Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Why can't I post a custom code insight?

J. Longman
J. Longman June 22, 2020

I've created a custom pipe which runs some linters and I'm trying to post the report and annotations.

The examples just don't work.

I've reduced the linter wrapper script to the curl command from the Code Insights page, added the pipe proxy, and nada.


pipelines:
  default:
#    - parallel:
       - step:
           name: super-linter
           script:    
             - pipe: docker://jlongman/super-linter:rc1
               variables:
                 RUN_LOCAL: "true"

RUN command's content, inside of the image:

#!/bin/bash

curl -v -X --proxy 'http://host.docker.internal:29418' --request PUT "https://api.bitbucket.org/2.0/repositories/${BITBUCKET_REPO_OWNER}/${BITBUCKET_REPO_SLUG}/commit/${BITBUCKET_COMMIT}/reports/mySystem-001" \
  --header 'Content-Type: application/json' \
  --data-raw '{
 "title": "Security scan report",
 "details": "This pull request introduces 10 new dependency vulnerabilities.",
 "report_type": "SECURITY",
 "reporter": "mySystem",
 "link": "http://www.mySystem.com/reports/001",
 "result": "FAILED",
 "data": [
  {
   "title": "Duration (seconds)",
   "type": "DURATION",
   "value": 14
  },
  {
   "title": "Safe to merge?",
   "type": "BOOLEAN",
   "value": false
  }
 ]
}'

output from command;

d8d04c7b038b: Verifying Checksum
d8d04c7b038b: Download complete
51456daf5cf2: Verifying Checksum
51456daf5cf2: Download complete
2a31a673552c: Verifying Checksum
2a31a673552c: Download complete
8e0c3ec234c6: Verifying Checksum
8e0c3ec234c6: Download complete
b07b00e56ebf: Verifying Checksum
b07b00e56ebf: Download complete
d8d04c7b038b: Pull complete
77bc3433382d: Pull complete
5a74d28a4fd0: Pull complete
085e49cb36dc: Pull complete
d620d169f0f2: Pull complete
1cd1c6270b72: Pull complete
3e7653492d90: Pull complete
c334835c5427: Pull complete
dd20de1e58a6: Pull complete
51456daf5cf2: Pull complete
137a93936ce9: Pull complete
2a31a673552c: Pull complete
8e0c3ec234c6: Pull complete
b07b00e56ebf: Pull complete
Digest: sha256:31b4337e570a7ee341b9a4a182380b07a61c25276773017067dd369bb340289e
Status: Downloaded newer image for jlongman/super-linter:rc1
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 10.36.243.173:29418...
* Connected to host.docker.internal (10.36.243.173) port 29418 (#0)
> PUT / HTTP/1.1
> Host: host.docker.internal:29418
> User-Agent: curl/7.69.1
> Accept: */*
> Content-Type: application/json
> Content-Length: 411
> 
} [411 bytes data]
* upload completely sent off: 411 out of 411 bytes
* Mark bundle as not supporting multiuse
< HTTP/1.1 502 Bad Gateway
< Server: nginx/1.15.5
< Date: Tue, 23 Jun 2020 00:49:25 GMT
< Content-Type: text/html
< Content-Length: 157
< Connection: keep-alive
< 
<html>
<head><title>502 Bad Gateway</title></head>
<body>
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.15.5</center>
</body>
</html>
{ [157 bytes data]
100 568 100 157 100 411 78500 200k --:--:-- --:--:-- --:--:-- 277k
* Connection #0 to host host.docker.internal left intact
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 18.205.93.6:443...
* Connected to api.bitbucket.org (18.205.93.6) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [88 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [155 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [15 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2810 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [78 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Atlassian, Inc.; OU=Bitbucket; CN=*.bitbucket.org
* start date: May 5 00:00:00 2020 GMT
* expire date: Jul 21 12:00:00 2022 GMT
* subjectAltName: host "api.bitbucket.org" matched cert's "*.bitbucket.org"
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x55c439792a60)
} [5 bytes data]
> PUT /2.0/repositories/mycode/my-devops/commit/8fb629402d8be5cf893ce6c8729dcfd50c4b3545/reports/mySystem-001 HTTP/2
> Host: api.bitbucket.org
> user-agent: curl/7.69.1
> accept: */*
> content-type: application/json
> content-length: 411
> 
} [5 bytes data]
* We are completely uploaded and fine
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [202 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS == 200)!
} [5 bytes data]
< HTTP/2 404 
< server: nginx
< cache-control: max-age=900
< content-type: application/json; charset=utf-8
< x-b3-traceid: b87b5efc2af1a0f3
< x-dc-location: ash1
< strict-transport-security: max-age=31536000; includeSubDomains; preload
< date: Tue, 23 Jun 2020 00:49:25 GMT
< x-served-by: app-1142
< x-static-version: 62971075a048
< x-render-time: 0.00877213478088
< x-version: 62971075a048
< x-request-count: 1864
< x-frame-options: SAMEORIGIN
< content-length: 49
< 
{ [49 bytes data]
100 460 100 49 100 411 753 6323 --:--:-- --:--:-- --:--:-- 7076
* Connection #1 to host api.bitbucket.org left intact
2020-06-23T00:49:25.426519532Z stdout P {"type": "error", "error": {"message": "commit"}}

