Azure Pipelines: I am getting fatal: could not read Username for 'https://github.com': terminal prompts disabled

Question

I have powershell task configured in azure build pipelines to merge changes from dev into master of my github public repo and push changes to master. I am getting

Answer 1

I don't why but when you try push after merge git want the username & password.

Azure DevOps by default disable the prompt to enter the credentials and you got the error.

You can enable the prompt by set the environment variable GIT_TERMINAL_PROMPT to 1 but during the build you can't enter the values and the build will hang.

To fix the error, just add the username & password or the Personal Access Token (PAT) in the git push command:

git push https://username:password(or PAT)@github.com/username/reponame.git 

The https://... replace the origin.

Answer 2

For private projects the azure devops build VM doesn't have permission to clone your submodules. In order to give it permission to clone you can either add your username and password or add a personal access token(PAT) to the url in the gitmodules file in your repo on Azure devops. You need to change the url to https://username:password@dev.azure.com/organization/project/_git/repo or https://PAT@dev.azure.com/organization/project/_git/repo

I recommend using a PAT. You can create a PAT in Azure DevOps just look up how to do it.

Answer 3

There is a built-in "service account" which is actually a PAT called Project Collection Build Service, not to be confused with Project Collection Build Service Accounts group.

From: https://marcstan.net/blog/2018/08/31/Mirror-github-gitlab-and-VSTS-repositories/

Trivia: In case you didn't know "$env:SYSTEM_ACCESSTOKEN" is a PAT (Personal/Private Access Token) that is auto generated by the build server (but disabled by default) and allows to authenticate against VSTS from inside your builds and releases. To enable it, you have select the "agent job" inside your build or release definition and check the "Allow scripts to access the OAuth token" checkbox under "Additional options".

There are two steps to this:

Step 1

To get rid of the fatal: could not read username for... error, we need to allow scripts to access the OAuth token. If you're using the newest YAML-based Azure Pipeline, you'll be hunting high and low for "Allow scripts to access the OAuth token" option in the UI. The Microsoft answer is here. In your YAML file (azure-pipelines.yml), add:

steps:
- checkout: self
  persistCredentials: true

Step 2

After resolving the OP's error, I couldn't commit, receiving the error:

remote: 001f# service=git-receive-pack
remote: 0000000000aaTF401027: You need the Git 'GenericContribute' permission to perform this action. Details: identity 'Build\c21ba3ac-5ad4-de50-bc1a-12ee21de21f0', scope 'repository'.
remote: TF401027: You need the Git 'GenericContribute' permission to perform this action. Details: identity 'Build\c21ba3ac-5ad4-de50-bc1a-12ee21de21f0', scope 'repository'.
fatal: unable to access 'https://[username].visualstudio.com/[repo]/_git/[repo]/': The requested URL returned error: 403

We also have to give it permissions. From the same page as above. Add the user Project Collection Build Service to your repo(s).

Note: The user (1) and not the group (2).

Grant:

Contribute: Allow
Create Branch: Allow
Create Tag: Allow (Inherited)
Read: Allow (Inherited)

HTH

Answer 4

Not the exact same situation you have but this was the only post that came close to my similar situation so I thought it's worth adding my solution here. I had this error in a hosted Ubuntu Azure Pipeline, running a shell command task to checkout, edit and push to git.

I got the error when attempting to push with command:

git push

I fixed it by changing the command to:

git -c http.extraheader="AUTHORIZATION: bearer $(System.AccessToken)" push

$(System.AccessToken) is a predefined variable in the Azure Pipelines: https://docs.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&viewFallbackFrom=vsts&tabs=yaml