Pipelines: Authentication failed for 'https://x-token-auth:{access_token}@bitbucket.org/.../'

Jens Bannmann October 25, 2016

In my Bitbucket Pipelines build, I want to delete a branch using

git push origin --delete $BITBUCKET_BRANCH

But then I get the following error:

Pipelines: Authentication failed for 'https://x-token-auth:{access_token}@bitbucket.org/.../'

How can I set up my Pipelines build so that it can push to origin?

I assume one could generate an SSH key, put that inside the docker image (or inside the repo, encrypted) and add that to a Bitbucket account. However, I guess there may be an easier way you guys had in mind for this scenario.

4 answers

0 votes
John Johnson March 17, 2020

After looking at my old comment and trying to figure it out now. I've found that the way I suggested above is most likely very insecure as anyone with access to the repo can use all priviledges of your account and as long as they have write priviledge in your repo. For a more secure way this article should hopefully help you or anyone else with this problem: https://confluence.atlassian.com/bitbucket/push-back-to-your-repository-962352710.html#OAuth

As an example it has the following first way below to push changes to a repo, note that the commit message has  `[skip ci]` at the beggining. I think adding the `[skip ci]` at the beggining of the commit message is one of the important ways to push properly to your own repo within bitbucket pipelines as outlined in the above docs speaking of the [skip ci] message it says:

 

Use [skip ci] when you are pushing back to your repository. This will stop pipelines triggering on the new commit and avoid an eternal loop!

 

pipelines:
  default:
    - step:
        script:
        - echo "Made a change in build ${BITBUCKET_BUILD_NUMBER}" >> changes.txt
        - git add changes.txt
        - git commit -m "[skip ci] Updating changes.txt with latest build number."
        - git push 

 

And since the original question was asking how to delete a branch I provide the below code that will delete a branch named FOO.

 

pipelines:
  default:
    - step:
        script:
        - echo "Made a change in build ${BITBUCKET_BUILD_NUMBER}" >> changes.txt
        - git add changes.txt
        - git commit -m "[skip ci] Updating changes.txt with latest build number."
        - git push origin --delete FOO

 

0 votes
Václav Vodička March 7, 2017

Add this to your pipelines - git remote set-url origin https://{bitbucket_username}:{bitbucket_password}@bitbucket.org/../

John Johnson June 8, 2017

EDIT AND WARNING: Looking back on this now I know that this is probably a very insecure way to do this as it says when you set these variables anyone with write access to any of your repos has access to these variables. See my answer over here for a more up to date/secure way to push to your repo.

If you do this you would want to make sure your bitbucket_username and bitbucket_password are in environment variables that are marked as secure in your link like so.

https://$BITBUCKET_USERNAME:$BITBUCKET_PASSWORD@bitbucket.org/../

and then add BITBUCKET_USERNAME and BITBUCKET_PASSWORD as environment variables in your repo's or the account that own's the repo's settings under Environment variables. When setting these environment variables you can select them to be secure by checking a check box. This will prevent someone from seeing them as output in the pipeline's log.

Like # people like this
Renato Cassino March 16, 2020

How can I do to hide my BITBUCKET_USERNAME and BITBUCKET_PASSWORD?

 

Because I setted as secure and tried to print in screen:

- echo $BITBUCKET_USERNAME

 

And returned an empty string

I tried to add this:

git remote set-url origin "https://$BITBUCKET_USERNAME:$BITBUCKET_PASSWORD@bitbucket.org/$BITBUCKET_REPO_FULL_NAME.git"

 

And doesnt work :/

John Johnson March 17, 2020

Hey @Renato Cassino after researching a bit I have found there is a much better way to do this than I previously suggested. Checkout my answer here on this question. Anyways hope that helps you. :)

0 votes
Jens Bannmann November 15, 2016

Unfortunately not. I suspect one could do something with OAuth tokens, but I can't seem to find information for this exact use case.

0 votes
StuartAshworth November 15, 2016

Hi Jens, did you ever figure this out? I'm experiencing this same thing...

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events