Push back to your repository

If you want to make changes to your repository from within your pipeline, you can push your changes back. We recommend using an http git origin, which we set for you by default. As it's preconfigured, pushing back using http will work seamlessly.

Use [skip ci] when you are pushing back to your repository. This will stop pipelines triggering on the new commit and avoid an eternal loop!

Origin variables

There are 2 default variables in pipelines, to contain the http and ssh origin urls:

  • ${BITBUCKET_GIT_HTTP_ORIGIN}
  • ${BITBUCKET_GIT_SSH_ORIGIN}

You can use these when the origin needs to be passed through to scripts or other tools that are invoked in your pipeline.

Push examples:

Committing a changes to a branch

If you need to dynamically make changes to your repository from within your pipeline, this kind of script will do that for you:

pipelines:
  default:
    - step:
        script:
        - echo "Made a change in build ${BITBUCKET_BUILD_NUMBER}" >> changes.txt
        - git add changes.txt
        - git commit -m "[skip ci] Updating changes.txt with latest build number."
        - git push

You can see this in action in the committing changes example repository.


Pushing a new tag

If you use tags for versioning, this script could help you out:

pipelines:
  default:
    - step:
        script:
        - echo "Made a change in build ${BITBUCKET_BUILD_NUMBER}" >> changes.txt
        - git add changes.txt
        - git commit -m "Updating changes.txt with latest build number."
        - git tag -am "Tagging for release ${BITBUCKET_BUILD_NUMBER}" release-${BITBUCKET_BUILD_NUMBER}
        - git push origin release-${BITBUCKET_BUILD_NUMBER}

This is demonstrated in the pushing a new tag example repository.

Configuring an alternate Git client

If you are not using the git client provided by pipelines, you'll need to configure:

  1. origin using the ${BITBUCKET_GIT_HTTP_ORIGIN}  variable
  2. your git client to use the proxy  (proxy url is http://localhost:29418)

Pushing back using alternative authentication methods

If you repository has branch permissions enabled and you can’t commit back using the default configured http origin, or you want to commit using a ‘Bot’ account or other authentication method, you have a few options. We recommend using OAuth above all other methods, for security and compatibility with the http origin.

When configuring OAuth, App Secrets or SSH for an account, there is no way to limit the repositories those credentials can be used to access.

OAuth

  • In Bitbucket, from your avatar in the bottom left, click Bitbucket Settings > OAuth > Add consumer

  • Create a new client/consumer, granting permissions to read and write from repositories under your account

  • Provide a name, optional description, and set the callback url to https://bitbucket.org

  • Under Permissions > Repositories, tick both Read and Write

  • Click Save

  • Navigate to the newly created consumer and record the keys

  • Add the keys as pipelines variables with the names CLIENT_ID and CLIENT_SECRET

  • Add the following to the script section in your bitbucket-pipelines.yml file:

# Get an oauth access token using the client credentials, parsing out the token with jq.
- apt-get update && apt-get install -y curl jq
- >
  export access_token=$(curl -s -X POST -u "${CLIENT_ID}:${CLIENT_SECRET}" \
    https://bitbucket.org/site/oauth2/access_token \
    -d grant_type=client_credentials -d scopes="repository"| jq --raw-output '.access_token')

# Configure git to use the oauth token.
- git remote set-url origin "https://x-token-auth:${access_token}@bitbucket.org/${BITBUCKET_REPO_OWNER}/${BITBUCKET_REPO_SLUG}"

# Make changes and commit back.
- echo "Made a change in build ${BITBUCKET_BUILD_NUMBER}" >> changes.txt
- git add changes.txt
- git commit -m "[skip ci] Updating changes.txt with latest build number."
- git push

You can see this used in the OAuth example repo.

SSH Key pair managed by Bitbucket Pipelines

  • In Bitbucket, from your repository click Settings

  • Under Pipelines, click SSH Keys > Generate keys

  • Copy the public key to your clipboard

  • from your avatar in the bottom left click Bitbucket Settings > SSH Keys

  • Click Add Key, and paste the public key, providing a useful name and description.

In your bitbucket-pipeline.yml file, you will need to configure git to use the ssh origin, by executing the following command:

git remote set-url origin ${BITBUCKET_GIT_SSH_ORIGIN}

SSH operations will now work in pipelines without any additional configuration.

https://bitbucket.org/bitbucketpipelines/git-auth-ssh-configured-in-ui/

SSH Key pair managed with variables

This method only works ‘out of the box’ if you haven’t configured a SSH key with the previous steps.

  • From a command line generate a public/private key pair:

ssh-keygen
  • Add the public key to your account in Bitbucket UI, Click your avatar > Bitbucket settings > SSH Keys

  • Base64 encode the private key, and add it as a pipelines variable:

cat <keyfile> | base64 -d -w 0 | pbcopy

In your bitbucket-pipeline.yml script, configure git to use the ssh origin, and copy the ssh private key into the correct location, by executing the following commands:

- git remote set-url origin ${BITBUCKET_GIT_SSH_ORIGIN}
- echo $PRIVATE_KEY > ~/.ssh/id_rsa.tmp
- base64 -d ~/.ssh/id_rsa.tmp > ~/.ssh/id_rsa
- chmod 600 ~/.ssh/id_rsa

Example repo: https://bitbucket.org/bitbucketpipelines/git-auth-ssh-using-variables

App secret

  • In Bitbucket, from your avatar in the bottom left, click Bitbucket Settings > App passwords > Create app password.

  • Generate the App Password, and the password to pipelines as a secure variable.

  • In your bitbucket-pipelines.yml file, configure git to use the app password by changing the remote url to authenticate with your Bitbucket username and the app password.

git remote set-url origin https://<your username>:${APP_SECRET}@bitbucket.org/${BITBUCKET_REPO_OWNER}/${BITBUCKET_REPO_SLUG}

Example repo: https://bitbucket.org/bitbucketpipelines/git-auth-appsecret

Last modified on Feb 6, 2019

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.