SONAR-25432 Warn instance admins that their automations using Bitbucket Cloud App Passwords will fail

GitOrigin-RevId: d0552d3c9c55f274f63e98160516eba6d2399616

Author: Hartesic

apps/sq-server/src/main/js/apps/settings/components/SettingsAppRenderer.tsx

@@ -27,6 +27,7 @@ import { withRouter } from '~shared/components/hoc/withRouter';
 import { Location } from '~shared/types/router';
 import { ExtendedSettingDefinition } from '~shared/types/settings';
 import ModeBanner from '~sq-server-commons/components/common/ModeBanner';
+import { BitbucketCloudAppDeprecationMessage } from '~sq-server-commons/components/devops-platform/BitbucketCloudAppDeprecationMessage';
 import { translate } from '~sq-server-commons/helpers/l10n';
 import { Component } from '~sq-server-commons/types/types';
 import { CATEGORY_OVERRIDES } from '../constants';
@@ -73,6 +74,8 @@ function SettingsAppRenderer(props: Readonly<SettingsAppRendererProps>) {
     <LargeCenteredLayout id="settings-page">
       <Helmet defer={false} title={translate('settings.page')} />
 
+      <BitbucketCloudAppDeprecationMessage className="sw-mt-8" />
+
       <ModeBanner as="wideBanner" />
 
       <div className="sw-my-8">

apps/sq-server/src/main/js/apps/settings/components/__tests__/SettingsApp-it.tsx

@@ -23,22 +23,30 @@ import userEvent from '@testing-library/user-event';
 import { Route } from 'react-router-dom';
 import { registerServiceMocks } from '~shared/api/mocks/server';
 import { byRole, byText } from '~shared/helpers/testSelector';
+import { MessageTypes } from '~sq-server-commons/api/messages';
+import AlmSettingsServiceMock from '~sq-server-commons/api/mocks/AlmSettingsServiceMock';
 import {
   EntitlementsServiceDefaultDataset,
   EntitlementsServiceMock,
   mockPurchaseableFeature,
 } from '~sq-server-commons/api/mocks/EntitlementsServiceMock';
+import MessagesServiceMock from '~sq-server-commons/api/mocks/MessagesServiceMock';
 import { ModeServiceMock } from '~sq-server-commons/api/mocks/ModeServiceMock';
 import ScaServiceSettingsMock from '~sq-server-commons/api/mocks/ScaServiceSettingsMock';
 import SettingsServiceMock from '~sq-server-commons/api/mocks/SettingsServiceMock';
+import SystemServiceMock from '~sq-server-commons/api/mocks/SystemServiceMock';
 import { KeyboardKeys } from '~sq-server-commons/helpers/keycodes';
+import { mockAlmSettingsInstance } from '~sq-server-commons/helpers/mocks/alm-settings';
 import { mockComponent } from '~sq-server-commons/helpers/mocks/component';
+import { mockLoggedInUser } from '~sq-server-commons/helpers/testMocks';
 import {
   renderAppRoutes,
   renderAppWithComponentContext,
   RenderContext,
 } from '~sq-server-commons/helpers/testReactTestingUtils';
+import { AlmKeys } from '~sq-server-commons/types/alm-settings';
 import { Feature } from '~sq-server-commons/types/features';
+import { Permissions } from '~sq-server-commons/types/permissions';
 import { Component } from '~sq-server-commons/types/types';
 import routes from '../../routes';
 
@@ -52,23 +60,32 @@ jest.mock('~sq-server-addons/index', () => ({
   },
 }));
 
+let almSettingsMock: AlmSettingsServiceMock;
 let settingsMock: SettingsServiceMock;
 let scaSettingsMock: ScaServiceSettingsMock;
 let modeHandler: ModeServiceMock;
 let entitlementsMock: EntitlementsServiceMock;
+let messagesMock: MessagesServiceMock;
+let systemMock: SystemServiceMock;
 
 beforeAll(() => {
+  almSettingsMock = new AlmSettingsServiceMock();
   settingsMock = new SettingsServiceMock();
   scaSettingsMock = new ScaServiceSettingsMock();
   modeHandler = new ModeServiceMock();
   entitlementsMock = new EntitlementsServiceMock(EntitlementsServiceDefaultDataset);
+  messagesMock = new MessagesServiceMock();
+  systemMock = new SystemServiceMock();
 });
 
