2

I'm trying to run git push command inside my Azure DevOps build pipeline but getting below error-

fatal: could not read Password for 'https://dev.azure.com': terminal prompts disabled.

Then I tried to execute same command with my Personal Access Token (PAT) like

MY_PAT= 'MY_PAT'

B64_PAT=$(printf ":$MY_PAT" | base64)

git -c http.extraHeader="Authorization: Basic ${B64_PAT}" push

https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=preview-page#use-a-pat

and it worked. But owing to security compliance I can't use my PAT in pipeline is there any way to use git push command without exposing my PAT. Please explain oauth2 authentication step by step if that will work.

Improve this question
1
  • Use SYSTEM_ACCESSTOKEN instead. The build process already has a valid access token. Commented Dec 12, 2020 at 15:40

3 Answers 3

Reset to default
7

You do not need to use your PAT. You can use the predefined variable System.Accesstoken directly. See here.

System.AccessToken is a special variable that carries the security token used by the running build.

Change your command to below:

B64_PAT=$(printf ":$(System.AccessToken)" | base64)  

git -c http.extraHeader="Authorization: Basic ${B64_PAT}" push

You can also use the AccessToken directly like this:

git push https://$(System.AccessToken)@dev.azure.com/org/proj/_git/repo -q
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks for the help but for me it works without base64 encoding.
0

There is a detailed documentation of using git commands in the pipelines without extraHeader and through PAT of the Build Service:Run Git commands in a script.

  1. Set identity information
  2. Check permissions of build service on your repository
  3. Allow scripts to access the system token
  4. Run commands in your script

Or you can store your PAT as a secret variable:

  1. Set secret variables
  2. Use secrets from Azure Key Vault in Azure Pipelines
Improve this answer

Comments

0 
# Node.js
# Build a general Node.js project with npm.
# Add steps that analyze code, save build artifacts, deploy, and more:
# https://learn.microsoft.com/azure/devops/pipelines/languages/javascript

trigger:
  - master
  - your-branch-name-here

pr: none

pool:
  vmImage: "macos-latest"

jobs:
  - job: Perform_Commit_From_CI
    steps:
      - checkout: self
        persistCredentials: true #Important - Persist creds to run further git command
        clean: true
      - task: NodeTool@0
        inputs:
          versionSpec: "16.13.2"
        displayName: "Install Node.js"
      - script: |
          git config --global user.email [email protected]
          git config --global user.name "Test User"
        displayName: Configure git
      - script: |
          yarn install
          yarn start NAME_OF_THE_SCRIPT_YOU_WANT_TO_EXECUTE
          git add -A
          git commit -m 'Test commit [skip ci]'
          git push origin HEAD:your-branch-name-here 
        displayName: "Test Script"

This will work without PAT. Please do read the comments.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.