Push to another repository in Bitbucket Cloud Pipelines

Summary

The purpose of this KB article is to provide instructions on how to push to another Bitbucket Cloud repository when running a Pipelines build via both HTTPS and SSH protocols

Solution

Environment

• Bitbucket Cloud Pipelines

Solution #1 - HTTPS

The simplest method of achieving this which is described below will be to leverage our repository access token authentication method. Access tokens are designed for use within a single application with limited permissions applied to them. If you would prefer, you can also utilise an App Password in place of the access token or make use of OAuth to achieve this as well.

Essentially, you would follow the steps below - whereRepoAis your source repository andRepoBis the target repository where you wish to push a commit.

1. Navigate toRepoBand selectRepository Settings > Access Tokensthen click theCreate Repository Access Token button

2. Give the token a name and ensure that it has theWRITElevel privilege scope ticked against theRepositoriesheading (as a minimum)

3. Click theCreate button and ensure that you copy the token, clone command and the git config command from the resulting dialogue box and store this somewhere (as you cannot access this information again)

4. Now that the token is created, navigate to RepoA and selectRepository Settings > Pipelines: Repository Variables then add the token you copied earlier as a secured variable here so that it can be referenced in your build

5. Access yourbitbucket-pipelines.ymlconfiguration onRepoAand make use of the token repository variable you configured before in your clone command to clone theRepoBrepository and perform whatever actions you wish to commit to it

In the below example - we are cloning RepoB using the access token variable, copying a folder from RepoA to RepoB, modifying the GIT config to reference the identity that was generated earlier in Step 3 as the commit author and then committing/pushing the changes:

Solution #2 - SSH

If you would prefer to instead use SSH rather than HTTPS, this is also possible.

Essentially, you would follow the steps below - where RepoA is your source repository and RepoB is the target repository where you wish to push a commit.

1. Navigate to RepoB and select Repository Settings > Pipelines > SSH Keys - then click the Generate keys button - this is to generate a private/public key pair that can be authenticated against later on in the process

2. Once the keys have been generated, click the Copy public key button as you will now need to store the public key at the account level for authentication purposes, you can do so by navigating to Personal Settings > SSH Keys and pasting the public key here (you could also sign in as a bot account and paste it here if you'd prefer)

3. Now that the keys have been generated on RepoB, and the public key is stored at the account level, there needs to be a way for RepoA to use this key in Pipelines. 

4. Navigate to RepoA and select Repository Settings > Pipelines: Repository Variables then add the public key you copied earlier as a secured variable here so that it can be referenced in your build securely

5. You now have a link between the two repositories so that they can communicate with one another, and a link to your user account so that it can be used to authenticate over SSH

In the below example - we are first decrypting the secured public key variable, storing the decrypted output as a public key in the clone directory, cloning RepoB using the public key, copying a folder from RepoA to RepoB, modifying the GIT config to recognise your username as the commit author and then committing/pushing the changes: