New Bitbucket Features Are Here

Bitbucket is a Git code management tool used for software development projects. Recently, Bitbucket released a new set of features which are included in our plan. We wanted to dig deeper and discuss these updates with our team. 

Right now, we use Bitbucket to track the source code for some of our projects, to make changes on our code in a collaborative way and to test and deploy it. We’re always open to new solutions, so we decided to take a look at the new Bitbucket features and see what we can add to our workflow. 

First of all, we looked into the set of new features and split them up throughout our team to have a closer look. After looking into the new features, we got together to discuss and present them to our entire team. 

This is something we do periodically. When we discover something cool that’s worth sharing with the entire team, we get together and organize a [Cobalt Matters] session. This way, we can all share our thoughts on the subjects that matter to us the most. Now that we work remotely, we got together in a quick call to see how we can update our dev flow here at Cobalt Sign.

So, below you will find our conclusions after we tested all the features. For each one, we had a testing project that was used to show a demo to the team while we presented. Then, we discussed the advantages and disadvantages of these features.

CI/CD a.k.a Bitbucket Pipelines

Note: CI’s are not yet supported on iOS (it will be soon) so, for now, we tested it for Android. 

We created a project from scratch to set it up & test it from start to finish.

What’s important to keep in mind is that Pipelines run based on a bitbucket-pipelines.yml config file.

All pipelines have to be defined to know exactly what to do, when to do it and on which branch. 

yml structure

The structure of an econfig file (see Android Yaml example below) is based on a Docker virtual machine that makes the builds, in our case, the Android SDK.

You can define several steps here. For example, you can set it up to run app tests and see if they pass. If the tests pass then it can be set up to create a build and send a notification on Slack. This tool is more powerful than the one we currently use because you can define multiple types of steps.

pipelines:
branches:
master:
- step:
name: Build Release # Step name
image: bitbucketpipelines/android-ci-image # Android Docker Image
caches:
- gradle
script:
- ./gradlew assembleRelease # Build command
artifacts:
- app/build/outputs/** # Specify which files can downloadable, later thoose ones can be dowloaded from "Artifacts page"

We set up the CI to trigger a release build after any push into the master branch. 

[Cobalt Matters] Trying out the New Bitbucket Features CICD Bitbucket Pipelines

The builds are created for each release using the Android build tools which are in a Docker instance. This way, the gradle command will fetch all the details and cache them to be used in the future. The more details it caches, the more the build time will decrease, which is really helpful.

After a step is completed, you can choose exactly what to download. In our case, we save the build so that we have the APKs ready to download any time in artifacts. This is only a simple step, created for the presentation but steps can be much more complex. For example, builds can be sent to the AppStore or PlayStore to be published.

[Cobalt Matters] Trying out the New Bitbucket Features Build details page
[Cobalt Matters] Trying out the New Bitbucket Features Artifacts

Moreover, it has a few cool extra features that are worth mentioning. 

[Cobalt Matters] Trying out the New Bitbucket Features - Schedule builds - Screen Shot 2020-04-21 at 6.08.36 PM

Scheduling

Create daily, weekly on monthly recurring builds from a specific branch. This is something we didn’t have the possibility to do before and we find it very helpful.

[Cobalt Matters] Trying out the New Bitbucket Features Dependency caches

Caching

You can edit what is cached from .yaml config. The more details it caches, the more will drop the build time which is really helpful.

Remaining-build-minutes-Screen-Shot-2020-04-21-at-6.07.v2

Pipelines Usage

See your remaining build minutes.

Security Scanning by Snyk

Goot to know:

  • Started as a tool for managing NPM dependencies.
  • It is actively developed and new features are often introduced. Snyk supports not only NPM but also Java (Maven and Gradle), Ruby, Scala, Python and Go. However, the support for NPM is still the strongest, so many nice features are not available for other languages.
  • Has its own Opensource Vulnerability DB, which is also available on their website.
  • Mainly consists of a command-line tool which can scan your codebase dependencies against its database of vulnerabilities and alerts you on any found issues.
  • It can also be integrated into Git repositories and monitor them by scanning pull requests before merging them, or by adding Snyk as a CI/CD pipeline test in order to prevent the mitigation of vulnerabilities to production environments.

