How to set branch restriction allowed for bitbucket pipeline only?

Daniel Song April 24, 2023

I am working on a library and I want the pipeline to build and update the package version when the main branch is updated.

That being said bitbucket pipeline pushes the code to the main branch to update the package version.

I want the bitbucket pipeline the only one who can push the code to main branch directly in order to prevent humans to make direct changes.

But I can't find bitbucket pipeline in the branch restrictions and the pipeline fails to push code when the restriction is set.

How can I set the branch restriction?

1 answer

0 votes
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 25, 2023

Hello @Daniel Song ,

Welcome to the Community! 

Unfortunately, it's not currently possible to select the pipeline user when setting up the branch restrictions. We do have a feature request to implement this functionality, which you can find in the following link : 

I would encourage you to add your vote there to give it reactions and help our development team to understand the interest. Feel free to add yourself as a Watcher as well, so you will be notified whenever there's any update on that feature.

While that feature is not available, a possible workaround would be to create a new bitbucket account to act like a "bot" account that you can use as part of your pipeline to authenticate any git activity or API calls. You would need to grant that bot account permissions to your repository, and its use should also be available to be added to the branch restriction.

Then, you could create an App password under the bot account and use it along with the bot account's username as the credentials to authenticate the git push during your pipeline. The following command would need to be added to your pipeline's script, before the git push command, to set the new credentials to be used by git: 

git remote set-url origin "https://${BOT_USERNAME}:${BOT_APP_PASSWORD}@bitbucket.org/${BITBUCKET_WORKSPACE}/${BITBUCKET_REPO_SLUG}"

The example above consider the creation of Workspace or Repository variables named BOT_USERNAME and BOT_APP_PASSWORD that contains the credentials of the bot account. The variables BITBUCKET_WORKSPACE and BITBUCKET_REPO_SLUG are already populated by default (see Pipelines default variables)

Hope that helps! Let me know in case you have any questions.

Thank you, @Daniel Song !

Patrik S

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events