5.4: Bitbucket Pipelines Configuration
What You'll Learn
- Understand Bitbucket Pipelines architecture and capabilities
- Learn how to leverage Atlassian Intelligence for AI-enhanced workflows
- Explore third-party AI integrations for code review and security scanning
- Master embedded systems development workflows with Bitbucket Pipelines
16.04.1 Atlassian Intelligence for Bitbucket
Overview
Bitbucket's AI capabilities are powered by Atlassian Intelligence, which provides AI-assisted features across Atlassian products. While not as advanced as GitHub Copilot for inline code generation, it offers valuable automation features for teams in the Atlassian ecosystem.
Availability
Note: Atlassian Intelligence feature availability as of Q4 2024. Check Atlassian documentation for current status.
| Platform | Status |
|---|---|
| Cloud | Available (Premium and Enterprise plans) |
| Data Center | Limited availability (gradual rollout) |
Key Features
AI-Powered Pull Request Summaries
Automatically generates pull request descriptions based on code changes, helping reviewers understand the context and scope of changes quickly.
How It Works:
- Analyzes all commits in the pull request
- Identifies changed files and their purpose
- Generates natural language summary
- Highlights potential breaking changes
How to Use:
- Create a pull request
- Click "Generate summary with AI" button
- Review and edit the generated description
- Save the pull request
Code Review Assistance
Suggests reviewers based on code expertise and past contributions.
Features:
- Analysis of file history to identify experts
- Consideration of team structure and workload
- Smart reviewer recommendations
- Integration with CODEOWNERS files
Natural Language Search
Search repositories using natural language queries instead of complex git commands.
Examples:
# Natural language queries
"commits related to authentication in the last month"
"files changed by John in the API folder"
"pull requests fixing security issues"
"recent changes to the database schema"
Smart Commit Suggestions
AI-generated commit message improvements and standardization.
How It Works:
- Analyzes code changes
- Suggests conventional commit format
- Includes Jira issue references
- Maintains team commit style
How to Enable
- Navigate to Bitbucket workspace settings
- Go to "Atlassian Intelligence" settings
- Enable for your workspace (admin permission required)
- Individual users can opt-in/opt-out in their personal settings
Limitations
- Not as advanced as GitHub Copilot for inline code suggestions
- Limited to English language
- Requires Premium or Enterprise tier
- Data residency considerations for enterprise customers
- No offline/on-premise AI processing for Data Center
16.04.2 Bitbucket Pipelines with AI Features
Overview
Bitbucket Pipelines provides cloud-based CI/CD with intelligent features for optimizing build and deployment workflows.
Availability
- Cloud: Yes
- Data Center: Pipelines not available (use Bamboo instead)
Intelligent Features
Pipeline Recommendations
Suggests pipeline templates based on repository language and framework detection.
Supported Languages/Frameworks:
- Node.js/JavaScript
- Python
- Java/Maven/Gradle
- .NET Core
- PHP
- Ruby
- Go
- Docker
Smart Caching
Intelligent build cache optimization to reduce pipeline execution time.
Caching Strategies:
- Dependency caching (npm, pip, Maven, etc.)
- Docker layer caching
- Custom cache definitions
- Automatic cache invalidation
Failure Prediction
Historical analysis to predict and prevent build failures.
Features:
- Pattern recognition in build logs
- Dependency conflict detection
- Resource exhaustion warnings
- Flaky test identification
Resource Optimization
Auto-scaling based on build patterns and resource usage.
Basic Pipeline Configuration
image: node:18
pipelines:
default:
- step:
name: Build and Test
caches:
- node
script:
- npm install
- npm test
- npm run build
artifacts:
- dist/**
pull-requests:
'**':
- step:
name: PR Validation
caches:
- node
script:
- npm install
- npm run lint
- npm test
definitions:
caches:
node: node_modules
Advanced Pipeline Patterns
Parallel Steps
pipelines:
default:
- parallel:
- step:
name: Unit Tests
caches:
- node
script:
- npm run test:unit
- step:
name: Integration Tests
caches:
- node
script:
- npm run test:integration
- step:
name: Linting
script:
- npm run lint
Conditional Execution
pipelines:
branches:
main:
- step:
name: Deploy to Production
deployment: production
script:
- ./deploy.sh production
develop:
- step:
name: Deploy to Staging
deployment: staging
script:
- ./deploy.sh staging
pull-requests:
'**':
- step:
name: PR Check
script:
- npm test
16.04.3 Code Insights with AI
Overview
Code Insights provides an integration point for third-party AI tools to display code quality metrics, security scans, and test coverage directly in pull requests.
