Merge pull request #60 from gildas/release/0.17.6

Merge release/0.17.6

Author: gildas

README.md

@@ -183,12 +183,18 @@ By default, the password or client secret is stored in the vault of the operatin
 
 Profiles support the following authentications:
 
-- [OAuth 2.0 with Authorization Code Grant](https://developer.atlassian.com/cloud/bitbucket/rest/intro/#1--authorization-code-grant--4-1-) with the `--client-id`, `--client-secret`, and `--callback-port` flags
-- [OAuth 2.0 with Client Credentials](https://developer.atlassian.com/cloud/bitbucket/rest/intro/#3--client-credentials-grant--4-4-) with the `--client-id` and `--client-secret` flags
-- [App passwords](https://support.atlassian.com/bitbucket-cloud/docs/app-passwords/) with the `--user` and `--password` flags.
+- [OAuth 2.0 with Authorization Code Grant](https://developer.atlassian.com/cloud/bitbucket/rest/intro/#1--authorization-code-grant--4-1-) with the `--client-id`, `--client-secret`, and `--callback-port` flags.
+- [OAuth 2.0 with Client Credentials](https://developer.atlassian.com/cloud/bitbucket/rest/intro/#3--client-credentials-grant--4-4-) with the `--client-id` and `--client-secret` flags.
+- [API tokens](https://support.atlassian.com/bitbucket-cloud/docs/api-tokens/) with the `--user` and `--password` flags. The user is the **Atlassian account email** and the password is the API token in this case.
+- ~~[App passwords](https://support.atlassian.com/bitbucket-cloud/docs/app-passwords/) with the `--user` and `--password` flags.~~ [App passwords are deprecated by Atlassian in favour of API tokens as of June 9, 2025 and will stop working entirely on June 9, 2026](https://www.atlassian.com/blog/bitbucket/bitbucket-cloud-transitions-to-api-tokens-enhancing-security-with-app-password-deprecation). Use API tokens instead.
 - [Repository Access Tokens](https://support.atlassian.com/bitbucket-cloud/docs/repository-access-tokens/), [Project Access Tokens](https://support.atlassian.com/bitbucket-cloud/docs/project-access-tokens/), [Workspace Access Tokens](https://support.atlassian.com/bitbucket-cloud/docs/workspace-access-tokens/) with the `--access-token` flags.
 
-When you use a username/password, the password is stored in the vault of the operating system (Windows Credential Manager, macOS Keychain, or Linux Secret Service). You can pass the `--no-vault` flag to disable this feature and store the password in plain text in the configuration file. This is not recommended, but can be useful for testing purposes. On Linux and macOS, you can also pass the `--vault-key` flag to set the key to use in the system keychain. By default, the key is `bitbucket-cli`. On Windows, this option is not available.
+Permission Scopes:
+
+- [OAuth 2.0 scopes](https://developer.atlassian.com/cloud/bitbucket/rest/intro/#bitbucket-oauth-2-0-scopes)
+- [API token permissions](https://support.atlassian.com/bitbucket-cloud/docs/api-token-permissions/)
+
+When you use a user/password, the password is stored in the vault of the operating system (Windows Credential Manager, macOS Keychain, or Linux Secret Service). You can pass the `--no-vault` flag to disable this feature and store the password in plain text in the configuration file. This is not recommended, but can be useful for testing purposes. On Linux and macOS, you can also pass the `--vault-key` flag to set the key to use in the system keychain. By default, the key is `bitbucket-cli`. On Windows, this option is not available.
 
 You can also pass the `--clone-protocol` flag to set the default protocol to use when cloning repositories. The supported protocols are `https`, `git`, and `ssh`. This option can be overridden with the `--protocol` flag when using `repo clone`.
 
@@ -840,6 +846,8 @@ bb pipeline list
 
 By default the current repository is used, you can specify a repository with the `--repository` flag.
 
