Azure Pipelines: I am getting fatal: could not read Username for 'https://github.com': terminal prompts disabled

Asked 8/4, 2019 at 7:7 Answered 12/5, 2019 at 1:9

Solved git powershell azure-devops azure-pipelines azure-pipelines-build-task

I have powershell task configured in azure build pipelines to merge changes from dev into master of my github public repo and push changes to master. I am getting

fatal: could not read Username for 'https://github.com': terminal prompts disabled

Note:

I have configured my gitconfig with my username and emailid.
The git push is working fine when I do modifications in files and do commit and push but its throwing this error when i do merge and push
I have sufficient privilege to push in the branch

Any help on this would be much appreciated. In case of more information needed, comment in this thread.

This is the actual snippet.

$branchName = $env:BRANCH_NAME;

Write-Host "Getting SHA for last commit in the latest release" -ForegroundColor Blue;
$latestReleaseCommitSHA = git rev-list --tags --max-count=1;

if([string]::IsNullOrEmpty($latestReleaseCommitSHA)) {
    Write-Host "Unable to get the SHA for last commit in latest release" -ForegroundColor Red;
    EXIT 1;
}

Write-Host "SHA for last commit in the latest release is '$($latestReleaseCommitSHA)'" -ForegroundColor Green;

Write-Host "Merging Changes till '$($latestReleaseCommitSHA)'" -ForegroundColor Blue;
git merge $latestReleaseCommitSHA

Write-Host "Checking Conflicted Files";
$conflictedFiles = git diff --name-only --diff-filter=U

if (-Not [string]::IsNullOrEmpty($conflictedFiles)) {
    Write-Host "Unable to Merge" -ForegroundColor Red;
    Write-Host "There are conflicts in below files:" -ForegroundColor Cyan;
    Write-Host -Object $conflictedFiles -ForegroundColor Cyan;
    EXIT 1;
}

Write-Host "Merged changes to '$($branchName)'" -ForegroundColor Green;

Write-Host "Pushing changes." -ForegroundColor Blue;
git push origin HEAD:$branchName

Write-Host "Pushed the changes to the $($branchName) branch." -ForegroundColor Green;

Thermion answered 8/4, 2019 at 7:7 Comment(5)

probably means it prompts for something when you try to do the push, try doing the same locally and figure out how to fix it – Dusty 8/4, 2019 at 7:13

by trying locally means in my own machine instead of azure pipelines or to the local repo ? – Thermion 8/4, 2019 at 7:54

well, given this error, I'm fairly certain it lacks permissions to do the push, because why would it prompt username\password otherwize – Dusty 8/4, 2019 at 8:12

@Thermion try my answer below, I also got this error in merge and I solved it. – Olomouc 8/4, 2019 at 9:6

Hi @Muthurathinam, I hope you don't mind me asking : do you really need to script the merge and push? This sort of thing can normally be done much more easily within azure devops by using a Pull Request. – Forehead 16/4, 2019 at 10:33

I don't why but when you try push after merge git want the username & password.

Azure DevOps by default disable the prompt to enter the credentials and you got the error.

You can enable the prompt by set the environment variable GIT_TERMINAL_PROMPT to 1 but during the build you can't enter the values and the build will hang.

To fix the error, just add the username & password or the Personal Access Token (PAT) in the git push command:

git push https://username:password(or PAT)@github.com/username/reponame.git

The https://... replace the origin.

Olomouc answered 8/4, 2019 at 8:18 Comment(2)

using personal access token instead of username and password worked. – Thermion 8/4, 2019 at 9:11

Instead of pasting the password into command line, you can use system variable for that. See the answer by Darren Rogers below. – Ruppert 10/3, 2020 at 15:14

There is a built-in "service account" which is actually a PAT called Project Collection Build Service, not to be confused with Project Collection Build Service Accounts group.