Availability
- Cloud: Yes (all paid tiers)
- Data Center: Yes (v7.0+)
Features
- Integration point for third-party AI tools
- Displays code quality metrics, security scans, test coverage
- Can integrate AI-powered SAST/DAST tools
- Annotates pull requests with insights
Configuration Example
# bitbucket-pipelines.yml with Code Insights
pipelines:
pull-requests:
'**':
- step:
name: Code Analysis
script:
- npm install
- npm run lint -- --format json > eslint-report.json
# Upload to Code Insights API
- pipe: atlassian/bitbucket-upload-file:0.3.3
variables:
FILENAME: 'eslint-report.json'
REPORT_TYPE: 'code_insights'
API Integration
# Example: Post Code Insights via REST API
curl -X PUT \
https://api.bitbucket.org/2.0/repositories/{workspace}/{repo}/commit/{commit}/reports/{report_id} \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"title": "AI Code Quality Analysis",
"details": "AI-powered code review",
"report_type": "SECURITY",
"result": "PASSED",
"data": [...]
}'
16.04.4 Jira + Bitbucket AI Integration
AI-Enhanced Features
Smart Linking: Auto-links commits/PRs to Jira issues using AI pattern recognition.
Development Insights: AI-powered dashboards showing development velocity.
Smart Transitions: Automatic Jira issue status updates based on PR/commit activity.
Release Predictions: ML-based release timeline predictions.
Configuration
- Link Bitbucket workspace to Jira site (Settings > Integrations)
- Enable Atlassian Intelligence in both products
- Use smart commits with Jira issue keys
- Configure automation rules in Jira
Smart Commit Example
git commit -m "PROJ-123 #comment Fixed authentication bug #time 2h"
Jira Automation Rule
Trigger: Commit made
Condition: Branch name contains issue key
Action: Transition issue to "In Progress"
AI Action: Generate progress summary
16.04.5 Third-Party AI Integrations
SonarCloud (AI-Powered Quality Analysis)
pipelines:
default:
- step:
name: SonarCloud Scan
script:
- pipe: sonarsource/sonarcloud-scan:1.4.0
variables:
SONAR_TOKEN: $SONAR_TOKEN
EXTRA_ARGS: '-Dsonar.qualitygate.wait=true'
Snyk (AI Security Scanning)
pipelines:
default:
- step:
name: Snyk Security Scan
script:
- pipe: snyk/snyk-scan:0.7.0
variables:
SNYK_TOKEN: $SNYK_TOKEN
LANGUAGE: "node"
CODE_INSIGHTS_RESULTS: "true"
Amazon CodeGuru
pipelines:
default:
- step:
name: CodeGuru Analysis
image: amazon/aws-cli
script:
- aws codeguru-reviewer create-code-review \
--repository-association-arn $REPO_ARN \
--type RepositoryAnalysis={RepositoryHead={BranchName=main}}
DeepSource (AI Code Quality)
.deepsource.toml in repo root:
version = 1
[[analyzers]]
name = "javascript"
enabled = true
[[analyzers]]
name = "python"
enabled = true
[analyzers.meta]
ai_suggestions = true
Other Third-Party Tools
- Codacy: AI-powered code review via Bitbucket App
- Polyspace (MATLAB): Static analysis for embedded C/C++
- Coverity: AI-powered defect detection
- CodeSonar: Deep static analysis
16.04.6 Embedded Development Workflows
Pipeline for Embedded C/C++
image: gcc:latest
pipelines:
default:
- step:
name: Build Firmware
script:
# Install ARM toolchain
- apt-get update && apt-get install -y gcc-arm-none-eabi
- arm-none-eabi-gcc --version
# Build firmware
- cd firmware
- make clean
- make all
# Run static analysis
- cppcheck --enable=all --xml --xml-version=2 src/ 2> cppcheck-report.xml
artifacts:
- firmware/build/*.hex
- firmware/build/*.bin
- step:
name: Hardware-in-Loop Testing
services:
- docker
script:
- docker run --privileged embedded-test-runner:latest ./run_hil_tests.sh
branches:
release/*:
- step:
name: Production Build
script:
- make RELEASE=1
- ./scripts/sign_firmware.sh
artifacts:
- release/*.hex
PlatformIO Integration
pipelines:
default:
- step:
name: PlatformIO Build
image: python:3.9
script:
- pip install platformio
- platformio run
- platformio test
artifacts:
- .pio/build/**/firmware.bin
Zephyr RTOS Build
pipelines:
default:
- step:
name: Zephyr Build
image: zephyrprojectrtos/ci:latest
script:
- west init -l .
- west update
- west build -b nrf52840dk_nrf52840
ARM Cross-Compilation
pipelines:
default:
- step:
name: ARM Build
image: ubuntu:22.04
script:
- apt-get update && apt-get install -y \
gcc-arm-linux-gnueabihf \
g++-arm-linux-gnueabihf \
cmake
- mkdir build && cd build
- cmake -DCMAKE_TOOLCHAIN_FILE=../toolchain-arm.cmake ..
