(My first post, please let me know where i can make feature requests!)
Are there any plans to add Project-level variables to Bitbucket Pipelines?
I use variables to configure AWS access keys, and since i develop a lot of microservices it can be a pain to maintain an IAM user for each repository. On the other hand, I don't want to have one set of credentials for my entire Bitbucket team since it is not good practice to have an all-powerful set of credentials that can take down your whole environment if compromised. Was thinking Project-level would be the ideal compromise.
Nice one @sah-lazos : consider your own answer accepted.
For people who have the same or similar questions, some additional advice:
Always go to https://support.atlassian.com/
In particular click on Suggestions and Bugs: https://jira.atlassian.com/secure/Dashboard.jspa?selectPageId=10440
This is everything and anything to do with Bug fixing of Atlassian Products and Feature requests!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
As a workaround, i came up with the following script against the Bitbucket API (requires curl and jq, a bitbucket App password associated with your user from your personal settings). This sets (or resets) the same variable on every repo in a project.
The code below sepcifically helps me set AWS credentials, but you could change to any variables
#!/bin/bash
API_BASE_URL=https://api.bitbucket.org/2.0
if [ -z "$BBUSERNAME" ]; then
echo "Missing required environment variable BBUSERNAME"
exit 1
fi
if [ -z "$BBSECRET" ]; then
echo "Missing required environment variable BBSECRET"
exit 1
fi
read -p "Workspace: " API_WORKSPACE
read -p "Project Key: " PROJECT_KEY
read -p "AWS Access Key ID: " AWS_ACCESS_KEY_ID
read -p "AWS Secret Access Key: " AWS_SECRET_ACCESS_KEY
projects=$(curl -s -X GET -u $BBUSERNAME:$BBSECRET "$API_BASE_URL/repositories/$API_WORKSPACE?q=project.key=\"$PROJECT_KEY\"")
nextpage=$(echo $projects | jq -r '.next')
update_variable() {
repo_slug=$1
key=$2
value=$3
secured=$4
uuid=$5
uuid=${uuid:1:36}
if [ -n "$uuid" ]; then
curl -s -X PUT -u $BBUSERNAME:$BBSECRET -H 'Content-Type: application/json' \
"$API_BASE_URL/repositories/$API_WORKSPACE/$repo_slug/pipelines_config/variables/\{$uuid\}" \
-d "{\"uuid\": \"$uuid\", \"key\": \"$key\", \"value\": \"$value\", \"secured\": $secured }" \
> /dev/null
else
curl -s -X POST -u $BBUSERNAME:$BBSECRET -H 'Content-Type: application/json' \
"$API_BASE_URL/repositories/$API_WORKSPACE/$repo_slug/pipelines_config/variables/" \
-d "{\"key\": \"$key\", \"value\": \"$value\", \"secured\" : $secured }" \
> /dev/null
fi
}
set_variables() {
while read -r repo_slug; do
pipeline_enabled=$(curl -s -X GET -u $BBUSERNAME:$BBSECRET "$API_BASE_URL/repositories/$API_WORKSPACE/$repo_slug/pipelines_config" | jq -r '.enabled')
if [ "$pipeline_enabled" = "true" ]; then
echo "Updating variables for $repo_slug"
variables=$(curl -s -X GET -u $BBUSERNAME:$BBSECRET "$API_BASE_URL/repositories/$API_WORKSPACE/$repo_slug/pipelines_config/variables/")
access_key_id_var_uuid=$(echo $variables | jq -r '.values[] | select(.key=="AWS_ACCESS_KEY_ID") | .uuid')
secret_access_key_var_uuid=$(echo $variables | jq -r '.values[] | select(.key=="AWS_SECRET_ACCESS_KEY") | .uuid')
update_variable $repo_slug "AWS_ACCESS_KEY_ID" $AWS_ACCESS_KEY_ID "false" $access_key_id_var_uuid
update_variable $repo_slug "AWS_SECRET_ACCESS_KEY" $AWS_SECRET_ACCESS_KEY "true" $secret_access_key_var_uuid
fi
done < <(echo $projects | jq -r '.values[] | .slug')
}
set_variables
while [ -n "$nextpage" ]; do
projects=$(curl -s -X GET -u $BBUSERNAME:$BBSECRET $nextpage)
nextpage=$(echo $projects | jq -r '.next')
set_variables
done
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.