Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,363,168
Community Members
 
Community Events
168
Community Groups

I want my pipeline to push a change to master when branch restrictions are in place.

Joshua Tharp
Joshua Tharp Jan 07, 2020

I have branch restrictions in place that prevent team members from writing directly to master. However, I want my build pipeline to be able to push a commit to master (an updated version number). I have used the instructions for setting up OAuth authentication (https://confluence.atlassian.com/x/RlZcOQ?_ga=2.78864852.1541931979.1578323622-1080859748.1575482564) and included the relevant script in my pipeline. The OAuth instructions imply that the OAuth consumer operates on the authorizations specified when configuring the OAuth consumer and outside of the normal authorizations. However, I still get "Permission denied to update branch master."

How do I have a pipeline build push changes to master while restricting the development team from writing directly to master?

Answer
Watch
Like # people like this
609 views

1 answer

1 accepted

1 vote
Answer accepted
Minh Tran
Minh Tran Atlassian Team Jan 07, 2020

Hi @Joshua Tharp

 

  • In this scenario, you probably need a dedicated account for your pipeline. And you will grant "Write access" permission for that account only. See the UI below for further informatinminhtran83___daily-work-tools___Admin___Branch_permissions_—_Bitbucket.jpg

I hope this help.

Regards,

Minh

View More Comments
Minh Tran
Minh Tran Atlassian Team Jan 07, 2020

@Joshua Tharp if my answer works for you, can you accept the answer? It will help other people having the same problem like you

Like
Joshua Tharp
Joshua Tharp Jan 08, 2020

How are the OAuth authorizations used if I need to create a user in order to perform this action? From the documentation it seems that the authorizations supersede any permissions I set on a given repository.

"If you repository has branch permissions enabled and you can’t commit back using the default configured http origin...We recommend using OAuth above all other methods, for security and compatibility with the http origin." (https://confluence.atlassian.com/bitbucket/push-back-to-your-repository-962352710.html)

Like
Minh Tran
Minh Tran Atlassian Team Jan 08, 2020

@Joshua Tharp i suggest you use the ssh key and use ssh:// url instead of http://

With that case, you can easily configured the public ssh key of predefined user that you use to commit code back to master branch and from the Linux instance having that account with the same public ssh key, you can easily commit changes + push back to master

Like
Joshua Tharp
Joshua Tharp Jan 10, 2020

OK, to summarize, the documentation that says we should use OAuth for this scenario is a red herring. Instead we need to have a bot user that we can give write permission to on Master.

Like
Minh Tran
Minh Tran Atlassian Team Jan 11, 2020

@Joshua Tharp Yes, it is

Like
Caleb Miracle
Caleb Miracle Nov 12, 2020

@Minh Tran I also spent a while stuck on this exact thing, because of the same misleading documentation. Is there any plan to update the docs?

Like # people like this
Brendan Miller
Brendan Miller Mar 08, 2022

@Minh Tran  Yes, please update documentation. It is sending users like me in the wrong direction.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS

Atlassian Community Events

See all events