Depending on the project’s type, Snyk looks up your dependencies and builds a dependency tree with the imported libraries and their versions and compares them to the flagged versions in its own database of vulnerabilities. Found vulnerabilities are ranked based on the maturity of the exploit and how critically it should be fixed.

A nice feature of Snyk is that it automatically offers to fix the vulnerable dependencies for you at the push of a button. When fixing vulnerabilities automatically, a pull request is opened in the corresponding repository with the minimal changes required for the issue to be resolved. When upgrading is too disruptive (or not available), Snyk can offer a series of proprietary patches (developed in collaboration with the maintainer) to fix the issues quickly and precisely.

Snyk can also automatically monitor your projects and deployed code and you can get notifications whenever new vulnerabilities are disclosed and newly identified vulnerabilities in your code through preferred channels including Slack, Jira, email, etc.

A guide on integrating Snyk with Bitbucket can be found here.

Another guide on scanning an existing repository can be found here.

[Cobalt Matters] Trying out the New Bitbucket Features Security Scanning by Snyk

In conclusion, Snyc is a tool for scanning the dependencies of a project comparing them against its database to find security vulnerabilities. Once found, programmers can be notified about the issues and offered suggestions or automatic fixes for those vulnerabilities. It can also be integrated as a CI/CD test in a pipeline to stop vulnerable code from getting into production environments.

Merge Checks

According to Atlassian “merge checks allow you to recommend or require specific conditions on merges for individual branches or branch patterns. Merge checks work in tandem with branch permissions to give the members of your workspace flexibility and control over your development workflow.” 

Shortly, it means that if you set up the merge checks, then before each pull request is merged Bitbucket will verify if all the requirements are checked and will notify the author about it.

Example of setting up merge checks

In the settings of the repository, in the Branch permissions sections click Add a branch permissions. The branch permissions look like this on the test repository:

Merge checks - Screen Shot 2020-04-29 at 5.23.24 PM

Mention: You can set up a default reviewer as well. By setting this up, when creating a PR the default reviewer will be added automatically in the Reviewers section.

Reviewers - Screen Shot 2020-04-28 at 2.25.55 PM
For testing purposes two pull requests have been created:

  • PR1 – asked a review only from the default reviewer
  • PR2 – asked for review from at least 2 reviewers

When PR1 is trying to be merged, the merge confirmation pop-up looks like this:

Merge PR 1 - Screen Shot 2020-04-29 at 5.28.05 PM

When PR2 is trying to be merged, the merge confirmation pop-up looks like this:

Merge PR2 - Screen Shot 2020-04-29 at 5.27.31 PM

Right now, a repository can have multiple branch permissions for different branches. Branch permission can be set up by type (feature, master, development etc) or by a given pattern/name. 

In the Standard plan, Bitbucket just warns the user about the failed merge checks, but the user can merge the changes, while on the Premium plan users won’t be able to merge if their pull request has unresolved merge checks.

For enhancing our workflow even more, it would be great to be able to set up merge checks for branches of a given pattern/name and apply these for the Sprint{X} branches.

Exclude Files From a PR

The repository administrators have now the ability to improve the code review experience for large pull requests by excluding files.

Here’s how it works:

Add patterns to the list at Settings > Excluded files in the Pull Requests section.

[Cobalt Matters] Trying out the New Bitbucket Features - Excluded files - PR section - Screenshot 2020-04-29 at 10.00.56

The filenames for all the files still remain in the pull request, but the diff for each excluded file is replaced with an informational card including a link to the file’s diff.

PR - link to excluded files

The excluded file filter only affects diffs viewed in the new pull request experience, which is currently in beta and can be enabled in Bitbucket Labs.

