Release 1.2.7: Add Bitbucket API token support

[jvrck]

Release 1.2.7

Adds support for Bitbucket API tokens while maintaining backward compatibility with app passwords.

Summary

App passwords are being deprecated by Atlassian and will stop working on June 9, 2026. This release adds support for API tokens, which are now the recommended authentication method.

Changes

Added:

• Support for Bitbucket API tokens alongside app passwords
• New BB_EMAIL and BB_API_TOKEN environment variables
• Automatic authentication mode detection
• New auth_helper module for centralized authentication

Updated:

• bbhelper.py - Use auth helper for REST API calls
• ripper_utils.py - Use auth helper for git operations
• README.md - Comprehensive auth documentation
• docenv.example - Show both auth methods
• CHANGELOG.md - Release notes

Authentication Methods

API Token (Recommended):

BB_EMAIL=your.email@example.com
BB_API_TOKEN=ATBBxxx...
BB_WORKSPACE=workspace
BB_RIPPER_EXPORT_DIRECTORY=/path/to/output

App Password (Legacy - works until June 9, 2026):

BB_USER=username
BB_PASSWORD=app_password
BB_WORKSPACE=workspace
BB_RIPPER_EXPORT_DIRECTORY=/path/to/output

Testing

• Tested with API token credentials - ✅ Working
• Tested with app password credentials - ✅ Working
• Verified REST API calls work with both methods
• Verified git clone operations work with both methods
• All tests pass locally

Migration Guide

Users can migrate by:

1. Creating an API token
2. Switching to BB_EMAIL + BB_API_TOKEN environment variables
3. Removing BB_USER + BB_PASSWORD

No code changes required - detection is automatic based on which environment variables are set.

Closes #211

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e2f8834b1c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Detect token mode only when BB_API_TOKEN has a value

get_auth_mode() switches to API-token auth whenever BB_API_TOKEN exists in the environment, even if it is an empty string (for example from BB_API_TOKEN= in a dotenv/template or an unset CI secret). In that case, runs that still provide valid BB_USER/BB_PASSWORD now fail with a ValueError in get_api_auth() instead of using legacy auth, which breaks the backward-compatibility this release promises.

Useful? React with 👍 / 👎.