Site admins can sync Git repositories hosted on Bitbucket Server or Bitbucket Data Center with Sourcegraph so that users can search and navigate their repositories.
To connect Bitbucket Server / Bitbucket Data Center to Sourcegraph:
- Go to Site admin > Manage code hosts > Add repositories
- Select Bitbucket Server / Bitbucket Data Center.
- Configure the connection to Bitbucket Server / Bitbucket Data Center using the action buttons above the text field, and additional fields can be added using Cmd/Ctrl+Space for auto-completion. See the configuration documentation below.
- Press Add repositories.
Also consider installing the Sourcegraph Bitbucket Server plugin which enables native code navigation for every Bitbucket user when browsing code and reviewing pull requests, allows for faster permission syncing between Sourcegraph and Bitbucket Server / Bitbucket Data Center and adds support for webhooks to Bitbucket Server / Bitbucket Data Center.
Sourcegraph requires a Bitbucket Server / Bitbucket Data Center personal access token with read permissions to sync repositories.
When using batch changes the access token needs write permissions on the project and repository level. See "Code host interactions in batch changes" for details.
You can create a personal access token at https://[your-bitbucket-hostname]/plugins/servlet/access-tokens/add. Also set the corresponding username field.
For Bitbucket Server instances that don't support personal access tokens (Bitbucket Server version 5.4 and older), specify user-password credentials in the username and password fields.
There are four fields for configuring which repositories are mirrored:
repos
A list of repositories inprojectKey/repositorySlugformat. The order determines the order in which we sync repository metadata and is safe to change.repositoryQuery
A list of strings with some pre-defined options (none,all), and/or a Bitbucket Server / Bitbucket Data Center Repo Search Request Query Parameters.exclude
A list of repositories to exclude which takes precedence over therepos, andrepositoryQueryfields.excludePersonalRepositories
With this enabled, Sourcegraph will exclude any personal repositories from being imported, even if it has access to them.
Using the webhooks property on the external service has been deprecated.
Please consult this page in order to configure webhooks.
Enforcing Bitbucket Server / Bitbucket Data Center permissions can be configured via the authorization setting in its configuration.
NOTE: It can take some time to complete full cycle of repository permissions sync if you have a large number of users or repositories. See sync duration time for more information.
- You have the exact same user accounts, with matching usernames, in Sourcegraph and Bitbucket Server / Bitbucket Data Center. This can be accomplished by configuring an external authentication provider that mirrors user accounts from a central directory like LDAP or Active Directory. The same should be done on Bitbucket Server / Bitbucket Data Center with external user directories.
- Ensure you have set
auth.enableUsernameChangestofalsein the site config to prevent users from changing their usernames and escalating their privileges.
This section walks you through the process of setting up an Application Link between Sourcegraph and Bitbucket Server / Bitbucket Data Center and configuring the Sourcegraph Bitbucket Server / Bitbucket Data Center configuration with authorization settings. It assumes the above prerequisites are met.
As an admin user, go to the "Application Links" page. You can use the sidebar navigation in the admin dashboard, or go directly to https://bitbucketserver.example.com/plugins/servlet/applinks/listApplicationLinks.
Write Sourcegraph's external URL in the text area (e.g. https://sourcegraph.example.com) and click Create new link. Click Continue even if Bitbucket Server / Bitbucket Data Center warns you about the given URL not responding.
Write Sourcegraph as the Application Name and select Generic Application as the Application Type. Leave everything else unset and click Continue.
Now click the edit button in the Sourcegraph Application Link that you just created and select the Incoming Authentication panel.
Generate a Consumer Key in your terminal with echo sourcegraph$(openssl rand -hex 16). Copy this command's output and paste it in the Consumer Key field. Write Sourcegraph in the Consumer Name field.
Generate an RSA key pair in your terminal with openssl genrsa -out sourcegraph.pem 4096 && openssl rsa -in sourcegraph.pem -pubout > sourcegraph.pub. Copy the contents of sourcegraph.pub and paste them in the Public Key field.
Scroll to the bottom and check the Allow 2-Legged OAuth checkbox, then write your admin account's username in the Execute as field and, lastly, check the Allow user impersonation through 2-Legged OAuth checkbox. Press Save.
Go to your Sourcegraph's Manage code hosts page (i.e. https://sourcegraph.example.com/site-admin/external-services) and either edit or create a new Bitbucket Server / Bitbucket Data Center connection. Add the following settings:
{
// Other config goes here
"authorization": {
"identityProvider": {
"type": "username"
},
"oauth": {
"consumerKey": "<KEY GOES HERE>",
"signingKey": "<KEY GOES HERE>"
}
}
}Copy the Consumer Key you generated before to the oauth.consumerKey field and the output of the command base64 sourcegraph.pem | tr -d '\n' to the oauth.signingKey field. Finally, save the configuration. You're done!
By installing the Bitbucket Server plugin, you can make use of the fast permission sync feature that allows using Bitbucket Server / Bitbucket Data Center permissions on larger instances.
With the Sourcegraph Bitbucket Server plugin you can enable fast permission syncing:
- Connect Bitbucket Server / Bitbucket Data Center to Sourcegraph (see instructions above).
- Follow the instructions to set up repository permissions with Bitbucket Server / Bitbucket Data Center.
- Install the Sourcegraph Bitbucket Server plugin on your Bitbucket Server / Bitbucket Data Center instance.
- In Sourcegraph, go to Site admin > Manage code hosts and edit the Bitbucket Server / Bitbucket Data Center configuration.
- Add the
"plugin.permissions"property:
{
// [...]
"plugin": {
"permissions": "enabled"
}
}Bitbucket Server / Bitbucket Data Center versions older than v5.5 require specifying a less secure username and password combination, as those versions of Bitbucket Server / Bitbucket Data Center do not support personal access tokens.
Sourcegraph by default clones repositories from your Bitbucket Server / Bitbucket Data Center via HTTP(S), using the access token or account credentials you provide in the configuration. The username field is always used when cloning, so it is required.
Sourcegraph will mark repositories as archived if they have the archived label on Bitbucket Server / Bitbucket Data Center. You can exclude these repositories in search with archived:no search syntax.
See Internal rate limits.
Bitbucket Server / Bitbucket Data Center connections support the following configuration options, which are specified in the JSON editor in the site admin "Manage code hosts" area.