
Bitbucket Pipes - mericsson
https://bitbucket.org/blog/meet-bitbucket-pipes-30-ways-to-automate-your-ci-cd-pipeline
======
imcotton
Free tier(Build minutes: 50 mins/mo)

Thanks but no thank you, meanwhile GitLab offers 2000 mins/mo

~~~
dtrailin
This is surprisingly low given what's out there. For comparison:

\- Azure pipelines offers 1,800 minutes a month

\- Google Cloud Build offers 120 minutes a day

\- CircleCI offers 1000 minutes a month

Weird that they wouldn't even try to compete with these.

~~~
johnnyfaehell
I think the main reason they don't try is for Atlassian the enterprise market
is the most important market. How many enterprises really care about the free
tier?

Also aren't free tier customers the most costily in terms of support, etc?

50 mins seems perfect for a trial to see if you want to purchase it.

------
holmb
Seems somewhat similar to resources[0] in Concourse in that they use a
container image that has a defined entry point.

Concourse refers to this as a "get step"[1] or a "put step", which calls a
pre-defined script inside the container with a custom set of parameters. The
"put step" is used when you expect side effects, while a "get step" is used to
check status on some resource and trigger jobs.

In general it makes the CI/CD system easily composable and clean. Concourse
manages this very well and while I haven't used Bitbucket Pipes I suspect it
to be a good experience as well.

[0] [https://concourse-ci.org/resources.html](https://concourse-
ci.org/resources.html) [1] [https://concourse-ci.org/implementing-
resources.html](https://concourse-ci.org/implementing-resources.html)

------
ravedave5
Why does my company need to use the stupid self hosted Bitbucket. argh.

~~~
tacticus
because "security" or some bullshit.

Why does the bitbucket not saas implementation still not use the same API :|

~~~
ownagefool
Security isn't necessarily bullshit.

CI/CD presents a significant risk and it's not like CI/CD vendors have never
had a security incident. Not to mention the unpublished access a member of
their staff may have to interfer with your runners or pull your access
tokens/secrets.

If an org is more comfortable having their own people assume this risk, I
think the gitlab helm chart is better solution. At the same time, a small org,
without the resources to properly look after this in-house, should use a SaaS
vendor.

~~~
SamuelAdams
Plus Atlassian is located in Australia [1], and the Australian government
passed a bill that requires a backdoor to all software products [2]. So if you
care about security, it makes more sense to self-host.

[1]:
[https://en.wikipedia.org/wiki/Atlassian](https://en.wikipedia.org/wiki/Atlassian)

[2]:[https://www.nytimes.com/2018/12/06/world/australia/encryptio...](https://www.nytimes.com/2018/12/06/world/australia/encryption-
bill-nauru.html)

~~~
cyphar
> Australian government passed a bill that requires a backdoor to all software
> products

That's not _quite_ accurate. There is now a legal mechanism that allows
certain government agencies to force you to add a backdoor to your product.
But until you are given a notice you don't need to do anything, and you can
provide aggregated statistics to your users of how many requests you've been
given. There are also some weasel-word caveats (the backdoor cannot be a
"systemic vulnerability" but there has been much disagreement about whether
this limitation actually means anything -- in my view it's basically
meaningless within the context of a single company's product).

There is currently a review process open for the TOLA Act that closes in
April[1], so any fellow Australians on HN should submit their comments --
there are only 65 submissions so far (and only 27 are by individuals).

[1]:
[https://www.aph.gov.au/Parliamentary_Business/Committees/Joi...](https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/ReviewofTOLAAct)

------
arjun27
Looks great! Is this a validation for GitHub Actions? Trying to understand
whether Actions have been getting traction

~~~
JoshTriplett
Gitlab has had fully integrated CI for a long time, and there's a clear
benefit to integrating it rather than just providing hooks.

~~~
mishac
Bitbucket has had CI too, with bitbucket pipelines. I think the innovation
here is the UI not the idea of CI.

------
mericsson
Seems like a smart move for Atlassian. Still no dominant CI cloud provider.

~~~
core-questions
Yeah, Travis and CircleCI are okay but there's still plenty of reasons to run
your own.

~~~
rhizome
Such as? :)

~~~
sz4kerto
More complex test setups.

------
threatofrain
Anyone getting an HTTP 403 response?

~~~
yappadappadoo
Hi I'm from the Bitbucket product team. We're looking into it, but as a
workaround if you refresh the page it should load properly.

~~~
whatshisface
You guys might also want to check the signup form in Firefox. The captcha
isn't loading for me.

~~~
unlimit
Looks like people don't even test in Firefox now. I find issues with quite a
lot of sites.

------
dastx
Am I still limited to 10 steps per pipeline? Because that's always been an
issue for me

~~~
willejs
I think so! I am reluctantly using it currently, it’s simplicity is great if
your just building, testing and deploying to a couple of environments. So
maybe it’s just good enough for most, and that’s fine. However, It’s
practically useless, and wholly frustrating as soon as you want to build any
remotely functional CD pipeline. Fan out, fan in? No chance. Build step
history? Nope. Random step failures and wait times to pull images? Yeah, loads
of them. To top it off, it’s all part of Bitbuckets incredibly slow platform
where pages take up to 10 seconds to load. My favourite part of it all the
discussion forums and 7+ year old feature requests for things like commit
signing.

------
pwpwp
Stopped reading at YAML.

~~~
dkersten
What's wrong with YAML and what would you prefer and why?

~~~
MindTooth
Would like to know this as well.

