feat: handle repo rename webhooks for Bitbucket and Bitbucket Server

[drazisil-codecov]

Summary

• Adds handling for repo:updated (Bitbucket Cloud) and repo:modified (Bitbucket Server) webhook events
• Both trigger TaskService().refresh() on rename, reducing the window where a stale slug could be claimed by another repo
• Followup to fix(bitbucket): replace retired CHANGE-3022 API endpoints #883,

Security concern addressed (per Michelle's review of #883)

The slug staleness window after a rename could allow a different workspace to register a repo under the old slug. This is mitigated by:

1. Triggering an immediate sync on rename so Codecov updates the slug quickly
2. Webhook lookup uses UUID / service_id (not slug), so even during the staleness window the original repo's webhooks are correctly routed

Tests cover both the sync trigger and the UUID-based lookup under a slug collision scenario.

Test plan

• test_repo_updated_triggers_sync — repo:updated calls TaskService.refresh with correct args
• test_repo_updated_lookup_by_uuid_not_slug — sync is triggered for the correct repo even when another workspace has registered a repo with the old name
• test_repo_modified_triggers_sync — same for Bitbucket Server repo:modified
• test_repo_modified_lookup_by_service_id_not_slug — same slug collision test for Bitbucket Server
• All 24 existing Bitbucket/Bitbucket Server webhook tests still pass

🤖 Generated with Claude Code

---

Note

Medium Risk
Adds new webhook event handling that triggers TaskService.refresh, which can change sync behavior and increase background task load for Bitbucket/Bitbucket Server installations. Logic is straightforward but touches webhook routing and repo identification, so regressions could affect integrations.

Overview
Adds support for Bitbucket Cloud repo:updated and Bitbucket Server repo:modified webhooks and routes them to a new handler that calls TaskService().refresh(sync_repos=True) to promptly resync repositories after renames.

Extends test coverage to ensure these rename events trigger a refresh and that repo lookup is resilient under slug-collision scenarios (verifying identification by UUID/service_id rather than repo name).

^{Reviewed by Cursor Bugbot for commit 6900986. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 6900986. Configure here.}

[cursor]

Bitbucket Cloud repo:updated not in webhook subscription list

High Severity

REPO_UPDATED is added as a constant and a handler is wired up, but it's never added to subscribed_events. More critically, WEBHOOK_EVENTS["bitbucket"] in apps/worker/services/repository.py also omits repo:updated. This means Bitbucket Cloud is never told to deliver repo:updated events, so the new handler will never fire. Bitbucket Server works because repo:modified was already present in both lists before this PR.

Additional Locations (1)

• apps/codecov-api/webhook_handlers/constants.py#L41-L42

 

^{Reviewed by Cursor Bugbot for commit 6900986. Configure here.}

[cursor]

GitHub-specific using_integration=True breaks Bitbucket sync task

High Severity

Both new handlers pass using_integration=True to TaskService().refresh(), but the downstream sync_repos task documents this flag as "specific to GitHub users." When True, it calls sync_repos_using_integration() which invokes list_repos_using_installation_generator() — a method only implemented on the GitHub adapter, not on the Bitbucket or Bitbucket Server adapters. This will cause an AttributeError at runtime when the sync task executes.

Additional Locations (1)

• apps/codecov-api/webhook_handlers/views/bitbucket_server.py#L107-L116

 

^{Reviewed by Cursor Bugbot for commit 6900986. Configure here.}

[sentry]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.26%. Comparing base (1f0784c) to head (6900986).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #884   +/-   ##
=======================================
  Coverage   92.26%   92.26%           
=======================================
  Files        1307     1307           
  Lines       48014    48027   +13     
  Branches     1632     1632           
=======================================
+ Hits        44298    44311   +13     
  Misses       3407     3407           
  Partials      309      309           

Flag	Coverage Δ
apiunit	96.35% <100.00%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[codecov-notifications]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

📢 Thoughts on this report? Let us know!