Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Only allow pipeline to push into master?

Christoph Grimmer
Christoph Grimmer
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
August 31, 2018

We are using semantic release in our pipeline which means that after merging a branch the pipeline has to push a new commit with a version tag. This seems to be only possible if Everybody is allowed to push to master which we do not want.

Is there a way to explicitly allow the pipeline to push to master?

Answer
Watch
Like Be the first to like this
2214 views

2 answers

0 votes
Oleg Sigida
Oleg Sigida
Contributor
October 3, 2018

what worked for me
1) create a dedicated user for BB Pipeline, f. ex ROBOT

2) create private and public ssh keys for it, update the user with the key

3) go to settings->branch permission-> add -> branch name: master; merge via PR : ROBOT or write access: ROBOT (depends on what you actually want); make sure nobody else has access

4) go to settings-> SSH keys (under pipeline settings) -> use my own keys -> add private and public key of the ROBOT from step 2

now very easy, but worked for me

Reply
0 votes
Steven Vaccarella
Steven Vaccarella
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 13, 2018

Hi Christoph,

Could you explain in a bit more detail why everyone would need permission to push to master in your current setup?

Unfortunately Pipelines doesn't yet have a great solution for pushing back to the repository and the resources for working out how to do so are fragmented but I believe it should be possible to do what you want using ssh keys and environment variables.

https://confluence.atlassian.com/bitbucket/use-ssh-keys-in-bitbucket-pipelines-847452940.html

https://bitbucket.org/site/master/issues/13213/push-back-to-remote-from-pipelines

I'll see if I can do something about creating a more cohesive guide for how to do this.

Cheers,
Steven

View More Comments
Christoph Grimmer
Christoph Grimmer
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 18, 2018

Hi Steven,

when using semantic release the pipeline has to be able to push a new commit containing the version tag after a branch has been merged into master. This works as long as the master has no push restrictions. Since the pipeline uses an anonymous ssh key we cannot explicitly allow the pipeline to exclusively push to master short of spending the money to create a pipeline user. 

This leaves us with the option to not push to master as a policy which went wrong once already.

Like
Steven Vaccarella
Steven Vaccarella
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 20, 2018

Ok thanks for clarifying. I'm not aware of a way to do this currently without creating a separate user account for use by the pipeline. If you like you can create a feature request here: https://bitbucket.org/site/master/issues

 

Highly voted feature requests are an important source of information for us when planning new features.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.