Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,455,287
Community Members
 
Community Events
175
Community Groups

How do I grant write access to restricted brances via repo tokens?

Edited

As part of a build process in Jenkins, we generate some IDs that need to be written back to a repository. Everything works fine until I try to push the commit with the new IDs back to the origin (bitbucket) on the main or production branches, which have branch restrictions to limit direct commits.

The Jenkins build uses a Repository Access Token to interact with the repo. I have tried to add that token to the "Only specific people or groups have write access" for the branch, but the e-mail, ID, etc. are not accepted as valid values.

Is there a way I can grant that token access to directly write to those branches? If not, is there another workaround I can use?

The specific error I'm getting (URLs removed):

+ git push origin
remote: Permission denied to update branch main.
To <Repo>
 ! [remote rejected] main -> main (pre-receive hook declined)
error: failed to push some refs to '<Repo>'

 The original looks like this:

git clone https://x-token-auth:<token>@bitbucket.org/<repo>

 I also run the line 

git config user.email <token-id>@bots.bitbucket.org

  

1 answer

1 accepted

0 votes
Answer accepted
Patrik S Atlassian Team Jan 26, 2023

Hello @Jake Esau ,

Thank you for reaching out to Atlassian Community!

Unfortunately, it's currently not possible to add the RAT "user" to branch restrictions. We do have a feature request to implement that functionality though, which you can access in the following link : 

I would suggest you to add your vote there, since this helps both developers and product managers to understand the interest. Also, make sure you add yourself as a watcher in case you want to receive first-hand updates from that ticket. Please note that all features are implemented with this policy in mind.

As for the workaround, since only users with valid bitbucket account can be added to branch restriction, you can think of the following options

  • Basic Auth : Use bitbucket username along with App Passwords. The app password needs to be created under a user account that has access to the repository being pushed.
  • SSH Auth : Use an  SSH key added to the account of a user that has access to the repository being pushed.

In case you don't want those credentials attached to a person on your team, you can create a new bitbucket account to be used as a "bot account", and create the App password or SSH key under that "bot" account and grant that account access to the repositories.

Hope that helps! Let me know in case you have any questions.

Thank you, @Jake Esau !

Patrik S

Wish the answer was "Yes and here's how to do it" but at least I'm not the only one that wants it. I've added my vote to that request, I would suggest anyone else reading this do the same.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS

Atlassian Community Events