Bitbucket Pocket Book

Bitbucket Pocket Book — Uplatz

~60 deep-dive flashcards • Single column • Repos & Branching • PRs & Reviews • Pipelines CI/CD • Workspaces & Permissions • Security • Admin • Interview Q&A

Cheat-friendly explanations • Readable Git/CI snippets • Production-oriented tips

Section 1 — Fundamentals

1) What is Bitbucket?

Git hosting by Atlassian with pull requests, code review, and CI/CD via Pipelines. Tight integration with Jira, Trello, and the Atlassian ecosystem.

git --version
git config --global user.name "Your Name"
git config --global user.email you@example.com

2) Workspace → Project → Repository

Workspace groups everything for your org; Project organizes repos; Repository stores code, issues, PRs, and pipelines.

3) SSH vs HTTPS

HTTPS is simple; SSH avoids password prompts and supports fine-grained key management (per device/service).

ssh-keygen -t ed25519 -C "you@example.com"
# Add public key in Bitbucket SSH keys

4) Clone & Remotes

git clone git@bitbucket.org:workspace/repo.git
git remote -v
git remote add upstream git@bitbucket.org:workspace/parent.git

5) Branching Strategies

Trunk-based (short-lived branches), Gitflow (feature/release/hotfix), or Release train. Pick one and automate checks.

6) Naming Conventions

feature/, bugfix/, hotfix/, release/, include Jira key (e.g., PROJ-123) for traceability.

7) LFS (Large Files)

Track binaries with Git LFS to keep repo small; avoid committing build artifacts.

git lfs install
git lfs track "*.psd"

8) .gitignore & Attributes

Keep repos clean with language-specific ignores; use .gitattributes for line endings/merge drivers.

Section 2 — Repos & Branching

9) Create Repo

From UI or via import/mirror. Initialize locally, then push the default branch.

git init -b main
git add .
git commit -m "chore: initial commit"
git remote add origin git@bitbucket.org:workspace/repo.git
git push -u origin main

10) Default Branch

Set main (or equivalent) and protect it with branch restrictions, required approvals, and CI checks.

11) Branch Permissions

Restrict who can push to protected branches; require PRs with passing builds and approvals.

12) Merge Strategies

Squash (clean history), Merge commit (preserve), Fast-forward (linear). Choose per repo; document when to use each.

13) Tags & Releases

Use annotated tags for releases and changelogs.

git tag -a v1.2.0 -m "release: 1.2.0"
git push origin v1.2.0

14) Forks & Upstream Sync

Contribute via forks; keep in sync with upstream remote.

git fetch upstream
git rebase upstream/main

15) Monorepo Tips

Use sparse-checkout, shared CI templates, and path-based pipelines; enforce codeowners by directory.

16) Commit Messages

Conventional commits (feat:, fix:, chore:) + Jira key → automatic changelogs and traceability.

Section 3 — Pull Requests & Code Review

17) Create a PR

Push your branch, open PR, add title/description, link Jira issue, and set reviewers.

18) PR Templates

Store a checklist in PULL_REQUEST_TEMPLATE.md (tests, docs, screenshots). Improves consistency.

19) Default Reviewers

Configure per project/repo to auto-assign domain owners for PRs touching specific paths.

20) Merge Checks

Enforce: min approvals, passing Pipelines status, all tasks resolved, no conflicts, up-to-date with target branch.

21) Inline Comments & Suggestions

Provide actionable feedback; use code suggestions; resolve threads when addressed.

22) PR Etiquette

Small PRs (< 300 lines), clear context, test coverage, avoid “drive-by” refactors; reviewers respond within SLA.

23) Jira Smart Commits

Include issue keys in commits/PR titles to transition issues, log time, or leave comments from Git activity.

24) Approvals & Re-approvals

Major changes after approval should reset/re-request reviews; automate via merge checks.

Section 4 — Pipelines (CI/CD)

25) Enable Pipelines

Add bitbucket-pipelines.yml at repo root and toggle Pipelines in repo settings.

image: node:20
pipelines:
  default:
    - step:
        name: Build & Test
        caches: [node]
        script:
          - npm ci
          - npm test
        artifacts:
          - dist/**

26) Caches & Artifacts

Caches persist between runs (e.g., node, pip); artifacts move build outputs to later steps (or downloads).

27) Pipes (prebuilt steps)

Reusable actions like Docker build/push, AWS deploy, Slack notify.

script:
  - pipe: atlassian/docker-build:1.6.0
    variables:
      DOCKERFILE: Dockerfile
      IMAGE_NAME: myapp

28) Deployments & Environments

Define dev/test/prod with environment variables and approvals; track releases per environment.

