId, url); | ||
| StandardCredentials credential = lookupCredentials(credentialsId, url); |
Comment on lines
+59
to
+69
| URI uri = new URI(remote); | ||
| String scheme = uri.getScheme(); | ||
| String userInfo = "x-token-auth:" + token; | ||
| String host = uri.getHost(); | ||
| String path = uri.getRawPath(); | ||
| String query = uri.getRawQuery(); | ||
| String fragment = uri.getRawFragment(); | ||
|
|
||
| if (scheme == null || host == null) { | ||
| return remote; | ||
| } |
| */ | ||
| public final class BitbucketOAuthHelper { | ||
|
|
||
| private static final Pattern BITBUCKET_CLOUD_HOST = Pattern.compile("^(?:https?|ssh)://(?:[^@/]+@)?bitbucket\\.org(?:/|$)"); |
Comment on lines
+14
to
+19
| void shouldRecognizeBitbucketCloudRemotes() { | ||
| assertThat(BitbucketOAuthHelper.isBitbucketCloudRemote("https://bitbucket.org/team/repo.git"), is(true)); | ||
| assertThat(BitbucketOAuthHelper.isBitbucketCloudRemote("ssh://git@bitbucket.org/team/repo.git"), is(true)); | ||
| assertThat(BitbucketOAuthHelper.isBitbucketCloudRemote("https://github.com/team/repo.git"), is(false)); | ||
| assertThat(BitbucketOAuthHelper.isBitbucketCloudRemote(null), is(false)); | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This pull request adds OAuth authentication support for Git operations performed by the Jenkins plugin.
The change enables OAuth-based credentials to be used when interacting with Git repositories, providing an alternative to traditional username/password or token-based authentication flows. This allows Jenkins environments configured with OAuth credentials to authenticate successfully during supported Git operations.
Testing done
The change was tested by configuring the plugin with OAuth authentication and executing Git operations against a repository that requires OAuth-based authentication.
Testing included:
Submitter checklist