From: https://marcstan.net/blog/2018/08/31/Mirror-github-gitlab-and-VSTS-repositories/

Trivia: In case you didn't know "$env:SYSTEM_ACCESSTOKEN" is a PAT (Personal/Private Access Token) that is auto generated by the build server (but disabled by default) and allows to authenticate against VSTS from inside your builds and releases. To enable it, you have select the "agent job" inside your build or release definition and check the "Allow scripts to access the OAuth token" checkbox under "Additional options".

There are two steps to this:

Step 1

To get rid of the fatal: could not read username for... error, we need to allow scripts to access the OAuth token. If you're using the newest YAML-based Azure Pipeline, you'll be hunting high and low for "Allow scripts to access the OAuth token" option in the UI. The Microsoft answer is here. In your YAML file (azure-pipelines.yml), add:

steps:
- checkout: self
  persistCredentials: true

Step 2

After resolving the OP's error, I couldn't commit, receiving the error:

remote: 001f# service=git-receive-pack
remote: 0000000000aaTF401027: You need the Git 'GenericContribute' permission to perform this action. Details: identity 'Build\c21ba3ac-5ad4-de50-bc1a-12ee21de21f0', scope 'repository'.
remote: TF401027: You need the Git 'GenericContribute' permission to perform this action. Details: identity 'Build\c21ba3ac-5ad4-de50-bc1a-12ee21de21f0', scope 'repository'.
fatal: unable to access 'https://[username].visualstudio.com/[repo]/_git/[repo]/': The requested URL returned error: 403

We also have to give it permissions. From the same page as above. Add the user Project Collection Build Service to your repo(s).

Note: The user (1) and not the group (2).

Grant:

Contribute: Allow
Create Branch: Allow
Create Tag: Allow (Inherited)
Read: Allow (Inherited)

HTH

Monotheism answered 12/5, 2019 at 1:9 Comment(3)

Building on this answer, if you still use the old URL format, this same page can be found here: https://[organization].visualstudio.com/DefaultCollection/[project]/_settings/repositories?repoGroup=true&_a=security – Immense 26/8, 2019 at 20:46

Frustratingly, I also hit the "You need the Git 'GenericContribute' permission" error during cake build script - even though the only thing I was pushing was a tag (eg. git push origin refs/tags/1.0.0.0) and the Create Tag permission was set to Allow! I would have preferred to not give contribute permission but appears this was still necessary. – Edme 13/1, 2020 at 9:33

This is very useful answer. – Mckinnie 25/8, 2020 at 8:48

Not the exact same situation you have but this was the only post that came close to my similar situation so I thought it's worth adding my solution here. I had this error in a hosted Ubuntu Azure Pipeline, running a shell command task to checkout, edit and push to git.

I got the error when attempting to push with command:

git push

I fixed it by changing the command to:

git -c http.extraheader="AUTHORIZATION: bearer $(System.AccessToken)" push

$(System.AccessToken) is a predefined variable in the Azure Pipelines: https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&viewFallbackFrom=vsts&tabs=yaml

Callboard answered 9/4, 2019 at 0:4 Comment(4)

Another key item to go along with the command using System.AccessToken, you need to enable Allow scripts to access the OAuth token in the Job's Additional Options section (which is mentioned in the link you included). – Pruett 25/3, 2020 at 15:27

Well, that is weird. I do not use the checkout step nor set any setting about Allow scripts to access the OAuth token... yet I get access to the System.AccessToken variable. So they've updated the behavior? My steps are: 1. UseDotNet 2. GitVersion: Setup 3. GitVersion: Execute 4. Script: git tag + git -c http.extraheader... push – Shush 17/6, 2022 at 7:59

@NikitaKalimov I also have unrestricted access to $(System.AccessToken) but I had to go to the Project Settings / Pipelines / Settings then disable "Protect access to repositories in YAML pipelines" for this access token to work as described. Note that according to Protect access to repositories in YAML pipelines, this setting can be left enabled if you use the uses property to explicitly mention the repos you intend to use. – Pastoralize 4/10, 2022 at 11:5

The build user also needs to have proper permissions. see https://mcmap.net/q/278837/-azure-pipeline-does-39-t-allow-to-git-push-throwing-39-genericcontribute-39-permission-is-needed – Pathe 11/7 at 23:14