29) Manual & Custom Pipelines

Trigger ad-hoc jobs (e.g., migrations, rollbacks) from the UI.

custom:
  migrate-db:
    - step:
        name: Migrate
        script: ["npm run migrate"]

30) Self-Hosted Runners

Run steps on your own hardware for private networks, GPUs, or custom tooling.

31) Parallel Steps & Fan-out

Split tests/builds across multiple steps to reduce time-to-green.

32) Docker-in-Docker

Build images in Pipelines; use Docker service and enable privileged mode when required.

33) Monorepo Pipelines

Use conditionals on changed paths and shared templates to run only necessary jobs.

34) Example: Python

image: python:3.12
pipelines:
  default:
    - step:
        name: Test
        caches: [pip]
        script:
          - pip install -r requirements.txt
          - pytest -q

Section 5 — Workspaces, Permissions & Integrations

35) Workspaces

Top-level org boundary for members, groups, default permissions, and billing; group repos into projects.

36) Repo Permissions

Grant read/write/admin; prefer groups over individuals; review access quarterly.

37) Branch Restrictions

Prevent force-push/deletes; require PRs, approvals, and passing builds on protected branches like main.

38) App Passwords & Tokens

Use app passwords or OAuth tokens for automation; scope minimally; rotate regularly; store in Pipelines variables.

39) Webhooks

Trigger external systems on push/PR events (CI, chat notifications, deployments).

40) Jira & Trello

Link repos to projects/boards; surface PRs and build status on issues/cards; use issue keys in branches/commits.

41) Codeowners-by-Path (pattern)

Enforce domain reviews by mapping directories → default reviewers; pair with merge checks.

Section 6 — Security & Compliance

42) 2FA & SSO

Enforce two-factor auth and SSO for workspace users; remove stale accounts promptly.

43) Signed Commits

Use GPG/SSH signing to verify authorship; enforce on protected branches for higher integrity.

44) Secrets in CI

Store credentials as secured variables at repo/workspace level; never commit secrets; rotate and audit usage.

45) Dependency & SAST Scans

Run SCA/SAST in Pipelines (e.g., OSS indexers, Semgrep, Snyk). Fail builds on critical issues; create Jira tickets automatically.

46) Required Status Checks

Only allow merges when CI passes, approvals met, and tasks resolved; block direct pushes to protected branches.

47) Least Privilege

Group-based permissions, per-environment deploy keys, and scoped tokens; audit access and logs regularly.

Section 7 — Admin, Migration & Scaling

48) Import/Migrate

Import from GitHub/GitLab or push existing repos; preserve history and tags.

git remote set-url origin git@bitbucket.org:new-ws/repo.git
git push --all
git push --tags

49) Mirrors & Backups (pattern)

Maintain a read-only mirror (another provider/self-hosted) via CI job that pushes all refs; also keep regular bare clones.

50) Repo Size Management

Remove large blobs (BFG), enable LFS, and avoid committing artifacts. Educate teams with pre-commit hooks.

51) Monorepo Scaling

Enforce ownership by directory, split pipelines per path, cache dependencies per package, and use sparse-checkout for devs.

52) CI Performance

Cache deps, parallelize tests, reuse layers for Docker builds, and run only affected jobs per change.

53) Audit & Logs

Review access and pipeline logs; set alerts on unusual pushes, failed auth, or excessive pipeline usage.

54) Branch Lifecycles

Auto-delete merged branches; stale branch policy with reminders or cleanup jobs.

Section 8 — Patterns & Interview Q&A

55) Pattern — Trunk + Feature Flags

Ship small PRs behind flags; keep trunk releasable; CI gates and canary deployments cut risk.

56) Pattern — Protected Environments

Dev auto-deploy, Staging requires approval, Prod requires approvals + manual step; artifact promotion not rebuilds.

57) Interview — Gitflow vs Trunk?

Answer: Trunk for continuous delivery and fast feedback; Gitflow for strict release cadence and long-lived support branches.

58) Interview — Speed up slow CI?

Answer: Cache deps, split jobs, run changed-path tests only, prebuild Docker base, and fail-fast on lint/type checks.

59) Interview — Secure secrets?

Answer: Store as protected variables, restrict to environments, rotate regularly, and scan repo history for exposure.

60) Production Checklist

Protected branches & merge checks, required reviews, Pipelines with gates, secrets in variables, signed commits, backups/mirrors, and on-call runbooks.

Cutting-edge Technology Courses by Uplatz