1

I am currently using an Azure DevOps pipeline to trigger a terraform plan against an existing infrastructure.

Within this pipeline during the terraform init stage, terraform will analyze the scripts and download modules from an external repository. During the initial stage of running this pipeline we encountered the following error.

fatal: could not read Username for 'https://github.com': terminal prompts disabled

which we temporarily resolved using PAT

git config --global url."https://$(GITHUB-USER-ACCT):$(GITHUB-PERSONAL-ACCESS-TOKEN)@github.com".insteadOf https://github.com

However as this adds the additional load of maintaining a PAT, I was wondering whether we can move from this method to an method of using the GitHub Service connection (Which is automatically created when creating the pipeline) to be used as an authentication mechanism. This Service connection was created using the OAuth application. The Service connection that we used has read permissions on the centralized repository which contains the Terraform modules.

The following link describes how to do this for a Azure Hosted repository. Is there any way to accomplish this for a Repo hosted in GitHub.

Ranika Nisal
  • 910
  • 6
  • 20

1 Answers1

0

As you have mentioned that adding the PAT token is resolving temporarily already but getting the additional load, you could try below solutions once:

Solution 1:

  1. If you're using Windows OS, open Credential Manager > Windows Credentials > Generic Credentials > Remove the credentials like git: https://github.com enter image description here

Then clone again, git will let you input the credential for the repo. After inputing the username(email address) and password which can access the VSTS account, the repo should be cloned successful.

  1. Installed GIT Credential Manager for Windows. https://github.com/Microsoft/Git-Credential-Manager-for-Windows/releases

  2. Open command prompt and enter command git fetch and continue the work like Push, Pull etc and check once it is working good.

Solution 2:

Remove C:\Users(profile)\AppData\Local\GitCredentialManager\tenant.cache file

Solution 3:

Another solution is to "Allow scripts to access the OAuth token" in the job options: enter image description here

In the git push use the System.AccessToken: git push https://$env:SYSTEM_ACCESSTOKEN@dev.azure.com/......

And give push permissions to the build user (in the repo settings): enter image description here

Also, check this similar SO Thread