Push back to your repository

If you want to make changes to your repository from within your pipeline, you can push your changes back. We recommend using an HTTP git origin, which we set for you by default. As it's preconfigured, pushing back using HTTP will work seamlessly.

Use [skip ci] when you are pushing back to your repository. This will stop pipelines triggering on the new commit and avoid an eternal loop!

Origin variables

There are 2 default variables in pipelines, to contain the HTTP and ssh origin URLs:

  • ${BITBUCKET_GIT_HTTP_ORIGIN}

  • ${BITBUCKET_GIT_SSH_ORIGIN}

You can use these when the origin needs to be passed through to scripts or other tools that are invoked in your pipeline.

Push examples:

Committing changes to a branch

If you need to dynamically make changes to your repository from within your pipeline, this kind of script will do that for you.

1 2 3 4 5 6 7 8 pipelines: default: - step: script: - echo "Made a change in build ${BITBUCKET_BUILD_NUMBER}" >> changes.txt - git add changes.txt - git commit -m "[skip ci] Updating changes.txt with latest build number." - git push

You can see this in action in the committing changes example repository.

Pushing a new tag

If you use tags for versioning, this script could help you out.

1 2 3 4 5 6 7 8 9 pipelines: default: - step: script: - echo "Made a change in build ${BITBUCKET_BUILD_NUMBER}" >> changes.txt - git add changes.txt - git commit -m "Updating changes.txt with latest build number." - git tag -am "Tagging for release ${BITBUCKET_BUILD_NUMBER}" release-${BITBUCKET_BUILD_NUMBER} - git push origin release-${BITBUCKET_BUILD_NUMBER}

This is demonstrated in pushing a new tag example repository.

Configuring an alternate Git client

If you are not using the git client provided by pipelines, you'll need to configure:

  • Origin using the ${BITBUCKET_GIT_HTTP_ORIGIN}  variable

  • Get your git client to use the proxy  (proxy URL is http://localhost:29418)

Pushing back using authentication methods

If your repository has branch permissions enabled and you can’t commit back using the default configured HTTP origin, or you want to commit using a ‘Bot’ account or another authentication method, you have a few options.

When configuring OAuth, App Secrets or SSH for an account, there is no way to limit the repositories those credentials can be used to access.

OAuth

When using OAuth, you need to have or create an account or bot account and give that account write access in the branch permission to allow pushing directly to your main branch.

  1. In Bitbucket, select the Settings cog on the top navigation bar > select Workspace settings > OAuth consumers > Add consumer.

  2. Create a new client/consumer, granting permission to read and write from repositories under your account.

  3. Provide a name, optional description, and set the callback URL to https://bitbucket.org.

  4. Select the This is a private consumer checkbox.

  5. Under Permissions > Repositories, tick both Read and Write.

  6. Click Save.

  7. Navigate to the newly created consumer and record the keys.

  8. Add the keys as pipelines variables with the names CLIENT_ID and CLIENT_SECRET.

  9. Add the following to the script section in your bitbucket-pipelines.yml file.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 # Get an oauth access token using the client credentials, parsing out the token with jq. - apt-get update && apt-get install -y curl jq - > export access_token=$(curl -s -X POST -u "${CLIENT_ID}:${CLIENT_SECRET}" \ https://bitbucket.org/site/oauth2/access_token \ -d grant_type=client_credentials -d scopes="repository"| jq --raw-output '.access_token') # Configure git to use the oauth token. - git remote set-url origin "https://x-token-auth:${access_token}@bitbucket.org/${BITBUCKET_REPO_OWNER}/${BITBUCKET_REPO_SLUG}" # Make changes and commit back. - echo "Made a change in build ${BITBUCKET_BUILD_NUMBER}" >> changes.txt - git add changes.txt - git commit -m "[skip ci] Updating changes.txt with latest build number." - git push

You can see this used in the OAuth example repo.

SSH Key pair managed by Bitbucket Pipelines

  • In Bitbucket, from your repository click Repository settings

  • Under Pipelines, click SSH Keys > Generate keys

  • Copy the public key to your clipboard

  • Select the Settings cog on the top navigation bar > select Personal Bitbucket settings > SSH Keys

  • Click Add Key, and paste the public key, providing a useful name and description

In your bitbucket-pipeline.yml file, you will need to configure git to use the ssh origin, by executing the following command:

1 git remote set-url origin ${BITBUCKET_GIT_SSH_ORIGIN}

SSH operations will now work in pipelines without any additional configuration.

https://bitbucket.org/bitbucketpipelines/git-auth-ssh-configured-in-ui/

SSH Key pair managed with variables

This method only works ‘out of the box’ if you haven’t configured an SSH key with the previous steps.

  • From a command-line generate a public/private key pair:

1 ssh-keygen
  • Add the public key to your account in Bitbucket UI, select the Settings cog on the top navigation bar > select Personal Bitbucket settings > SSH Keys

  • Base64 encode the private key, and add it as a pipelines variable:

MacOS

1 cat <keyfile> | base64 | pbcopy

Linux

1 cat <keyfile> | base64 -w0 | xclip -selection clipboard

In your bitbucket-pipeline.yml script, configure git to use the ssh origin, and copy the ssh private key into the correct location, by executing the following commands:

1 2 3 4 - git remote set-url origin ${BITBUCKET_GIT_SSH_ORIGIN} - echo $PRIVATE_KEY > ~/.ssh/id_rsa.tmp - base64 -d ~/.ssh/id_rsa.tmp > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa

Example repo: https://bitbucket.org/bitbucketpipelines/git-auth-ssh-using-variables

App secret

  • In Bitbucket, select the Setting cog on the top navigation bar > select Personal Bitbucket settings > App passwords > Create app password.

  • Generate the App Password and the password for pipelines as a secure variable.

  • In your bitbucket-pipelines.yml file, configure git to use the app password by changing the remote URL to authenticate with your Bitbucket username and the app password.

1 git remote set-url origin https://<your username>:${APP_SECRET}@bitbucket.org/${BITBUCKET_REPO_OWNER}/${BITBUCKET_REPO_SLUG}

Example repo: https://bitbucket.org/bitbucketpipelines/git-auth-appsecret

Additional Help