Merge pull request #1481 from manicmaniac/support-bitbucket-cloud-rep…

…o-access-token

Support repository access token on Bitbucket Cloud

CHANGELOG.md

@@ -12,6 +12,7 @@
 
 <!-- Your comment below here -->
 * Always use `LocalOnlyGitRepo` source with `dry_run` command - [@imaginaris](https://github.com/imaginaris) [#1452](https://github.com/danger/danger/pull/1452)
+* Support repository access token on Bitbucket Cloud - [@manicmaniac](https://github.com/manicmaniac) [#1481](https://github.com/danger/danger/pull/1481)
 * Update "What is Danger?" in README - [@manicmaniac](https://github.com/manicmaniac) [#1482](https://github.com/danger/danger/pull/1482)
 <!-- Your comment above here -->
 

lib/danger/ci_source/bitbucket_pipelines.rb

@@ -10,10 +10,31 @@ module Danger
  #
  # ### Token Setup
  #
- # Add `DANGER_BITBUCKETCLOUD_USERNAME` and `DANGER_BITBUCKETCLOUD_PASSWORD` to your pipeline repository variable
- # or instead using `DANGER_BITBUCKETCLOUD_OAUTH_KEY` and `DANGER_BITBUCKETCLOUD_OAUTH_SECRET`.
+ # For username and password, you need to set.
  #
- # You can find them in Settings > Pipelines > Repository Variables
+ # - `DANGER_BITBUCKETCLOUD_USERNAME` = The username for the account used to comment, as shown on
+ # https://bitbucket.org/account/
+ # - `DANGER_BITBUCKETCLOUD_PASSWORD` = The password for the account used to comment, you could use
+ # [App passwords](https://confluence.atlassian.com/bitbucket/app-passwords-828781300.html#Apppasswords-Aboutapppasswords)
+ # with Read Pull Requests and Read Account Permissions.
+ #
+ # For OAuth key and OAuth secret, you can get them from.
+ #
+ # - Open [BitBucket Cloud Website](https://bitbucket.org)
+ # - Navigate to Settings > OAuth > Add consumer
+ # - Put `https://bitbucket.org/site/oauth2/authorize` for `Callback URL`, and enable Read Pull requests, and Read Account
+ # Permission.
+ #
+ # - `DANGER_BITBUCKETCLOUD_OAUTH_KEY` = The consumer key for the account used to comment, as show as `Key` on the website.
+ # - `DANGER_BITBUCKETCLOUD_OAUTH_SECRET` = The consumer secret for the account used to comment, as show as `Secret` on the
+ # website.
+ #
+ # For [repository access token](https://support.atlassian.com/bitbucket-cloud/docs/repository-access-tokens/), what you
+ # need to create one is:
+ #
+ # - Open your repository URL
+ # - Navigate to Settings > Security > Access Tokens > Create Repository Access Token
+ # - Give it a name and set Pull requests write scope
 
  class BitbucketPipelines < CI
  def self.validates_as_ci?(env)

lib/danger/request_sources/bitbucket_cloud.rb

@@ -9,17 +9,24 @@ class BitbucketCloud < RequestSource
  attr_accessor :pr_json
 
  def self.env_vars
+ ["DANGER_BITBUCKETCLOUD_UUID"]
+ end
+
+ # While it says "optional", one of these is required to run Danger on Bitbucket Cloud.
+ #
+ # - Both `DANGER_BITBUCKETCLOUD_OAUTH_KEY` and `DANGER_BITBUCKETCLOUD_OAUTH_SECRET`
+ # - Both `DANGER_BITBUCKETCLOUD_USERNAME` and `DANGER_BITBUCKETCLOUD_PASSWORD`
+ # - `DANGER_BITBUCKETCLOUD_REPO_ACCESSTOKEN`
+ def self.optional_env_vars
  [
+ "DANGER_BITBUCKETCLOUD_OAUTH_KEY",
+ "DANGER_BITBUCKETCLOUD_OAUTH_SECRET",
+ "DANGER_BITBUCKETCLOUD_REPO_ACCESSTOKEN",
  "DANGER_BITBUCKETCLOUD_USERNAME",
- "DANGER_BITBUCKETCLOUD_UUID",
  "DANGER_BITBUCKETCLOUD_PASSWORD"
  ]
  end
 
