It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Sign up for free Log in

Atlassian Community Hero Image Collage

Community
Products
Bitbucket
Questions
I want my pipeline to push a change to master when branch restrictions are in place.

I want my pipeline to push a change to master when branch restrictions are in place.

I have branch restrictions in place that prevent team members from writing directly to master. However, I want my build pipeline to be able to push a commit to master (an updated version number). I have used the instructions for setting up OAuth authentication (https://confluence.atlassian.com/x/RlZcOQ?_ga=2.78864852.1541931979.1578323622-1080859748.1575482564) and included the relevant script in my pipeline. The OAuth instructions imply that the OAuth consumer operates on the authorizations specified when configuring the OAuth consumer and outside of the normal authorizations. However, I still get "Permission denied to update branch master."

How do I have a pipeline build push changes to master while restricting the development team from writing directly to master?

1 answer

1 accepted

1 vote

Answer accepted

Hi @Joshua Tharp

In this scenario, you probably need a dedicated account for your pipeline. And you will grant "Write access" permission for that account only. See the UI below for further informatin

I hope this help.

Regards,

Minh

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

@Joshua Tharp if my answer works for you, can you accept the answer? It will help other people having the same problem like you

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

How are the OAuth authorizations used if I need to create a user in order to perform this action? From the documentation it seems that the authorizations supersede any permissions I set on a given repository.

"If you repository has branch permissions enabled and you can’t commit back using the default configured http origin...We recommend using OAuth above all other methods, for security and compatibility with the http origin." (https://confluence.atlassian.com/bitbucket/push-back-to-your-repository-962352710.html)

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

@Joshua Tharp i suggest you use the ssh key and use ssh:// url instead of http://

With that case, you can easily configured the public ssh key of predefined user that you use to commit code back to master branch and from the Linux instance having that account with the same public ssh key, you can easily commit changes + push back to master

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

OK, to summarize, the documentation that says we should use OAuth for this scenario is a red herring. Instead we need to have a bot user that we can give write permission to on Master.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

@Joshua Tharp Yes, it is

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

@Minh Tran I also spent a while stuck on this exact thing, because of the same misleading documentation. Is there any plan to update the docs?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • James likes this

Reply

Suggest an answer

Log in or Sign up to answer

Was this helpful?

Thanks!

TAGS