-
Notifications
You must be signed in to change notification settings - Fork 172
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Git push error for azdo #755
Comments
This has to do with the git credential being cached. I had a quick chat with @puicchan about this and the issue stems from running Git caches the credentials for https://dev.azure.com.When the second invocation comes through, it fails as the old pat is still in the credential helper cache. I was able to successfully reproduce with the following steps (note bash seems to force a password prompt, but on PS core it defaults to an error):
Work around:
Regarding the second error in the original post. That is because the Git Credential Manager for windows created a PAT automatically and was able to push the code. However, since it lacked scopes to run the pipeline and configure a build policy it resulted in a failure. After updating the credential store with the correct PAT this second issue does not appear. |
Removed the The root cause is related to how git credentials are persisted and not related to azd. Uses must be aware than rotating a PAT would affect any store credentials using that PAT, so they need to refresh the stores. We can invest some time in the future on how to provide good error handling or messages about wrong PAT |
We also encounter the same issue on Mac OS . By comparing successful logs in other environments , the code is pushed to the |
@vhvb1989 what if I work on multiple repo and use diff PAR for my projects? This is not about rotating PAT. Previous credential is cached. How do we prevent that? |
git-credential-manager automatically stores one credential per domain. This is because you would use the same PAT for all the projects/repos/pipelines within an Azdo Server. The PAT can't not be scoped to one project or repo only, as it is created for the entire Organization (or even across organizations). The PAT is equivalent to your user-log-in credentials. You don't need a different user-account for each project. Using one PAT per repo (within the same organization) is equivalent to have multiple user accounts (one account per repo) It is more likely to think about a relation between a PAT and a tool. You might have one PAT for different tools. For example, one PAT for |
PR 743 build -
azd version 0.2.0-beta.3-pr.1877365 (commit 33710f9)
Scopes of PAT
Agent Pools (read, manage)
Build (read and execute)
Code (full)
Project and team (read, write and manage)
Release (read, write, execute and manage)
Service Endpoints (read, query and manage)
I ran this again with --debug. This time, I am prompted for credential. A new PAT entry is added:
End of the debug output
...
Just checked the project. After running
azd pipeline config --debug
(and I suspect with the Git PAT),Not sure why the "Error: post git push hook: Could not queue the build because there were validation errors or warnings."
The text was updated successfully, but these errors were encountered: