It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Pipelines permissions and conditions

Hello,

 

First, congratz to the team for such a good feature, very quick and easy to implement a full ci/cd cycle with pipelines.

 

2 questions:

1. I want to add a manual (custom) pipeline run in the yml file.
How can i restrict permissions on who is allowed to run this custom build ?

 

2. I want this build to be runable only on the master branch, how can i limit this ?
I am thinking of a custom step, and checking the $BITBUCKET_BRANCH in the yml..
But there might be an easier way ?

 

Thanks,

 

Luc

 

6 answers

1 accepted

0 votes
Answer accepted

Hello,

Bitbucket Pipelines now provides the ability to place restrictions on triggering Deployment Steps. Right now you can restrict them to only being triggered by repository administrators, and/or on a specific branch.

For example, you could set a production deployment to only be able to be triggered by a repository admin off the 'master' branch.

You can configure them in your repository settings, in the Deployments tab.

Have a look here for more information: https://bitbucket.org/blog/deployment-permissions-now-available-in-bitbucket-pipelines

Thanks,

Phil

Ability to restrict permissions for manual/custom pipelines would be a massive help for us..

someone ??

We can do something like this . We can manually force pipeline to fail.

 

pipelines: 
custom:
stage-search-app:
-
step: caches: - node
script:
-
if [[ $BITBUCKET_BRANCH != develop ]]; then exit 1 ; fi

Good suggestion.

But the problem is that every developer would be able to modify it on a feature branch and thus trigger the build from this branch

You could use Pull-Requests from feature branches, and then code reviews. But yeah, it's not ideal.

@Luc Debliquis u got any solution

For permissions, no. No answer at all.. great.

For branch selection, i added a step with a custom bash script that validates the branch name (sent as parameter by pipelines to the script)

- sh deploy/pipelines-validate-branch.sh $BITBUCKET_BRANCH demo

 

script:

 

#!/bin/bash
# expects the source branch as first parameter, and the target environment as 2nd
echo "source branch: " $1
echo "target environment: " $2
# can only deploy master on master
if [ $2 = "master" -a $1 != "master" ];
then
echo
"Deployment on master is not allowed from the branch $1 (only from master)"
exit 1
fi
# can deploy dev and master on demo
if [ $2 = "demo" -a $1 != "master" -a $1 != "dev" ];
then
echo
"Deployment on demo is not allowed from the branch $1 (only from dev and master)"
exit 1
fi
# other manual deploy will fail
if [ $1 != "dev" -a $1 != "master" ];
then
echo
"Manual deployment is not possible from this branch (only from dev and master)"
exit 1
fi

+1 for access control on custom pipelines

+1 for branch-dependent or branch-restricted custom pipelines

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Bitbucket

Atlassian supported Jenkins integration for Bitbucket Server

We’ve been building a plugin to integrate Bitbucket Server and Jenkins CI, and I’m excited to announce that our alpha is ready to download and install. It lets you seamlessly configure a Jenkins job ...

436 views 0 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you