bitbucket-gemini-action 1.0.0

package/src/bitbucket/operations/comments.ts

@@ -0,0 +1,236 @@
+/**
+ * Bitbucket Comment Operations
+ * Handles creating and updating PR comments
+ */
+
+import type { BitbucketClient } from "../api/client.js";
+import type { BitbucketComment } from "../types.js";
+
+export interface TrackingCommentContent {
+  status: "pending" | "in_progress" | "completed" | "failed";
+  message?: string;
+  summary?: string;
+  error?: string;
+  inlineCommentsCount?: number;
+  pipelineUrl?: string;
+}
+
+/**
+ * Create initial tracking comment
+ */
+export async function createTrackingComment(
+  client: BitbucketClient,
+  workspace: string,
+  repoSlug: string,
+  prId: number,
+  pipelineUrl?: string
+): Promise<BitbucketComment> {
+  const content = formatTrackingComment({
+    status: "pending",
+    message: "Starting review...",
+    pipelineUrl,
+  });
+
+  return client.createPullRequestComment(workspace, repoSlug, prId, content);
+}
+
+/**
+ * Update tracking comment with progress
+ */
+export async function updateTrackingComment(
+  client: BitbucketClient,
+  workspace: string,
+  repoSlug: string,
+  prId: number,
+  commentId: number,
+  content: TrackingCommentContent
+): Promise<BitbucketComment> {
+  const formattedContent = formatTrackingComment(content);
+  return client.updatePullRequestComment(
+    workspace,
+    repoSlug,
+    prId,
+    commentId,
+    formattedContent
+  );
+}
+
+/**
+ * Create inline comment on specific code line
+ */
+export async function createInlineComment(
+  client: BitbucketClient,
+  workspace: string,
+  repoSlug: string,
+  prId: number,
+  filePath: string,
+  line: number,
+  content: string
+): Promise<BitbucketComment> {
+  return client.createPullRequestComment(workspace, repoSlug, prId, content, {
+    path: filePath,
+    line,
+  });
+}
+
+/**
+ * Create general PR comment
+ */
+export async function createPRComment(
+  client: BitbucketClient,
+  workspace: string,
+  repoSlug: string,
+  prId: number,
+  content: string
+): Promise<BitbucketComment> {
+  return client.createPullRequestComment(workspace, repoSlug, prId, content);
+}
+
+/**
+ * Format tracking comment content
+ */
+function formatTrackingComment(content: TrackingCommentContent): string {
+  const statusEmoji = getStatusEmoji(content.status);
+  const statusText = getStatusText(content.status);
+
+  let markdown = `## 🤖 Gemini Code Review
+
+${statusEmoji} **Status**: ${statusText}
+`;
+
+  if (content.message) {
+    markdown += `\n${content.message}\n`;
+  }
+
+  if (content.summary) {
+    markdown += `\n### Summary\n${content.summary}\n`;
+  }
+
+  if (content.inlineCommentsCount !== undefined) {
+    markdown += `\n📝 **Inline comments**: ${content.inlineCommentsCount}\n`;
+  }
+
+  if (content.error) {
+    markdown += `\n### ❌ Error\n\`\`\`\n${content.error}\n\`\`\`\n`;
+  }
+
+  if (content.pipelineUrl) {
+    markdown += `\n---\n[View Pipeline](${content.pipelineUrl})\n`;
+  }
+
+  markdown += `\n---\n_Powered by Gemini AI_`;
+
+  return markdown;
+}
+
+function getStatusEmoji(status: TrackingCommentContent["status"]): string {
+  switch (status) {
+    case "pending":
+      return "⏳";
+    case "in_progress":
+      return "🔄";
+    case "completed":
+      return "✅";
+    case "failed":
+      return "❌";
+    default:
+      return "❓";
+  }
+}
+
+function getStatusText(status: TrackingCommentContent["status"]): string {
+  switch (status) {
+    case "pending":
+      return "Pending";
+    case "in_progress":
+      return "In Progress";
+    case "completed":
+      return "Completed";
+    case "failed":
+      return "Failed";
+    default:
+      return "Unknown";
+  }
+}
+
+/**
+ * Format review summary
+ */
+export function formatReviewSummary(
+  findings: Array<{
