Get started with Bitbucket Cloud
New to Bitbucket Cloud? Check out our get started guides for new users.
Steps from the same pipeline can be scheduled on multiple runners that run on different hosts. So in order to share caches and artifacts between steps we upload them to the Atlassian infrastructure.
Refer to the list of the IP addresses that you need to whitelist to get your runner connected with Pipeline behind your firewall.
It's also advisable to whitelist the following IPs here if there's an issue with your runner build.
The HTTP_PROXY and HTTPS_PROXY environment variables can be used to configure a runner to work behind a proxy. See Configure a runner to use a proxy for details on how to configure the runner to use a proxy.
Unfortunately it's not possible to access the local files with the docker runtime as by default Runners limit access to the host, else if you depend on files on particular machines there's no guarantee those files are on all machines runners are on.
As a workaround we can suggest accessing the files on the host with an SFTP client from the Runner's build by running the following command: sftp {user}@{host}:{remoteFileName} {localFileName}
With a self-hosted runner you can use a custom docker-in-docker service.
Example of a Dockerfile:
1
2
3
# my-custom-dind-image
FROM docker:dind
ENTRYPOINT [ "sh", "-c", "dockerd-entrypoint.sh $DOCKER_OPTS" ]
Example of a pipeline configuration:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
definitions:
services:
docker:
image: my-custom-dind-image
variables:
DOCKER_OPTS: "--insecure-registry=my.docker.registry"
pipelines:
default:
- step:
runs-on: self.hosted
services:
- docker
script:
- docker build -t my.docker.registry/$IMAGE_NAME .
- docker push my.docker.registry/$IMAGE_NAME
Example of Kubernetes spec for a self-hosted runner:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
apiVersion: v1
kind: List
items:
- apiVersion: v1
kind: Secret
metadata:
name: runner-oauth-credentials
# labels:
# accountUuid: # Add your account uuid without curly braces to optionally allow finding the secret for an account
# repositoryUuid: # Add your repository uuid without curly braces to optionally allow finding the secret for a repository
# runnerUuid: # Add your runner uuid without curly braces to optionally allow finding the secret for a particular runner
data:
oauthClientId: # add your base64 encoded oauth client id here
oauthClientSecret: # add your base64 encoded oauth client secret here
- apiVersion: batch/v1
kind: Job
metadata:
name: runner
spec:
template:
# metadata:
# labels:
# accountUuid: # Add your account uuid without curly braces to optionally allow finding the pods for an account
# repositoryUuid: # Add your repository uuid without curly braces to optionally allow finding the pods for a repository
# runnerUuid: # Add your runner uuid without curly braces to optionally allow finding the pods for a particular runner
spec:
containers:
- name: runner
image: docker-public.packages.atlassian.com/sox/atlassian/bitbucket-pipelines-runner
env:
- name: ACCOUNT_UUID
value: # Add your account uuid here
- name: REPOSITORY_UUID
value: # Add your repository uuid here
- name: RUNNER_UUID
value: # Add your runner uuid here
- name: OAUTH_CLIENT_ID
valueFrom:
secretKeyRef:
name: runner-oauth-credentials
key: oauthClientId
- name: OAUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: runner-oauth-credentials
key: oauthClientSecret
- name: WORKING_DIRECTORY
value: "/tmp"
volumeMounts:
- name: tmp
mountPath: /tmp
- name: docker-containers
mountPath: /var/lib/docker/containers
readOnly: true # the runner only needs to read these files never write to them
- name: var-run
mountPath: /var/run
- name: docker-in-docker
image: docker:20.10.5-dind
securityContext:
privileged: true # required to allow docker in docker to run and assumes the namespace your applying this to has a pod security policy that allows privilege escalation
volumeMounts:
- name: tmp
mountPath: /tmp
- name: docker-containers
mountPath: /var/lib/docker/containers
- name: var-run
mountPath: /var/run
restartPolicy: OnFailure # this allows the runner to restart locally if it was to crash
volumes:
- name: tmp # required to share a working directory between docker in docker and the runner
- name: docker-containers # required to share the containers directory between docker in docker and the runner
- name: var-run # required to share the docker socket between docker in docker and the runner
# backoffLimit: 6 # this is the default and means it will retry upto 6 times if it crashes before it considers itself a failure with an exponential backoff between
# completions: 1 # this is the default the job should ideally never complete as the runner never shuts down successfully
# parallelism: 1 # this is the default their should only be one instance of this particular runner
Was this helpful?