bitbucket-pipeline user permissions to write to master

Anders Janmyr
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
September 13, 2019

Hi,

 

I want to give the bitbucket-pipelines user permissions to write to master. It should be allowed to push commits and tags. But, it's not possible to select the bitbucket-pipelines user in the Write access dropdown under Settings|Workflow|Branch Permissions even though the user exists and can write if I give Everybody permissions.

* e2e40b8 (HEAD -> master, tag: v0.1.2, origin/master, origin/HEAD) v0.1.2 bitbucket-pipelines, 9 minutes ago
* 66fc994 Merged in STOR-314-demo-branch (pull request #29) Anders Janmyr, 75 minutes ago
|\
| * ea873c7 STOR-

Screenshot 2019-09-13 at 11.35.18.png

How can I give permissions to the bitbucket-pipelines user while denying everyone else?

4 answers

7 votes
dlapcenko
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 6, 2020

Same problem. Still not possible. Seems like an easy solution, but still takes time for some reason? :/ Atlassian please!

Alexey Sanko
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 19, 2024
1 vote
Max Binnewies
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 22, 2020

Hi Anders,

that is not necessary. Bitbucket Pipelines is preconfigured to push back to Git by default. There no need for further configuration :-) 

Take a look at this page in the documentation.

Greeting,

Max

Jeff Chard
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
May 4, 2020

Hi Max,

I seem to be having the same issue that Anders described.  Merges to master were successfully committing version # updates as part of the repository bitbucket-pipeline.  I restricted write access about a week ago, and now the automagic commits are rejected.  I didn't change any other build settings or scripts in between, just the branch permissions.

I would like

  1. any and every code change (by a person) to go through a Pull Request in order to get to the master branch
  2. automated code changes (by bitbucket-pipelines) to be allowed without review

As far as I have been able to find, I can only have one or the other of these; currently I cannot get both.  It seemed logical to me (and apparently also to Anders) to simply grant write access to the user 'bitbucket-pipelines' in order to achieve desired item #2 above.  But this user doesn't appear in the selection auto-fill and isn't allowed to be manually edited, so I'm stuck.

-Jeff

Screenshot from 2020-05-04 14-14-12.png

Merge2master-triggers-pipeline-commit.png

commit-success.pngcommit-rejected.png

Like # people like this
Svein Are Grønsund
Contributor
May 13, 2020

I have the exact same problem. I am looking for a precise solution for how to achieve this:

  1. Every code change (by a person) to go through a Pull Request in order to get to the master branch
  2. Automated code changes (by bitbucket-pipelines) to be allowed without review

This sounds like a common pattern. Atlassian, please give us a solution for this.

Like # people like this
Doug_Copestake
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
June 16, 2020

I'm also having exactly the same problem, no solution yet!

Like # people like this
Caleb Miracle
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
November 10, 2020

I have the same need to require devs to push via PR but allow the pipeline to push directly. I followed the steps in that document, even tried creating an OAuth consumer, but still getting permission denied.

Like # people like this
Calixto Gonzalez
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
November 16, 2020

Same issue here.

Like Svein Are Grønsund likes this
Andrey Borovin
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
November 19, 2020

I have the same problem

Like Svein Are Grønsund likes this
Jacob Heuman
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
January 8, 2021

Same issue here. I really don't want to give everyone write permission to the branch responsible for pushing out builds, but guess I have to.

Fredrik Ryden
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
March 26, 2021

Same issue

atbrummelhuis
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
May 20, 2021

+1

Saurabh Kalantri September 5, 2021

Same here, any update on this ?

JSON
Contributor
January 3, 2022

Atlassian! This is a common request and I am running into the same thing. This makes me want to move to GitLab! Get on it!

Like # people like this
Wesley Flynn
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
May 11, 2022

Atlassian is just ignoring this obvious issue, even though the community has provided a clear solution.

maurizio.bono
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
January 19, 2023

Seriously Atlassian, this is something so technical fundamental and important to setup proper versioning via a technical user and until today I cannot find some resourceful documentation about how to handle this.

I spent now about 3 hours without any form of progress and I wished I could write you a bill for those hours or obtain any kind of compensation, because I will talk about this with my therapist.

