You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
Next: Root
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
(My first post, please let me know where i can make feature requests!)
Are there any plans to add Project-level variables to Bitbucket Pipelines?
I use variables to configure AWS access keys, and since i develop a lot of microservices it can be a pain to maintain an IAM user for each repository. On the other hand, I don't want to have one set of credentials for my entire Bitbucket team since it is not good practice to have an all-powerful set of credentials that can take down your whole environment if compromised. Was thinking Project-level would be the ideal compromise.
As a workaround, i came up with the following script against the Bitbucket API (requires curl and jq, a bitbucket App password associated with your user from your personal settings). This sets (or resets) the same variable on every repo in a project.
The code below sepcifically helps me set AWS credentials, but you could change to any variables
#!/bin/bash
API_BASE_URL=https://api.bitbucket.org/2.0
if [ -z "$BBUSERNAME" ]; then
echo "Missing required environment variable BBUSERNAME"
exit 1
fi
if [ -z "$BBSECRET" ]; then
echo "Missing required environment variable BBSECRET"
exit 1
fi
read -p "Workspace: " API_WORKSPACE
read -p "Project Key: " PROJECT_KEY
read -p "AWS Access Key ID: " AWS_ACCESS_KEY_ID
read -p "AWS Secret Access Key: " AWS_SECRET_ACCESS_KEY
projects=$(curl -s -X GET -u $BBUSERNAME:$BBSECRET "$API_BASE_URL/repositories/$API_WORKSPACE?q=project.key=\"$PROJECT_KEY\"")
nextpage=$(echo $projects | jq -r '.next')
update_variable() {
repo_slug=$1
key=$2
value=$3
secured=$4
uuid=$5
uuid=${uuid:1:36}
if [ -n "$uuid" ]; then
curl -s -X PUT -u $BBUSERNAME:$BBSECRET -H 'Content-Type: application/json' \
"$API_BASE_URL/repositories/$API_WORKSPACE/$repo_slug/pipelines_config/variables/\{$uuid\}" \
-d "{\"uuid\": \"$uuid\", \"key\": \"$key\", \"value\": \"$value\", \"secured\": $secured }" \
> /dev/null
else
curl -s -X POST -u $BBUSERNAME:$BBSECRET -H 'Content-Type: application/json' \
"$API_BASE_URL/repositories/$API_WORKSPACE/$repo_slug/pipelines_config/variables/" \
-d "{\"key\": \"$key\", \"value\": \"$value\", \"secured\" : $secured }" \
> /dev/null
fi
}
set_variables() {
while read -r repo_slug; do
pipeline_enabled=$(curl -s -X GET -u $BBUSERNAME:$BBSECRET "$API_BASE_URL/repositories/$API_WORKSPACE/$repo_slug/pipelines_config" | jq -r '.enabled')
if [ "$pipeline_enabled" = "true" ]; then
echo "Updating variables for $repo_slug"
variables=$(curl -s -X GET -u $BBUSERNAME:$BBSECRET "$API_BASE_URL/repositories/$API_WORKSPACE/$repo_slug/pipelines_config/variables/")
access_key_id_var_uuid=$(echo $variables | jq -r '.values[] | select(.key=="AWS_ACCESS_KEY_ID") | .uuid')
secret_access_key_var_uuid=$(echo $variables | jq -r '.values[] | select(.key=="AWS_SECRET_ACCESS_KEY") | .uuid')
update_variable $repo_slug "AWS_ACCESS_KEY_ID" $AWS_ACCESS_KEY_ID "false" $access_key_id_var_uuid
update_variable $repo_slug "AWS_SECRET_ACCESS_KEY" $AWS_SECRET_ACCESS_KEY "true" $secret_access_key_var_uuid
fi
done < <(echo $projects | jq -r '.values[] | .slug')
}
set_variables
while [ -n "$nextpage" ]; do
projects=$(curl -s -X GET -u $BBUSERNAME:$BBSECRET $nextpage)
nextpage=$(echo $projects | jq -r '.next')
set_variables
done
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Nice one @sah-lazos : consider your own answer accepted.
For people who have the same or similar questions, some additional advice:
Always go to https://support.atlassian.com/
In particular click on Suggestions and Bugs: https://jira.atlassian.com/secure/Dashboard.jspa?selectPageId=10440
This is everything and anything to do with Bug fixing of Atlassian Products and Feature requests!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.