 afterEach(() => {
+  almSettingsMock.reset();
   settingsMock.reset();
   scaSettingsMock.reset();
   modeHandler.reset();
   entitlementsMock.reset();
+  messagesMock.reset();
+  systemMock.reset();
 });
 
 beforeEach(() => {
@@ -78,6 +95,9 @@ beforeEach(() => {
 
 const ui = {
   announcementHeading: byRole('heading', { name: 'property.category.general.Announcement' }),
+  appPasswordDeprecationMessageTitle: byText(
+    'admin_notification.bitbucket_cloud_app_deprecation.link',
+  ),
   categoryLink: (category: string) => byRole('link', { name: category }),
   externalAnalyzersAndroidHeading: byRole('heading', {
     name: 'property.category.External Analyzers.Android',
@@ -232,6 +252,60 @@ describe('Project Settings', () => {
   });
 });
 
+describe('BitbucketCloudAppDeprecationMessage', () => {
+  it('should render the message if the conditions are met', async () => {
+    almSettingsMock.setAlmSettings([mockAlmSettingsInstance({ alm: AlmKeys.BitbucketCloud })]);
+
+    renderSettingsApp(undefined, {
+      currentUser: mockLoggedInUser({ permissions: { global: [Permissions.Admin] } }),
+    });
+    expect(await ui.settingsSearchInput.find()).toBeInTheDocument();
+
+    expect(await ui.appPasswordDeprecationMessageTitle.find()).toBeInTheDocument();
+  });
+
+  it('should not render the message if there is no Bitbucket Cloud ALM settings', async () => {
+    almSettingsMock.setAlmSettings([]);
+
+    renderSettingsApp(undefined, {
+      currentUser: mockLoggedInUser({ permissions: { global: [Permissions.Admin] } }),
+    });
+    expect(await ui.settingsSearchInput.find()).toBeInTheDocument();
+
+    expect(ui.appPasswordDeprecationMessageTitle.query()).not.toBeInTheDocument();
+  });
+
+  it('should not render the message if the message has been dismissed', async () => {
+    almSettingsMock.setAlmSettings([mockAlmSettingsInstance({ alm: AlmKeys.BitbucketCloud })]);
+    messagesMock.setMessageDismissed({
+      messageType: MessageTypes.BitbucketCloudAppDeprecation,
+    });
+
+    renderSettingsApp(undefined, {
+      currentUser: mockLoggedInUser({ permissions: { global: [Permissions.Admin] } }),
+    });
+    expect(await ui.settingsSearchInput.find()).toBeInTheDocument();
+
+    expect(ui.appPasswordDeprecationMessageTitle.query()).not.toBeInTheDocument();
+  });
+
+  it('should not render the message if the installation date is after the maximum installation date', async () => {
+    almSettingsMock.setAlmSettings([mockAlmSettingsInstance({ alm: AlmKeys.BitbucketCloud })]);
+    systemMock.supportInformation = {
+      statistics: {
+        installationDate: '2025-10-01',
+      },
+    };
+
+    renderSettingsApp(undefined, {
+      currentUser: mockLoggedInUser({ permissions: { global: [Permissions.Admin] } }),
+    });
+    expect(await ui.settingsSearchInput.find()).toBeInTheDocument();
+
+    expect(ui.appPasswordDeprecationMessageTitle.query()).not.toBeInTheDocument();
+  });
+});
+
 function renderSettingsApp(component?: Component, context: RenderContext = {}) {
   const path = component ? 'project' : 'admin';
   const wrapperRoutes = () => <Route path={path}>{routes()}</Route>;

libs/sq-server-commons/src/api/messages.ts

@@ -23,6 +23,7 @@ import { getJSON } from '~adapters/helpers/request';
 import { post } from '../helpers/request';
 
 export enum MessageTypes {
+  BitbucketCloudAppDeprecation = 'BITBUCKET_CLOUD_APP_DEPRECATION',
   GlobalNcd90 = 'GLOBAL_NCD_90',
   GlobalNcdPage90 = 'GLOBAL_NCD_PAGE_90',
   ProjectNcd90 = 'PROJECT_NCD_90',

libs/sq-server-commons/src/api/mocks/AlmSettingsServiceMock.ts

@@ -363,6 +363,10 @@ export default class AlmSettingsServiceMock {
     return this.reply(undefined);
   };
 
