Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,363,168
Community Members
 
Community Events
168
Community Groups

I want my pipeline to push a change to master when branch restrictions are in place.

I have branch restrictions in place that prevent team members from writing directly to master. However, I want my build pipeline to be able to push a commit to master (an updated version number). I have used the instructions for setting up OAuth authentication (https://confluence.atlassian.com/x/RlZcOQ?_ga=2.78864852.1541931979.1578323622-1080859748.1575482564) and included the relevant script in my pipeline. The OAuth instructions imply that the OAuth consumer operates on the authorizations specified when configuring the OAuth consumer and outside of the normal authorizations. However, I still get "Permission denied to update branch master."

How do I have a pipeline build push changes to master while restricting the development team from writing directly to master?

1 answer

1 accepted

1 vote
Answer accepted
Minh Tran Atlassian Team Jan 07, 2020

Hi @Joshua Tharp

 

  • In this scenario, you probably need a dedicated account for your pipeline. And you will grant "Write access" permission for that account only. See the UI below for further informatinminhtran83___daily-work-tools___Admin___Branch_permissions_—_Bitbucket.jpg

I hope this help.

Regards,

Minh

Minh Tran Atlassian Team Jan 07, 2020

@Joshua Tharp if my answer works for you, can you accept the answer? It will help other people having the same problem like you

How are the OAuth authorizations used if I need to create a user in order to perform this action? From the documentation it seems that the authorizations supersede any permissions I set on a given repository.

"If you repository has branch permissions enabled and you can’t commit back using the default configured http origin...We recommend using OAuth above all other methods, for security and compatibility with the http origin." (https://confluence.atlassian.com/bitbucket/push-back-to-your-repository-962352710.html)

Minh Tran Atlassian Team Jan 08, 2020

@Joshua Tharp i suggest you use the ssh key and use ssh:// url instead of http://

With that case, you can easily configured the public ssh key of predefined user that you use to commit code back to master branch and from the Linux instance having that account with the same public ssh key, you can easily commit changes + push back to master

OK, to summarize, the documentation that says we should use OAuth for this scenario is a red herring. Instead we need to have a bot user that we can give write permission to on Master.

Minh Tran Atlassian Team Jan 11, 2020

@Joshua Tharp Yes, it is

@Minh Tran I also spent a while stuck on this exact thing, because of the same misleading documentation. Is there any plan to update the docs?

Like # people like this

@Minh Tran  Yes, please update documentation. It is sending users like me in the wrong direction.

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events