Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to use bitbucket-build-statistics pipe with IP whitelisting on private repos?

Tim Apps
Tim Apps October 29, 2023

Hi team,

I've been using the bitbucket-build-statistics pipe as useful way to keep track of build minute usage. Recently IP whitelisting was introduced and since this point I am having issues running the pipe due to access errors. For example this can be seen in a log excerpt:

Digest: sha256:296360af316a2d15e07b4348cd26ba7af67c15f9266bddcb1e8ccad84ed75d6f
Status: Downloaded newer image for bitbucketpipelines/bitbucket-build-statistics:1.4.0
DEBUG: Starting new HTTPS connection (1): bitbucket.org:443
DEBUG: https://bitbucket.org:443 "GET /bitbucketpipelines/official-pipes/raw/master/pipes.prod.json HTTP/1.1" 200 None
INFO: Executing the pipe...
INFO: Bitbucket workspace: xxxx
INFO: Bitbucket repository list: xxxx/yyyy
INFO: File Name: build_usage_10_29_2023_484.txt
INFO: Output file format: table
INFO: Build days: 30
INFO: Debug: True
DEBUG: Starting new HTTPS connection (1): api.bitbucket.org:443
DEBUG: https://api.bitbucket.org:443 "GET /2.0/repositories/xxxx/yyyy/pipelines/?sort=-created_on&page=1&pagelen=100 HTTP/1.1" 403 102
✖ 403 Client Error: Forbidden for url: https://api.bitbucket.org/2.0/repositories/xxxx/yyyy/pipelines/?sort=-created_on&page=1&pagelen=100

I had been using an access token (and setting BITBUCKET_ACCESS_TOKEN appropriately) successfully until the point where IP whitelisting was implementated, however I now encounter http 403 forbidden errors when running the pipe (as per above logs).

Does anyone have any advice on alternate configurations that may work when IP whitelisting is applied?

Perhaps it a satisfactory approach would be to apply the trusted Bitbucket Cloud IP addresses as discussed here -> https://support.atlassian.com/bitbucket-cloud/docs/what-are-the-bitbucket-cloud-ip-addresses-i-should-use-to-configure-my-corporate-firewall/ ?

Any advice greatly appreciated.

Sincerely, Tim

 

Answer
Watch
Like abhishek.pandey likes this
574 views

1 answer

1 accepted

1 vote
Answer accepted
Syahrul
Syahrul
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 30, 2023

G'day @Tim Apps 

You'll be required to allow the following IPs for API requests if you have the IP Allowlisting feature enabled:

  • 104.192.136.0/21

  • 185.166.140.0/22

  • 18.205.93.0/25

  • 18.234.32.128/25

  • 13.52.5.0/25

Once added, this should no longer block your build statistic pipe request as it uses API requests.

Regards,
Syahrul

View More Comments
Tim Apps
Tim Apps October 31, 2023

Thanks @Syahrul , makes sense. I will try that out and apply these ranges with our team this weekend.

Would you expect whitelisting of ranges to have an immediate effect, or does it usually take a short period of time to propagate?

Regards, Tim

Like
Syahrul
Syahrul
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 31, 2023

Hi Tim,

Usually, it's pretty quick but it won't take more than 30 minutes after the new IPs have been added.

Regards,
Syahrul

Like # people like this
stanley.chilton-v
stanley.chilton-v
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 5, 2023

Hey @Syahrul , we seem to still be encountering an issue with these pipelines, we have whitelisted the suggested IP how ever are still encountering the below error messages.

+ git archive -o licence.tar --remote=git@bitbucket.org:xxxx/xx-docker.git HEAD bin/yyyy/license/yyyy2.lic

Warning: Permanently added the ECDSA host key for IP address '18.205.93.2' to the list of known hosts.

To access this repository, an admin must whitelist your IP.

fatal: the remote end hung up unexpectedly

As well as the original one in this Thread in two of these pipelines

unsure what IP its asking to be whitelisted but 18.205.93.0/25 should cover 18.205.93.2 range wise.

do you have any other suggested IP's that should be whitelisted or a way to debug the IP that is being rejected?

Like
Syahrul
Syahrul
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 5, 2023

Hi @stanley.chilton-v 

Noted. I have created a support ticket to investigate further, please find the tickets at our support portal:

https://support.atlassian.com/requests/

Regards,
Syahrul

Like # people like this
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

    See all events