+    type: "bug" | "security" | "performance" | "style" | "suggestion";
+    severity: "critical" | "major" | "minor" | "info";
+    message: string;
+    file?: string;
+    line?: number;
+  }>
+): string {
+  if (findings.length === 0) {
+    return "No issues found. The code looks good! 👍";
+  }
+
+  const grouped = {
+    critical: findings.filter((f) => f.severity === "critical"),
+    major: findings.filter((f) => f.severity === "major"),
+    minor: findings.filter((f) => f.severity === "minor"),
+    info: findings.filter((f) => f.severity === "info"),
+  };
+
+  let summary = "";
+
+  if (grouped.critical.length > 0) {
+    summary += `\n#### 🔴 Critical Issues (${grouped.critical.length})\n`;
+    summary += grouped.critical.map((f) => formatFinding(f)).join("\n");
+  }
+
+  if (grouped.major.length > 0) {
+    summary += `\n#### 🟠 Major Issues (${grouped.major.length})\n`;
+    summary += grouped.major.map((f) => formatFinding(f)).join("\n");
+  }
+
+  if (grouped.minor.length > 0) {
+    summary += `\n#### 🟡 Minor Issues (${grouped.minor.length})\n`;
+    summary += grouped.minor.map((f) => formatFinding(f)).join("\n");
+  }
+
+  if (grouped.info.length > 0) {
+    summary += `\n#### 💡 Suggestions (${grouped.info.length})\n`;
+    summary += grouped.info.map((f) => formatFinding(f)).join("\n");
+  }
+
+  return summary;
+}
+
+function formatFinding(finding: {
+  type: string;
+  message: string;
+  file?: string;
+  line?: number;
+}): string {
+  const location =
+    finding.file && finding.line
+      ? ` in \`${finding.file}:${finding.line}\``
+      : finding.file
+        ? ` in \`${finding.file}\``
+        : "";
+  const typeEmoji = getTypeEmoji(finding.type);
+
+  return `- ${typeEmoji} ${finding.message}${location}`;
+}
+
+function getTypeEmoji(type: string): string {
+  switch (type) {
+    case "bug":
+      return "🐛";
+    case "security":
+      return "🔒";
+    case "performance":
+      return "⚡";
+    case "style":
+      return "🎨";
+    case "suggestion":
+      return "💡";
+    default:
+      return "•";
+  }
+}

package/src/bitbucket/types.ts

@@ -0,0 +1,262 @@
+/**
+ * Bitbucket API Types
+ * Based on Bitbucket Cloud REST API v2.0
+ */
+
+export interface BitbucketRepository {
+  uuid: string;
+  name: string;
+  full_name: string;
+  workspace: {
+    uuid: string;
+    slug: string;
+    name: string;
+  };
+  project?: {
+    uuid: string;
+    key: string;
+    name: string;
+  };
+  is_private: boolean;
+  scm: "git" | "hg";
+  mainbranch?: {
+    name: string;
+    type: string;
+  };
+  links: {
+    self: { href: string };
+    html: { href: string };
+    clone: Array<{ href: string; name: string }>;
+  };
+}
+
+export interface BitbucketUser {
+  uuid: string;
+  account_id: string;
+  display_name: string;
+  nickname: string;
+  type: "user" | "team";
+  links: {
+    self: { href: string };
+    html: { href: string };
+    avatar: { href: string };
+  };
+}
+
+export interface BitbucketPullRequest {
+  id: number;
+  title: string;
+  description: string;
+  state: "OPEN" | "MERGED" | "DECLINED" | "SUPERSEDED";
+  author: BitbucketUser;
+  source: {
+    branch: { name: string };
+    commit: { hash: string };
+    repository: BitbucketRepository;
+  };
+  destination: {
+    branch: { name: string };
+    commit: { hash: string };
+    repository: BitbucketRepository;
+  };
+  merge_commit?: { hash: string };
+  close_source_branch: boolean;
+  created_on: string;
+  updated_on: string;
+  reason: string;
+  reviewers: BitbucketUser[];
+  participants: Array<{
+    user: BitbucketUser;
+    role: "PARTICIPANT" | "REVIEWER";
+    approved: boolean;
+    state: "approved" | "changes_requested" | null;
+    participated_on: string;
+  }>;
+  links: {
+    self: { href: string };
+    html: { href: string };