- def self.optional_env_vars
- ["DANGER_BITBUCKETCLOUD_OAUTH_KEY", "DANGER_BITBUCKETCLOUD_OAUTH_SECRET"]
- end
-
  def initialize(ci_source, environment)
  self.ci_source = ci_source
 

lib/danger/request_sources/bitbucket_cloud_api.rb

@@ -39,6 +39,8 @@ def inspect
  end
 
  def credentials_given?
+ return true if @access_token
+
  @my_uuid && !@my_uuid.empty? &&
  @username && !@username.empty? &&
  @password && !@password.empty?
@@ -105,6 +107,12 @@ def fetch_pr_from_branch(branch_name)
  end
 
  def fetch_access_token(environment)
+ access_token = environment["DANGER_BITBUCKETCLOUD_REPO_ACCESSTOKEN"]
+ if access_token
+ @access_token = access_token
+ return access_token
+ end
+
  oauth_key = environment["DANGER_BITBUCKETCLOUD_OAUTH_KEY"]
  oauth_secret = environment["DANGER_BITBUCKETCLOUD_OAUTH_SECRET"]
  return nil if oauth_key.nil?

spec/lib/danger/danger_core/environment_manager_spec.rb

@@ -433,7 +433,7 @@ def git_repo_with_danger_branches_setup
  danger_em.raise_error_for_no_request_source(req_src_env, ui)
  end.to raise_error(SystemExit)
 
- expect(ui.string).to include("For your BitbucketCloud repo, you need to expose: DANGER_BITBUCKETCLOUD_USERNAME, DANGER_BITBUCKETCLOUD_UUID, DANGER_BITBUCKETCLOUD_PASSWORD")
+ expect(ui.string).to include("For your BitbucketCloud repo, you need to expose: DANGER_BITBUCKETCLOUD_UUID")
  end
 
  it "handles throwing out all kinds of info when the repo url isnt recognised" do
@@ -451,7 +451,7 @@ def git_repo_with_danger_branches_setup
  " - GitHub: DANGER_GITHUB_API_TOKEN",
  " - GitLab: DANGER_GITLAB_API_TOKEN",
  " - BitbucketServer: DANGER_BITBUCKETSERVER_USERNAME, DANGER_BITBUCKETSERVER_PASSWORD, DANGER_BITBUCKETSERVER_HOST",
- " - BitbucketCloud: DANGER_BITBUCKETCLOUD_USERNAME, DANGER_BITBUCKETCLOUD_UUID, DANGER_BITBUCKETCLOUD_PASSWORD"
+ " - BitbucketCloud: DANGER_BITBUCKETCLOUD_UUID"
  ]
  messages.each do |m|
  expect(ui.string).to include(m)

spec/lib/danger/request_sources/bitbucket_cloud_api_spec.rb

@@ -98,7 +98,37 @@
  end
  end
 
- describe "#credentials_given" do
+ describe "#credentials_given?" do
+ subject { api.credentials_given? }
+
+ context "when UUID is not given" do
+ let(:env) { stub_env.reject { |k, _| k == "DANGER_BITBUCKETCLOUD_UUID" } }
+
+ it { is_expected.to be_falsy }
+ end
+
+ context "when username is not given" do
+ let(:env) { stub_env.reject { |k, _| k == "DANGER_BITBUCKETCLOUD_USERNAME" } }
+
+ it { is_expected.to be_falsy }
+ end
+
+ context "when password is not given" do
+ let(:env) { stub_env.reject { |k, _| k == "DANGER_BITBUCKETCLOUD_PASSWORD" } }
+
+ it { is_expected.to be_falsy }
+ end
+
+ context "when repository access token is given" do
+ let(:env) do
+ stub_env
+ .reject { |k, _| %w(DANGER_BITBUCKETCLOUD_USERNAME DANGER_BITBUCKETCLOUD_PASSWORD).include?(k) }
+ .merge("DANGER_BITBUCKETCLOUD_REPO_ACCESSTOKEN" => "xxx")
+ end
+
+ it { is_expected.to be_truthy }
+ end
+
  it "#fetch_json raise error when missing credentials" do
  empty_env = {}
  expect { api.pull_request }.to raise_error WebMock::NetConnectNotAllowedError