Details
-
Suggestion
-
Resolution: Duplicate
Description
I am looking at using pipelines to provide continuous deployment to both a testing and a live environment, using a separate Git branch for each. Using branch permissions, I can limit changes to the live branch to a subset of trusted users. However, when deploying with pipelines, a developer on the dev branch has the ability to copy the live deployment steps to the testing bitbucket-pipelines.yml file, and thus deploy testing code to the live environment. While this isn't likely to happen by accident, it's still a scenario that I'd like to prevent.
One way to solve this for my case is to limit environment variables (or SSH keys, but ideally there would be a key per environment, which currently is not supported in pipelines) similarly to branch permissions - either to a specific set of users, or to a specific branch (relying on the branch permission user limitations).
Alternatively, providing an option to always use the bitbucket-pipelines.yml file from the 'master' branch would solve this by preventing the 'testing' devs from being able to change the pipeline commands (by relying on branch permissions).
I see there is some discussion relating to this on BCLOUD-12844, but as that was opened nearly a year ago, I'm hoping to solve this problem somewhat sooner and hopefully without needing an external service.