Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Allow CI/Pipeline to be added to branch permissions

We currently have a setup building custom Bitbucket Pipes:

Permissions

Master Branch:

  write access: None

  merge via PR: Dev Group

 

And our CI setup uses the `semversioner` to cut the new release, push to docker hub, and push back to master so that Pipe's can see the new version via the pipe.yml file. This was working fine until the PR only approach was implemented.

It makes sense that the CI can't pushback since it is now set to None, however, it would be nice if we had an option in Branch Permissions to pick the CI as a user that can push back so releases can be cut by the CI server and no one else.

 

Any thoughts on how to handle this approach?

 

3 answers

This isn't really an answer (it seems like the only workaround currently is to add a paid "bot user", as described by @zkeator ) but we can try and get some movement going on the issue by voting for https://jira.atlassian.com/browse/BCLOUD-19136.

Create a bot / pipeline specific account, pretty much just make a new account and add it with read/write access for those branches on the repo.

Authenticate to the repo using the bot account and it'll be allowed to push commits, the current options are Oath, SSH key, or app secrets using the username / password.

 

Here is a guide from Bitbucket docs: https://support.atlassian.com/bitbucket-cloud/docs/push-back-to-your-repository/#Pushbacktoyourrepository-Pushingbackusingalternativeauthenticationmethods

Thanks for taking the time to try and help zkeator, while this is a workaround, this additional user/bot also brings additional costs to use and would still have the same restrictions as the rest of our members, only PRs can be merged via the repo restrictions, so, no user whether considered human or bot can merge.

We do have a workaround in place, but, it would be super helpful if the following was taken into consideration:

It makes sense that the CI can't pushback since it is now set to None, however, it would be nice if we had an option in Branch Permissions to pick the CI as a user that can push back so releases can be cut by the CI server and no one else.

Yeah I had to specifically grant the bot account permissions to push, not ideal but it does allow for a setup where all normal users have to use PRs except CI.

Agree on the cost of adding another user, if Bitbucket would allow you to target permissions specifically to the CI it would make life a lot easier.

Like Leo Huang likes this

also have that issue

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Apps & Integrations

🍂📹 Apptoberfest demo contest roundup: vote for your favorite demos!

Hi Community! The submissions are in (and listed below) for the 🍻🍂Apptoberfest🍂🍻 Demo Competition and it’s time for you to place your votes for the best: Analytics & reporting app demo ...

120 views 2 11
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you