Azure pipeline does't allow to git push throwing 'GenericContribute' permission is needed

Asked 11/6, 2019 at 10:14 Answered 16/1, 2023 at 14:47

Solved git azure-devops azure-pipelines azure-pipelines-build-task

I'm trying to push some changes done during Azure pipeline using cmd component as follows,

steps:
- script: |
   git config user.email [email protected]
   git config user.name "your name"
   git diff
   git  add .
   git commit -m "version update [skip ci]"
   git push origin HEAD:master

But it fails showing following error.

remote: 0000000000aaTF41027: You need the Git 'GenericContribute' permission to perform this action. Details: identity 'Build\sdfdfjjkk', scope 'repository'

I already set the necessary permission as follows:

And the Allow scripts to access the OAuth token is also enabled as mentioned here

What other permissions do I need to give this to work?

Glossology answered 11/6, 2019 at 10:14 Comment(0)

You need to grant the permissions to Project Collection Build Service (account name):

Amorita answered 11/6, 2019 at 11:23 Comment(0)

127

If you get the following error in your build:

You need the Git ‘GenericContribute’ permission to perform this action. Details: identity 'Build\7be59e48-a479-XXXX-a453-XXXXXXXXXXXX', scope 'repository'.)

...then, to fix it:

IMPORTANT: Copy the 7be59e48-a479-XXXX-a453-XXXXXXXXXXXX guid part of the identity name from the error message
Go to the repository settings
Paste the guid into the permissions search box for user or group.
This will then display a “Project Collection Build Service (OrganisationName)”. Select that user
Set the permissions as stated in other answers.

Borek answered 21/10, 2021 at 9:46 Comment(5)

upvote this!!! 💯 – Genni 14/12, 2021 at 7:33

This was the missing piece, i was giving the permission to the group but it was required on the user (or the build use isn't in the group) – Launderette 21/2, 2022 at 16:45

+1 This was also the last bit for me.. Specially because there are other shown "Build service" users and the important one only shows up after searching with the GUID. Just to add, you need to do the search in the specific repository, not on the "all repositories" section. – Ecphonesis 6/7, 2022 at 15:20

Additionally setting git config --global user.email $BUILD_REQUESTEDFOREMAIL and git config --global user.name "$BUILD_REQUESTEDFOR" before interacting with git is useful in combination with this answer. – Gyn 12/1 at 13:39

Life saved when searched with GUID(03517c20-93ea-4a14-af3e-f2607cd43f48) directly inside "security" -> "user permissions" box – Heliostat 13/6 at 8:20

You need to grant the permissions to Project Collection Build Service (account name):

Amorita answered 11/6, 2019 at 11:23 Comment(0)

It should caused by your account do not have the contribute permission for this repository.

Go Project setting --> Repositories --> click Repos you want to operate -->set repository permissions accordingly.

Dekker answered 11/6, 2019 at 11:23 Comment(3)

There isn't a "Project Collection Build Service (???)" user - how come? I set the permissions on the "Project Collection Build Service Accounts" but that didn't do it.. imgur.com/0zBsIew thanks – December 25/6, 2019 at 5:34

@dan, "Project Collection Build Service (xxx)", this is the identity which exist in project.You can add it in it with the "Add" button, and search "Project Collection Build Service (xxx)"(user, not group). The reason that no work to set permission on "Project Collection Build Service Accounts" for you, is you may did not add this user(Project Collection Build Service(xxx)) into this group. You can check this under your Org setting-->Permissions. – Dekker 25/6, 2019 at 6:48

Follow this answer - worked for me. Secret is to copy the user UUID from the error message and paste it into the 'Search' box - it reveals a user that is not shown on the page by default. Then just add Contribute permissions. https://mcmap.net/q/281547/-doing-git-pushes-from-the-azure-release-pipeline – Madly 5/5, 2021 at 7:49

Even if you have permission but still not able to push the code. Please follow the below steps.

Please check if you have a valid user and password configured in git. If not follow the below steps.
Go to Repository and create a personnel access token which you will use as a password for committing and pushing the code to repos along with your username.

So the best way you can configure your URL while doing the clone.

GitLab Example :

GitLab URL for clone: 

https://gitlab.com/myrepo/demoProject.git

GitLab configured URL for clone:

https://username:[email protected]/myrepo/demoProject.git. // Follow this approach to clone

Azure Example :

Azure URL for clone: 

https://[email protected]/MY-ORG/MyRepo/_git/demo

Azure configured URL for clone:

https://username:[email protected]/MY-ORG/MyRepo/_git/demo // Follow this approach to clone

Once you are able to clone these repos then you are all set to commit and push your code.

That’s all. It will save your day!!

Repatriate answered 16/1, 2023 at 14:47 Comment(0)

Recommended topics

Hot tags