+If there are too many pipelines and `bb pipeline list` seems to hang, you can use the `--limit` flag to set the maximum number of pipelines to retrieve. By default, the limit is set to 0, which means no limit.
+
 You can get the details of a pipeline with the `bb pipeline get` or `bb pipeline show` command:
 
 ```bash

cmd/pipeline/list.go

@@ -25,6 +25,7 @@ var listOptions struct {
 	Columns    *flags.EnumSliceFlag
 	SortBy     *flags.EnumFlag
 	PageLength int
+	Limit      int
 }
 
 func init() {
@@ -35,8 +36,9 @@ func init() {
 	listCmd.Flags().StringVar(&listOptions.Repository, "repository", "", "Repository to list pipelines from. Defaults to the current repository")
 	listCmd.Flags().StringVar(&listOptions.Query, "query", "", "Query string to filter pipelines")
 	listCmd.Flags().Var(listOptions.Columns, "columns", "Comma-separated list of columns to display")
-	listCmd.Flags().Var(listOptions.SortBy, "sort", "Column to sort by")
+	listCmd.Flags().Var(listOptions.SortBy, "sort", "Column to sort by (applies a local sort on fetched results; server-side sort is always by creation date descending)")
 	listCmd.Flags().IntVar(&listOptions.PageLength, "page-length", 0, "Number of items per page to retrieve from Bitbucket. Default is the profile's default page length")
+	listCmd.Flags().IntVar(&listOptions.Limit, "limit", 0, "Maximum total number of items to retrieve. 0 means no limit")
 	_ = listCmd.RegisterFlagCompletionFunc(listOptions.Columns.CompletionFunc("columns"))
 	_ = listCmd.RegisterFlagCompletionFunc(listOptions.SortBy.CompletionFunc("sort"))
 }
@@ -48,9 +50,9 @@ func listProcess(cmd *cobra.Command, args []string) (err error) {
 		return errors.ArgumentMissing.With("profile")
 	}
 
-	uripath := "pipelines"
+	uripath := "pipelines?sort=-created_on"
 	if len(listOptions.Query) > 0 {
-		uripath = fmt.Sprintf("pipelines?q=%s", url.QueryEscape(listOptions.Query))
+		uripath = fmt.Sprintf("pipelines?sort=-created_on&q=%s", url.QueryEscape(listOptions.Query))
 	}
 
 	log.Infof("Listing pipelines for repository: %s", listOptions.Repository)
@@ -63,6 +65,8 @@ func listProcess(cmd *cobra.Command, args []string) (err error) {
 		fmt.Println("No pipelines found")
 		return nil
 	}
-	core.Sort(pipelines, columns.SortBy(listOptions.SortBy.Value))
+	if cmd.Flag("sort").Changed {
+		core.Sort(pipelines, columns.SortBy(listOptions.SortBy.Value))
+	}
 	return profile.Current.Print(cmd.Context(), cmd, Pipelines(pipelines))
 }

cmd/profile/error.go

@@ -7,6 +7,9 @@ import (
 	"github.com/gildas/go-errors"
 )
 
+// BitBucketError represents an error returned by the BitBucket API
+//
+// See: https://developer.atlassian.com/cloud/bitbucket/rest/intro/#standardized-error-responses
 type BitBucketError struct {
 	Type    string              `json:"type"`
 	Message string              `json:"-"`

cmd/profile/error_test.go

@@ -14,6 +14,7 @@ func (suite *ProfileSuite) TestCanUnmarshalErrorAboutPrivileges() {
 	suite.Assert().Contains(bberr.Fields["required"], "project")
 	suite.Require().Contains(bberr.Fields, "granted")
 	suite.Assert().Contains(bberr.Fields["granted"], "account")
+	suite.T().Logf("Error string: %s", bberr.Error())
 }
 