+    commits: { href: string };
+    approve: { href: string };
+    diff: { href: string };
+    diffstat: { href: string };
+    comments: { href: string };
+    activity: { href: string };
+    merge: { href: string };
+    decline: { href: string };
+  };
+  task_count: number;
+  comment_count: number;
+}
+
+export interface BitbucketComment {
+  id: number;
+  content: {
+    raw: string;
+    markup: "markdown" | "creole" | "plaintext";
+    html: string;
+  };
+  user: BitbucketUser;
+  created_on: string;
+  updated_on: string;
+  deleted: boolean;
+  pending: boolean;
+  type: "pullrequest_comment";
+  parent?: { id: number };
+  inline?: {
+    from: number | null;
+    to: number | null;
+    path: string;
+  };
+  links: {
+    self: { href: string };
+    html: { href: string };
+  };
+}
+
+export interface BitbucketDiffStat {
+  type: "diffstat";
+  status: "added" | "removed" | "modified" | "renamed";
+  lines_added: number;
+  lines_removed: number;
+  old?: { path: string; type: string };
+  new?: { path: string; type: string };
+}
+
+export interface BitbucketCommit {
+  hash: string;
+  date: string;
+  author: {
+    raw: string;
+    user?: BitbucketUser;
+  };
+  message: string;
+  summary: {
+    raw: string;
+    markup: string;
+    html: string;
+  };
+  parents: Array<{ hash: string }>;
+  links: {
+    self: { href: string };
+    html: { href: string };
+    diff: { href: string };
+  };
+}
+
+export interface BitbucketBranch {
+  name: string;
+  target: BitbucketCommit;
+  type: "branch";
+  links: {
+    self: { href: string };
+    commits: { href: string };
+    html: { href: string };
+  };
+}
+
+export interface BitbucketIssue {
+  id: number;
+  title: string;
+  content: {
+    raw: string;
+    markup: string;
+    html: string;
+  };
+  reporter: BitbucketUser;
+  assignee?: BitbucketUser;
+  state: "new" | "open" | "resolved" | "on hold" | "invalid" | "duplicate" | "wontfix" | "closed";
+  kind: "bug" | "enhancement" | "proposal" | "task";
+  priority: "trivial" | "minor" | "major" | "critical" | "blocker";
+  milestone?: { name: string };
+  version?: { name: string };
+  component?: { name: string };
+  votes: number;
+  watches: number;
+  created_on: string;
+  updated_on: string;
+  links: {
+    self: { href: string };
+    html: { href: string };
+    comments: { href: string };
+    attachments: { href: string };
+  };
+}
+
+export interface BitbucketPipelineVariable {
+  key: string;
+  value: string;
+  secured: boolean;
+}
+
+export interface BitbucketWebhookPayload {
+  actor: BitbucketUser;
+  repository: BitbucketRepository;
+  pullrequest?: BitbucketPullRequest;
+  comment?: BitbucketComment;
+  issue?: BitbucketIssue;
+  commit?: BitbucketCommit;
+}
+
+export interface PaginatedResponse<T> {
+  size: number;
+  page: number;
+  pagelen: number;
+  next?: string;
+  previous?: string;
+  values: T[];
+}
+
+// Pipeline-specific types
+export interface PipelineContext {
+  workspace: string;
+  repoSlug: string;
+  pipelineUuid: string;
+  stepUuid: string;
+  buildNumber: number;
+  branch: string;
+  commit: string;
+  prId?: number;
+  trigger: PipelineTrigger;
+}
+
+export type PipelineTrigger =
+  | "push"
+  | "pull-request"
+  | "pull-request:created"
+  | "pull-request:updated"
+  | "pull-request:comment:created"
+  | "pull-request:comment:updated"
+  | "manual"
+  | "schedule"
+  | "api";
+
+// Parsed context for internal use
+export interface ParsedBitbucketContext {
+  eventType: BitbucketEventType;
+  workspace: string;
+  repoSlug: string;
+  repository: {
+    workspace: string;
+    slug: string;
+    fullName: string;
+  };
+  actor: BitbucketUser;
+  pullRequest?: BitbucketPullRequest;
+  comment?: BitbucketComment;
+  issue?: BitbucketIssue;
+  isPR: boolean;
+  entityNumber?: number;
