1

I'm running a script:

# Variables
$organization = "****"
$project = "****"
$repositoryId = "****"
$pullRequestId = $env:BUILD_PULLREQUEST_ID

$pat = "Bearer $env:System_AccessToken"
$featureReleaseUrl = "http://" + $env:prSourceBranchName + ".azurewebsites.net"

$body = @"
    {
        "comments": [
            {
                "content": "Link naar feature release $featureReleaseUrl"
            }
        ]
    }
"@ 

$createThreadInPRUrl = "https://dev.azure.com/$organization/$project/_apis/git/repositories/$repositoryId/pullRequests/$pullRequestId/threads?api-version=5.0"
if ($pullRequestId) {
    Invoke-RestMethod -Uri $createThreadInPRUrl -Headers @{Authorization = $pat} -Body $body -Method Post -ContentType 'application/json'
}

When it runs it returns a:

##[error]The remote server returned an error: (403) Forbidden.

I've created a Personal Access Tokens in my personal settings.

I've also created this script:

# Variables
$organization = "****"
$project = "****"
$buildId = $****

$pat = "Bearer $env:System_AccessToken"

if (!$env:Build_PullRequest_SourceBranchName) {
    $retrieveSourceBranchFromBuildURL = "https://dev.azure.com/$organization/$project/_apis/build/builds/$buildId" + "?api-version=5.0"
    $buildInformation = Invoke-RestMethod -Uri $retrieveSourceBranchFromBuildURL -Headers @{Authorization = $pat } -Method Get -ContentType 'application/json'
    $SourceBranchFromBuild = $buildInformation.sourceBranch.split('/')[-1]

    Write-Host "### no Build PullRequest SourceBranchName available ###"
    Write-Host "##vso[task.setvariable variable=prSourceBranchName;]"$SourceBranchFromBuild


}

And this runs fine. The difference between the first and second script is that the first is a POST and the second a GET. But they both use the $pat token.

Improve this question
1
  • No, the difference between the first and second is that they are completely different APIs. Does your build account have permissions to your Git repo(s)/PRs? Commented Jun 13, 2019 at 0:35

1 Answer 1

Reset to default
3

Even though the token you used is System.AccessToken, if you don't have access permission of Pull Request, you will also could not operate it.

Go Project Setting--> Repositories--> Repository you want to access, locate your account or the group you are in. Check the permission state of Contribute to pull requests.

You must have this Contribute to pull requests permission allowed, so that you can add the comment to PR.

enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks a lot. Would have been helpful if Azure would return an error about not having permissions.
Aha, got this feeling. I would help you report this inconvenience message issue to relevant product team.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.