Skip to main content

Configuring repository access

Abstract

To take full advantage of all the features Bitrise offers, including automatic webhook registration, you need to connect your GitHub/GitLab/Bitbucket account to your Bitrise account.

Bitrise needs access to your code in a Git repository to be able to build. We recommend connecting your Git provider account to Bitrise for this and we offer two main methods of doing so:

  • The Bitrise GitHub App: We strongly recommend using the GitHub App to connect your Bitrise account to GitHub. The app offers increased security and granular repository access. Using the app means you don't need SSH keys or webhooks. This works on the Workspace level: you connect a Workspace to a single GitHub account or organization.

  • OAuth application to the Git provider that allows access to all repositories on the account. This means connecting your personal Bitrise account to a Git provider account. This method is supported for GitHub, GitLab, and Bitbucket.

You can connect all three Git provider accounts by either:

  • Connecting the account when adding a new Bitrise project.

  • Connecting the account from your Account settings page.

One account per Git provider

Please note that you cannot connect two accounts from the same Git provider (for example, two GitHub accounts) to Bitrise.

Connecting one Git provider account is not final. You can disconnect an account and connect a different one at any time: Linked the wrong Git account to Bitrise.

GitHub App integration

Abstract

The Bitrise GitHub App allows users to connect their Bitrise Workspace to a GitHub account or organization with a GitHub App that provides granular access with increased security and automatic status updates.

The best way to connect your Bitrise account to your GitHub repositories is by integrating with a GitHub app. The Bitrise GitHub app has a number of features that make integration easier:

  • The app eliminates the need for an SSH key, a Personal Access Token, and a service credential user. For access, it generates a temporary access token before every build, significantly increasing security.

  • It provides granular access to your repositories: no need to grant access to an entire GitHub organization, instead select the specific repositories the app can access.

  • With the app installed, you automatically receive Bitrise status updates directly on GitHub with the GitHub Checks app. No need for configuring status reports separately. Note that while only one GitHub account can be connected to a Bitrise Workspace, GitHub Checks can still be configured for repositories owned by other GitHub accounts.

The Bitrise GitHub app is supported for all GitHub Cloud users. GitHub Enterprise Server users need to create and install a different GitHub app, as described in the relevant guide.

Connecting via the GitHub App integration

This guide is intended for GitHub Cloud users, including GitHub Enterprise Cloud users, who wish to install the Bitrise GitHub App and connect their Bitrise Workspace to a GitHub account or organization with the app. For GitHub Enterprise Server users, we have a separate guide: Integrating self-hosted GitHub Enterprise Server with Bitrise

You can connect via the GitHub App integration in two ways:

  • From the Workspace settings page.

  • When adding a new Bitrise project.

One GitHub App installation per Workspace

As only one GitHub account can be connected to a Workspace, a Workspace is always associated with a single installation of the Bitrise GitHub App. No Workspace can be connected to multiple installations of the Bitrise GitHub App.

However, the GitHub Checks functionality of the app is available for repositories owned by other GitHub accounts.

Connecting a GitHub App from the Workspace settings page

A Bitrise GitHub App installation is tied to a Workspace. You can always install and check its connection from the Workspace settings page.

  1. On the Bitrise main page, select your Workspace from the dropdown menu.

  2. From the navigation menu on the left, select Settings.

  3. On the Workspace settings page, select Integrations.

  4. Select the Git provider tab.

  5. Under GitHub, you can see the GitHub App card with Connect via the Bitrise GitHub App. Click Connect.

    github-app-card.png
  6. If you haven't authorized the Bitrise GitHub App before, you will be prompted for authorization at this point:

    authorize-checks.png
  7. You will be prompted to select the GitHub account or organization you want to connect. If you don't find the one you need in the list, you need to install the App to that account or organization first: click the link below the list of accounts.

    install-the-app.png
  8. Once you click the link, you will be prompted to select an account or organization. After selecting one, you will be transferred to the Install & Authorize page.

  9. On the Install & Authorize page, select the access type:

    • All repositories: the Bitrise GitHub App will have access to all repositories belonging to the account or organization, including future ones.

    • Only select repositories: Select one or more repositories that Bitrise will be able to access. You can add more later but to do so, you will need to reconfigure your repository access on the GitHub App's page.

    authorizing-app.png
  10. When done, click Install & Authorize. You will be redirected to the Workspace settings page.

