Hi Theodora,

Thank you for your reply.

The fact that the pipeline is triggered from the pipeline does not make a difference. The whole pipeline is executed as the develop user.

It also does not work when I try to push from my IDE or SourceTree as my own user. Not using pipelines at all.

When I set the restrictions like this:

I still get the following error:

<screenshot_redacted>

Again, without using pipelines.

The branch restritions are set on the project by the way

Hi Ron,

For Pipelines, it doesn't matter which user triggers the pipeline. This is irrelevant when you do a git push from Pipelines to a branch with branch restrictions. If you want your Pipelines build to do a git push to a branch with branch restrictions, you'll need to configure authentication for this push, with a user that is added to the branch restrictions.

Additional info on how to make this configuration is on the page I shared in my previous reply:

Possible ways to do that are explained in the following documentation, specifically in the sections SSH Key pair managed by Bitbucket Pipelines, SSH Key pair managed with variables, App secret:

• https://support.atlassian.com/bitbucket-cloud/docs/push-back-to-your-repository/

The three sections I mentioned are three different ways of configuring authentication for pushing from Pipelines.

Please be mindful that the username and app password of a user can be used to retrieve all repos a user has access to and SSH keys grant access to other repos this user has access to. You could use a separate user (that would serve the purpose of a bot account) that has limited access.

If you have any questions about the info on this documentation, please feel free to let me know.

With regards to SourceTree, the message typically occurs when branch restrictions are in place. I suggest checking the user authentication you have configured in SourceTree.

Based on the screenshot, I assume you are using SourceTree for Mac. First, open the repo in SourceTree, select the button Settings (top right corner) > select the tab Remotes and in there, check if the remote repo URL is an SSH or an HTTPS one.

Then, in the main SourceTree window (where the list of your repos is displayed), select the arrow next to the three dot circle > select Accounts. Edit the details of the account added there, and confirm (a) that the protocol matches with the protocol on the remote URL of your repo and (b) that the authentication details in there are for your Bitbucket user. If you use the SSH protocol, please ensure that the public SSH key that SourceTree is using, is added to your Bitbucket account here: https://bitbucket.org/account/settings/ssh-keys/.

Just a heads up, I removed the screenshot from your post to protect your privacy, as it was showing your repo details.

Kind regards,
Theodora

Hi Theodora,

I still can't get it to work :-(...

Followed the instructions. Created a ssh key in my repository and added that to the personal bitbucket settings of the development account. But the ssh key is not used by the pipeline .

What am I missing?
Many thanks for you help

Ron

Some extra information..
We trigger the pipeline from another pipeline using the pipeline and providing information.

So I would assume that the pripeline is executing in the context of the user starting the pipeline.

Do I need to provide additional info to this call? Is it using hhtp or ssh?

- pipe: atlassian/trigger-pipeline:5.8.1
  variables:
    CUSTOM_PIPELINE_NAME: build-release
    BITBUCKET_USERNAME: $BITBUCKET_USERNAME
    BITBUCKET_APP_PASSWORD: $BITBUCKET_APP_PASSWORD
    REPOSITORY: 'xxxxxxxxx'
    REF_TYPE: 'branch'
    REF_NAME: $BRANCH
    WAIT: 'true'
    PIPELINE_VARIABLES: >
      [{
        "key": "VERSION",
        "value": $VERSION
      },
      {
       "key": "MAINVERSION",
       "value": $VERSION
      }]

Hi Ron,

Thank you for the information.

The way you trigger the pipeline doesn't matter. You don't need to provide any additional info to the pipe. The user that triggers the pipeline doesn't have anything to do with the authentication for git push from Pipelines.

Followed the instructions. Created a ssh key in my repository and added that to the personal bitbucket settings of the development account. But the ssh key is not used by the pipeline .

What am I missing?

You can check the following three points:

1. Please double check that the Pipelines SSH key was generated in the repository where you run the build that does a git push (and not in a different repository). If that is the case, then that part is correct.

2. Please double check that the development account where you added the public SSH key is allowed (in the branch restrictions) to write to the branch you want to push.

The screenshots from the branch restrictions you shared earlier shows that only your Bitbucket account has write access to the branch. However, your account doesn't have any SSH keys.

You will need to do one of the following:

• either remove the SSH key from the development account and add it to your account
• or, if you want to keep the SSH key to the development account, then allow this account to write to the branch via branch restrictions

3. If the two points above are ok, you will then need to adjust the bitbucket-pipeline.yml file of the repo that does a git push, and add this command before the push command:

- git remote set-url origin ${BITBUCKET_GIT_SSH_ORIGIN}

This command is necessary so that the push command will use SSH and authenticate with the SSH key.

An example of a full bitbucket-pipeline.yml file from one of my repos is the following:

image: atlassian/default-image:4

pipelines:
  branches:
    main:
      - step:
          script:
            - git pull
            - echo "Made a change in build ${BITBUCKET_BUILD_NUMBER}" >> changes.txt
            - git add changes.txt
            - git commit -m "[skip ci] Updating changes.txt with the latest build number."
            - git remote set-url origin ${BITBUCKET_GIT_SSH_ORIGIN}
            - git push

If you're still facing issues, can you please confirm what is the status of the 3 points above and also what is the output of the git push command in your build now?

Kind regards,
Theodora

I got it to work!!!
Thank you for your help.
I must say.. it's not intuitive, but in the end I understand the way it's working..

That's good to hear, Ron, and you are very welcome. I'm glad you got it to work!

Please feel free to reach out if you ever need anything else!