 func (suite *ProfileSuite) TestCanUnmarshalErrorAboutNoAPI() {
@@ -24,6 +25,7 @@ func (suite *ProfileSuite) TestCanUnmarshalErrorAboutNoAPI() {
 	suite.Assert().Equal("error", bberr.Type)
 	suite.Assert().Equal("Resource not found", bberr.Message)
 	suite.Assert().Equal("There is no API hosted at this URL", bberr.Detail)
+	suite.T().Logf("Error string: %s", bberr.Error())
 }
 
 func (suite *ProfileSuite) TestCanUnmarshalErrorAboutBadRequest() {
@@ -36,4 +38,5 @@ func (suite *ProfileSuite) TestCanUnmarshalErrorAboutBadRequest() {
 	suite.Require().Len(bberr.Fields, 1)
 	suite.Require().Contains(bberr.Fields, "links.avatar")
 	suite.Assert().Contains(bberr.Fields["links.avatar"], "required key not provided")
+	suite.T().Logf("Error string: %s", bberr.Error())
 }

cmd/profile/profile_client.go

@@ -96,6 +96,18 @@ func GetAll[T any](context context.Context, cmd *cobra.Command, uripath string)
 		}
 	}
 
+	limit := 0
+	if cmd != nil && cmd.Flag("limit") != nil && cmd.Flag("limit").Changed {
+		if l, err := cmd.Flags().GetInt("limit"); err == nil && l > 0 {
+			limit = l
+			log.Debugf("Using limit of %d from the command line flags", limit)
+		}
+	}
+
+	if limit > 0 && (pageLength == 0 || limit < pageLength) {
+		pageLength = limit
+	}
+
 	if !strings.Contains(uripath, "pagelen") && pageLength > 0 {
 		if strings.Contains(uripath, "?") {
 			uripath = fmt.Sprintf("%s&pagelen=%d", uripath, pageLength)
@@ -104,7 +116,16 @@ func GetAll[T any](context context.Context, cmd *cobra.Command, uripath string)
 		}
 	}
 
-	log.Infof("Getting all resources for profile %s (%d at a time)", profile.Name, pageLength)
+	originalQuery := url.Values{}
+	if parsed, err := url.Parse(uripath); err == nil {
+		originalQuery = parsed.Query()
+	}
+
+	if limit > 0 {
+		log.Infof("Getting up to %d resources for profile %s (%d at a time)", limit, profile.Name, pageLength)
+	} else {
+		log.Infof("Getting all resources for profile %s (%d at a time)", profile.Name, pageLength)
+	}
 	for {
 		var paginated PaginatedResources[T]
 
@@ -118,13 +139,38 @@ func GetAll[T any](context context.Context, cmd *cobra.Command, uripath string)
 			return nil, err
 		}
 		resources = append(resources, paginated.Values...)
-		log.Debugf("Got %d resources", len(paginated.Values))
+		if limit > 0 && len(resources) >= limit {
+			resources = resources[:limit]
+			break
+		}
+		log.Debugf("Got %d resources (total: %d)", len(paginated.Values), len(resources))
 		log.Debugf("Next page:     %s", paginated.Next)
 		log.Debugf("Previous page: %s", paginated.Previous)
 		if len(paginated.Next) == 0 {
 			break
 		}
-		uripath = paginated.Next
+
+		nextURL, parseErr := url.Parse(paginated.Next)
+		if parseErr != nil {
+			return nil, parseErr
+		}
+		nextQuery := nextURL.Query()
+		for key, values := range originalQuery {
+			if _, exists := nextQuery[key]; !exists {
+				for _, value := range values {
+					nextQuery.Add(key, value)
+				}
+			}
+		}
+		if limit > 0 {
+			remaining := limit - len(resources)
+			if remaining < pageLength {
+				// Adjust pagelen on the next URL to only fetch what we still need
+				nextQuery.Set("pagelen", fmt.Sprintf("%d", remaining))
+			}
+		}
+		nextURL.RawQuery = nextQuery.Encode()
