I want to create a PR from curl command by sending a `POST` request to the `https://api.bitbucket.org/2.0/repositories/my-workspace/my-repository/pullrequests` endpoint
https://developer.atlassian.com/cloud/bitbucket/rest/api-group-pullrequests/#api-repositories-workspace-repo-slug-pullrequests-post
My pipeline step where the curl command is executed is:
- step:
name: Create a PR
script:
# Checkout and update the release branch
- git checkout $BITBUCKET_BRANCH
- git pull origin $BITBUCKET_BRANCH
# Create a pull request via Bitbucket's REST API
- >
curl -v -X POST -u "$BITBUCKET_PR_APP_USERNAME:$BITBUCKET_PR_APP_PASSWORD"
--header 'Content-Type: application/json'
--header 'Accept: application/json'
https://api.bitbucket.org/2.0/repositories/energyworx/ewx-intelligence/pullrequests
--data '{
"title": "PR",
"source": {
"branch": {
"name": "'"${BITBUCKET_BRANCH}"'"
}
},
"destination": {
"branch": {
"name": "develop"
}
}
}'
For this, I've created a bitbucket app password giving the following permissions:
And I have as a pipelines repository variables:
`BITBUCKET_PR_APP_USERNAME=create-pr`
`BITBUCKET_PR_APP_PASSWORD=<password-value>`
However I've been seeing when executing the curl command I got 401 error
THis is the verbosity output of the curl command
```
< HTTP/2 401
< server: envoy
* Authentication problem. Ignoring this.
< www-authenticate: Basic realm="Bitbucket.org HTTP"
< vary: Origin
< cache-control: max-age=0, no-cache, no-store, must-revalidate
< content-type: text/plain
< x-b3-traceid: def6c2c311ea3b29
< x-usage-output-ops: 0
< x-used-mesh: None
< x-dc-location: Micros-3
< strict-transport-security: max-age=31536000; includeSubDomains; preload
< date: Wed, 24 May 2023 10:37:47 GMT
< x-request-id: def6c2c311ea3b29
< x-usage-user-time: 0.014742
< x-usage-system-time: 0.000426
< x-served-by: 872230c0fe40
< expires: Wed, 24 May 2023 10:37:47 GMT
< x-xss-protection: 1; mode=block
< x-envoy-upstream-service-time: 24
< x-static-version: 9999a04deee1
< x-content-type-options: nosniff
< x-render-time: 0.013472795486450195
< x-trace-id: def6c2c311ea3b29
< x-usage-input-ops: 0
< x-frame-options: SAMEORIGIN
< x-version: 9999a04deee1
< x-request-count: 2670
< content-length: 0
<
{ [0 bytes data]
```
However when I use an oauth2 consumer with pull request write permissions and I create a token and I use that token as a bearer token in the header authorization to execute the above curl pull request command creation, I can create the PR, and everything goes well.
Why using an app password account with write pull request permissions did not create the PR and the Oauth consumer did it?
Hey @Bernardo García , and thank you for reaching out to Community!
From the app password creation screenshot you have shared, you gave the app password a label named create-pr. The label of an app password is just a way so you can remember its purpose or describe what permissions it was configured to. However, the label itself will not be used in the authentication.
When using basic authentication for API calls, you will need to provide the following data as your credentials :
So in this case, you will need to update the value of the pipelines environment variable BITBUCKET_PR_APP_USERNAME to be your bitbucket account username, instead of the app password label. Once the variable is updated, you can trigger your pipeline again and check if the request was successful.
Hope that helps! Let me know in case you have any questions.
Thank you, @Bernardo García !
Patrik S
Thanks so much for your clarification, it was a silly confusion from my side.
I was doing this to make it work before:
- >
ACCESS_TOKEN=$(curl -X POST -u "$oauth_client_id:$oauth_client_secret" \
https://bitbucket.org/site/oauth2/access_token \
-d grant_type=client_credentials | jq -r '.access_token')
SOURCE_PAYLOAD=$(jq -n \
--arg bb_branch "$BITBUCKET_BRANCH" \
--arg commit_hash "$COMMIT_HASH" \
'{ "branch": { "name": $bb_branch }, "commit": { "hash": $commit_hash } }')
REVIEWERS_PAYLOAD=$(jq -n \
--arg uuid1 "$PR_REVIEWER_USER_UUID_1" \
--arg uuid2 "$PR_REVIEWER_USER_UUID_2" \
'[{ "uuid": $uuid1 }, { "uuid": $uuid2 }]')
curl -X POST -H "Authorization: Bearer $ACCESS_TOKEN" \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
https://api.bitbucket.org/2.0/repositories/<workspace>/<my-repo>/pullrequests \
--data-binary "$(echo -e '{
"title": "Merge release branch onto develop",
"description": "This Pull Request, generated by the release pipeline,",
"close_source_branch": false,
"source": '"$SOURCE_PAYLOAD"',
"destination": {
"branch": {
"name": "develop"
}
},
"reviewers": '"$REVIEWERS_PAYLOAD"'
}')"
On the other hand, using bitbucket app password approach is better than using an oauth consumer credentials on my pipeline to create an access token for the culr request right?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello @Bernardo García ,
You're very welcome!
I would say basic authentication with username:AppPassword is simpler to implement as you don't need an extra API call to get the token, but both ways you have implemented it - app password or Oauth consumer - are valid ways for authenticating the request, so at the end it's up to your preference on which approach to use.
Thank you, @Bernardo García !
Patrik S
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.