Azure Pipelines: I am getting fatal: could not read Username for 'https://github.com': terminal prompts disabled
I have powershell task configured in azure build pipelines to merge changes from dev into master of my github public repo and push changes to master. I am getting
fatal: could not read Username for 'https://github.com': terminal prompts disabled
Note:
- I have configured my gitconfig with my username and emailid.
- The git push is working fine when I do modifications in files and do commit and push but its throwing this error when i do merge and push
- I have sufficient privilege to push in the branch
Any help on this would be much appreciated. In case of more information needed, comment in this thread.
This is the actual snippet.
$branchName = $env:BRANCH_NAME;
Write-Host "Getting SHA for last commit in the latest release" -ForegroundColor Blue;
$latestReleaseCommitSHA = git rev-list --tags --max-count=1;
if([string]::IsNullOrEmpty($latestReleaseCommitSHA)) {
Write-Host "Unable to get the SHA for last commit in latest release" -ForegroundColor Red;
EXIT 1;
}
Write-Host "SHA for last commit in the latest release is '$($latestReleaseCommitSHA)'" -ForegroundColor Green;
Write-Host "Merging Changes till '$($latestReleaseCommitSHA)'" -ForegroundColor Blue;
git merge $latestReleaseCommitSHA
Write-Host "Checking Conflicted Files";
$conflictedFiles = git diff --name-only --diff-filter=U
if (-Not [string]::IsNullOrEmpty($conflictedFiles)) {
Write-Host "Unable to Merge" -ForegroundColor Red;
Write-Host "There are conflicts in below files:" -ForegroundColor Cyan;
Write-Host -Object $conflictedFiles -ForegroundColor Cyan;
EXIT 1;
}
Write-Host "Merged changes to '$($branchName)'" -ForegroundColor Green;
Write-Host "Pushing changes." -ForegroundColor Blue;
git push origin HEAD:$branchName
Write-Host "Pushed the changes to the $($branchName) branch." -ForegroundColor Green;
Answer
There is a built-in "service account" which is actually a PAT called Project Collection Build Service, not to be confused with Project Collection Build Service Accounts group.
From: https://marcstan.net/blog/2018/08/31/Mirror-github-gitlab-and-VSTS-repositories/
Trivia: In case you didn't know "$env:SYSTEM_ACCESSTOKEN" is a PAT (Personal/Private Access Token) that is auto generated by the build server (but disabled by default) and allows to authenticate against VSTS from inside your builds and releases. To enable it, you have select the "agent job" inside your build or release definition and check the "Allow scripts to access the OAuth token" checkbox under "Additional options".
There are two steps to this:
Step 1
To get rid of the fatal: could not read username for... error, we need to allow scripts to access the OAuth token. If you're using the newest YAML-based Azure Pipeline, you'll be hunting high and low for "Allow scripts to access the OAuth token" option in the UI. The Microsoft answer is here. In your YAML file (azure-pipelines.yml), add:
steps:
- checkout: self
persistCredentials: true
Step 2
After resolving the OP's error, I couldn't commit, receiving the error:
remote: 001f# service=git-receive-pack
remote: 0000000000aaTF401027: You need the Git 'GenericContribute' permission to perform this action. Details: identity 'Build\c21ba3ac-5ad4-de50-bc1a-12ee21de21f0', scope 'repository'.
remote: TF401027: You need the Git 'GenericContribute' permission to perform this action. Details: identity 'Build\c21ba3ac-5ad4-de50-bc1a-12ee21de21f0', scope 'repository'.
fatal: unable to access 'https://[username].visualstudio.com/[repo]/_git/[repo]/': The requested URL returned error: 403
We also have to give it permissions. From the same page as above. Add the user Project Collection Build Service to your repo(s).
Note: The user (1) and not the group (2).
Grant:
Contribute: Allow
Create Branch: Allow
Create Tag: Allow (Inherited)
Read: Allow (Inherited)
HTH