Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,359,795
Community Members
 
Community Events
168
Community Groups

Trigger last pipeline using the API

Edited

Hello, I want to trigger a pipeline from one repository of my organization using the API.

I had a look at this post and this documentation but it doesn't seem to work. 

So I went to https://bitbucket.org/account/settings/app-passwords/ and I created an app password with all the rights (I guess I just need "write" on "pipeline" but this is just for testing).

Then I used this curl command:

curl -X POST -is -u <user@organization.com>:<myapppassword> \
-H 'Content-Type: application/json' \
  https://api.bitbucket.org/2.0/repositories/<organization>/<repo>/pipelines/ \
-d '
{
"target": {
"ref_type": "branch",
"type": "pipeline_ref_target",
"ref_name": "master"
}
}'


But it gives me a 401 error.

if I use my account password, the query is successful and it triggers the pipeline.

For obvious security reasons I don't want to use my password to trigger a pipeline through a script, but just a token I can revoke at any time.

Any idea how I can trigger the pipeline using the API? 

 

1 answer

0 votes

Hi @Francois

Thank you for your question!

It's a good case for trigger-pipeline pipe.

To use this pipe, you need to generate an app password. Remember to check the Pipelines Write and Repositories Read permissions when generating the app password. If you want to trigger a pipeline in a repository owned by a team account, make sure you have the correct access to the repository.

This pipe will trigger the branch pipeline for master in your-awesome-repo. This pipeline will continue, without waiting for the triggered pipeline to complete.

script:
  - pipe: atlassian/trigger-pipeline:4.2.1
    variables:
      BITBUCKET_USERNAME: $BITBUCKET_USERNAME
      BITBUCKET_APP_PASSWORD: $BITBUCKET_APP_PASSWORD
      REPOSITORY: 'your-awesome-repo'

Or 

This pipe will trigger the branch pipeline for master in your-awesome-repo that is owned by the teams-in-space Bitbucket account.

script:
  - pipe: atlassian/trigger-pipeline:4.2.1
    variables:
      BITBUCKET_USERNAME: $BITBUCKET_USERNAME
      BITBUCKET_APP_PASSWORD: $BITBUCKET_APP_PASSWORD
      REPOSITORY: 'your-awesome-repo'
      ACCOUNT: 'teams-in-space'


To discover more pipes, visit our Bitbucket Pipes Marketplace.

 

Cheers,
Oleksandr Kyrdan

Hello Oleksandr,

Thank you for your answer, but I am interested to make it work with Curl, or any other HTTP clients (As we use it to trigger the pipeline from a Laravel application). I don't plan to trigger the pipeline from another pipeline.

Creating an app password with the Pipelines Write and Repositories Read permissions don't seem to be enough as I get a 401 response from Nginx.

HTTP/2 401
server: nginx
vary: Origin
www-authenticate: Basic realm="Bitbucket.org HTTP"
cache-control: no-cache, no-store, must-revalidate, max-age=0
content-type: text/html; charset=utf-8

I have full access to the repository I want to trigger the pipeline, as I can modify the settings of the pipeline or any repository settings.

Is there another step to do as the repository is under a team workspace? Having global rights on the team workspace?

Best Regards,
François
 

@Francois 

Please take a look at trigger pipeline pipe source code under the hood, as it's open sourced )

Here are payload structure and parameters required for programmatically API interaction from the Python code.

Note! Remember to check the Pipelines Write and Repositories Read permissions when generating the app password.

If you have right permissions to the team workspace app password should work.

 

Cheers,
Oleksandr Kyrdan

So, I managed to make it work with the same CuRL request as the one posted earlier, but with:
username: "<name><lastname>" of the creator of the team
password: app password generated by the creator of the team, with Pipelines Write and Repositories Read permissions.

I don't get why we can't create API token at a repository level, using a user account for it doesn't make sense when we trigger the pipeline from an application.

Furthermore, the token gives access to every repository of the user, which is way too extensive, it should be possible to restrict the token to only 1 repo.

If the token is compromised, anyone can trigger pipelines for the whole organization...

Regards,
Francois

@Francois  thanks, good suggestion.

It's a good practice to rotate generated secrets periodically.

As an alternative you could use an OAuth consumer on Bitbucket Cloud.

If you’d like to suggest feature to improve, please, find the appropriate ticket in the list of existing tickets, vote for them or create a new suggestion request with type Suggestion.

 

Best regards,
Oleksandr Kyrdan

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

Git push size limits are coming to Bitbucket Cloud starting April 4th, 2022

Beginning on April 4th, we will be implementing push limits. This means that your push cannot be completed if it is over 3.5 GB. If you do attempt to complete a push that is over 3.5 GB, it will fail...

3,449 views 3 10
Read article

Atlassian Community Events