How to create a webhook between Bitbucket and Azure DevOps?

Question

We have all our repositories in Bitbucket and I'm trying to set up a continuous intergration services to Azure DevOps that would build the project after each push.

We have created a dedicated user account for Bitbucket repositories that has real-only access to all repositories.

However, creating a CI webhook trigger from Bitbucket to Azure Devops requires admin access to repositories. We do not want to give that level of access to CI user account.

I could add the webhook to Bitbucket repository manually, but I'm missing the URL to which the webhook should post the trigger.

The url is something like https://dev.azure.com/myorganization/_apis/public/hooks/externalEvents?publisherId ...

I think it's called deployment trigger url but I cannot find it anywhere. Does the new Azure DevOps support manually adding webhooks or do we have to do it manually somehow?

Answer 1

I'm in the same boat with you all. I don't want to give my CI account "Admin" rights to ANY repo.

My workaround so far has been to give the CI account temporary access in order to create the webhook when the pipeline is first saved, then downgrade it after the webhook has been created, knowing that any changes will require another temporary permission elevation.

FWIW, the webhook URL that is used is this: https://[REDACTED].visualstudio.com/_apis/public/hooks/externalEvents?publisherId=bitbucket&channelId=[REDACTED]&api-version=5.1-preview

As you can see, we are kind of in an understandable Catch-22 here, because we could conceivably create the pipeline and get that channelId to use to manually create the webhook in Bitbucket, but can't even SAVE a pipeline without repo Admin rights, so we can't get the channelId.

I wish there was a way to disable the webhook creation so we could manually create it on the Bitbucket side.