You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
I have a step in my pipeline defined to increment the app version in package.json when a commit is tagged
tags: '*': #run for all tags
- step: <<: *test
name: Increment the package version
- npm version from-git -m "[skip ci] update package.json version"
- git push origin HEAD:master
this would normally work but i also have branch permission set on my master branch. So, no body should be able to commit to master directly (and only by a pr)
I was thinking i could give only bitbucket-pipeline user write access to the master branch but I cant find bitbucket user
Update: I was able to get this working with keeping branch restrictions intact by creating a bitbucket login for CI and following the instructions here (which aren't very clear) -- Push back to your repository | Bitbucket Cloud | Atlassian Support
1) set up a login "cibuild"
For each repo that needs auto-increment:
2) give write permissions for cibuild user under repository permissions
3) give write to main permission for cibuild under branch restrictions
You can also use a group for the step above. I created an eng-bots group with just 1 user in it and used that.
Next you'll need the pipeline to auth to git as your cibuild user to be able to write back.
4) under Repository Settings -> Pipelines -> SSH Keys, click generate SSH key, where bitbucket manages the private key. Copy the public key, and add it to the ssk keys list for the cibuild login. You'd do this per repo.
So your cibuild login will have one ssh pub key for each repo's pipeline, and have write access.
Note that your bitbucket-pipelines.yml will have to stick to posix style scripting, unless you apt-get update and install anything else you need (eg: jq). I was able to manage with grep -E and sed -n -E.
I have this exact situation. The right dev workflow is to have branch restriction on main/master to disallow writes and allow merge (with merge checks). To implement auto-version from the pipeline, I had to undo the branch restriction and allow write to main/master from any user.
Would love to find a way to keep the dev workflow restriction in place to not allow direct writes to main/master except from the bitbucket pipeline. Let me know if you found something.