+  triggerTimestamp: string;
+}
+
+export type BitbucketEventType =
+  | "pullrequest:created"
+  | "pullrequest:updated"
+  | "pullrequest:comment_created"
+  | "pullrequest:comment_updated"
+  | "issue:created"
+  | "issue:updated"
+  | "issue:comment_created"
+  | "repo:push"
+  | "manual"
+  | "schedule";

package/src/bitbucket/validation/permissions.ts

@@ -0,0 +1,154 @@
+/**
+ * Permission Validation
+ * Validates user permissions for Bitbucket operations
+ */
+
+import type { BitbucketClient } from "../api/client.js";
+import type { BitbucketUser } from "../types.js";
+
+export type Permission = "read" | "write" | "admin";
+
+export interface PermissionCheckResult {
+  hasPermission: boolean;
+  permission: Permission;
+  reason?: string;
+}
+
+/**
+ * Check if user has write permission on the repository
+ */
+export async function checkWritePermission(
+  client: BitbucketClient,
+  workspace: string,
+  repoSlug: string,
+  userId: string
+): Promise<PermissionCheckResult> {
+  try {
+    const result = await client.checkUserPermissions(
+      workspace,
+      repoSlug,
+      userId
+    );
+
+    const hasWrite =
+      result.permission === "write" || result.permission === "admin";
+
+    return {
+      hasPermission: hasWrite,
+      permission: result.permission,
+      reason: hasWrite
+        ? undefined
+        : `User has ${result.permission} permission, write required`,
+    };
+  } catch (error) {
+    // If we can't check permissions, assume no permission
+    return {
+      hasPermission: false,
+      permission: "read",
+      reason: `Failed to check permissions: ${error instanceof Error ? error.message : "Unknown error"}`,
+    };
+  }
+}
+
+/**
+ * Check if user is a bot
+ */
+export function isBot(user: BitbucketUser): boolean {
+  // Common bot indicators
+  const botIndicators = [
+    "bot",
+    "ci",
+    "automation",
+    "pipeline",
+    "service",
+    "app",
+  ];
+
+  const nickname = user.nickname.toLowerCase();
+  const displayName = user.display_name.toLowerCase();
+
+  return (
+    user.type === "team" ||
+    botIndicators.some(
+      (indicator) =>
+        nickname.includes(indicator) || displayName.includes(indicator)
+    )
+  );
+}
+
+/**
+ * Check if user is allowed based on allowlist
+ */
+export function isUserAllowed(
+  user: BitbucketUser,
+  allowedUsers?: string[]
+): boolean {
+  if (!allowedUsers || allowedUsers.length === 0) {
+    return true; // No restriction
+  }
+
+  return (
+    allowedUsers.includes(user.account_id) ||
+    allowedUsers.includes(user.nickname) ||
+    allowedUsers.includes(user.uuid)
+  );
+}
+
+/**
+ * Validate actor can trigger the action
+ */
+export async function validateActor(
+  client: BitbucketClient,
+  workspace: string,
+  repoSlug: string,
+  actor: BitbucketUser,
+  options: {
+    requireWritePermission?: boolean;
+    allowBots?: boolean;
+    allowedUsers?: string[];
+  } = {}
+): Promise<{
+  valid: boolean;
+  reason?: string;
+}> {
+  const {
+    requireWritePermission = true,
+    allowBots = false,
+    allowedUsers,
+  } = options;
+
+  // Check if bot
+  if (!allowBots && isBot(actor)) {
+    return {
+      valid: false,
+      reason: "Bot users are not allowed to trigger this action",
+    };
+  }
+
+  // Check allowlist
+  if (!isUserAllowed(actor, allowedUsers)) {
+    return {
+      valid: false,
+      reason: "User is not in the allowed users list",
+    };
+  }
+
+  // Check write permission if required
+  if (requireWritePermission) {
+    const permCheck = await checkWritePermission(
+      client,
+      workspace,
+      repoSlug,
+      actor.account_id
+    );
+
+    if (!permCheck.hasPermission) {
+      return {
+        valid: false,
+        reason: permCheck.reason,
+      };
+    }
+  }
+
+  return { valid: true };
+}