Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,455,287
Community Members
 
Community Events
175
Community Groups

How do I grant write access to restricted brances via repo tokens?

Edited
Jake Esau
Jake Esau Jan 24, 2023

As part of a build process in Jenkins, we generate some IDs that need to be written back to a repository. Everything works fine until I try to push the commit with the new IDs back to the origin (bitbucket) on the main or production branches, which have branch restrictions to limit direct commits.

The Jenkins build uses a Repository Access Token to interact with the repo. I have tried to add that token to the "Only specific people or groups have write access" for the branch, but the e-mail, ID, etc. are not accepted as valid values.

Is there a way I can grant that token access to directly write to those branches? If not, is there another workaround I can use?

The specific error I'm getting (URLs removed):

+ git push origin
remote: Permission denied to update branch main.
To <Repo>
 ! [remote rejected] main -> main (pre-receive hook declined)
error: failed to push some refs to '<Repo>'

 The original looks like this:

git clone https://x-token-auth:<token>@bitbucket.org/<repo>

 I also run the line 

git config user.email <token-id>@bots.bitbucket.org

  

Answer
Watch
Like Be the first to like this
39 views

1 answer

1 accepted

0 votes
Answer accepted
Patrik S
Patrik S Atlassian Team Jan 26, 2023

Hello @Jake Esau ,

Thank you for reaching out to Atlassian Community!

Unfortunately, it's currently not possible to add the RAT "user" to branch restrictions. We do have a feature request to implement that functionality though, which you can access in the following link : 

I would suggest you to add your vote there, since this helps both developers and product managers to understand the interest. Also, make sure you add yourself as a watcher in case you want to receive first-hand updates from that ticket. Please note that all features are implemented with this policy in mind.

As for the workaround, since only users with valid bitbucket account can be added to branch restriction, you can think of the following options

  • Basic Auth : Use bitbucket username along with App Passwords. The app password needs to be created under a user account that has access to the repository being pushed.
  • SSH Auth : Use an  SSH key added to the account of a user that has access to the repository being pushed.

In case you don't want those credentials attached to a person on your team, you can create a new bitbucket account to be used as a "bot account", and create the App password or SSH key under that "bot" account and grant that account access to the repositories.

Hope that helps! Let me know in case you have any questions.

Thank you, @Jake Esau !

Patrik S

View More Comments
Jake Esau
Jake Esau Jan 26, 2023

Wish the answer was "Yes and here's how to do it" but at least I'm not the only one that wants it. I've added my vote to that request, I would suggest anyone else reading this do the same.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
TAGS

Atlassian Community Events

See all events