Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

I want my pipeline to push a change to master when branch restrictions are in place.

Deleted user January 7, 2020

I have branch restrictions in place that prevent team members from writing directly to master. However, I want my build pipeline to be able to push a commit to master (an updated version number). I have used the instructions for setting up OAuth authentication (https://confluence.atlassian.com/x/RlZcOQ?_ga=2.78864852.1541931979.1578323622-1080859748.1575482564) and included the relevant script in my pipeline. The OAuth instructions imply that the OAuth consumer operates on the authorizations specified when configuring the OAuth consumer and outside of the normal authorizations. However, I still get "Permission denied to update branch master."

How do I have a pipeline build push changes to master while restricting the development team from writing directly to master?

Answer
Watch
Like # people like this
1383 views

1 answer

1 accepted

1 vote
Answer accepted
Minh Tran
Minh Tran
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 7, 2020

Hi @[deleted]

 

  • In this scenario, you probably need a dedicated account for your pipeline. And you will grant "Write access" permission for that account only. See the UI below for further informatinminhtran83___daily-work-tools___Admin___Branch_permissions_—_Bitbucket.jpg

I hope this help.

Regards,

Minh

View More Comments
Minh Tran
Minh Tran
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 7, 2020

@[deleted] if my answer works for you, can you accept the answer? It will help other people having the same problem like you

Like
Deleted user January 8, 2020

How are the OAuth authorizations used if I need to create a user in order to perform this action? From the documentation it seems that the authorizations supersede any permissions I set on a given repository.

"If you repository has branch permissions enabled and you can’t commit back using the default configured http origin...We recommend using OAuth above all other methods, for security and compatibility with the http origin." (https://confluence.atlassian.com/bitbucket/push-back-to-your-repository-962352710.html)

Like
Minh Tran
Minh Tran
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 8, 2020

@[deleted] i suggest you use the ssh key and use ssh:// url instead of http://

With that case, you can easily configured the public ssh key of predefined user that you use to commit code back to master branch and from the Linux instance having that account with the same public ssh key, you can easily commit changes + push back to master

Like
Deleted user January 10, 2020

OK, to summarize, the documentation that says we should use OAuth for this scenario is a red herring. Instead we need to have a bot user that we can give write permission to on Master.

Like
Minh Tran
Minh Tran
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 11, 2020

@[deleted] Yes, it is

Like
Caleb Miracle
Caleb Miracle November 12, 2020

@Minh Tran I also spent a while stuck on this exact thing, because of the same misleading documentation. Is there any plan to update the docs?

Like # people like this
Brendan Miller
Brendan Miller March 8, 2022

@Minh Tran  Yes, please update documentation. It is sending users like me in the wrong direction.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events