Merge pull request #750 from snyk/feat/add-bitbucket-server-bearer-co…

…nnection-type

feat: add bitbucket server bearer auth flavor [HYB-519]

.circleci/config.yml

@@ -609,6 +609,34 @@ workflows:
           post-steps:
             - notify-slack-on-failure
           <<: *filter-tags-only
+      - build-and-save-docker-image:
+          name: Build bitbucket-server-bearer-auth UBI image
+          context:
+            - snyk-bot-slack
+            - team-broker-snyk
+          requires:
+            - Push base UBI image
+          additional_arguments: "--build-arg BASE_IMAGE=snyk/broker:${CIRCLE_TAG/v/''}-base-rhel-ubi --build-arg BROKER_TYPE=bitbucket-server-bearer-auth"
+          dockerfile: dockerfiles/Dockerfile.ubi
+          project_name: rhel-ubi-bitbucket-server-bearer-auth
+          post-steps:
+            - notify-slack-on-failure
+          <<: *filter-tags-only
+      - tag-and-push-docker-image:
+          name: Push bitbucket-server-bearer-auth UBI image
+          context:
+            - snyk-bot-slack
+            - team-broker-cosign
+            - team-broker-docker-hub
+            - team-broker-snyk
+          requires:
+            - Build bitbucket-server-bearer-auth UBI image
+          image_name: snyk/broker
+          image_tag: rhel-ubi-bitbucket-server-bearer-auth
+          project_name: rhel-ubi-bitbucket-server-bearer-auth
+          post-steps:
+            - notify-slack-on-failure
+          <<: *filter-tags-only
 
       - build-and-save-docker-image:
           name: Build container-registry-agent UBI image
@@ -1084,6 +1112,35 @@ workflows:
           post-steps:
             - notify-slack-on-failure
           <<: *filter-tags-only
+
+      - build-and-save-docker-image:
+          name: Build bitbucket-server-bearer-auth image
+          context:
+            - snyk-bot-slack
+            - team-broker-snyk
+          requires:
+            - Push base image
+          additional_arguments: "--build-arg BASE_IMAGE=snyk/broker:${CIRCLE_TAG/v/''}-base --build-arg BROKER_TYPE=bitbucket-server-bearer-auth"
+          dockerfile: dockerfiles/Dockerfile
+          project_name: bitbucket-server-bearer-auth
+          post-steps:
+            - notify-slack-on-failure
+          <<: *filter-tags-only
+      - tag-and-push-docker-image:
+          name: Push bitbucket-server-bearer-auth image
+          context:
+            - snyk-bot-slack
+            - team-broker-cosign
+            - team-broker-docker-hub
+            - team-broker-snyk
+          requires:
+            - Build bitbucket-server-bearer-auth image
+          image_name: snyk/broker
+          image_tag: bitbucket-server-bearer-auth
+          project_name: bitbucket-server-bearer-auth
+          post-steps:
+            - notify-slack-on-failure
+          <<: *filter-tags-only
 
       - build-and-save-docker-image:
           name: Build container-registry-agent image
@@ -1461,6 +1518,35 @@ workflows:
           post-steps:
             - notify-slack-on-failure
           <<: *filter-tags-only
+
+      - build-and-save-docker-image:
+          name: Build bitbucket-server-bearer-auth image (nlatest)
+          context:
+            - snyk-bot-slack
+            - team-broker-snyk
+          requires:
+            - Push base image (nlatest)
+          additional_arguments: "--build-arg BASE_IMAGE=snyk/broker:${CIRCLE_TAG/v/''}-base-nlatest --build-arg BROKER_TYPE=bitbucket-server-bearer-auth"
+          dockerfile: dockerfiles/Dockerfile
+          project_name: bitbucket-server-bearer-auth-nlatest
+          post-steps:
+            - notify-slack-on-failure
+          <<: *filter-tags-only
+      - tag-and-push-docker-image:
+          name: Push bitbucket-server-bearer-auth image (nlatest)
+          context:
+            - snyk-bot-slack
+            - team-broker-cosign
+            - team-broker-docker-hub
+            - team-broker-snyk
+          requires:
+            - Build bitbucket-server-bearer-auth image (nlatest)
+          image_name: snyk/broker
+          image_tag: bitbucket-server-bearer-auth-nlatest
+          project_name: bitbucket-server-bearer-auth-nlatest
+          post-steps:
+            - notify-slack-on-failure
+          <<: *filter-tags-only
 
       - build-and-save-docker-image:
           name: Build container-registry-agent image (nlatest)

client-templates/bitbucket-server-bearer-auth/.env.sample

@@ -0,0 +1,45 @@
+BROKER_DOWNSTREAM_TYPE_BITBUCKET_SERVER_BEARER_AUTH=true
+# your unique broker identifier
+BROKER_TOKEN=<broker-token>
+
+# your personal password to your bitbucket server account
+BITBUCKET_PAT=<bitbucket-pat>
+
+# the host where your Bitbucket Server is running, excluding scheme.
+# for bitbucket.yourdomain.com
+# this should be "bitbucket.yourdomain.com"
+BITBUCKET=bitbucket.yourdomain.com
+
+# the url that the Bitbucket server API should be accessed at.
+# for bitbucket.yourdomain.com this should be
+# changed to "bitbucket.yourdomain.com/rest/api/1.0"
+BITBUCKET_API=$BITBUCKET/rest/api/1.0
+
+# the url of your broker client (including scheme and port)
+# BROKER_CLIENT_URL=
+
+# Bitbucket server validation url, checked by broker client systemcheck endpoint
+BROKER_CLIENT_VALIDATION_URL=https://$BITBUCKET/rest/api/1.0/projects
+
+# Bitbucket server bearer auth creds
+BROKER_CLIENT_VALIDATION_AUTHORIZATION_HEADER="Bearer $BITBUCKET_SERVER_PAT",
+
+# The URL of the Snyk broker server
+BROKER_SERVER_URL=https://broker.snyk.io
+
+# the fine detail accept rules that allow Snyk to make API requests to your
+# bitbucket server instance
+ACCEPT=accept.json
+
+# The path for the broker's internal healthcheck URL. Must start with a '/'.
+BROKER_HEALTHCHECK_PATH=/healthcheck
+
+# the host where the git server resides
+GIT_URL=$BITBUCKET
+
+# git credentials for cloning repos
+GIT_USERNAME="x-access-token"
+GIT_PASSWORD=$BITBUCKET_PAT
+
+# the url of your snyk git client (including scheme and port).
+# GIT_CLIENT_URL=https://<snyk-git-client-host>:<snyk-git-client-port>