Push to local Azure DevOps Git from Build Pipeline

jpvee picture jpvee · Sep 17, 2018 · Viewed 9.2k times · Source

Short version

Can someone tell me how to set up a "Command Line Script" task within an Azure DevOps build pipeline that pushes changes to a local Git repository (in fact, the Git repository on which the pipeline is based)?

No matter what I try, my script always times out after printing Pushing commits to git.

Longer version

We are migrating existing Java/Maven projects from a Jenkins build server to an Azure DevOps build environment, and I am trying to set up a build pipeline that mimics the Jenkins "Release Staging" functionality.

My first attempt was to call the Maven release plugin directly on the checked out sources. This involved several obstacles, most of which I was able to overcome in one way or the other:

  1. The standard Azure DevOps git environment doesn't have the required config values "user.email" and "user.name" set; this can be solved by calling git config in a separate "Command Line Script" task prior to pushing.
  2. Azure DevOps checks out the sources in a "detached HEAD state" - to solve this problem, the setup script tasks also calls git checkout master.

Once this is set up, my Maven call script runs up to the point where the release plugin attempts to push to Git; the corresponding lines in the log file read

[INFO] Executing: cmd.exe /X /C "git push https://xxx.visualstudio.com/YYY/_git/zzz refs/heads/master:refs/heads/master"
[INFO] Working directory: D:\a\1\s</code>

After that, nothing happens (at least, nothing gets logged) until the timeout strikes:

##[error]The operation was canceled.
##[section]Finishing: Maven pom.xml

In order to find out what causes this problem I tried a few things, among others,

  • disabling the maven call and calling git push directly from the script,
  • registering a "store" type Git credential helper (assuming that an authentication problem is responsible for the timeout),

but without success. I am now running out of ideas how I could get the git push call to work - is there anyone out here who can help me out?

P.S.: As you may be able to tell, I'm rather a newbie as far as Azure DevOps is concerned, so I surely don't know all tricks and features of that system. In particular, I don't know if there is anything that offers the same functionality as the Maven release plugin. We do use the Azure DevOps package management, but we want to keep separate feeds for snapshots and for release builds (the way tools like Nexus do), so we have to have a mechanism for automatically advancing release numbers, checking out and back in and building and publishing the packaged module to the release feed.

If someone can suggest an alternative way to achieve that, I'm open to suggestions as well.

Answer

gregsmi picture gregsmi · Feb 17, 2019

You shouldn't have to go the PAT route for auth - according to this, if your repo is part of the same Azure DevOps project as the build pipeline, credentials should just flow. Is it possible you haven't authorized the build agent to write to your repos? Two things are needed:

  • Under Project Settings -> Repositories for your Azure DevOps project, allow the Project Collection Build Service entity Contributor rights to the appropriate repo (or all project repos).

  • Allow scripts to access the OAuth token under the "Agent job" settings:

    enter image description here

Also note a bad gotcha: this won't work for submodule operations, since DevOps does not automatically flow the credentials to the submodule instances, and the only symptom is a silent hang. Workaround to flow credentials manually is found here.