bitbucket-pipeline user permissions to write to master

https://community.atlassian.com/t5/Bitbucket-questions/Re-bitbucket-pipeline-user-permissions-to-write-to-master/qaq-p/2816685/comment-id/107889#M107889

Hi Max,

I seem to be having the same issue that Anders described.  Merges to master were successfully committing version # updates as part of the repository bitbucket-pipeline.  I restricted write access about a week ago, and now the automagic commits are rejected.  I didn't change any other build settings or scripts in between, just the branch permissions.

I would like

1. any and every code change (by a person) to go through a Pull Request in order to get to the master branch
2. automated code changes (by bitbucket-pipelines) to be allowed without review

As far as I have been able to find, I can only have one or the other of these; currently I cannot get both.  It seemed logical to me (and apparently also to Anders) to simply grant write access to the user 'bitbucket-pipelines' in order to achieve desired item #2 above.  But this user doesn't appear in the selection auto-fill and isn't allowed to be manually edited, so I'm stuck.

-Jeff

I have the exact same problem. I am looking for a precise solution for how to achieve this:

1. Every code change (by a person) to go through a Pull Request in order to get to the master branch
2. Automated code changes (by bitbucket-pipelines) to be allowed without review

This sounds like a common pattern. Atlassian, please give us a solution for this.

I'm also having exactly the same problem, no solution yet!

I have the same need to require devs to push via PR but allow the pipeline to push directly. I followed the steps in that document, even tried creating an OAuth consumer, but still getting permission denied.

Same issue here.

I have the same problem

Same issue here. I really don't want to give everyone write permission to the branch responsible for pushing out builds, but guess I have to.

Same issue

+1

Same here, any update on this ?

Atlassian! This is a common request and I am running into the same thing. This makes me want to move to GitLab! Get on it!

Atlassian is just ignoring this obvious issue, even though the community has provided a clear solution.

Seriously Atlassian, this is something so technical fundamental and important to setup proper versioning via a technical user and until today I cannot find some resourceful documentation about how to handle this.

I spent now about 3 hours without any form of progress and I wished I could write you a bill for those hours or obtain any kind of compensation, because I will talk about this with my therapist.

Absolutely not understandable fromm the the perspective of prices you offer for your "service". 

I could have simply played Elden Ring or any Dark Souls game and would have had a more rewarded feeling in those hours.

There are dozens of stack overflow articles asking the same questions, plenty of people write here that they have the same issue since 2020 and you did not get the documentation done in all this time. Great example of customer support ...

Pls take the hate I am spilling right now as a reflection of the quality of your documentation and I hope I can make other people feeling the same way somehow feeling understood/heard. 

I totally agree with Maurizio, this is really fundamental and I can't believe there is no straight forward way for doing this...

This is not what you expect from a software company, and it should be prioritized in your backlog to be implemented ASAP.

@Max Binnewies Seriously still no solution 4 years later...?

holymoly.... Still no solution? damn you guys suck.

Wait until you find out they do not have first party support for terraform, unlike their competitors Github and Gitlab.

It is very clear bitbucket is taking the same route as Bamboo, which became so awful they released bitbucket as a fix.

Anything outside of Jira for atlassian just doesn't get any love.

But in case we were working on a payment repository .... this approach would not oblige me to pay more on a monthly basis?

It will. But it could be only one user for all repos.

I used this approach for free subscriptions and in Atlassian (I'm data eng here). In previous company we used another product (not even github).

Sad that team cannot deliver this feature from the box, but I suppose 99% of resources they spend for support. Destiny of any huge product.

I have tried it, and it only works if you enable write permissions to the branch from an account and then setup the remote in the pipelines using that account oauth/keys.

What all these users above (including me) want is to not make a "bot" account or grant any user write permissions, and still have a way to write from bitbucket pipelines.

Just wondering... won't adding a bot account add a 5$/month fee on the bill on top of being useless? I mean, if that's the case, it doesn't make sense at all from a customer point of view...

Tried the recommended Oauth2 solution.  Was able to get the auth token, and set the git url.  However subsequently pushing still did not go through.

remote: Permission denied to update branch master.
  To https://bitbucket.org/myname/myrepo
  ! [remote rejected] master -> master (pre-receive hook declined)
error: failed to push some refs to 'https://x-token-auth:mytoken@bitbucket.org/myname/myrepo'

@Rajat Goyal  any idea what is wrong. 

Discovered the Oauth token has an associated user whose name is $BITBUCKET_REPO_OWNER.  The Bitbucket API  can be used to get the current user name in the pipeline.  The API can also be used to give this user write access on any branch, i.e. master.  If so, the pipeline can manage the permissions of this user and thereby allow permit the push back to repo on master.  It would be nice if this user was available for selection in the Edit Branch Permissions Modal.