Enable in Bitbucket Labs - Screenshot 2020-04-29 at 10.01.27 (1)

Bitbucket & Jira Integration

The first step is to connect the Bitbucket Cloud with Jira Cloud Software. Then, you will be able to add and remove repositories, control smart commits and to turn on auto-sync for new repositories. 

Once you’ve turned on the auto-sync, you added the repositories to your Bitbucket account, you should be able to see new branches, commits and pull requests in Jira. Moreover, you can refresh the list of repositories and you can turn on manual sync activity for Jira.

The process of connecting the Bitbucket repository to the Jira Cloud is relatively straight forward. It can be done in a few easy steps:

  1. Go to your Bitbucket account, select your preferred repository, then go to your settings.
  2. There you will find the Atlassian integrations tab where you click on Jira.
  3. From that point, you will have an interface where you can connect to the Jira site. If you don’t have any Jira Software Cloud instances connected to your Atlassian account, you can choose to Try Jira now or Learn more about the integration.
  4. Then you click connect and Ok and voilà!

Example of branch creation

Creating branches using the new system is made easy by first selecting the Jira ticket and then going to the development part highlighted in the picture below.

example of branch creation

Then, after clicking the Create branch, you are prompted to a new screen. Here you can input the details of the branch, such as from the Repository from which the branch is made, to the Type of the branch to its parent as shown in the picture below.

create branch

After all the details are inputted, the user merely clicks on the create button and the branch is created. Then, the user will be able to look for the branch in his preferred GIT client (for this example we use Sourcetree).

As an example, we created the RSHAP-13-this-is-a-dummy-task branch.

[Cobalt-Matters]-Trying-out-the-New-Bitbucket-Features-branchexample--Screen-Shot-2020-05-15-at-1.40V2

By linking Bitbucket with Jira, one can also watch the details of one said task to check the number of commits and also if it has been merged or not. The example below shows a ticket that has a branch that was already merged, again one looks at the development part of the ticket for such details.

ticket on merged branch

Bitbucket & Trello Integration

In order to organize your projects, have a visual overview of them and ship your code faster, you can enable the new Bitbucket feature for Trello, the Bitbucket power-up.

Once you activate the power-up, you can quickly set it up and get your projects organized. The first step is to add the power-up to your board, then authenticate & give permissions. After the power-up is available for the board, each member has to authenticate separately.

Note: keep in mind that the power-up works with the Bitbucket Cloud only.

Once you’re done with the setup, you can attach branches, commits and pull requests to cards. Moreover, you can create branches from cards and have a visual overview of your pull-requests’ status.

Attach pull requests, branches, or commits

There are several ways to attach branches, commits and pull requests to your Trello board. You can paste the Bitbucket URL in your Trello card, create URL attachments or use the Bitbucket power-up button from the card.

Cards with pull requests and branches have a green or red tag which indicates the status of the builds. Commits, however, don’t have individual builds so you won’t see the tags on these.

trello integration

Create branches from cards

You can create branches from cards by using the Bitbucket power-up button from the Power-up section of the card. The new branch in your repository will show the card’s title and description.

trello integration

Next, you’ll be redirected to the Bitbucket create branch page.

trello integration

After you create the branch, the tab will close and you’ll see it in the Trello card.

Trello Card w branch

Removing a repository from your board

You can easily remove repositories if you don’t want them in your Trello board anymore. Just look for the power-up, go to Settings and open “edit power-up settings” to remove them.

removing repositories

These are all the new Bitbucket features we tested and discussed with our team during our latest [Cobalt Matters] session. If you develop apps, you already know how much these features help enhance the development process. 

We were eagerly waiting for some of these features such as build schedule. But others are new, quick & useful improvements that we will welcome in our routines. And while some of the new features from Bitbucket can save a lot of time automating processes, others are efficient because they shorten and simplify our work.

We encourage you to use the new Bitbucket features to increase productivity and eliminate work that can be done automatically, with minimal supervision. This way, you will be able to focus on the things that require your attention and develop better projects. 

Join Our Newsletter

App news, know-hows and updates. Every few months, read our stories right in your inbox.