Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Branch permission to allow pipelines to commit and push on branch

Edited

Hello,

In my current setup, I want to forbid developers to push directly on DEV branch, this should only be done by merging pull request.

However, during the pipeline that runs on DEV branch after any pull request has been merged, I want to increase a version number in a file (package.json), commit the file and push the change on DEV branch.

 

If I change the branch permission on DEV to allow Everybody to "push", this works perfectly:

Screen Shot 2018-02-27 at 09.08.11.png

 

My thinking is that I need to use the SSH Key generated in Pipelines (see this article) somehow as an access key like it is described in this article (Add access keys to branch permissions in Bitbucket Server 4.14)

 

But when I try to add the SSH key generated in Pipeline as an access key I got the error: "Someone has already registered this as an account SSH key"

Screen Shot 2018-02-26 at 12.49.59.png

 

There is probably something basic that I don't understand, any help much appreciated.

 

 

1 answer

0 votes
Tom Bradshaw Atlassian Team Mar 27, 2018

Hey @Tonio,

This ssh key has already been registered at some point. (https://confluence.atlassian.com/bbkb/someone-has-already-registered-that-ssh-key-338365482.html)

If the key you're trying to add is the one generated by pipelines (as in https://confluence.atlassian.com/bitbucket/access-remote-hosts-via-ssh-847452940.html) then the ssh key is already baked into the pipelines agent on every build. If not follow the instructions from the above link to generate one.

However, the repository isn't ready to receive commits just yet. The access key you've been using is read only; you can't commit back just by adding the ssh key as an access key.

The solution is to create a bot account and add that public key as the bot's personal key. You will also need to give the bot account write permissions in the repository access controls. Then you will be able to set the remote repository url, the bot name and email in the build itself

- git config --global user.email "bot@example.com"
- git config --global user.name "Bot name"
- git config remote.origin.url <your repository url here>

(or in a separate script) and git push back to the repository.

Cheers,
Tom

Hello,

Thanks for taking to time to reply to me.

 

I could not figure out how to :

"The solution is to create a bot account and add that public key as the bot's personal key. You will also need to give the bot account write permissions in the repository access controls."

 

In my bitbucket config, I have done what you suggested, ie:

- git config --global user.email "bot@example.com"
- git config --global user.name "Bot name"

 

However, I can't find a tutorial that explains how to create a bot account... (and so I can't give him write permissions)

A bot account is just a regular Bitbucket account on your team (lets call it "Wall-E"). You can add the public SSH key to Wall-E's account. Then add Wall-E as a team member to repositories that you need Wall-E to write to.

Does the bot account require any specific access rights? 

I am having trouble with a similar case. 

So far in my pipeline I was using a repo ssh key to clone another repo and access a build version fro a file.

Now I'd like to be able to modify file in this other repo. I understand that the ssh key I have been using is read only. 

So  I have create the "bot" account and given him access to write in that repo.

Should I know use the same account to clone the repo and push the updated file? 

Should a specific key be created for that account. and should I delete the old ssh key associated with the pipeline repo?

 

Thank for the help.

Yassine.

Hi @Tom Bradshaw ,

I am in the same situation as Tonio. I have followed Tom's instruction, but the bot account still cannot push to develop branch? The bot can push to any other branches without the branch permission.

Also, question, does one get charged for each bot account created?

Like # people like this

I have the feeling this is one of the things that should be available, so I created an issue for it on Bitbucket's bug tracker: https://jira.atlassian.com/browse/BCLOUD-20344

Like # people like this

Thanks @Leandro Aguiar , just voted for your issue.

I ended up doing this in 'default' pipeline so the commit goes to the PR branch. The merge to develop is then done by a human and there is nothing new to push to develop

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

New improvements to user management in Bitbucket Cloud 👥

Hey Community! We’re willing to wager that quite a few of you not only use Bitbucket, but administer it too. Our team is excited to share that we’ll be releasing improvements throughout this month of...

3,845 views 10 16
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you