    Authorization

    If you are not authorized on GitHub to install the app, you can still request the installation. Once a GitHub Admin approves the installation, you can come back and select the App installation from the list.

  11. If you have existing apps with OAuth connection, we recommend switching them over to the GitHub App connection.

Connecting a GitHub App when adding a new project

During the process of adding a new project on Bitrise, you have to select how Bitrise can access your repository. This process allows connecting the project via the GitHub App.

  1. Start the process of adding a new project.Adding a new project

  2. At the Select a repository section, select GitHub App (recommnded) from the Provider dropdown menu.

    select-repository.png
  3. Click Connect account.

    connect-github-app.png
  4. You will be prompted to select the GitHub account or organization you want to connect. If you don't find the one you need in the list, you need to install the App to that account or organization first: click the link below the list of accounts.

    install-the-app.png
  5. Once you click the link, you will be prompted to select an account or organization. After selecting one, you will be transferred to the Install & Authorize page.

  6. On the Install & Authorize page, select the access type:

    • All repositories: the Bitrise GitHub App will have access to all repositories belonging to the account or organization, including future ones.

    • Only select repositories: Select one or more repositories that Bitrise will be able to access. You can add more later but to do so, you will need to reconfigure your repository access on the GitHub App's page.

    authorizing-app.png
  7. When done, click Install & Authorize. You will be redirected to continue adding your new Bitrise projec.

Additional linked repositories via a GitHub App

Each Bitrise app has a primary Git repository. This is where your app's code is stored and this repository is cloned when we start a build. By default, a Bitrise app can't access other repositories.

However, your project might require other repositories. For example, it might have private submodules that it must access during a build. If you use the GitHub App, you can do this via linking additional repositories.

Other connection methods

If you are not using the Bitrise GitHub App, you can still configure access to additional repositories: Projects with submodules or private repo dependencies.

A linked repository is a repository that a Bitrise app can access using a GitHub App installation but it's not the app's primary repository.

When running a build of an app connected via a GitHub App installation, Bitrise generates a temporary token that, by default, can only access the primary repository. Once an additional repository is linked, the tokens generated for the build can access the additional repository.

To be able to link a repository, all of the following conditions must be met:

  • The GitHub App is installed to the account or organization that owns the repository on GitHub.

  • The app installation is enabled for the repository.

  • The user attempting to link the repository can access the repository on GitHub. If your GitHub user account doesn't have access to a repository, you can't link it on Bitrise.

Linking additional repositories

To link additional repositories to an app with an established GitHub App connection:

  1. Open your project on Bitrise with a user that has the Admin role on the project.

  2. On the main page of the project, click on the Project settings button.

    project-settings-button.png
  3. On the left, select Integrations and then on the Integrations page, select the Git provider tab.

  4. Find the Git integration status card and click Additional repositories.

  5. In the Enable additional repositories dialog, select the repositories you want to link.

    You can link a maximum of 50 additional repositories.

    Linked_repositories.png

    You will see a list of repositories. To see a repository on the list, you need two things:

    • Your GitHub user needs to have access to it.

    • The GitHub App installation has access to it.

    Disabling repositories

    If you already have repositories linked, please note that users who otherwise don't have access to those repositories can disable them but cannot add them back!

  6. When done, click Save changes.

Using a private Step library via the GitHub App

Each Bitrise project has a default Step library: a repository of Steps. If the exact source of a Step is not specified in the configuration, the Bitrise CLI pulls the Step data from the default library.

This library can be a private Step library. To access such a library via the GitHub App, you need to add the Authenticate host with netrc Step as the very first Step which will run in your Workflow:

format_version: "13"
default_step_lib_source: https://github.com/my-private-org/my-bitrise-steplib.git
project_type: ios
workflows:
  example:
    steps:
    - https://github.com/bitrise-io/bitrise-steplib.git::authenticate-host-with-netrc@0:

Note that the Authenticate host with netrcStep has a full source identifier to ensure it is pulled from the official Bitrise Step library, not your private library.