+  setAlmSettings = (almSettings: AlmSettingsInstance[]) => {
+    this.#almSettings = almSettings;
+  };
+
   reset = () => {
     this.#almSettings = cloneDeep(defaultAlmSettings);
     this.#almDefinitions = cloneDeep(defaultAlmDefinitions);

libs/sq-server-commons/src/api/mocks/SystemServiceMock.ts

@@ -26,6 +26,7 @@ import {
   mockPaging,
   mockStandaloneSysInfo,
 } from '../../helpers/testMocks';
+import { SupportInformation } from '../../types/settings';
 import { EmailConfiguration, LogsLevels } from '../../types/system';
 import {
   Provider,
@@ -36,6 +37,7 @@ import {
 } from '../../types/types';
 import {
   getEmailConfigurations,
+  getSupportInformation,
   getSystemInfo,
   getSystemStatus,
   getSystemUpgrades,
@@ -66,6 +68,12 @@ export default class SystemServiceMock {
 
   emailConfigurations: EmailConfiguration[] = [];
 
+  supportInformation: SupportInformation = {
+    statistics: {
+      installationDate: new Date('2025-01-01').toISOString(),
+    },
+  };
+
   constructor() {
     this.updateSystemInfo();
     jest.mocked(getSystemInfo).mockImplementation(this.handleGetSystemInfo);
@@ -75,6 +83,7 @@ export default class SystemServiceMock {
     jest.mocked(getEmailConfigurations).mockImplementation(this.handleGetEmailConfigurations);
     jest.mocked(postEmailConfiguration).mockImplementation(this.handlePostEmailConfiguration);
     jest.mocked(patchEmailConfiguration).mockImplementation(this.handlePatchEmailConfiguration);
+    jest.mocked(getSupportInformation).mockImplementation(this.handleGetSupportInformation);
   }
 
   handleGetSystemInfo = () => {
@@ -157,6 +166,10 @@ export default class SystemServiceMock {
     return this.reply(this.emailConfigurations[index]);
   };
 
+  handleGetSupportInformation = () => {
+    return this.reply(this.supportInformation);
+  };
+
   addEmailConfiguration = (configuration: EmailConfiguration) => {
     this.emailConfigurations.push(configuration);
   };

libs/sq-server-commons/src/api/system.ts

@@ -24,6 +24,7 @@ import { axiosClient } from '~shared/helpers/axios-clients';
 import { requestTryAndRepeatUntil } from '~shared/helpers/request';
 import { Paging } from '~shared/types/paging';
 import { post, postJSON } from '../helpers/request';
+import { SupportInformation } from '../types/settings';
 import {
   EmailConfiguration,
   MigrationStatus,
@@ -108,3 +109,7 @@ export function patchEmailConfiguration(
     emailConfiguration,
   );
 }
+
+export function getSupportInformation(): Promise<SupportInformation> {
+  return axiosClient.get('/api/support/info');
+}

libs/sq-server-commons/src/components/devops-platform/BitbucketCloudAppDeprecationMessage.tsx

