Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Allow CI/Pipeline to be added to branch permissions

Michael Russell
Michael Russell May 15, 2020

We currently have a setup building custom Bitbucket Pipes:

Permissions

Master Branch:

  write access: None

  merge via PR: Dev Group

 

And our CI setup uses the `semversioner` to cut the new release, push to docker hub, and push back to master so that Pipe's can see the new version via the pipe.yml file. This was working fine until the PR only approach was implemented.

It makes sense that the CI can't pushback since it is now set to None, however, it would be nice if we had an option in Branch Permissions to pick the CI as a user that can push back so releases can be cut by the CI server and no one else.

 

Any thoughts on how to handle this approach?

 

Answer
Watch
Like # people like this
987 views

3 answers

1 vote
Leo Huang
Leo Huang May 19, 2021

This isn't really an answer (it seems like the only workaround currently is to add a paid "bot user", as described by @zkeator ) but we can try and get some movement going on the issue by voting for https://jira.atlassian.com/browse/BCLOUD-19136.

Reply
0 votes
zkeator
zkeator September 28, 2020

Create a bot / pipeline specific account, pretty much just make a new account and add it with read/write access for those branches on the repo.

Authenticate to the repo using the bot account and it'll be allowed to push commits, the current options are Oath, SSH key, or app secrets using the username / password.

 

Here is a guide from Bitbucket docs: https://support.atlassian.com/bitbucket-cloud/docs/push-back-to-your-repository/#Pushbacktoyourrepository-Pushingbackusingalternativeauthenticationmethods

View More Comments
Michael Russell
Michael Russell September 29, 2020

Thanks for taking the time to try and help zkeator, while this is a workaround, this additional user/bot also brings additional costs to use and would still have the same restrictions as the rest of our members, only PRs can be merged via the repo restrictions, so, no user whether considered human or bot can merge.

We do have a workaround in place, but, it would be super helpful if the following was taken into consideration:

It makes sense that the CI can't pushback since it is now set to None, however, it would be nice if we had an option in Branch Permissions to pick the CI as a user that can push back so releases can be cut by the CI server and no one else.

Like
zkeator
zkeator December 17, 2020

Yeah I had to specifically grant the bot account permissions to push, not ideal but it does allow for a setup where all normal users have to use PRs except CI.

Agree on the cost of adding another user, if Bitbucket would allow you to target permissions specifically to the CI it would make life a lot easier.

Like Leo Huang likes this
Reply
0 votes
Danil Pankrashin
Danil Pankrashin May 24, 2020

also have that issue

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events