Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Add tag from pipeline with signing required

Kyle Hancock
Kyle Hancock
Contributor
March 11, 2025

We are trying to add a tag from within our pipeline as noted here: 

https://support.atlassian.com/bitbucket-cloud/docs/push-back-to-your-repository/

However, the challenge is that we require all commits to be signed. As far as I can tell, there is no valid signature in the default pipeline. My approach has been to import GPG keys via repository variables to be used for reconfiguring git. 

Thus far I can't get the GPG keys to import successfully although this script runs elsewhere without issues. Any ideas as to how we can sign a commit / push a signed tag from within a pipeline? Example shell script below

 

#restore private
echo "$pub_key" > public.gpg
echo "$pri_key" > private.key

gpg --import public.gpg
gpg --import private.key
echo "Keys imported sucessfuly"

rm -rf public.gpg
rm -rf private.key
echo "Key files removed sucessfully"

git config --global user.signingkey $key_serial
git config --global commit.gpgsign true
git config --global tag.gpgSign true
Answer
Watch
Like Saxea _Flowie_ likes this
254 views

3 answers

1 accepted

1 vote
Answer accepted
Kyle Hancock
Kyle Hancock
Contributor
March 13, 2025

For anyone else that finds this in the future I had to abandon using git natively and move to the Bitbucket API via python scripts. It took far more code than should have been necessary but as far as I was able to determine it's nearly impossible to use signed commits inside a pipeline. 

Suggestion - Bitbucket should configure (or offer a way to configure) what the native CICD user permissions are and allow it to sign commits / tags. 

Reply
1 vote
Mark C
Mark C
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 13, 2025

Hi @Kyle Hancock

Apologies for the delay here.

We created a public KB article on how to achieve this: https://confluence.atlassian.com/bbkb/how-to-push-gpg-signed-commits-tags-to-a-repository-from-pipelines-1528302892.html

You could give it a try and see if it is useful for you.

Regards,
Mark C

Reply
0 votes
Mark C
Mark C
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 12, 2025

Hi @Kyle Hancock

Welcome to the community.

Allow me to check this internally and get back to you.

Regards,
Mark C

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Product Admin Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security