Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,359,981
Community Members
 
Community Events
168
Community Groups

bitbucket-pipeline user permissions to write to master

Edited

Hi,

 

I want to give the bitbucket-pipelines user permissions to write to master. It should be allowed to push commits and tags. But, it's not possible to select the bitbucket-pipelines user in the Write access dropdown under Settings|Workflow|Branch Permissions even though the user exists and can write if I give Everybody permissions.

* e2e40b8 (HEAD -> master, tag: v0.1.2, origin/master, origin/HEAD) v0.1.2 bitbucket-pipelines, 9 minutes ago
* 66fc994 Merged in STOR-314-demo-branch (pull request #29) Anders Janmyr, 75 minutes ago
|\
| * ea873c7 STOR-

Screenshot 2019-09-13 at 11.35.18.png

How can I give permissions to the bitbucket-pipelines user while denying everyone else?

3 answers

Same problem. Still not possible. Seems like an easy solution, but still takes time for some reason? :/ Atlassian please!

1 vote

Hi Anders,

that is not necessary. Bitbucket Pipelines is preconfigured to push back to Git by default. There no need for further configuration :-) 

Take a look at this page in the documentation.

Greeting,

Max

Hi Max,

I seem to be having the same issue that Anders described.  Merges to master were successfully committing version # updates as part of the repository bitbucket-pipeline.  I restricted write access about a week ago, and now the automagic commits are rejected.  I didn't change any other build settings or scripts in between, just the branch permissions.

I would like

  1. any and every code change (by a person) to go through a Pull Request in order to get to the master branch
  2. automated code changes (by bitbucket-pipelines) to be allowed without review

As far as I have been able to find, I can only have one or the other of these; currently I cannot get both.  It seemed logical to me (and apparently also to Anders) to simply grant write access to the user 'bitbucket-pipelines' in order to achieve desired item #2 above.  But this user doesn't appear in the selection auto-fill and isn't allowed to be manually edited, so I'm stuck.

-Jeff

Screenshot from 2020-05-04 14-14-12.png

Merge2master-triggers-pipeline-commit.png

commit-success.pngcommit-rejected.png

Like # people like this

I have the exact same problem. I am looking for a precise solution for how to achieve this:

  1. Every code change (by a person) to go through a Pull Request in order to get to the master branch
  2. Automated code changes (by bitbucket-pipelines) to be allowed without review

This sounds like a common pattern. Atlassian, please give us a solution for this.

Like # people like this

I'm also having exactly the same problem, no solution yet!

Like # people like this

I have the same need to require devs to push via PR but allow the pipeline to push directly. I followed the steps in that document, even tried creating an OAuth consumer, but still getting permission denied.

Like # people like this
Like Svein Are Grønsund likes this

I have the same problem

Like Svein Are Grønsund likes this

Same issue here. I really don't want to give everyone write permission to the branch responsible for pushing out builds, but guess I have to.

Same here, any update on this ?

Atlassian! This is a common request and I am running into the same thing. This makes me want to move to GitLab! Get on it!

Like # people like this

Atlassian is just ignoring this obvious issue, even though the community has provided a clear solution.

The steps for allowing to push back commit from pipeline is well documented here. 

https://support.atlassian.com/bitbucket-cloud/docs/push-back-to-your-repository/ 

If you do setup Branch permissions on master or any branch and want to push back changes via pipeline, then you will need to setup using OAuth/ SSH Keys as described in the second half of the article. 

Have tried this to verify it works :) 

I have tried it, and it only works if you enable write permissions to the branch from an account and then setup the remote in the pipelines using that account oauth/keys.

What all these users above (including me) want is to not make a "bot" account or grant any user write permissions, and still have a way to write from bitbucket pipelines.

Like Jason Wicker likes this

Just wondering... won't adding a bot account add a 5$/month fee on the bill on top of being useless? I mean, if that's the case, it doesn't make sense at all from a customer point of view...

Like Jason Harrison likes this

Tried the recommended Oauth2 solution.  Was able to get the auth token, and set the git url.  However subsequently pushing still did not go through.

remote: Permission denied to update branch master.
To https://bitbucket.org/myname/myrepo
! [remote rejected] master -> master (pre-receive hook declined)
error: failed to push some refs to 'https://x-token-auth:mytoken@bitbucket.org/myname/myrepo'

@Rajat Goyal  any idea what is wrong. 

Discovered the Oauth token has an associated user whose name is $BITBUCKET_REPO_OWNER.  The Bitbucket API  can be used to get the current user name in the pipeline.  The API can also be used to give this user write access on any branch, i.e. master.  If so, the pipeline can manage the permissions of this user and thereby allow permit the push back to repo on master.  It would be nice if this user was available for selection in the Edit Branch Permissions Modal.

Like # people like this

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

Git push size limits are coming to Bitbucket Cloud starting April 4th, 2022

Beginning on April 4th, we will be implementing push limits. This means that your push cannot be completed if it is over 3.5 GB. If you do attempt to complete a push that is over 3.5 GB, it will fail...

3,457 views 3 10
Read article

Atlassian Community Events