+		uripath = nextURL.String()
 	}
 	return resources, nil
 }
@@ -415,7 +461,10 @@ func (profile *Profile) send(context context.Context, cmd *cobra.Command, option
 		if result != nil {
 			var bberr *BitBucketError
 			if jerr := result.UnmarshalContentJSON(&bberr); jerr == nil {
+				log.Warnf("We have a BitBucketError: %#+v", bberr)
 				return result, bberr
+			} else {
+				log.Debugf("the Error %s is not a bitbucket error: %s", err.Error(), jerr.Error())
 			}
 		}
 	}

cmd/profile/profile_client_test.go

@@ -0,0 +1,102 @@
+package profile_test
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+
+	"bitbucket.org/gildas_cherruel/bb/cmd/profile"
+	"github.com/spf13/cobra"
+)
+
+type testItem struct {
+	ID string `json:"id"`
+}
+
+func (suite *ProfileSuite) TestGetAll_OriginalQueryIsPreservedForNextMissingParams() {
+	oldCurrent := profile.Current
+	defer func() { profile.Current = oldCurrent }()
+
+	const filter = `target.ref_name="my-branch"`
+	var server *httptest.Server
+	server = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		q := r.URL.Query().Get("q")
+		if r.URL.Path == "/pipelines" {
+			if r.URL.Query().Get("page") == "" {
+				suite.Assert().Equal(filter, q, "initial request should include original q")
+				resp := map[string]interface{}{
+					"values": []map[string]string{{"id": "1"}},
+					"next":   server.URL + "/pipelines?page=2&pagelen=1",
+				}
+				_ = json.NewEncoder(w).Encode(resp)
+				return
+			}
+			suite.Assert().Equal(filter, q, "second request should include original q even when next omits it")
+			resp := map[string]interface{}{
+				"values": []map[string]string{{"id": "2"}},
+			}
+			_ = json.NewEncoder(w).Encode(resp)
+			return
+		}
+		w.WriteHeader(http.StatusNotFound)
+	}))
+	defer server.Close()
+
+	apiRoot, err := url.Parse(server.URL)
+	suite.Require().NoError(err)
+	profile.Current = &profile.Profile{APIRoot: apiRoot, DefaultPageLength: 0, AccessToken: "fake-token"}
+
+	cmd := &cobra.Command{}
+	cmd.Flags().String("profile", "", "")
+	cmd.Flags().Int("page-length", 0, "")
+	items, err := profile.GetAll[testItem](suite.Context, cmd, server.URL+"/pipelines?pagelen=1&q="+url.QueryEscape(filter))
+	suite.Require().NoError(err)
+	suite.Require().Len(items, 2)
+	suite.Require().Equal("1", items[0].ID)
+	suite.Require().Equal("2", items[1].ID)
+}
+
+func (suite *ProfileSuite) TestGetAll_DoesNotOverwriteExistingNextParams() {
+	oldCurrent := profile.Current
+	defer func() { profile.Current = oldCurrent }()
+
+	const originalFilter = `target.ref_name="original"`
+	const nextFilter = `target.ref_name="different"`
+	var server *httptest.Server
+	server = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		q := r.URL.Query().Get("q")
+		if r.URL.Path == "/pipelines" {
+			if r.URL.Query().Get("page") == "" {
+				suite.Assert().Equal(originalFilter, q, "initial request should include original q")
+				resp := map[string]interface{}{
+					"values": []map[string]string{{"id": "1"}},
+					"next":   server.URL + "/pipelines?page=2&pagelen=1&q=" + url.QueryEscape(nextFilter),
+				}
+				_ = json.NewEncoder(w).Encode(resp)
+				return
+			}
+			suite.Assert().Equal(nextFilter, q, "existing q on next URL must not be overwritten")
