Skip to content

Feature/oauth bit bucket#3985

Open
NickTheDevOpsGuy wants to merge 3 commits into
jenkinsci:masterfrom
NickTheDevOpsGuy:feature/oauth-bit-bucket
Open

Feature/oauth bit bucket#3985
NickTheDevOpsGuy wants to merge 3 commits into
jenkinsci:masterfrom
NickTheDevOpsGuy:feature/oauth-bit-bucket

Conversation

@NickTheDevOpsGuy

Copy link
Copy Markdown

Description

This pull request adds OAuth authentication support for Git operations performed by the Jenkins plugin.

The change enables OAuth-based credentials to be used when interacting with Git repositories, providing an alternative to traditional username/password or token-based authentication flows. This allows Jenkins environments configured with OAuth credentials to authenticate successfully during supported Git operations.

Testing done

The change was tested by configuring the plugin with OAuth authentication and executing Git operations against a repository that requires OAuth-based authentication.

Testing included:

  • Verified the changed OAuth authentication code path is executed during a Git operation
  • Verified authentication succeeds with valid OAuth credentials
  • Verified the repository can be accessed using the configured OAuth authentication
  • Verified existing Git authentication behavior remains functional
  • Verified the project builds successfully with the changes

Submitter checklist

  • Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
  • Ensure that the pull request title represents the desired changelog entry
  • Please describe what you did
  • Link to relevant issues in GitHub or Jira
  • Link to relevant pull requests, esp. upstream and downstream changes
  • Ensure you have provided tests that demonstrate the feature works or the issue is fixed

@NickTheDevOpsGuy NickTheDevOpsGuy requested a review from a team as a code owner July 7, 2026 04:58
@github-actions github-actions Bot added the tests Automated test addition or improvement label Jul 7, 2026
@MarkEWaite MarkEWaite requested a review from Copilot July 7, 2026 09:30

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request introduces Bitbucket Cloud OAuth token support by adding a helper that can detect Bitbucket Cloud remotes and rewrite HTTPS remote URLs to include an x-token-auth userinfo token, and wires that behavior into UserRemoteConfig.

Changes:

  • Added BitbucketOAuthHelper utilities for Bitbucket Cloud remote detection, tokenized remote URL rewriting, and token masking for logs.
  • Added unit tests for BitbucketOAuthHelper.
  • Updated UserRemoteConfig to look up credentials and rewrite Bitbucket Cloud remote URLs when username/password credentials are configured.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.

File Description
src/main/java/jenkins/plugins/git/BitbucketOAuthHelper.java New helper for detecting Bitbucket Cloud remotes and building tokenized remote URLs.
src/test/java/jenkins/plugins/git/BitbucketOAuthHelperTest.java New unit tests covering Bitbucket Cloud detection, URL rewriting, and masking behavior.
src/main/java/hudson/plugins/git/UserRemoteConfig.java Integrates Bitbucket OAuth remote rewriting and refactors credentials lookup usage.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +68 to +76
if (StringUtils.isNotBlank(this.url) && StringUtils.isNotBlank(this.credentialsId)) {
Jenkins jenkins = Jenkins.getInstanceOrNull();
if (jenkins != null && BitbucketOAuthHelper.isBitbucketCloudRemote(this.url)) {
StandardCredentials credential = lookupCredentials(this.credentialsId, this.url);
if (credential instanceof StandardUsernamePasswordCredentials usernamePasswordCredentials) {
this.url = BitbucketOAuthHelper.buildOAuthRemoteUrl(this.url, usernamePasswordCredentials);
}
}
}
.using(GitTool.getDefaultInstallation().getGitExe())
.getClient();
StandardCredentials credential = lookupCredentials(item, credentialsId, url);
StandardCredentials credential = lookupCredentials(credentialsId, url);
Comment on lines +59 to +69
URI uri = new URI(remote);
String scheme = uri.getScheme();
String userInfo = "x-token-auth:" + token;
String host = uri.getHost();
String path = uri.getRawPath();
String query = uri.getRawQuery();
String fragment = uri.getRawFragment();

if (scheme == null || host == null) {
return remote;
}
*/
public final class BitbucketOAuthHelper {

private static final Pattern BITBUCKET_CLOUD_HOST = Pattern.compile("^(?:https?|ssh)://(?:[^@/]+@)?bitbucket\\.org(?:/|$)");
Comment on lines +14 to +19
void shouldRecognizeBitbucketCloudRemotes() {
assertThat(BitbucketOAuthHelper.isBitbucketCloudRemote("https://bitbucket.org/team/repo.git"), is(true));
assertThat(BitbucketOAuthHelper.isBitbucketCloudRemote("ssh://git@bitbucket.org/team/repo.git"), is(true));
assertThat(BitbucketOAuthHelper.isBitbucketCloudRemote("https://github.com/team/repo.git"), is(false));
assertThat(BitbucketOAuthHelper.isBitbucketCloudRemote(null), is(false));
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

tests Automated test addition or improvement

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants