"Deploy build artifacts to Bitbucket Downloads" does not work

Issue #13919 resolved
William Norman created an issue

My pipeline output

pipeline.png

My downloads page

my-downloads.png

The pipeline.yml

image: maven:3.3.3

pipelines:
    default:
        - step:
            script:
                - echo "Running DEFAULT"
                - mvn clean
                - mvn install
                - mvn javadoc:javadoc
                #- ant test
    branches:
        auto-deploy:
            - step:
                script:
                    ### Declare intentions.
                    - echo "Running on master."
                    ### Variables
                    - PROJ_NAME="phenomics-control-commons"

                    # Compile and test everything.
                    - mvn clean
                    - mvn install


                    # Generate the javadocs.
                    - mvn javadoc:javadoc

                    ### Okay, now we update the website.
                    - echo "Updating javadocs!"
                    - cd "$BITBUCKET_CLONE_DIR/.."
                    # Configure git
                    - git config --global user.email "automated-updater@noreply.com"
                    - git config --global user.name "$PROJ_NAME automated-updater"
                    # Clone the website repo.
                    - git clone "https://$WEB_AUTH@bitbucket.org/$BITBUCKET_REPO_OWNER/$BITBUCKET_REPO_OWNER.bitbucket.io.git"
                    - cd "$BITBUCKET_REPO_OWNER.bitbucket.io"
                    # Cleanout old version.
                    - rm -rf "$PROJ_NAME"
                    - rm -rf "projects/$PROJ_NAME"
                    - mkdir -p "projects/$PROJ_NAME"

                    # Add our files
                    - cp "$BITBUCKET_CLONE_DIR/webpage.html" "projects/$PROJ_NAME/index.html"
                    - cp "$BITBUCKET_CLONE_DIR/projectinfo.yml" "projects/$PROJ_NAME/projectinfo.yml"
                    - cp -r "$BITBUCKET_CLONE_DIR/target/site/apidocs" "projects/$PROJ_NAME/javadocs"

                    # append timestamp to project info
                    - "echo $'\\n' >> \"projects/$PROJ_NAME/projectinfo.yml\""
                    - "echo \"dateupdated: $(date +%s%3N)\" >> \"projects/$PROJ_NAME/projectinfo.yml\""

                    # Commit and push changes.
                    - git add -A
                    - git commit -m "Updated $PROJ_NAME javadocs."
                    - git push "https://$WEB_AUTH@bitbucket.org/$BITBUCKET_REPO_OWNER/$BITBUCKET_REPO_OWNER.bitbucket.io.git"

                    ### Finally, deploy to downloads.
                    - cd "$BITBUCKET_CLONE_DIR"
                    - mvn -B clean install
                    - curl -X POST --user "${BB_AUTH_STRING}" "https://api.bitbucket.org/2.0/repositories/${BITBUCKET_REPO_OWNER}/${BITBUCKET_REPO_SLUG}/downloads" --form files=@"target/phenomics-control-commons-1.0-SNAPSHOT.jar"

Comments (13)

  1. Matt Ryall

    Thanks for raising this issue, William.

    I can't see any problem with your script above, and it works for me in my testing. So I'll need to see the command output to understand why this isn't working.

    Can you please add -v to the curl command, and attach the output from that command to the issue here?

  2. William Norman reporter

    Full output from running command with -v. I can see something went wrong at some point here.. but I have no idea what.

    + curl -v -X POST --user "${BB_AUTH_STRING}" "https://api.bitbucket.org/2.0/repositories/${BITBUCKET_REPO_OWNER}/${BITBUCKET_REPO_SLUG}/downloads" --form files=@"target/phenomics-control-commons-1.0-SNAPSHOT.jar"
    Enter host password for user '':
    * Hostname was NOT found in DNS cache
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    
      0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 104.192.143.5...
    * Connected to api.bitbucket.org (104.192.143.5) port 443 (#0)
    * successfully set certificate verify locations:
    *   CAfile: none
      CApath: /etc/ssl/certs
    * SSLv3, TLS handshake, Client hello (1):
    } [data not shown]
    * SSLv3, TLS handshake, Server hello (2):
    { [data not shown]
    * SSLv3, TLS handshake, CERT (11):
    { [data not shown]
    * SSLv3, TLS handshake, Server key exchange (12):
    { [data not shown]
    * SSLv3, TLS handshake, Server finished (14):
    { [data not shown]
    * SSLv3, TLS handshake, Client key exchange (16):
    } [data not shown]
    * SSLv3, TLS change cipher, Client hello (1):
    } [data not shown]
    * SSLv3, TLS handshake, Finished (20):
    } [data not shown]
    * SSLv3, TLS change cipher, Client hello (1):
    { [data not shown]
    * SSLv3, TLS handshake, Finished (20):
    { [data not shown]
    * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
    * Server certificate:
    *    subject: C=US; ST=CA; L=San Francisco; O=Atlassian, Inc.; OU=Bitbucket; CN=*.bitbucket.org
    *    start date: 2014-03-05 00:00:00 GMT
    *    expire date: 2017-05-08 12:00:00 GMT
    *    subjectAltName: api.bitbucket.org matched
    *    issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
    *    SSL certificate verify ok.
    * Server auth using Basic with user ''
    > POST /2.0/repositories/lordc/phenomics-control-commons/downloads HTTP/1.1
    > Authorization: Basic Og==
    > User-Agent: curl/7.38.0
    > Host: api.bitbucket.org
    > Accept: */*
    > Content-Length: 76490
    > Expect: 100-continue
    > Content-Type: multipart/form-data; boundary=------------------------8002f072c06c57bd
    > 
    < HTTP/1.1 100 Continue
    } [data not shown]
    < HTTP/1.1 401 Unauthorized
    * Server nginx is not blacklisted
    < Server: nginx
    * Authentication problem. Ignoring this.
    < WWW-Authenticate: Basic realm="Bitbucket.org HTTP"
    < Content-Type: text/html; charset=utf-8
    < Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    < Date: Thu, 02 Mar 2017 17:20:15 GMT
    < X-Served-By: app-141
    < X-Static-Version: b02be2f9cb1c
    < ETag: "d41d8cd98f00b204e9800998ecf8427e"
    < X-Render-Time: 0.0105309486389
    < Connection: keep-alive
    < X-Version: b02be2f9cb1c
    < X-Request-Count: 305
    < X-Frame-Options: SAMEORIGIN
    < Content-Length: 0
    * HTTP error before end of send, stop sending
    < 
    
    100 76490    0     0  100 76490      0  1114k --:--:-- --:--:-- --:--:-- 1131k
    * Closing connection 0
    * SSLv3, TLS alert, Client hello (1):
    } [data not shown]
    
  3. Matt Ryall

    Thanks, William. Bitbucket is returning "401 Unauthorized" which means an authentication problem with the curl command. Possible causes you should investigate:

    • the username/password combination doesn't match - maybe the app password configured was for a different user
    • the user doesn't have write access to the repository
    • there was a copy/paste error in the "<username>:<password>" value for the environment variable in the Pipelines configuration.

    As a first step, I'd recommend running the curl command locally on your computer, substituting in the username:password value for ${BB_AUTH_STRING} and checking that it will upload a file correctly. If it works fine locally, I'd double-check the environment variables in Pipeline are using the same credentials.

    Please let me know how you get on.

  4. William Norman reporter

    Hey you were right it was an authentication issue. I was using the env variable "WRITE_AUTH" instead.

    However, this brought a new problem to light. The app password I generated will not work, even when I regenerated it several times. Only my actual account password works.

  5. Matt Ryall

    Thanks William, I'm glad you found a solution to your problem. I'm not sure why exactly the app password isn't working, as it works as described in the document in my testing.

    If you need any more assistance around authentication, it is probably best to raise a support case, so we can get discuss the details via a private channel instead.

  6. Tomasz Belina

    I have the same issue. I've tripple checked permissions, variables and in debug mode curl produces:

    curl -v -X POST --user "${BB_AUTH_STRING}" "https://api.bitbucket.org/2.0/repositories/${BITBUCKET_REPO_OWNER}/${BITBUCKET_REPO_SLUG}/downloads" --form files=@"target/similaris-desktop-0.0.0.1-SNAPSHOT.exe"
    * Hostname was NOT found in DNS cache
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
      0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 104.192.143.6...
    * Connected to api.bitbucket.org (104.192.143.6) port 443 (#0)
    * successfully set certificate verify locations:
    *   CAfile: none
      CApath: /etc/ssl/certs
    * SSLv3, TLS handshake, Client hello (1):
    } [data not shown]
    * SSLv3, TLS handshake, Server hello (2):
    { [data not shown]
    * SSLv3, TLS handshake, CERT (11):
    { [data not shown]
    * SSLv3, TLS handshake, Server key exchange (12):
    { [data not shown]
    * SSLv3, TLS handshake, Server finished (14):
    { [data not shown]
    * SSLv3, TLS handshake, Client key exchange (16):
    } [data not shown]
    * SSLv3, TLS change cipher, Client hello (1):
    } [data not shown]
    * SSLv3, TLS handshake, Finished (20):
    } [data not shown]
    * SSLv3, TLS change cipher, Client hello (1):
    { [data not shown]
    * SSLv3, TLS handshake, Finished (20):
    { [data not shown]
    * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
    * Server certificate:
    *    subject: C=US; ST=CA; L=San Francisco; O=Atlassian, Inc.; OU=Bitbucket; CN=*.bitbucket.org
    *    start date: 2017-04-04 00:00:00 GMT
    *    expire date: 2020-06-11 12:00:00 GMT
    *    subjectAltName: api.bitbucket.org matched
    *    issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
    *    SSL certificate verify ok.
    * Server auth using Basic with user 'pipelines'
    > POST /2.0/repositories/similaris/similaris-desktop/downloads HTTP/1.1
    > Authorization: Basic cGlwZWxpbmVzOmE0UVdjcGM5Y0FkRzNuakVrNFRV
    > User-Agent: curl/7.38.0
    > Host: api.bitbucket.org
    > Accept: */*
    > Content-Length: 16535453
    > Expect: 100-continue
    > Content-Type: multipart/form-data; boundary=------------------------2f6239e8969aac35
    > 
    < HTTP/1.1 100 Continue
    } [data not shown]
    < HTTP/1.1 401 Unauthorized
    
  7. Jason Wong

    Same here with the findings above. I have a repository created under a team account. The repository was created by me and I can only access to it using my account. I think the problem with app password is that it is binded to a person account but there is no app password for team level.

  8. Matt Ryall

    Sorry to hear of the problems you’re having. We haven’f had any reported problems with app passwords, so I think this is more likely one of the problems I mentioned above.

    If you’ve tested locally and still can’t get it working, please raise a support ticket and one of our engineers can take a look.

    App passwords are only for user accounts because they’re another way for users to authenticate to access Bitbucket repositories (and associated data).

    Teams can’t log in or be granted access to repositories, so it doesn’t make sense for them to have app passwords.

    If your user account has access to a repository, you can use an app password to access that repository via the API, subject to the permissions you grant the app password when you create it.

  9. Jason Wong

    Hi @mryall_atlassian

    Thanks for your response. So, the background is I have a repository that is owned by a team account. My account is the admin of the team account and the repository was created under a project, which is also under the team. I am the one who created the repository. I tried creating the App password by selecting write permission on project and repository level. I am sure my password is correct. But it fails to access to it with 401 error. If I use my own account to run the API, I can create the entry without a problem.

    Do you think that I need to file a ticket here or I misunderstand the usage of App passwords?

    Thanks.

  10. Matt Ryall

    Creating a support ticket sounds like the best approach. You could also try accessing one of your own (individually owned) repositories with the app password, to confirm your theory that it’s related to the team-owned repo.

  11. Jason Wong

    Thanks. I tested that even using a newly created repo (either public or private), with the existing or newly created App passwords, I cannot push files using the API with 401 error. But it succeeded when using my own account. I will log a support ticket for it.

    Thanks.

  12. Log in to comment