Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Trigger last pipeline using the API

Edited

Hello, I want to trigger a pipeline from one repository of my organization using the API.

I had a look at this post and this documentation but it doesn't seem to work. 

So I went to https://bitbucket.org/account/settings/app-passwords/ and I created an app password with all the rights (I guess I just need "write" on "pipeline" but this is just for testing).

Then I used this curl command:

curl -X POST -is -u <user@organization.com>:<myapppassword> \
-H 'Content-Type: application/json' \
  https://api.bitbucket.org/2.0/repositories/<organization>/<repo>/pipelines/ \
-d '
{
"target": {
"ref_type": "branch",
"type": "pipeline_ref_target",
"ref_name": "master"
}
}'


But it gives me a 401 error.

if I use my account password, the query is successful and it triggers the pipeline.

For obvious security reasons I don't want to use my password to trigger a pipeline through a script, but just a token I can revoke at any time.

Any idea how I can trigger the pipeline using the API? 

 

1 answer

0 votes

Hi @Francois

Thank you for your question!

It's a good case for trigger-pipeline pipe.

To use this pipe, you need to generate an app password. Remember to check the Pipelines Write and Repositories Read permissions when generating the app password. If you want to trigger a pipeline in a repository owned by a team account, make sure you have the correct access to the repository.

This pipe will trigger the branch pipeline for master in your-awesome-repo. This pipeline will continue, without waiting for the triggered pipeline to complete.

script:
  - pipe: atlassian/trigger-pipeline:4.2.1
    variables:
      BITBUCKET_USERNAME: $BITBUCKET_USERNAME
      BITBUCKET_APP_PASSWORD: $BITBUCKET_APP_PASSWORD
      REPOSITORY: 'your-awesome-repo'

Or 

This pipe will trigger the branch pipeline for master in your-awesome-repo that is owned by the teams-in-space Bitbucket account.

script:
  - pipe: atlassian/trigger-pipeline:4.2.1
    variables:
      BITBUCKET_USERNAME: $BITBUCKET_USERNAME
      BITBUCKET_APP_PASSWORD: $BITBUCKET_APP_PASSWORD
      REPOSITORY: 'your-awesome-repo'
      ACCOUNT: 'teams-in-space'


To discover more pipes, visit our Bitbucket Pipes Marketplace.

 

Cheers,
Oleksandr Kyrdan

Hello Oleksandr,

Thank you for your answer, but I am interested to make it work with Curl, or any other HTTP clients (As we use it to trigger the pipeline from a Laravel application). I don't plan to trigger the pipeline from another pipeline.

Creating an app password with the Pipelines Write and Repositories Read permissions don't seem to be enough as I get a 401 response from Nginx.

HTTP/2 401
server: nginx
vary: Origin
www-authenticate: Basic realm="Bitbucket.org HTTP"
cache-control: no-cache, no-store, must-revalidate, max-age=0
content-type: text/html; charset=utf-8

I have full access to the repository I want to trigger the pipeline, as I can modify the settings of the pipeline or any repository settings.

Is there another step to do as the repository is under a team workspace? Having global rights on the team workspace?

Best Regards,
François
 

@Francois 

Please take a look at trigger pipeline pipe source code under the hood, as it's open sourced )

Here are payload structure and parameters required for programmatically API interaction from the Python code.

Note! Remember to check the Pipelines Write and Repositories Read permissions when generating the app password.

If you have right permissions to the team workspace app password should work.

 

Cheers,
Oleksandr Kyrdan

So, I managed to make it work with the same CuRL request as the one posted earlier, but with:
username: "<name><lastname>" of the creator of the team
password: app password generated by the creator of the team, with Pipelines Write and Repositories Read permissions.

I don't get why we can't create API token at a repository level, using a user account for it doesn't make sense when we trigger the pipeline from an application.

Furthermore, the token gives access to every repository of the user, which is way too extensive, it should be possible to restrict the token to only 1 repo.

If the token is compromised, anyone can trigger pipelines for the whole organization...

Regards,
Francois

@Francois  thanks, good suggestion.

It's a good practice to rotate generated secrets periodically.

As an alternative you could use an OAuth consumer on Bitbucket Cloud.

If you’d like to suggest feature to improve, please, find the appropriate ticket in the list of existing tickets, vote for them or create a new suggestion request with type Suggestion.

 

Best regards,
Oleksandr Kyrdan

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

📣 Calling Bitbucket Data Center customers to participate in research

Hi everyone, Are you Bitbucket DC customer? If so, we'd love to talk to you! Our team wants to dive deep to understand your long-term plans regarding Bitbucket DC and Atlassian Cloud. Do you plan...

168 views 2 4
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you