Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Branch permission to allow pipelines to commit and push on branch

Tonio
Tonio
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 27, 2018

Hello,

In my current setup, I want to forbid developers to push directly on DEV branch, this should only be done by merging pull request.

However, during the pipeline that runs on DEV branch after any pull request has been merged, I want to increase a version number in a file (package.json), commit the file and push the change on DEV branch.

 

If I change the branch permission on DEV to allow Everybody to "push", this works perfectly:

Screen Shot 2018-02-27 at 09.08.11.png

 

My thinking is that I need to use the SSH Key generated in Pipelines (see this article) somehow as an access key like it is described in this article (Add access keys to branch permissions in Bitbucket Server 4.14)

 

But when I try to add the SSH key generated in Pipeline as an access key I got the error: "Someone has already registered this as an account SSH key"

Screen Shot 2018-02-26 at 12.49.59.png

 

There is probably something basic that I don't understand, any help much appreciated.

 

 

Answer
Watch
Like # people like this
8319 views

1 answer

1 vote
Tom Bradshaw
Tom Bradshaw
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 27, 2018

Hey @Tonio,

This ssh key has already been registered at some point. (https://confluence.atlassian.com/bbkb/someone-has-already-registered-that-ssh-key-338365482.html)

If the key you're trying to add is the one generated by pipelines (as in https://confluence.atlassian.com/bitbucket/access-remote-hosts-via-ssh-847452940.html) then the ssh key is already baked into the pipelines agent on every build. If not follow the instructions from the above link to generate one.

However, the repository isn't ready to receive commits just yet. The access key you've been using is read only; you can't commit back just by adding the ssh key as an access key.

The solution is to create a bot account and add that public key as the bot's personal key. You will also need to give the bot account write permissions in the repository access controls. Then you will be able to set the remote repository url, the bot name and email in the build itself

- git config --global user.email "bot@example.com"
- git config --global user.name "Bot name"
- git config remote.origin.url <your repository url here>

(or in a separate script) and git push back to the repository.

Cheers,
Tom

View More Comments
Tonio
Tonio
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
March 28, 2018

Hello,

Thanks for taking to time to reply to me.

 

I could not figure out how to :

"The solution is to create a bot account and add that public key as the bot's personal key. You will also need to give the bot account write permissions in the repository access controls."

 

In my bitbucket config, I have done what you suggested, ie:

- git config --global user.email "bot@example.com"
- git config --global user.name "Bot name"

 

However, I can't find a tutorial that explains how to create a bot account... (and so I can't give him write permissions)

Like
Philip Hodder
Philip Hodder
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 5, 2018

A bot account is just a regular Bitbucket account on your team (lets call it "Wall-E"). You can add the public SSH key to Wall-E's account. Then add Wall-E as a team member to repositories that you need Wall-E to write to.

Like
Yassine Jouahri
Yassine Jouahri April 18, 2018

Does the bot account require any specific access rights? 

Like
Yassine Jouahri
Yassine Jouahri April 18, 2018

I am having trouble with a similar case. 

So far in my pipeline I was using a repo ssh key to clone another repo and access a build version fro a file.

Now I'd like to be able to modify file in this other repo. I understand that the ssh key I have been using is read only. 

So  I have create the "bot" account and given him access to write in that repo.

Should I know use the same account to clone the repo and push the updated file? 

Should a specific key be created for that account. and should I delete the old ssh key associated with the pipeline repo?

 

Thank for the help.

Yassine.

Like
Ben Zhang
Ben Zhang
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 22, 2019

Hi @Tom Bradshaw ,

I am in the same situation as Tonio. I have followed Tom's instruction, but the bot account still cannot push to develop branch? The bot can push to any other branches without the branch permission.

Like
Anthony Kroeker
Anthony Kroeker January 21, 2020

Also, question, does one get charged for each bot account created?

Like # people like this
Leandro Aguiar
Leandro Aguiar
Contributor
July 31, 2020

I have the feeling this is one of the things that should be available, so I created an issue for it on Bitbucket's bug tracker: https://jira.atlassian.com/browse/BCLOUD-20344

Like # people like this
Jarno
Jarno
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
August 20, 2020

Thanks @Leandro Aguiar , just voted for your issue.

Like
Dirk van Rensburg
Dirk van Rensburg
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 2, 2020

I ended up doing this in 'default' pipeline so the commit goes to the PR branch. The merge to develop is then done by a human and there is nothing new to push to develop

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events