Using the Step requires specifying three inputs: the host, the Git username, and the Git password. The Bitrise GitHub App integration uses token-based authentication: each build receives a one time token under the GIT_HTTP_PASSWORD Environment Variable. This Env Var can be used as the password. The username can't be empty because the Step will fail but it is not used so it doesn't matter what you put there.

format_version: '13'
default_step_lib_source: https://github.com/tothszabi/steplib.git
project_type: ios
workflows:
  example:
    steps:
    - https://github.com/bitrise-io/bitrise-steplib.git::authenticate-host-with-netrc@0:
        inputs:
        - host: github.com
        - username: username
        - password: "$GIT_HTTP_PASSWORD"
    - private-script@1: {}

Running git clone with linked repositories

If you attempt to run git clone or other git commands for a linked repository, your build might fail with an authentication error. This is because the authentication credentials are stored in a local netrc file. This file is automatically generated by the official Git Clone Step.

However, if you use your own script to perform git clone, or you use any other Git command requiring authentication before the Git Clone Step, you need to create the netrc file. You have two ways:

HTTP URLs

Make sure you always use HTTP URLs when cloning private repository dependencies.

Using the Step requires specifying three inputs: the host, the Git username, and the Git password. The Bitrise GitHub App integration uses token-based authentication: each build receives a one time token under the GIT_HTTP_PASSWORD Environment Variable. This Env Var can be used as the password. The username can't be empty because the Step will fail but it is not used so it doesn't matter what you put there.

workflows:
  example:
    steps:
    - authenticate-host-with-netrc@0:
        inputs:
        - host: github.com
        - username: "username"
        - password: "$GIT_HTTP_PASSWORD"

Connecting a Git provider with OAuth when adding a project

Connecting a Git provider account with an OAuth app allows Bitrise to:

  1. Log in to your bitrise.io account and select Bitrise CI on the left.

  2. Click New CI project.

  3. Set the project’s privacy setting.

  4. In the Select repository section, choose between selecting a remote repository or entering an URL manually.

    If you opt to enter a git URL manually, add it in the Git repository (clone) URL field and click Next.

  5. Choose the Git service provider of the app’s repository, if you chose to select a remote repository. If no account with that provider has been connected to your Bitrise account, the UI will display the option to connect.

    select_git_repo.png
  6. Click Connect account. This will take you to the login page of the Git provider.

  7. Log in to the Git provider account.

  8. You should be prompted to authorize bitrise.io - do it! If successful, you should be redirected to Bitrise, and a pop-up message should inform you that you successfully linked the account. Click Okay.

Connecting a Git provider with OAuth from the Account settings page

Connecting a Git provider account with an OAuth application allows Bitrise to:

  1. Log in to Bitrise, and select Bitrise CI from the left navigation menu.

  2. In the upper right corner, click the profile image to open the dropdown menu.

  3. Select the Account settings option.

    account-settings.png
  4. On the left, under Connected Git providers, click the toggle next to the name of the Git provider you wish to connect.

    Connect account to Bitrise
  5. Log in to the Git provider account.

  6. You should be prompted to authorize bitrise.io - do it! If successful, you should be redirected to Bitrise, and a pop-up message should inform you that you successfully linked the account. Click Okay.

Disconnecting a Git provider account

  1. Log in to Bitrise, and select Bitrise CI from the left navigation menu.

  2. In the upper right corner, click the profile image to open the dropdown menu.

  3. Select the Account settings option.

    account-settings.png
  4. On the left under Connected Git providers, click the toggle next to the name of the Git provider you wish to disconnect.

Switching from OAuth connection to the GitHub App

If your Bitrise project has an OAuth connection set up to your GitHub account, you can change it to the Bitrise GitHub App at any time without losing any functionality. We strongly recommend doing the switch: with the Bitrise GitHub App installed, you no longer need the service credential user, an SSH key, or a webhook to run Bitrise builds.

Can't switch back

Once you switch a Bitrise project from the OAuth connection to the GitHub App, you won't be able to switch back!

To switch:

  1. Install the Bitrise GitHub App as described in the relevant guide: Connecting a GitHub App from the Workspace settings page.

  2. Open your project on Bitrise with a user that has the Admin role on the project.

  3. On the main page of the project, click on the Project settings button.

    project-settings-button.png
  4. On the left navigation menu, select Integrations and go to the Git provider tab.

  5. In the Git integration status section, you can see a blue card with information about GitHub App support. To switch, click Switch to GitHub App.

    https-credentials.png