2

In repo-A have an Azure DevOps pipeline which is executing a Powershell script, which in turn does various git commands in order to mirror an external repository and push it to repo-B.

The Powershell script resides on a self-hosted agent:

git clean -ffdx
git clone --bare https://gitrepo.mydomain.com/PROJECT_A/app-name.git
cd app-name.git

git push --mirror https://myorg@dev.azure.com/myorg/MyAdoProject/_git/repo-B

If I manually execute the Powershell script from the command line on the self-hosted agent, the push to repo-B executes without incident. However when running the pipeline from ADO, there is a security issue I can't seem to get around. The error generated when the pipeline hits the git push command is:

fatal: Cannot prompt because terminal prompts have been disabled.
fatal: could not read Password for 'https://myorg@dev.azure.com': terminal prompts disabled

In reading through some other posts and Authenticate with personal access tokens - Azure DevOps, I updated my script to use the method in the Powershell section of the previously mentioned document:

git clean -ffdx
git clone --bare https://gitrepo.mydomain.com/PROJECT_A/app-name.git
cd app-name.git

$MyPat = 'personal access token created in ADO'
$B64Pat = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("$MyPat"))
git -c http.extraHeader="Authorization: Basic $B64Pat" push --mirror https://myorg@dev.azure.com/myorg/MyAdoProject/_git/repo-B

However this does not fix the problem and generates the same error as above.

Can anyone recommend what else I might try to get the needed authorization to repo-B when executing from the ADO pipeline?

Mike
  • 1,010
  • 1
  • 14
  • 33
  • 1
    Does this answer your question? [Fatal: Could not read password for 'https://OrganizationName@dev.azure.com': terminal prompts disabled](https://stackoverflow.com/questions/56733922/fatal-could-not-read-password-for-https-organizationnamedev-azure-com-ter) – Greg Burghardt Oct 03 '21 at 13:52
  • Thanks for the reference Greg, it does seem very close to my issue. Unfortunately the PAT method hasn't worked for me. Still trying to work through it. Will post back here if I ever find the answer. – Mike Oct 04 '21 at 23:29
  • 1
    Even `git push {PAT}@dev.azure.com/org/repo` doesn't work? Also, what permissions did you give your PAT? That might be the problem. – Greg Burghardt Oct 05 '21 at 00:22
  • You are correct, the permissions were the problem. This particular PAT did not have 'Code Read & Write' enabled. Enabling that permission and regenerating the token then corrected the issue. Thanks for the help. – Mike Oct 05 '21 at 03:32
  • You can post an answer to your own question. It might be useful to readers, especially since the error message was not at all related to the root cause of the problem. – Greg Burghardt Oct 05 '21 at 11:07

1 Answers1

0

The issue was resolved by a combination of two things (refer to this question for further detail):

  1. Adding a Personal Access Token with the Code Read & Write permission enabled

  2. Using the PAT in the url of the git push:

    git push https://{PAT}@dev.azure.com/{organization}/{project}/_git/{repo-name}

Mike
  • 1,010
  • 1
  • 14
  • 33