Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

how to push back to master with branch permissions in place

Harmohan Singh
Harmohan Singh September 2, 2019

I have a step in my pipeline defined to increment the app version in package.json when a commit is tagged

```
tags: '*': #run for all tags

     - step: <<: *test

     - step:

          name: Increment the package version

          script:

               - npm version from-git -m "[skip ci] update package.json version"

               - git push origin HEAD:master
```

this would normally work but i also have branch permission set on my master branch. So, no body should be able to commit to master directly (and only by a pr)

I was thinking i could give only bitbucket-pipeline user write access to the master branch but I cant find bitbucket user 

 

Answer
Watch
Like Ram Vemuri likes this
355 views

2 answers

0 votes
Ram Vemuri
Ram Vemuri May 10, 2023

Update: I was able to get this working with keeping branch restrictions intact by creating a bitbucket login for CI and following the instructions here (which aren't very clear) -- Push back to your repository | Bitbucket Cloud | Atlassian Support

1) set up a login "cibuild"

For each repo that needs auto-increment:

2) give write permissions for cibuild user under repository permissions

3) give write to main permission for cibuild under branch restrictions 

You can also use a group for the step above. I created an eng-bots group with just 1 user in it and used that.

Next you'll need the pipeline to auth to git as your cibuild user to be able to write back.

4) under Repository Settings -> Pipelines -> SSH Keys, click generate SSH key, where bitbucket manages the private key. Copy the public key, and add it to the ssk keys list for the cibuild login. You'd do this per repo.

So your cibuild login will have one ssh pub key for each repo's pipeline, and have write access. 

Note that your bitbucket-pipelines.yml will have to stick to posix style scripting, unless you apt-get update and install anything else you need (eg: jq). I was able to manage with grep -E and sed -n -E.

Reply
0 votes
Ram Vemuri
Ram Vemuri May 10, 2023

Hello,

I have this exact situation. The right dev workflow is to have branch restriction on main/master to disallow writes and allow merge (with merge checks). To implement auto-version from the pipeline, I had to undo the branch restriction and allow write to main/master from any user.

Would love to find a way to keep the dev workflow restriction in place to not allow direct writes to main/master except from the bitbucket pipeline. Let me know if you found something.

Thanks

Ram

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events