Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Pipelines permissions and conditions

Luc Debliquis
Luc Debliquis
Contributor
July 26, 2017

Hello,

 

First, congratz to the team for such a good feature, very quick and easy to implement a full ci/cd cycle with pipelines.

 

2 questions:

1. I want to add a manual (custom) pipeline run in the yml file.
How can i restrict permissions on who is allowed to run this custom build ?

 

2. I want this build to be runable only on the master branch, how can i limit this ?
I am thinking of a custom step, and checking the $BITBUCKET_BRANCH in the yml..
But there might be an easier way ?

 

Thanks,

 

Luc

 

Answer
Watch
Like # people like this
13327 views

6 answers

1 accepted

1 vote
Answer accepted
Philip Hodder
Philip Hodder
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 9, 2019

Hello,

Bitbucket Pipelines now provides the ability to place restrictions on triggering Deployment Steps. Right now you can restrict them to only being triggered by repository administrators, and/or on a specific branch.

For example, you could set a production deployment to only be able to be triggered by a repository admin off the 'master' branch.

You can configure them in your repository settings, in the Deployments tab.

Have a look here for more information: https://bitbucket.org/blog/deployment-permissions-now-available-in-bitbucket-pipelines

Thanks,

Phil

Reply
3 votes
Daniel Whatmuff
Daniel Whatmuff
Contributor
January 16, 2018

Ability to restrict permissions for manual/custom pipelines would be a massive help for us..

Reply
1 vote
Juan Pablo Vega
Juan Pablo Vega
Contributor
March 7, 2019

+1 for access control on custom pipelines

+1 for branch-dependent or branch-restricted custom pipelines

Reply
1 vote
Anil Kumar
Anil Kumar
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 30, 2018

We can do something like this . We can manually force pipeline to fail.

 

pipelines: 
     custom: 
        stage-search-app: 
          - step: caches: - node 
               script: 
                    - if [[ $BITBUCKET_BRANCH != develop ]]; then exit 1 ; fi
View More Comments
etiennecaldichourypys
etiennecaldichourypys March 6, 2019

Good suggestion.

But the problem is that every developer would be able to modify it on a feature branch and thus trigger the build from this branch

Like
Juan Pablo Vega
Juan Pablo Vega
Contributor
March 7, 2019

You could use Pull-Requests from feature branches, and then code reviews. But yeah, it's not ideal.

Like
Reply
1 vote
Luc Debliquis
Luc Debliquis
Contributor
September 4, 2017

someone ??

Reply
0 votes
Md Mehrab Alam
Md Mehrab Alam
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 30, 2017

@Luc Debliquis u got any solution

View More Comments
Luc Debliquis
Luc Debliquis
Contributor
December 1, 2017

For permissions, no. No answer at all.. great.

For branch selection, i added a step with a custom bash script that validates the branch name (sent as parameter by pipelines to the script)

- sh deploy/pipelines-validate-branch.sh $BITBUCKET_BRANCH demo

 

script:

 

#!/bin/bash
# expects the source branch as first parameter, and the target environment as 2nd
echo "source branch: " $1
echo "target environment: " $2
# can only deploy master on master
if [ $2 = "master" -a $1 != "master" ];
then 
 echo "Deployment on master is not allowed from the branch $1 (only from master)" 
exit 1
fi 
# can deploy dev and master on demo
if [ $2 = "demo" -a $1 != "master" -a $1 != "dev" ];
then 
 echo "Deployment on demo is not allowed from the branch $1 (only from dev and master)" 
 exit 1
fi 
# other manual deploy will fail
if [ $1 != "dev" -a $1 != "master" ];
then 
 echo "Manual deployment is not possible from this branch (only from dev and master)" 
 exit 1
fi
Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events