Tony Blues Tony Blues - 1 year ago 181
Git Question

Executing git commands inside a VSO build job

[Environment: VSO, GIT, hosted build agent]

I'd like to create a VSO build definition that is able to do the following:

  1. Executing a script to generate some new files based on existing files in the repo

  2. Commit/push those generated files back to repo

I can do #1 with no problem. But I'm not sure how I can do #2.

I discovered I was actually able to run git.exe from inside a build job. But I'm not sure how I can pass the credential to git. Based on the build logs, it's failing because it's trying to get the username from stdin.

I tried adding a step in the build definition with something like "git config --global xxxx" but it still didn't help.

Is this a supported scenario at all? Any suggestions?



I tried the following approach in my build script:

git -c http.extraheader="AUTHORIZATION: bearer %SYSTEM_ACCESSTOKEN%" pull ...

It seemed to work for commands like pull, etc. But when I was trying to push the changes, I got the below error:

fatal: unable to access '': SSL read: error:00000000:lib(0):func(0):reason(0), errno 10054


Answer Source

Sorry to answer my own question here...

I just got some hint from some TFS expert, who pointed me to this article:, which perfectly solved my problem.

I think I should share it out to help whoever might run into the same situation as I did.

Here I am quoting the key steps (reformatted a bit):

Grant version control permissions to the build service

Go to the Version Control control panel tab

  • Team Services: https://{your-account}{your-team-project}/_admin/_versioncontrol

  • On-premises: https://{your-server}:8080/tfs/DefaultCollection/{your-team-project}/_admin/_versioncontrol

On the Version Control tab, select the repository in which you want to run Git commands, and then select Project Collection Build Service (account_name). Grant permissions needed for the Git commands you want to run. Typically you'll want to grant:

  • Branch creation: Allow
  • Contribute: Allow
  • Read: Inherited allow
  • Tag creation: Inherited allow

When you're done granting the permissions, make sure to click Save changes.

Enable your build definition to run Git.exe

  • On the variables tab set this variable: system.prefergit = true
  • On the options tab select Allow scripts to access OAuth token.

With these settings, there is no need to install the Git Build Tools extension or tweak the Credential Manager. You don't need to explicitly set the extra header for OAuth token, either. I feel it's indeed a very neat solution. :)

But really appreciate the help from Eddie and VonC!

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download