bitbucket-pipeline user permissions to write to master

Anders Janmyr September 13, 2019

Hi,

 

I want to give the bitbucket-pipelines user permissions to write to master. It should be allowed to push commits and tags. But, it's not possible to select the bitbucket-pipelines user in the Write access dropdown under Settings|Workflow|Branch Permissions even though the user exists and can write if I give Everybody permissions.

* e2e40b8 (HEAD -> master, tag: v0.1.2, origin/master, origin/HEAD) v0.1.2 bitbucket-pipelines, 9 minutes ago
* 66fc994 Merged in STOR-314-demo-branch (pull request #29) Anders Janmyr, 75 minutes ago
|\
| * ea873c7 STOR-

Screenshot 2019-09-13 at 11.35.18.png

How can I give permissions to the bitbucket-pipelines user while denying everyone else?

3 answers

7 votes
dlapcenko July 6, 2020

Same problem. Still not possible. Seems like an easy solution, but still takes time for some reason? :/ Atlassian please!

1 vote
Max Binnewies
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 22, 2020

Hi Anders,

that is not necessary. Bitbucket Pipelines is preconfigured to push back to Git by default. There no need for further configuration :-) 

Take a look at this page in the documentation.

Greeting,

Max

Jeff Chard May 4, 2020

Hi Max,

I seem to be having the same issue that Anders described.  Merges to master were successfully committing version # updates as part of the repository bitbucket-pipeline.  I restricted write access about a week ago, and now the automagic commits are rejected.  I didn't change any other build settings or scripts in between, just the branch permissions.

I would like

  1. any and every code change (by a person) to go through a Pull Request in order to get to the master branch
  2. automated code changes (by bitbucket-pipelines) to be allowed without review

As far as I have been able to find, I can only have one or the other of these; currently I cannot get both.  It seemed logical to me (and apparently also to Anders) to simply grant write access to the user 'bitbucket-pipelines' in order to achieve desired item #2 above.  But this user doesn't appear in the selection auto-fill and isn't allowed to be manually edited, so I'm stuck.

-Jeff

Screenshot from 2020-05-04 14-14-12.png

Merge2master-triggers-pipeline-commit.png

commit-success.pngcommit-rejected.png

Like # people like this
Svein Are Grønsund May 13, 2020

I have the exact same problem. I am looking for a precise solution for how to achieve this:

  1. Every code change (by a person) to go through a Pull Request in order to get to the master branch
  2. Automated code changes (by bitbucket-pipelines) to be allowed without review

This sounds like a common pattern. Atlassian, please give us a solution for this.

Like # people like this
Doug_Copestake June 16, 2020

I'm also having exactly the same problem, no solution yet!

Like # people like this
Caleb Miracle November 10, 2020

I have the same need to require devs to push via PR but allow the pipeline to push directly. I followed the steps in that document, even tried creating an OAuth consumer, but still getting permission denied.

Like # people like this
Calixto Gonzalez November 16, 2020

Same issue here.

Like Svein Are Grønsund likes this
Andrey Borovin November 19, 2020

I have the same problem

Like Svein Are Grønsund likes this
Jacob Heuman January 8, 2021

Same issue here. I really don't want to give everyone write permission to the branch responsible for pushing out builds, but guess I have to.

Fredrik Ryden March 26, 2021

Same issue

atbrummelhuis May 20, 2021

+1

Saurabh Kalantri September 5, 2021

Same here, any update on this ?

JSON January 3, 2022

Atlassian! This is a common request and I am running into the same thing. This makes me want to move to GitLab! Get on it!

Like # people like this
Wesley Flynn May 11, 2022

Atlassian is just ignoring this obvious issue, even though the community has provided a clear solution.

maurizio_bono January 19, 2023

Seriously Atlassian, this is something so technical fundamental and important to setup proper versioning via a technical user and until today I cannot find some resourceful documentation about how to handle this.

I spent now about 3 hours without any form of progress and I wished I could write you a bill for those hours or obtain any kind of compensation, because I will talk about this with my therapist.

Absolutely not understandable fromm the the perspective of prices you offer for your "service". 

I could have simply played Elden Ring or any Dark Souls game and would have had a more rewarded feeling in those hours.

There are dozens of stack overflow articles asking the same questions, plenty of people write here that they have the same issue since 2020 and you did not get the documentation done in all this time. Great example of customer support ...

Pls take the hate I am spilling right now as a reflection of the quality of your documentation and I hope I can make other people feeling the same way somehow feeling understood/heard. 

Like # people like this
Manuel.Renner February 22, 2023

I totally agree with Maurizio, this is really fundamental and I can't believe there is no straight forward way for doing this...

This is not what you expect from a software company, and it should be prioritized in your backlog to be implemented ASAP.

Tomerh2001 September 26, 2023

@Max Binnewies Seriously still no solution 4 years later...?

0 votes
Rajat Goyal July 28, 2021

The steps for allowing to push back commit from pipeline is well documented here. 

https://support.atlassian.com/bitbucket-cloud/docs/push-back-to-your-repository/ 

If you do setup Branch permissions on master or any branch and want to push back changes via pipeline, then you will need to setup using OAuth/ SSH Keys as described in the second half of the article. 

Have tried this to verify it works :) 

Ramlah_Aziz February 14, 2022

I have tried it, and it only works if you enable write permissions to the branch from an account and then setup the remote in the pipelines using that account oauth/keys.

What all these users above (including me) want is to not make a "bot" account or grant any user write permissions, and still have a way to write from bitbucket pipelines.

Like # people like this
Deleted user March 7, 2022

Just wondering... won't adding a bot account add a 5$/month fee on the bill on top of being useless? I mean, if that's the case, it doesn't make sense at all from a customer point of view...

Like # people like this
Meyer Auslander March 30, 2022

Tried the recommended Oauth2 solution.  Was able to get the auth token, and set the git url.  However subsequently pushing still did not go through.

remote: Permission denied to update branch master.
To https://bitbucket.org/myname/myrepo
! [remote rejected] master -> master (pre-receive hook declined)
error: failed to push some refs to 'https://x-token-auth:mytoken@bitbucket.org/myname/myrepo'

@Rajat Goyal  any idea what is wrong. 

Meyer Auslander March 31, 2022

Discovered the Oauth token has an associated user whose name is $BITBUCKET_REPO_OWNER.  The Bitbucket API  can be used to get the current user name in the pipeline.  The API can also be used to give this user write access on any branch, i.e. master.  If so, the pipeline can manage the permissions of this user and thereby allow permit the push back to repo on master.  It would be nice if this user was available for selection in the Edit Branch Permissions Modal.

Like # people like this

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events