-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
2
-
Severity 2 - Major
-
1,832
-
Issue Summary
The PR:updated or PR:created webhooks truncate commit hashes instead of giving you the full commit hash.
This is a problem mainly with workflows that require git fetch to be executed - Git fetch requires the full commit hash, so this limitation actively breaks certain workflows
Steps to Reproduce
- Create a webhook that has PR:updated or PR:Created as its event
- Trigger the PR:updated/PR:createdevent by updating a Pull request
- You should be able to see that the payload truncates the commit SHA field to have only the first 12 characters of the commit SHA
Expected Results
The complete commit SHA should be sent on the payload, like this:
[...]
{"commitId":"abc15321e9fa3485898703e88d3a72a6161adf4b",
[...]
Actual Results
Only the first 12 characters of the commit SHA are sent on the PR:Updated or PR:Created events:
[...]
{"commitId":"abc15321e9fa",
[...]
Workaround
Currently, there is no way to work around this, in case you require the hook payload to run Git fetch.
A workaround will be added here when available
[BCLOUD-21201] Pull request updated webhook payload has a different commit hash size than other webhooks
I'd like to argue a case for bumping up the priority of this issue since it basically makes integrations with Bitbucket quite extra painful.
We at DeepSource have a powerful [integration|https://marketplace.atlassian.com/apps/1222731) with Bitbucket. For every `PR:updated` webhook event, we are required to make 2-3 requests to the Bitbucket API to fetch the full commit hashes against the destination commit hash, source commit hash, and also the merge commit hash if it is a `PR:fulfilled` event. For our large customers on Bitbucket cloud, this results in us exhausting the API rate limit (which is 1000/hr for `/repositories` resource) quite often which renders our integration useless for them which is in no way ideal.
We could add larger SHAs but this will be a backwards incompatible change (i.e. some people maybe assuming the smaller SHAs). bq.
That is a valid concern. But why not just add a new field (e.g.`fullHash`) to not break backward compatibility but also solving this pain point for newer as well as existing integrations?
I agree that this isn't ideal, however, with any API change we run the risk of breaking any client or application that was dependent on only the short version of the hash. Any solution will need to take this into account.
The work around for now would be to make a request to the commits API which will provide the full hash. Fore example if you go to https://api.bitbucket.org/2.0/repositories/bitbucket/django-piston/commits/260113c43ff8 you can see we use the short hash in the URL but the response includes the full hash.
So the body of the webhook is based on the body of the REST API response. The API response only contains abbreviated commit hashes. We could add larger SHAs but this will be a backwards incompatible change (i.e. some people maybe assuming the smaller SHAs). It's unlikely this will be fixed in the short term.
There is a URL in the response that can be used to get the full hash if you really need it. So in the destination field you get something like:
{
"destination": {
"commit": {
"type": "commit",
"hash": "c6cf4f931bb8",
"links": {
"self": {
"href": "https://api.bitbucket.org/2.0/repositories/xxx/xxx/commit/c6cf4f931bb8"
},
"html": {
"href": "https://bitbucket.org/xxx/xxx/commits/c6cf4f931bb8"
}
}
}
}
}
You can then hit the destination.commit.links.self.href URL and get a response like with a ?fields=hash query parameter to get something like:
{"hash":"c6cf4f931bb885590d461236448ec8a9ef43f4f2"}
There will be similar links for any other PR hash that you want to lookup.
2da1b854664c 's idea to simply add an extra "fullHash" parameter to the payload makes a lot of sense, should be pretty easy to implement, and would be very helpful for our specific usecase (we currently maintain a few Bitbucket Cloud apps).