Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 19:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to restrict who can merge into specific branch?

trent-dailey
trent-dailey January 11, 2017

Is it possible to restrict who can merge to a specific branch?  I would like to only allow a couple of users to be able to merge into the master branch.  Is this possible?

Answer
Watch
Like # people like this
10161 views

2 answers

1 accepted

2 votes
Answer accepted
adammarkham
adammarkham
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 11, 2017

Hi Trent,

Yes you can do this with ScriptRunner for Bitbucket Server. Thanks for adding the correct tag to your question as well it helps us find these questions and respond to them swiftly.

You can do this by going to Admin -> Script Merge Checks -> Custom merge check and add the following code:

import com.atlassian.bitbucket.auth.AuthenticationContext
import com.atlassian.bitbucket.scm.pull.MergeRequest
import com.atlassian.sal.api.component.ComponentLocator

def authenticationContext = ComponentLocator.getComponent(AuthenticationContext)

def mergeRequest = mergeRequest as MergeRequest
def pullRequest = mergeRequest.getPullRequest()

def isMasterBranch = pullRequest.getToRef().getId() == "refs/heads/master"

// add users who can merge to master here
def allowedUserNames = ["user1", "user2", "user3"]

def currentUser = authenticationContext.currentUser

if (isMasterBranch && ! (currentUser.slug in allowedUserNames)) {
    mergeRequest.veto("Can not merge to master branch", "You are not allowed to merge to the master branch")
}

I've indicated where you can add the users who can push to the master branch.

Let us know how you get on with that.

Adam

View More Comments
trent-dailey
trent-dailey January 11, 2017

Thanks Adam!  It is blocking merges correctly but not allowing the allowedUserNames to merge.  Is it missing the else clause that allows the users in the list to have access?

Trent

Like
adammarkham
adammarkham
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 11, 2017

It should already be doing that. If it is the master branch and the user is not in the list of allowed user names we don't allow the merge.

It seems like "currentUser.slug" is not in the allowedUserNames.

Try adding the following to that script and refresh the pull request page to see what users you have:

log.warn currentUser.slug
log.warn allowedUserNames
Like
trent-dailey
trent-dailey January 12, 2017

I added that line to the bottom and had the user try again.  I do not see anything on the pull request tab.  What specifically am I looking for?

Thank you,

Trent

Like
trent-dailey
trent-dailey January 16, 2017

Hi Adam,

Any update on this?  I am unable to see anything in the pull request page when I add that line just below "def currentUser = authenticationContext.currentUser".

Thanks,

Trent

Like
adammarkham
adammarkham
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 16, 2017

Hi Trent,

Apologies for the delay in responding. You should see something in the logs when you go the the pull request page which will show you the current users name and the allowed user names. That should help us to see why its not allowing the allowed users to merge.

Let us know what you get.

Thanks, Adam

Like
trent-dailey
trent-dailey January 25, 2017

Hi Adam,

This is what I see in the logs.

2017-01-25 10:52:35,157 WARN  [http-nio-127.0.0.100-7990-exec-155] E869TZ @1PNCTLEx652x820600x1 1s0a3oz 65.197.19.243,127.0.0.100 "GET /rest/api/latest/projects/ALMSS/repos/alm-jenkins/pull-requests/2/merge HTTP/1.1" c.o.s.runner.ScriptRunnerImpl e869tz
2017-01-25 10:52:35,157 WARN  [http-nio-127.0.0.100-7990-exec-155] E869TZ @1PNCTLEx652x820600x1 1s0a3oz 65.197.19.243,127.0.0.100 "GET /rest/api/latest/projects/ALMSS/repos/alm-jenkins/pull-requests/2/merge HTTP/1.1" c.o.s.runner.ScriptRunnerImpl [E1762P, E6462Y, E591NF, E869TZ]
2017-01-25 10:52:35,177 WARN  [http-nio-127.0.0.100-7990-exec-155] E869TZ @1PNCTLEx652x820600x1 1s0a3oz 65.197.19.243,127.0.0.100 "GET /rest/api/latest/projects/ALMSS/repos/alm-jenkins/pull-requests/2/merge HTTP/1.1" c.o.s.runner.ScriptRunnerImpl e869tz
2017-01-25 10:52:35,178 WARN  [http-nio-127.0.0.100-7990-exec-155] E869TZ @1PNCTLEx652x820600x1 1s0a3oz 65.197.19.243,127.0.0.100 "GET /rest/api/latest/projects/ALMSS/repos/alm-jenkins/pull-requests/2/merge HTTP/1.1" c.o.s.runner.ScriptRunnerImpl [E1762P, E6462Y, E591NF, E606MR, E765PP, E106PD, E869TZ]

 

It looks like it is working as it has the list of user who can merge to develop and master branches, including mine.  Although the merge button in the top right corner is greyed out, and it states I do not have permission to merge to either of the branches.  Not sure if this matters but I have setup the customer merge script at the global level and assigned it to the repository as there is no option for Customer Merge Script in the repo configuration level.

 

Thanks,

Trent

Like
adammarkham
adammarkham
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 25, 2017

Hi Trent,

Ok I have spotted the problem from them logs.

The issue is that Bitbucket gives you the username lowercased where in your list of allowed ones they are uppercased. So when we compare them they are not equal, hence the user can't merge. You should convert the allowed usernames in your list to lowercase so they match exactly.

Let us know how that goes for you.

Thanks,
Adam 

Like
trent-dailey
trent-dailey January 26, 2017

It is working as expected now!  Thank you so much for your assistance Adam.

Like
Reply
2 votes
G__Sylvie_Davies__bit-booster_com_
G__Sylvie_Davies__bit-booster_com_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 11, 2017

If you're on Bitbucket Server 4.5 or newer, you can do this without any add-ons using the "Branch Permissions" settings for your repo and setting the "Prevent all changes" restriction.

Screenshot here:

branch-perms.png

 

p.s. I invite you to try my add-on:  Bit-Booster for Bitbucket Server

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events