@@ -0,0 +1,145 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2025 SonarSource Sàrl
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+import { Link, MessageCallout, MessageVariety } from '@sonarsource/echoes-react';
+import { isBefore } from 'date-fns';
+import { noop } from 'lodash';
+import { useCallback, useEffect, useMemo, useRef, useState } from 'react';
+import { FormattedMessage, useIntl } from 'react-intl';
+import { useCurrentUser } from '~adapters/helpers/users';
+import { getAlmSettings } from '../../api/alm-settings';
+import { MessageTypes } from '../../api/messages';
+import { hasGlobalPermission } from '../../helpers/users';
+import {
+  useMessageDismissedMutation,
+  useMessageDismissedQuery,
+} from '../../queries/dismissed-messages';
+import { useSupportInformationQuery } from '../../queries/system';
+import { AlmKeys, AlmSettingsInstance } from '../../types/alm-settings';
+import { Permissions } from '../../types/permissions';
+
+interface BitbucketCloudAppDeprecationMessageProps {
+  className?: string;
+}
+
+const MAXIMUM_INSTANCE_INSTALLATION_DATE = new Date('2025-09-09');
+const APP_PASSWORD_DEACTIVATION_DATE = new Date('2026-06-09');
+const BITBUCKET_API_TOKEN_DOCUMENTATION_URL =
+  'https://support.atlassian.com/bitbucket-cloud/docs/create-an-api-token/';
+
+export function BitbucketCloudAppDeprecationMessage({
+  className,
+}: Readonly<BitbucketCloudAppDeprecationMessageProps>) {
+  const isFetchingAlmSettings = useRef(false);
+  const [bitbucketCloudAlmSettings, setBitbucketCloudAlmSettings] =
+    useState<AlmSettingsInstance[]>();
+
+  const { formatMessage } = useIntl();
+
+  const { currentUser } = useCurrentUser();
+
+  const isGlobalAdmin = hasGlobalPermission(currentUser, Permissions.Admin);
+
+  const { data: installationDate, error: supportInformationError } = useSupportInformationQuery({
+    select: (data) => data.statistics.installationDate,
+  });
+  const { data: isMessageDismissed } = useMessageDismissedQuery(
+    {
+      messageType: MessageTypes.BitbucketCloudAppDeprecation,
+    },
+    {
+      select: (data) => data.dismissed,
+    },
+  );
+  const { mutate: dismissMessage } = useMessageDismissedMutation();
+
+  const shouldDisplayBanner = useMemo(() => {
+    return (
+      isGlobalAdmin &&
+      isMessageDismissed === false &&
+      Boolean(bitbucketCloudAlmSettings?.length) &&
+      isBefore(new Date(), APP_PASSWORD_DEACTIVATION_DATE) &&
+      ((installationDate !== undefined &&
+        isBefore(new Date(installationDate), MAXIMUM_INSTANCE_INSTALLATION_DATE)) ||
+        supportInformationError !== null)
+    );
+  }, [
+    bitbucketCloudAlmSettings,
+    installationDate,
+    isMessageDismissed,
+    isGlobalAdmin,
+    supportInformationError,
+  ]);
+
+  const onDismissMessage = useCallback(() => {
+    dismissMessage({
+      messageType: MessageTypes.BitbucketCloudAppDeprecation,
+    });
+  }, [dismissMessage]);
+
+  useEffect(() => {
+    if (
+      !isGlobalAdmin ||
+      bitbucketCloudAlmSettings !== undefined ||
+      isFetchingAlmSettings.current ||
+      isMessageDismissed === undefined ||
+      isMessageDismissed === true
+    ) {
+      return;
+    }
+
+    isFetchingAlmSettings.current = true;
+
+    getAlmSettings()
+      .then((almSettings) => {
+        const bbcSettings = almSettings.filter(
+          (almSetting) => almSetting.alm === AlmKeys.BitbucketCloud,
+        );
+
+        if (bbcSettings.length === 0) {
+          onDismissMessage();
+          return;
+        }
+
+        setBitbucketCloudAlmSettings(bbcSettings);
+      })
+      .catch(noop);
+  }, [bitbucketCloudAlmSettings, isMessageDismissed, isGlobalAdmin, onDismissMessage]);
+
+  if (!shouldDisplayBanner) {
+    return null;
+  }
+
+  return (
+    <MessageCallout
+      action={
+        <Link to={BITBUCKET_API_TOKEN_DOCUMENTATION_URL}>
+          <FormattedMessage id="admin_notification.bitbucket_cloud_app_deprecation.link" />
+        </Link>
+      }
+      className={className}
+      onDismiss={onDismissMessage}
+      title={formatMessage({ id: 'admin_notification.bitbucket_cloud_app_deprecation.title' })}
+      variety={MessageVariety.Info}
+    >
+      <FormattedMessage id="admin_notification.bitbucket_cloud_app_deprecation.banner" />
+    </MessageCallout>
+  );
+}

libs/sq-server-commons/src/l10n/default.ts

@@ -599,6 +599,11 @@ export const defaultMessages = {
     'New SonarQube Server version available',
   'admin_notification.update.new_sqs_version_when_running_sqcb.upgrade':
     'Upgrade to SonarQube Server and get access to enterprise features',
+  'admin_notification.bitbucket_cloud_app_deprecation.title':
+    'Bitbucket API tokens have replaced app passwords',
+  'admin_notification.bitbucket_cloud_app_deprecation.body':
+    'Bitbucket Cloud app is deprecated and will be removed in the future. Please migrate to the new Bitbucket app.',
+  'admin_notification.bitbucket_cloud_app_deprecation.link': 'Create API token on Bitbucket',
 
   //------------------------------------------------------------------------------
   //