We currently have a setup building custom Bitbucket Pipes:
Permissions
Master Branch:
write access: None
merge via PR: Dev Group
And our CI setup uses the `semversioner` to cut the new release, push to docker hub, and push back to master so that Pipe's can see the new version via the pipe.yml file. This was working fine until the PR only approach was implemented.
It makes sense that the CI can't pushback since it is now set to None, however, it would be nice if we had an option in Branch Permissions to pick the CI as a user that can push back so releases can be cut by the CI server and no one else.
Any thoughts on how to handle this approach?
This isn't really an answer (it seems like the only workaround currently is to add a paid "bot user", as described by @zkeator ) but we can try and get some movement going on the issue by voting for https://jira.atlassian.com/browse/BCLOUD-19136.
Create a bot / pipeline specific account, pretty much just make a new account and add it with read/write access for those branches on the repo.
Authenticate to the repo using the bot account and it'll be allowed to push commits, the current options are Oath, SSH key, or app secrets using the username / password.
Here is a guide from Bitbucket docs: https://support.atlassian.com/bitbucket-cloud/docs/push-back-to-your-repository/#Pushbacktoyourrepository-Pushingbackusingalternativeauthenticationmethods
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for taking the time to try and help zkeator, while this is a workaround, this additional user/bot also brings additional costs to use and would still have the same restrictions as the rest of our members, only PRs can be merged via the repo restrictions, so, no user whether considered human or bot can merge.
We do have a workaround in place, but, it would be super helpful if the following was taken into consideration:
It makes sense that the CI can't pushback since it is now set to None, however, it would be nice if we had an option in Branch Permissions to pick the CI as a user that can push back so releases can be cut by the CI server and no one else.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yeah I had to specifically grant the bot account permissions to push, not ideal but it does allow for a setup where all normal users have to use PRs except CI.
Agree on the cost of adding another user, if Bitbucket would allow you to target permissions specifically to the CI it would make life a lot easier.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.