We build and release from commit tags. In order to manage production releases we want to enforce that a tagged build only runs if it is already merged into master.
Is there a way with either branch restrictions or via pipelines to check that the tagged commit is part of the master branch?
Hello @Alex White ,
You could use git to validate if the tag that triggered the pipeline is contained in the master branch, and if not, abort the build with a failure status.
Following is an example pipeline step using this concept :
pipelines:
tags:
'*':
- step:
clone:
depth: full
script:
- git branch -a --contains tags/$BITBUCKET_TAG | grep master
- <rest of your commands>
The git branch command will return all the branches, including the remote branches (-a) that contain the tag name present in the environment variable $BITBUCKET_TAG. This environment variable will have the name of the tag that triggered the build. Then we do a grep in the list returned by git branch looking for the branch named master.
If grep finds a branch named master, it will return an exit code 0 (success) making the pipeline proceed to the next commands. However, if grep does not find any occurrence of master it will return an exit code 1 (failure) and make the pipeline abort with a failure status.
Also, the clone:depth: full in the step is important because by default pipelines only do a shallow clone (partial) of the repository and it does not include other branches. In this case, since we are looking at all the branches a tag is part of, a full clone is necessary.
You can use that approach to verify if the tag that triggered the pipeline is contained in the master branch.
Hope that helps! Let me know in case you have any questions.
Thank you, @Alex White !
Patrik S
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.