Building repositories hosted on Bitbucket Server

Console

To create a webhook trigger that invokes builds from Bitbucket Server using the Google Cloud Console:

1. Open the Triggers page:

   Open the Build triggers page

2. Select your project from the top of the page and click Open.

3. Click Create trigger.

4. Enter the following trigger settings:

   • Name: A name for your trigger.
   • Description (Optional): A description for your trigger.
   • Event: Select Webhook event to set up your trigger to start builds in response to incoming webhook events.

   • Webhook URL: After entering your credentials, use the webhook URL generated below and the API key you initially set up to authenticate incoming webhook events.

     • Secret: You will need a secret to authenticate incoming webhook events. You can create a new secret or use an existing secret.

       To create a new secret:

       1. Select Create New.

       2. Click Create Secret.

          You will see the Create a webhook secret pop-up box.

       3. In the Secret name field, enter a name for your secret.

       4. Click Create secret to save your secret, which will automatically be created and stored for you in Secret Manager.

       To use an existing secret:

       1. Select Use existing.
       2. In the Secret field, select the name of the secret you want to use from the drop-down menu or follow the instructions to add a secret by resource ID.
       3. In the Secret version field, select your secret version from the drop-down menu.

     After you have created or selected your secret, you will see a preview of your webhook URL, which will look similar to the following:

     https://cloudbuild.googleapis.com/v1/projects/${PROJECT_NAME}/triggers/${TRIGGER_NAME}:webhook?key=${API_KEY}&secret=${SECRET_VALUE}
     

     To learn how you can use the URL when creating a webhook in Bitbucket server, see Creating a webhook in Bitbucket Server.

   • Source (optional): Leave this field blank. Since we plan to use an inline build config as our build configuration, we do not need to select a source.

   • Configuration: Create an inline build config in the Google Cloud Console.

     In the following example, the inline build config authenticates your connection to Bitbucket Server using your SSH key and accesses your specified repository. Following that, it checks out the commit that invoked the webhook.

     steps:
     # first, setup SSH:
     # 1- save the SSH key from Secret Manager to a file
     # 2- add the host key to the known_hosts file
     - name: gcr.io/cloud-builders/git
       args:
         - '-c'
         - |
           echo "$$SSHKEY" > /root/.ssh/id_rsa
           chmod 400 /root/.ssh/id_rsa
           ssh-keyscan -p BITBUCKET_PORT BITBUCKET_HOST > /root/.ssh/known_hosts
       entrypoint: bash
       secretEnv:
         - SSHKEY
       volumes:
         - name: ssh
           path: /root/.ssh
     # second, clone the repository
     - name: gcr.io/cloud-builders/git
       args:
         - clone
         - '-n'
         - 'ssh://BITBUCKET_HOST:BITBUCKET_PORT/BITBUCKET_REPO'
         - .
       volumes:
         - name: ssh
           path: /root/.ssh
     # third, checkout the specific commit that invoked this build
     - name: gcr.io/cloud-builders/git
       args:
         - checkout
         - $_TO_SHA
     availableSecrets:
       secretManager:
       - versionName: PATH_TO_SECRET
         env: SSHKEY
     

     Where:

     • BITBUCKET_HOST is the hostname of your Bitbucket repository.
     • BITBUCKET_PORT is the SSH port of your Bitbucket repository (typically 7999).
     • BITBUCKET_REPO is the path for your Bitbucket repo.
     • PATH_TO_SECRET is the path to your secret as stored in Secret Manager.
     • SSHKEY is the name of the environment used in this case to store the path to your secret.

   • Substitutions (optional): You can choose to define trigger-specific substitution variables using this field.

     In this example, we want to watch for a specific branch name associated with a commit ID. To obtain this data, we can create substitution variables using payload bindings.

     Specify the following variables and values below:

     Variable Name	Variable Value
     _BRANCH	$(body.changes[0].refId)
     _TO_SHA	$(body.changes[0].toHash)

   • Filters (optional): You can create a rule within a trigger that determines whether or not your trigger will execute a build based on your substitution variables.

     Since we want the trigger to execute a build if the branch name matches main, we can use the "==" operator to check for exact matches. You can also use the "matches" keyword if you want to match by regular expression.

     Specify the following as your filters:

     • _BRANCH == refs/heads/main

     To see more example syntax for filtering you could apply to your webhook triggers, see Using CEL to filter build events.

5. Click Create to create your build trigger.

gcloud

To create a webhook trigger that invokes builds from Bitbucket Server, you will need to run the gcloud alpha command. In the example below, the trigger is configured to respond to builds with a branch matching refs/heads/main based on the specified payload as defined by the substitution variable, _BRANCH.

     gcloud alpha builds triggers create webhook \
       --name=TRIGGER_NAME \
       --repo=PATH_TO_REPO \
       --secret=PATH_TO_SECRET \
       --subtitutions=\
         _BRANCH='$(body.changes[0].refId)', TO_SHA='$(body.changes[0].refId)'
       --filter='_BRANCH == refs/heads/main'
       --inline-config=PATH_TO_INLINE_BUILD_CONFIG
       --branch=BRANCH_NAME

Where:

• TRIGGER_NAME is the name of your trigger.
• PATH_TO_REPO is the path to the repository to invoke a build on. For example, https://www.github.com/owner/repo.
• PATH_TO_SECRET is the path to your secret as stored in Secret Manager. For example, projects/my-project/secrets/my-secret/versions/2.

• PATH_TO_INLINE_BUILD_CONFIG is the path to your inline build config.

• BRANCH_NAME is the name of your branch if you want to set your trigger to build on a branch.