Push to local Azure DevOps Git from Build Pipeline

16
votes

Short version

Can someone tell me how to set up a "Command Line Script" task within an Azure DevOps build pipeline that pushes changes to a local Git repository (in fact, the Git repository on which the pipeline is based)?

No matter what I try, my script always times out after printing Pushing commits to git.

Longer version

We are migrating existing Java/Maven projects from a Jenkins build server to an Azure DevOps build environment, and I am trying to set up a build pipeline that mimics the Jenkins "Release Staging" functionality.

My first attempt was to call the Maven release plugin directly on the checked out sources. This involved several obstacles, most of which I was able to overcome in one way or the other:

  1. The standard Azure DevOps git environment doesn't have the required config values "user.email" and "user.name" set; this can be solved by calling git config in a separate "Command Line Script" task prior to pushing.
  2. Azure DevOps checks out the sources in a "detached HEAD state" - to solve this problem, the setup script tasks also calls git checkout master.

Once this is set up, my Maven call script runs up to the point where the release plugin attempts to push to Git; the corresponding lines in the log file read

[INFO] Executing: cmd.exe /X /C "git push https://xxx.visualstudio.com/YYY/_git/zzz refs/heads/master:refs/heads/master"
[INFO] Working directory: D:\a\1\s</code>

After that, nothing happens (at least, nothing gets logged) until the timeout strikes:

##[error]The operation was canceled.
##[section]Finishing: Maven pom.xml

In order to find out what causes this problem I tried a few things, among others,

  • disabling the maven call and calling git push directly from the script,
  • registering a "store" type Git credential helper (assuming that an authentication problem is responsible for the timeout),

but without success. I am now running out of ideas how I could get the git push call to work - is there anyone out here who can help me out?

P.S.: As you may be able to tell, I'm rather a newbie as far as Azure DevOps is concerned, so I surely don't know all tricks and features of that system. In particular, I don't know if there is anything that offers the same functionality as the Maven release plugin. We do use the Azure DevOps package management, but we want to keep separate feeds for snapshots and for release builds (the way tools like Nexus do), so we have to have a mechanism for automatically advancing release numbers, checking out and back in and building and publishing the packaged module to the release feed.

If someone can suggest an alternative way to achieve that, I'm open to suggestions as well.

4
gitmavenazure-devopsazure-pipelinesmaven-release-plugin

4 Answers

4
votes

To push change to Azure DevOps, you should integrate your credential in Git repo URL:

  • First, create a PAT if you not have.

  • Then use below command to push:

    git push https://Personal%20Access%20Token:[email protected]/YYY/_git/zzz master
31
votes

You shouldn't have to go the PAT route for auth - according to this, if your repo is part of the same Azure DevOps project as the build pipeline, credentials should just flow. Is it possible you haven't authorized the build agent to write to your repos? Two things are needed:

  • Under Project Settings -> Repositories for your Azure DevOps project, allow the Project Collection Build Service entity Contributor rights to the appropriate repo (or all project repos).

  • Allow scripts to access the OAuth token under the "Agent job" settings:

    enter image description here

Also note a bad gotcha: this won't work for submodule operations, since DevOps does not automatically flow the credentials to the submodule instances, and the only symptom is a silent hang. Workaround to flow credentials manually is found here.

12
votes

The answers have become out of date with how Azure Devops works now. To enable authorisation in your pipeline you should use the checkout schema property in your steps so you can persist the credentials for later git commands.

- checkout: self
  persistCredentials: true
0
votes

I've encountered the same problem (git push hangs till timeout) in on premise DevOps Server even if Allow scripts to access the OAuth token as well as Repo permissions were correctly set.

In my case the problem was that Build Agent adds a path at the beginning of PATH environment variable - for me it was 'C:\ins\agent\externals\git\cmd\'. Here an old git version (git version 2.18.0.windows.1) resided and was launched in the context of build agent's pipeline. You can verify this by adding "git --version" call to your build task.

I haven't investigated why the old git version didn't work and simply used the full path qualification for my up-to-date git.exe in the pipeline task

"C:\Program Files\Git\bin\git.exe" push origin master

and with this git version - currently "git version 2.24.0.windows.2" everything works well. Updating your Build Agent to a version with newer git.exe should solve this problem too, of course.