Absolutely not understandable fromm the the perspective of prices you offer for your "service". 

I could have simply played Elden Ring or any Dark Souls game and would have had a more rewarded feeling in those hours.

There are dozens of stack overflow articles asking the same questions, plenty of people write here that they have the same issue since 2020 and you did not get the documentation done in all this time. Great example of customer support ...

Pls take the hate I am spilling right now as a reflection of the quality of your documentation and I hope I can make other people feeling the same way somehow feeling understood/heard. 

Like # people like this
Manuel.Renner
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
February 22, 2023

I totally agree with Maurizio, this is really fundamental and I can't believe there is no straight forward way for doing this...

This is not what you expect from a software company, and it should be prioritized in your backlog to be implemented ASAP.

Tomer Horowitz September 26, 2023

@Max Binnewies Seriously still no solution 4 years later...?

Raveen Abeywickrama
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
September 25, 2024

holymoly.... Still no solution? damn you guys suck.

nickb
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
September 26, 2024

Wait until you find out they do not have first party support for terraform, unlike their competitors Github and Gitlab.

It is very clear bitbucket is taking the same route as Bamboo, which became so awful they released bitbucket as a fix.

 

Anything outside of Jira for atlassian just doesn't get any love.

0 votes
Alexey Sanko
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 19, 2024
  1. Create new bot user in Atlassian
  2. Add to repository with write permissions: "Repository permissions" -> Add user or group.
  3. Give user write permission to master. "Branch restriction" -> By branch name -> master -> Only specific people or groups have write access -> add bot user below
  4. Login into Atlassian with this user and generate App password 
  5. Add to repository variables password generated above as secured variable with name APP_PASSWORD (or any better according bot name)
  6. Add before `git push` app secret usage as in push back document. At the end of doc. Or by example.

Enjoy how your pipeline can push to master, when others cannot.

ralvareznaru
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
September 25, 2024

But in case we were working on a payment repository .... this approach would not oblige me to pay more on a monthly basis?

Like Raveen Abeywickrama likes this
Alexey Sanko
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 25, 2024

It will. But it could be only one user for all repos.

I used this approach for free subscriptions and in Atlassian (I'm data eng here). In previous company we used another product (not even github).

Sad that team cannot deliver this feature from the box, but I suppose 99% of resources they spend for support. Destiny of any huge product.

0 votes
Rajat Goyal
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 28, 2021

The steps for allowing to push back commit from pipeline is well documented here. 

https://support.atlassian.com/bitbucket-cloud/docs/push-back-to-your-repository/ 

If you do setup Branch permissions on master or any branch and want to push back changes via pipeline, then you will need to setup using OAuth/ SSH Keys as described in the second half of the article. 

Have tried this to verify it works :) 

Ramlah_Aziz
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
February 14, 2022

I have tried it, and it only works if you enable write permissions to the branch from an account and then setup the remote in the pipelines using that account oauth/keys.

What all these users above (including me) want is to not make a "bot" account or grant any user write permissions, and still have a way to write from bitbucket pipelines.

Like # people like this
Deleted user March 7, 2022

Just wondering... won't adding a bot account add a 5$/month fee on the bill on top of being useless? I mean, if that's the case, it doesn't make sense at all from a customer point of view...

Like # people like this
Meyer Auslander
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
March 30, 2022

Tried the recommended Oauth2 solution.  Was able to get the auth token, and set the git url.  However subsequently pushing still did not go through.

remote: Permission denied to update branch master.
To https://bitbucket.org/myname/myrepo
! [remote rejected] master -> master (pre-receive hook declined)
error: failed to push some refs to 'https://x-token-auth:mytoken@bitbucket.org/myname/myrepo'

@Rajat Goyal  any idea what is wrong. 

Meyer Auslander
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
March 31, 2022

Discovered the Oauth token has an associated user whose name is $BITBUCKET_REPO_OWNER.  The Bitbucket API  can be used to get the current user name in the pipeline.  The API can also be used to give this user write access on any branch, i.e. master.  If so, the pipeline can manage the permissions of this user and thereby allow permit the push back to repo on master.  It would be nice if this user was available for selection in the Edit Branch Permissions Modal.

Like # people like this

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events