+			resp := map[string]interface{}{
+				"values": []map[string]string{{"id": "2"}},
+			}
+			_ = json.NewEncoder(w).Encode(resp)
+			return
+		}
+		w.WriteHeader(http.StatusNotFound)
+	}))
+	defer server.Close()
+
+	apiRoot, err := url.Parse(server.URL)
+	suite.Require().NoError(err)
+	profile.Current = &profile.Profile{APIRoot: apiRoot, DefaultPageLength: 0, AccessToken: "fake-token"}
+
+	cmd := &cobra.Command{}
+	cmd.Flags().String("profile", "", "")
+	cmd.Flags().Int("page-length", 0, "")
+	items, err := profile.GetAll[testItem](suite.Context, cmd, server.URL+"/pipelines?pagelen=1&q="+url.QueryEscape(originalFilter))
+	suite.Require().NoError(err)
+	suite.Require().Len(items, 2)
+	suite.Require().Equal("1", items[0].ID)
+	suite.Require().Equal("2", items[1].ID)
+}

cmd/profile/profile_test.go

@@ -1,6 +1,7 @@
 package profile_test
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"os"
@@ -16,9 +17,10 @@ import (
 
 type ProfileSuite struct {
 	suite.Suite
-	Name   string
-	Logger *logger.Logger
-	Start  time.Time
+	Name    string
+	Context context.Context
+	Logger  *logger.Logger
+	Start   time.Time
 }
 
 func TestProfileSuite(t *testing.T) {
@@ -39,6 +41,7 @@ func (suite *ProfileSuite) SetupSuite() {
 			FilterLevels: logger.NewLevelSet(logger.TRACE),
 		},
 	).Child("test", "test")
+	suite.Context = suite.Logger.ToContext(context.Background())
 	suite.Logger.Infof("Suite Start: %s %s", suite.Name, strings.Repeat("=", 80-14-len(suite.Name)))
 }
 

cmd/pullrequest/comment/create.go

@@ -16,12 +16,17 @@ import (
 type CommentCreator struct {
 	Content ContentCreator     `json:"content" mapstructure:"content"`
 	Anchor  *common.FileAnchor `json:"inline,omitempty" mapstructure:"inline"`
+	Parent  *ParentRef         `json:"parent,omitempty" mapstructure:"parent"`
 }
 
 type ContentCreator struct {
 	Raw string `json:"raw" mapstructure:"raw"`
 }
 
+type ParentRef struct {
+	ID int64 `json:"id" mapstructure:"id"`
+}
+
 var createCmd = &cobra.Command{
 	Use:     "create",
 	Aliases: []string{"add", "new"},
@@ -37,6 +42,7 @@ var createOptions struct {
 	File          string
 	From          int
 	To            int
+	ParentID      int64
 }
 
 func init() {
@@ -50,6 +56,7 @@ func init() {
 	createCmd.Flags().IntVar(&createOptions.From, "line", 0, "From line to comment on. Cannot be used with --to")
 	createCmd.Flags().IntVar(&createOptions.From, "from", 0, "From line to comment on. Cannot be used with --line")
 	createCmd.Flags().IntVar(&createOptions.To, "to", 0, "To line to comment on. Cannot be used with --line")
+	createCmd.Flags().Int64Var(&createOptions.ParentID, "parent", 0, "Parent comment ID to reply to")
 	createCmd.MarkFlagsMutuallyExclusive("line", "from")
 	createCmd.MarkFlagsMutuallyExclusive("line", "to")
 	_ = createCmd.MarkFlagRequired("pullrequest")
@@ -69,6 +76,10 @@ func createProcess(cmd *cobra.Command, args []string) (err error) {
 		Content: ContentCreator{Raw: createOptions.Comment},
 	}
 
+	if createOptions.ParentID > 0 {
+		payload.Parent = &ParentRef{ID: createOptions.ParentID}
+	}
+
 	if createOptions.File != "" {
 		payload.Anchor = &common.FileAnchor{
 			Path: createOptions.File,