You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This PR adds a Bitbucket Cloud integration for Port's Ocean framework, enabling users to ingest and manage Bitbucket projects, repositories, pull requests, and components in Port.
Why
How -
Uses Ocean’s async HTTP client for API calls.
Implements Bitbucket API authentication via App Passwords.
Supports resync and scheduled sync for accurate data ingestion.
Enables webhook event handling for real-time updates.
Type of change
Please leave one option from the following and delete the rest:
Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
New Integration (non-breaking change which adds a new integration)
Breaking change (fix or feature that would cause existing functionality to not work as expected)
Non-breaking change (fix of existing functionality that will not change current behavior)
Documentation (added/updated documentation)
All tests should be run against the port production environment(using a testing org).
Core testing checklist
Integration able to create all default resources from scratch
Resync finishes successfully
Resync able to create entities
Resync able to update entities
Resync able to detect and delete entities
Scheduled resync able to abort existing resync and start a new one
Tested with at least 2 integrations from scratch
Tested with Kafka and Polling event listeners
Tested deletion of entities that don't pass the selector
Integration testing checklist
Integration able to create all default resources from scratch
Resync able to create entities
Resync able to update entities
Resync able to detect and delete entities
Resync finishes successfully
If new resource kind is added or updated in the integration, add example raw data, mapping and expected result to the examples folder in the integration directory.
If resource kind is updated, run the integration with the example data and check if the expected result is achieved
If new resource kind is added or updated, validate that live-events for that resource are working as expected
Here are some key observations to aid the review process:
⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪
🧪 PR contains tests
🔒 Security concerns
Sensitive information exposure: The integration logs API responses at DEBUG level (line 48 in integration.py) which could potentially expose sensitive data in logs. Consider removing or sanitizing sensitive information before logging.
Add error handling for response.raise_for_status() with specific HTTP status code handling and proper backoff strategy instead of a fixed 10-second delay
try:
response = await self.client.get(url)
response.raise_for_status()
data = response.json() if callable(getattr(response, "json", None)) else response
logging.debug(f"API Response: {data}")
results.extend(data.get("values", []))
url = data.get("next", None)
+except aiohttp.ClientResponseError as e:+ if e.status in (429, 503):+ retry_after = int(response.headers.get('Retry-After', 10))+ logging.warning(f"Rate limited, waiting {retry_after} seconds...")+ await asyncio.sleep(retry_after)+ else:+ logging.error(f"HTTP error {e.status}: {e.message}")+ break
except Exception as e:
- logging.warning(f"Request error, retrying after 10 seconds... Error: {e}")- await asyncio.sleep(10)+ logging.error(f"Unexpected error: {e}")+ break
Apply this suggestion
Suggestion importance[1-10]: 9
__
Why: The suggestion significantly improves error handling by adding specific HTTP status code handling and proper retry logic for rate limiting, which is crucial for API reliability and robustness.
High
General
Add request timeout protection
Add request timeout to prevent infinite waiting on API calls that might hang
Why: Adding a timeout is critical for preventing hung requests that could block the application indefinitely, significantly improving the application's reliability and resource management.
Medium
Security
Validate authentication credentials
Add input validation for username and password to prevent encoding empty or invalid credentials
def get_auth_token(username: str, password: str) -> str:
+ if not username or not password:+ raise ValueError("Username and password cannot be empty")
return base64.b64encode(f"{username}:{password}".encode()).decode()
Apply this suggestion
Suggestion importance[1-10]: 7
__
Why: Input validation for authentication credentials is important for security and prevents potential issues with empty credentials, though the base64 encoding would work regardless.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User description
Description
What
Why
How -
Type of change
Please leave one option from the following and delete the rest:
All tests should be run against the port production environment(using a testing org).
Core testing checklist
Integration testing checklist
examplesfolder in the integration directory.Preflight checklist
Screenshots
Include screenshots from your environment showing how the resources of the integration will look.
API Documentation
Provide links to the API documentation used for this integration.
PR Type
Enhancement, Tests, Documentation
Description
Introduced Bitbucket integration for Port's Ocean framework.
Implemented authentication using App Passwords and Base64 encoding.
Added data ingestion for projects, repositories, and pull requests.
Provided webhook handling for real-time event updates.
Included unit tests for authentication, integration, and webhook functionality.
Configured dependencies and testing setup for the integration.
Changes walkthrough 📝
4 files
Added custom authentication client for Bitbucket API.Implemented core integration logic for Bitbucket.Added entry point for running Bitbucket integration.Added webhook handler for Bitbucket events.2 files
Configured environment-based settings for Bitbucket integration.Configured pytest settings for integration tests.3 files
Added unit test for authentication token generation.Added unit test for fetching Bitbucket projects.Added unit test for webhook event handling.2 files
Defined project metadata and dependencies.Listed required dependencies for the integration.3 files