4b6817381b
Benchmark image — build + push to ECR (any adapter) / build + push (push) Waiting to run
CI / quality (ubuntu-latest) (push) Waiting to run
CI / test (tools-runtime) (push) Waiting to run
CI / test (e2e-general) (push) Waiting to run
CI / test (cli-runtime) (push) Waiting to run
CI / test (e2e-provider-and-openclaw) (push) Waiting to run
CI / test (integrations-and-misc) (push) Waiting to run
CI / coverage-report (push) Blocked by required conditions
CI / test-kubernetes (push) Waiting to run
CI / should-run-thorough (push) Waiting to run
CI / test-thorough (cloudwatch-demo) (push) Blocked by required conditions
CI / test-thorough (flink-ecs) (push) Blocked by required conditions
CI / test-thorough (upstream-lambda) (push) Blocked by required conditions
CI / test-thorough (prefect-ecs-fargate) (push) Blocked by required conditions
CodeQL / Analyze (python) (push) Waiting to run
Release / build-binaries (zip, opensre.exe, onefile, windows-latest, windows-x64) (push) Blocked by required conditions
Release / publish-release (push) Blocked by required conditions
Release / publish-main-release (push) Blocked by required conditions
Release / prepare (push) Waiting to run
Release / verify (push) Blocked by required conditions
Release / build-python-dist (push) Blocked by required conditions
Release / build-binaries (tar.gz, opensre, onedir, macos-15-intel, darwin-x64) (push) Blocked by required conditions
Release / build-binaries (tar.gz, opensre, onedir, macos-latest, darwin-arm64) (push) Blocked by required conditions
Release / build-binaries (tar.gz, opensre, onedir, ubuntu-22.04, linux-x64) (push) Blocked by required conditions
Release / build-binaries (tar.gz, opensre, onedir, ubuntu-22.04-arm, linux-arm64) (push) Blocked by required conditions
Synthetic Deterministic Tests / Synthetic offline (deterministic) (push) Waiting to run
Interactive Shell Live (PR + post-merge) / turn-checks (no-LLM) (push) Waiting to run
Interactive Shell Live (PR + post-merge) / turn-live shard ${{ matrix.shard_index }} (push) Waiting to run
CI (OpenClaw E2E) / openclaw test (push) Has been cancelled
109 lines
2.9 KiB
Plaintext
109 lines
2.9 KiB
Plaintext
---
|
|
title: "Bitbucket"
|
|
description: "Connect Bitbucket so OpenSRE can correlate recent commits and code changes with incidents"
|
|
---
|
|
|
|
OpenSRE queries Bitbucket to retrieve recent commits, file contents, and code search results — helping trace which change in a Bitbucket-hosted repository triggered an incident.
|
|
|
|
## Prerequisites
|
|
|
|
- Bitbucket Cloud account
|
|
- App password with repository read access
|
|
|
|
## Setup
|
|
|
|
### Option 1: Interactive CLI
|
|
|
|
```bash
|
|
opensre integrations setup
|
|
```
|
|
|
|
Select **Bitbucket** when prompted and provide your workspace, username, and app password.
|
|
|
|
### Option 2: Environment variables
|
|
|
|
Add to your `.env`:
|
|
|
|
```bash
|
|
BITBUCKET_WORKSPACE=your-workspace-slug
|
|
BITBUCKET_USERNAME=your-username
|
|
BITBUCKET_APP_PASSWORD=your-app-password
|
|
```
|
|
|
|
| Variable | Default | Description |
|
|
| --- | --- | --- |
|
|
| `BITBUCKET_WORKSPACE` | — | **Required.** Bitbucket workspace slug |
|
|
| `BITBUCKET_USERNAME` | — | **Required.** Bitbucket username |
|
|
| `BITBUCKET_APP_PASSWORD` | — | **Required.** Bitbucket app password |
|
|
|
|
### Option 3: Persistent store
|
|
|
|
```json
|
|
{
|
|
"version": 1,
|
|
"integrations": [
|
|
{
|
|
"id": "bitbucket-prod",
|
|
"service": "bitbucket",
|
|
"status": "active",
|
|
"credentials": {
|
|
"workspace": "your-workspace-slug",
|
|
"username": "your-username",
|
|
"app_password": "your-app-password"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
```
|
|
|
|
## Creating an app password
|
|
|
|
1. In Bitbucket, go to **Personal settings** → **App passwords**
|
|
2. Click **Create app password**
|
|
3. Give it a label (e.g., `opensre`)
|
|
4. Enable the following permissions: **Repositories: Read**
|
|
5. Copy the generated password
|
|
|
|
<Info>
|
|
The workspace slug is the identifier in your Bitbucket URL: `https://bitbucket.org/<workspace>/`
|
|
</Info>
|
|
|
|
## Investigation tools
|
|
|
|
When OpenSRE investigates a Bitbucket-related alert, three tools are available:
|
|
|
|
- **Commits** — retrieves recent commits for a repository, optionally filtered by file path
|
|
- **File contents** — fetches the contents of a file at a specific revision
|
|
- **Code search** — searches code across the workspace or a specific repository
|
|
|
|
All operations are read-only.
|
|
|
|
## Verify
|
|
|
|
```bash
|
|
opensre integrations verify bitbucket
|
|
```
|
|
|
|
Expected output:
|
|
|
|
```
|
|
Service: bitbucket
|
|
Status: passed
|
|
Detail: Authenticated as Your Name; workspace: your-workspace
|
|
```
|
|
|
|
## Troubleshooting
|
|
|
|
| Symptom | Fix |
|
|
| --- | --- |
|
|
| **401 Unauthorized** | Check username and app password combination |
|
|
| **Workspace not found** | Verify the workspace slug — it's case-sensitive |
|
|
| **403 Forbidden** | Ensure the app password has **Repositories: Read** permission |
|
|
| **Code search unavailable** | Code search requires a Bitbucket Cloud Standard or Premium plan |
|
|
|
|
## Security best practices
|
|
|
|
- Use an **app password** rather than your account password — app passwords can be revoked individually.
|
|
- Scope permissions to **Repositories: Read** only.
|
|
- Store credentials in `.env`, not in source code.
|