That error message is really useless:

{"type": "error", "error": {"message": "commit"}}

The run in question is a pull request, that is the latest commit on the branch (at that time). 

NB I changed the project and repo name to protect the innocent and the docker image was using rc1 but I pushed the above script to rc1 and the actual one to rc2.

Answer
Watch
Like Be the first to like this
703 views

1 answer

1 accepted

0 votes
Answer accepted
seanaty
seanaty
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 23, 2020

I agree that the error message is mostly useless. Typically when there is a one word message in there it means there is a validation problem with the field of that name.

In this case, I'd check that the commit is a real commit for that repository.

View More Comments
J. Longman
J. Longman June 23, 2020

;-), thanks for the response.

curl -v -X --proxy 'http://host.docker.internal:29418' --request PUT "https://api.bitbucket.org/2.0/repositories/${BITBUCKET_REPO_OWNER}/${BITBUCKET_REPO_SLUG}/commit/${BITBUCKET_COMMIT}/reports/mySystem-001" \

The commit should be the $BITBUCKET_COMMIT variable which I would assume would have to be correct.  I can't imagine a need to URLEncode it, for example, and there was no mention of a need to shorten it. (Nor is it clear if it would be valid if I did).

The actual URL is shown in the debugging:

PUT /2.0/repositories/mycode/my-devops/commit/8fb629402d8be5cf893ce6c8729dcfd50c4b3545/reports/mySystem-001 HTTP/2

Which looks legit.   Is it possible http/2 isn't supported?

here's the website commit URL (note with the same mods to the repo owner and repo slug as the above - maybe being paranoid but rather not expose an URL that means something).

https://bitbucket.org/mycode/my-devops/commits/8fb629402d8be5cf893ce6c8729dcfd50c4b3545?at=DO-1317_nag
Like
J. Longman
J. Longman June 23, 2020

never mind the http/2 comment - if http/2 wasn't supported I'm sure curl/the proxy would be complaining, not going along happily.

Like
lassian
lassian
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 24, 2020

Hello,

From looking at your request it appears your using the auth proxy but your using https rather than http. We forward the request authenticated to bitbucket over https but we require you to use http to talk to the proxy running alongside your step.

https://support.atlassian.com/bitbucket-cloud/docs/code-insights/#Codeinsights-Authentication

Try changing it to

curl -v -X --proxy 'http://host.docker.internal:29418' --request PUT "http://api.bitbucket.org/2.0/repositories/${BITBUCKET_REPO_OWNER}/${BITBUCKET_REPO_SLUG}/commit/${BITBUCKET_COMMIT}/reports/mySystem-001"
Like J. Longman likes this
J. Longman
J. Longman June 24, 2020

Hi, this appears to be working! I guess my reflex was to always use https.  Well that's great.  It would be nice to have better errors and working examples of this.

 

SO Now I am trying to get the files changed in the commit and am having problems with that.  In this case I am trying diffstat

files_raw=$(curl \
  -vs \
  --proxy 'http://host.docker.internal:29418' \
  --request GET \
 "http://api.bitbucket.org/2.0/repositories/${BITBUCKET_REPO_OWNER}/${BITBUCKET_REPO_SLUG}/diffstat/${BITBUCKET_COMMIT}" \
  2>&1)
echo "$files_raw"
RAW_FILE_ARRAY=($(
  echo "$files_raw" | jq '.values[][].path?' | sort -u
))

 and it complains that I need admin or write  (_I_ have that, but even in the browser I get that message).

I'll create a separate question for that.

Like
lassian
lassian
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 24, 2020

I also created a ticket internally to return a response header indicating if we proxied (augmented the request with authorization headers) or not so in the future itll be easier to debug.

Like J. Longman likes this
J. Longman
J. Longman June 25, 2020

I think part of it me was being dumb - I was thinking I'd see the auth header added but of course I'm on the wrong side of that. I'm assuming it can't be added because encryption.

 

Thanks again.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events