3

currently, I try to build a spring boot application and make releases with Azure Pipelines and maven-release-plugin.

My Azure Pipeline YAML Looks like this:

- stage: BuildRelease
  condition: true
  displayName: Building a Release with Maven
  jobs: 
    - job: BuildReleaseJob
      displayName: Create a Maven release with version $(releaseVersion)
      steps:
      - checkout: self
        persistCredentials: true
        
      - task: MavenAuthenticate@0
        displayName: 'Authenticate to Maven'
        inputs:
          artifactsFeeds: 'ciam'

      - task: Bash@3
        displayName: Set Git Credentials
        inputs:
          targetType: 'inline'
          script: |
            git config --global user.email "you@example.com"
            git config --global user.name "Azure Pipeline Release"
            git checkout develop

       - task: Bash@3
         displayName: Maven Clean & Prepare Release
         inputs:
           targetType: 'inline'
           script: |
             mvn --batch-mode release:clean release:prepare -DscmCommentPrefix=***NO_CI***

      - task: Bash@3
        displayName: Maven  Perform Release
        inputs:
          targetType: 'inline'
          script: |
            mvn --batch-mode release:perform -DscmCommentPrefix=***NO_CI***

I also added Allow Contriubte, Create branch, Create tag, and Read permission to Project Collection Build Service (MyCompany) in Azure Dev Ops Project Settings -> Repositories -> -> Secuirty

Therefore everything works fine until the last task, which is executing release:perform The shown Error is:

[INFO] Executing: /bin/sh -c cd /home/vsts/work/1/s/target && git clone --branch projectName-0.0.36 https:********@dev.azure.com/MyCompany/Project/_git/projectName-service /home/vsts/work/1/s/target/checkout
[INFO] Working directory: /home/vsts/work/1/s/target
[ERROR] The git-clone command failed.
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  1.136 s
[INFO] Finished at: 2022-02-01T14:18:31Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-release-plugin:2.5.3:perform (default-cli) on project projectName-service: Unable to checkout from SCM
[ERROR] Provider message:
[ERROR] The git-clone command failed.
[ERROR] Command output:
[ERROR] Cloning into '/home/vsts/work/1/s/target/checkout'...
[ERROR] fatal: could not read Password for 'https://mycompany@dev.azure.com': terminal prompts disabled
[ERROR] -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException

Could anyone point me to somewhere what I did wrong?

After that, the git tag is built and committed in SCM

UPDATE I tried to do in batch inline script what maven tries to do in release perform and it kind of worked. Now I am more confused.

    - task: Bash@3
      displayName: TestClone
      inputs:
        targetType: inline
        script: |
          ls -laf /home/vsts/work/1/s/target/checkout
          /bin/sh -c cd '/home/vsts/work/1/s/target' && 'git' 'clone' '--depth' '1' '--branch' 'myaccount-service-0.0.43' 'https://$(System.AccessToken)@dev.azure.com/kiongroup/CxP/_git/myaccount-service' 'checkout'
          cd /home/vsts/work/1/s/target/checkout
          ls

Output is:

ls: cannot access '/home/vsts/work/1/s/target/checkout': No such file or directory
Cloning into 'checkout'...
Note: switching to '1653266b5f151fd6137b7b579044eef1867d8d5b'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:

  git switch -c <new-branch-name>

Or undo this operation with:

  git switch -

Turn off this advice by setting config variable advice.detachedHead to false

/home/vsts/work/_temp/358629de-4b6b-4548-942e-f9a05281c5a5.sh: line 3: cd: /home/vsts/work/1/s/target/checkout: No such file or directory
Dockerfile
README.md
azure-pipelines.yml
checkout
docker
mvnw
mvnw.cmd
pom.xml
pom.xml.releaseBackup
postman
release.properties
src
target
kism3t
  • 1,343
  • 1
  • 14
  • 33
  • Does this answer your question? [Fatal: Could not read password for 'https://OrganizationName@dev.azure.com': terminal prompts disabled](https://stackoverflow.com/questions/56733922/fatal-could-not-read-password-for-https-organizationnamedev-azure-com-ter) – Daniel Widdis Feb 01 '22 at 20:22
  • Thx @DanielWiddis, as the linked solution suggest I already do `persistCredentials: true` which should use the authentication from before indicated by working `mvn release:prepare`. Furthermore you can see in log that it is already putting password in the connection url: `git clone --branch projectName-0.0.36 https:********@dev.azure.com/MyCompany/Project/_git/projectName-service /home/vsts/work/1/s/target/checkout` – kism3t Feb 02 '22 at 07:24
  • The linked answer talks about other authentication methods than password, which may not work with github for push (despite clone working fine). Are you using the PAT and not password in the above *****@dev... part? And is the token configured with appropriate permissions? And is the Azure pipeline set to allow scripts to access the token? – Daniel Widdis Feb 02 '22 at 23:33
  • As mentioned, an initial clone works, switching branches also, tag and push works as well in maven prepare, but maven release performs tries to switch directories and clone it again there, which leads to an error. Also with the PAT method, I would not know how to tell maven to use it. I also updated my question after some tries – kism3t Feb 03 '22 at 07:39
  • You just use the PAT in place of the password. – Daniel Widdis Feb 03 '22 at 17:42
  • I do not provide the password to maven just the scm tag with the git https url – kism3t Feb 03 '22 at 18:32
  • If you don't provide the password to maven, where does maven get the password? – Daniel Widdis Feb 04 '22 at 00:28
  • While checking out the project with pieline task `- checkout: self persistCredentials: true' it persists the credentials. And through providing the proper rights to the User. – kism3t Feb 04 '22 at 06:39

2 Answers2

2

I was able to fix the issue described above without using SSH authentication. By specifying the organization name as the username and the SystemAccessToken as the password, the release:perform was able to run successfully:

- task: Maven@3
  displayName: Perform release
  inputs:
    mavenPomFile: 'pom.xml'
    options: '-Dusername="<name of your DevOps organisation>" -Dpassword="$(System.AccessToken)"'
R0bert
  • 21
  • 2
1

Ok, I found a solution for me that involves using the Azure DevOps Git SSH URL and not the HTTPS.

First of all, I created a SSH Key according to this Use SSH key authentication or choose your Git providers tutorial.

Once you have your SSH private and public key, you need to install the SSH Key into your YAML pipeline. See Install SSH Key task.

    - task: InstallSSHKey@0
      inputs:
        knownHostsEntry: ssh.dev.azure.com ssh-rsa <YOUR KNOWN HOST KEY>
        sshKeySecureFile: <NameOfSecureFileKey>
        sshPassphrase: <PassphraseIfUsed>

Here are the steps summarized

  1. Create a KeyPair in your .ssh folder with a private key azurePipeline and a public one azurePipeline.pub (enter passphrase if desired)

    ssh-keygen -f ~.ssh/azurePipeline -t rsa

  2. Get the known host entry e.g. ssh.dev.azure.com ssh-rsa AAAAB3Nz.... with

    ssh-keyscan ssh.dev.azure.com

  3. Go to Azure DevOps and add the content of public key as described in Use SSH key authentication

  4. Add the private key as a secure file as described in Install SSH Key task

  5. Change the SCM Urlin pom.xml to:

a

<scm>
    <developerConnection>scm:git:git@ssh.dev.azure.com:v3/kiongroup/CxP/myaccount-service</developerConnection>
    <tag>HEAD</tag>
</scm>

Hope this helps someone out there :)

kism3t
  • 1,343
  • 1
  • 14
  • 33