- make
artifacts:
- build/firmware.*
MISRA C Compliance Checking
pipelines:
default:
- step:
name: MISRA Check
image: cppcheck:latest
script:
- cppcheck --enable=all \
--addon=misra.json \
--xml --xml-version=2 \
src/ 2> misra-report.xml
artifacts:
- misra-report.xml
Limitations for Embedded
- No built-in hardware simulation/emulation
- Limited support for hardware-in-loop (HIL) testing
- No native JTAG/debugging integration
- Expensive build minutes for large firmware projects
- Self-hosted runners needed for hardware access
16.04.7 Best Practices
Caching Strategy
definitions:
caches:
npm: node_modules
pip: ~/.cache/pip
maven: ~/.m2
gradle: ~/.gradle
pipelines:
default:
- step:
caches:
- npm
script:
- npm install
- npm test
Secrets Management
pipelines:
default:
- step:
name: Deploy
script:
# Use repository variables for secrets
- echo $API_KEY | docker login -u $DOCKER_USERNAME --password-stdin
- ./deploy.sh
Best Practices:
- Store secrets as repository/workspace variables
- Enable "Secured" option for sensitive variables
- Use deployment variables for environment-specific secrets
- Rotate secrets regularly
Pipeline Optimization
pipelines:
default:
- parallel:
- step:
name: Test
caches:
- node
script:
- npm test
- step:
name: Lint
caches:
- node
script:
- npm run lint
- step:
name: Build
caches:
- node
script:
- npm run build
Docker Integration
pipelines:
default:
- step:
name: Build and Push Docker Image
services:
- docker
caches:
- docker
script:
- docker build -t myapp:$BITBUCKET_COMMIT .
- echo $DOCKER_PASSWORD | docker login -u $DOCKER_USERNAME --password-stdin
- docker push myapp:$BITBUCKET_COMMIT
16.04.8 Comparison with Competitors
| Feature | Bitbucket | GitHub | GitLab |
|---|---|---|---|
| AI Code Suggestions | Limited (Atlassian Intelligence) | Advanced (Copilot) | Moderate (Duo) |
| AI PR Reviews | Yes (Premium+) | Yes (Copilot) | Yes (Ultimate) |
| Pipeline AI | Basic recommendations | Copilot for Actions | AI-assisted pipelines |
| Security Scanning | Third-party only | Advanced Security (native) | Native SAST/DAST |
| Cost (AI features) | Premium: $6/user | Copilot: $10/user | Ultimate: $99/user |
| Embedded Support | Manual setup | Similar | Better CI/CD for embedded |
| Self-hosted AI | No (Data Center) | Limited | Yes (self-hosted models) |
| Build Minutes | 50 min/month (Free) | 2,000 min/month (Free) | 400 min/month (Free) |
16.04.9 Pricing Tiers
| Tier | Price | AI Features | Build Minutes |
|---|---|---|---|
| Free | $0 | None | 50 min/month |
| Standard | $3/user/month | None | 2,500 min/month |
| Premium | $6/user/month | Atlassian Intelligence | 3,500 min/month |
| Enterprise | Custom | Full AI + Advanced Security | Unlimited |
Summary
Bitbucket Pipelines provides a solid CI/CD platform integrated with the Atlassian ecosystem. While Atlassian Intelligence is less advanced than GitHub Copilot for code generation, it offers valuable features for pull request summaries, reviewer suggestions, and natural language search. The platform's strength lies in its tight integration with Jira and other Atlassian tools, making it ideal for teams already invested in the Atlassian ecosystem.
For embedded systems development, Bitbucket Pipelines supports custom Docker images and cross-compilation workflows, though it requires more manual configuration than some competitors. Third-party integrations with tools like SonarCloud, Snyk, and CodeGuru provide robust AI-powered security scanning and code quality analysis capabilities.
Teams should evaluate Bitbucket Pipelines based on their existing toolchain, budget constraints, and specific AI feature requirements, keeping in mind that enterprise-grade AI features require Premium or Enterprise tiers.
References
- Atlassian Intelligence: https://www.atlassian.com/software/intelligence
- Bitbucket Pipelines: https://support.atlassian.com/bitbucket-cloud/docs/get-started-with-bitbucket-pipelines/
- Code Insights: https://support.atlassian.com/bitbucket-cloud/docs/code-insights/
- Jira-Bitbucket Integration: https://support.atlassian.com/jira-software-cloud/docs/integrate-with-bitbucket/
- Bitbucket Pricing: https://www.atlassian.com/software/bitbucket/pricing
- Atlassian Marketplace: https://marketplace.atlassian.com/addons/app/bitbucket