0

I am trying to execute git commands through PowerShell task in an Azure DevOps Server and I am facing authentication issues. More specific the task keep exiting with error code 1, as it asks for username and password. The git commands I am trying to executre are:

$wikiUrl = 'https://azure-devops-server/tfs/Common/MainProject/_git/MainProject.wiki'
git clone $wikiUrl $tmpDirName --depth 1

# Editing files content

git -C $tmpDirName add $statusPageRepoPath
git -C $tmpDirName commit -m 'update status page'
git -C $tmpDirName push

I don't want to add the username and the password as parameters for security reasons. I am interested in making it work with the user credential being retrieved from the execution and not explicitly defined.

The recommended from Microsoft solution is to enable in the Agent the option to allow scripts to access the OAuth token. I have enabled this option as it is shown in the picture below, but still, I am getting the same error.

enter image description here

It looks like that the git clone command cannot access the token and it keeps asking for credentials. I tested also the git checkout and it looks to work ok. The problem is mainly appears to be with the clone command.

Improve this question

1 Answer 1

Reset to default
1

After a lot of tries and trying different solutions I managed to make it work. As first step, as I mentioned in my question, I enabled the option in the Agent to allow scripts retrieve the OAuth token.

enter image description here

This doesn't look to be sufficient as it needs also to pass the token in the requests. In order to do this, I applied the following changes:

  1. I changed the URL of the repository prior to git clone. The initial URL was this one: 
    $wikiRawUrl = 'https://azure-devops-server/tfs/Common/MainProject/_git/MainProject.wiki'
    and the new is this one: 
    $wikiRawUrl = 'https://azure-devops-server/tfs/Common/MainProject/_git/MainProject.wiki'
$url = "$($wikiRawUrl)".Replace("https://", "")
$wikiUrl = "https://$($env:SYSTEM_ACCESSTOKEN)@$url"
    which adds the access token env:SYSTEM_ACCESSTOKEN in front of the URL of the repository.

  1. I added in extra parameters on my git commands in order to pass the access token again as extra header in them. Furthermore, to ensure that I am not going to have any issues with our local provided certificate, I also explicitly applied the https.sslbackend to schannel (this part was taken from reverse engineering native tasks of Azure DevOps release pipelines). As that, the initial commands were these ones:

    git clone $wikiUrl $tmpDirName --depth 1

# Editing files content

git -C $tmpDirName add $statusPageRepoPath
git -C $tmpDirName commit -m 'update status page'
git -C $tmpDirName push

    and the new ones are these:

    git -c http.extraheader="AUTHORIZATION: bearer $($env:SYSTEM_ACCESSTOKEN)" -c http.sslbackend="schannel" clone $wikiUrl $tmpDirName --depth 1

# Editing files content

git -C $tmpDirName -c http.extraheader="AUTHORIZATION: bearer $($env:SYSTEM_ACCESSTOKEN)" -c http.sslbackend="schannel" add $statusPageRepoPath
git -C $tmpDirName -c http.extraheader="AUTHORIZATION: bearer $($env:SYSTEM_ACCESSTOKEN)" -c http.sslbackend="schannel" commit -m 'update status page'
git -C $tmpDirName -c http.extraheader="AUTHORIZATION: bearer $($env:SYSTEM_ACCESSTOKEN)" -c http.sslbackend="schannel" push

All the above changes worked well and finally I was able to use git commands without any problem in PowerShell.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.