One idea I've seen broadly recommended if you don't want to run your whole tech stack & all environments (Test & Prod environment servers/DBs) in the cloud, i.e. as a DockerHub container or something, is to instead use WebHooks or CURL requests to call localized Jenkins CI within your private/local network to then kick off final builds/deployments to real environments that way, after the initial build succeeds and possibly even a throwaway environment gets spun up and tests pass in the Cloud.
That can be done using either the built-in Jenkins API https://wiki.jenkins.io/display/JENKINS/Remote+access+API or "Trigger Builds Remotely" Build Trigger option (which basically uses the same mechanism with your own Job-specific token/key). Nice feature is that BitBucket Pipelines supports "environment variables" to enable securely storing Jenkins API keys or tokens that let you securely tunnel through corporate FW rules and the like:
https://confluence.atlassian.com/bitbucket/environment-varia...
That can be done using either the built-in Jenkins API https://wiki.jenkins.io/display/JENKINS/Remote+access+API or "Trigger Builds Remotely" Build Trigger option (which basically uses the same mechanism with your own Job-specific token/key). Nice feature is that BitBucket Pipelines supports "environment variables" to enable securely storing Jenkins API keys or tokens that let you securely tunnel through corporate FW rules and the like: https://confluence.atlassian.com/bitbucket/environment-varia...