It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Branch permission to allow pipelines to commit and push on branch Edited

Hello,

In my current setup, I want to forbid developers to push directly on DEV branch, this should only be done by merging pull request.

However, during the pipeline that runs on DEV branch after any pull request has been merged, I want to increase a version number in a file (package.json), commit the file and push the change on DEV branch.

 

If I change the branch permission on DEV to allow Everybody to "push", this works perfectly:

Screen Shot 2018-02-27 at 09.08.11.png

 

My thinking is that I need to use the SSH Key generated in Pipelines (see this article) somehow as an access key like it is described in this article (Add access keys to branch permissions in Bitbucket Server 4.14)

 

But when I try to add the SSH key generated in Pipeline as an access key I got the error: "Someone has already registered this as an account SSH key"

Screen Shot 2018-02-26 at 12.49.59.png

 

There is probably something basic that I don't understand, any help much appreciated.

 

 

1 answer

0 votes

Hey @Antoine Pissot,

This ssh key has already been registered at some point. (https://confluence.atlassian.com/bbkb/someone-has-already-registered-that-ssh-key-338365482.html)

If the key you're trying to add is the one generated by pipelines (as in https://confluence.atlassian.com/bitbucket/access-remote-hosts-via-ssh-847452940.html) then the ssh key is already baked into the pipelines agent on every build. If not follow the instructions from the above link to generate one.

However, the repository isn't ready to receive commits just yet. The access key you've been using is read only; you can't commit back just by adding the ssh key as an access key.

The solution is to create a bot account and add that public key as the bot's personal key. You will also need to give the bot account write permissions in the repository access controls. Then you will be able to set the remote repository url, the bot name and email in the build itself

- git config --global user.email "bot@example.com"
- git config --global user.name "Bot name"
- git config remote.origin.url <your repository url here>

(or in a separate script) and git push back to the repository.

Cheers,
Tom

Hello,

Thanks for taking to time to reply to me.

 

I could not figure out how to :

"The solution is to create a bot account and add that public key as the bot's personal key. You will also need to give the bot account write permissions in the repository access controls."

 

In my bitbucket config, I have done what you suggested, ie:

- git config --global user.email "bot@example.com"
- git config --global user.name "Bot name"

 

However, I can't find a tutorial that explains how to create a bot account... (and so I can't give him write permissions)

A bot account is just a regular Bitbucket account on your team (lets call it "Wall-E"). You can add the public SSH key to Wall-E's account. Then add Wall-E as a team member to repositories that you need Wall-E to write to.

Does the bot account require any specific access rights? 

I am having trouble with a similar case. 

So far in my pipeline I was using a repo ssh key to clone another repo and access a build version fro a file.

Now I'd like to be able to modify file in this other repo. I understand that the ssh key I have been using is read only. 

So  I have create the "bot" account and given him access to write in that repo.

Should I know use the same account to clone the repo and push the updated file? 

Should a specific key be created for that account. and should I delete the old ssh key associated with the pipeline repo?

 

Thank for the help.

Yassine.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Bitbucket

Atlassian supported Jenkins integration for Bitbucket Server

We’ve been building a plugin to integrate Bitbucket Server and Jenkins CI, and I’m excited to announce that our alpha is ready to download and install. It lets you seamlessly configure a Jenkins job ...

423 views 0 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you