Accessing Git repo #962
Comments
|
The current prepare does it via libgit and uses the generated per build OAuth token sent down to the agent. That oauth token is available to custom task authors so that's one possibility. However in the sprint rolling out right now (S92 - in a couple scale units so far), we added a checkbox on the options tab to make the token available to 'ad-hoc scripts'. This means you trust everyone that can edits your definition (and all process and scripts that run it**) :) It's a variable (can't remember off the top of my head - do a set and inspect) Now, onto getting git.exe to use it. There's ASKPASS and credhelpers but those are actually problematic with per build passwords since cred helpers can store and then you don't get called back, then your token for that build expires, next build fails :( So, one option is to edit your remote. Call get to set the remote to Ouath:@ At the end of the script you can set it back. We are contemplating doing what I just mentioned for you as an option. If we do that (and you check that box), ad-hoc git scripting via cmd files just works. What won't work is authenticated sub-modules with that approach since the url is embedded in the sub-module ref |
|
Thanks. I will wait for S92 and try the OAuth token / edit remote way. |
|
@bryanmacfarlane I tried to update the git remote using the SYSTEM_ACCESSTOKEN environment variables but couldn't make it work. Did I get it right that I should be able to replace the url of the origin remote ( |
|
Needs to be username:password So use any username like OAuth and then token as password |
|
Thanks, |
|
Hmmm - that's what our xplat agent does. I'll try it out later. Until then any other details like the cmds run, output, scripts etc would help |
|
I've written a build task which updates the remote. You can find it in this PR or in this ZIP. My test build definition is:
The repo contains one binary file which was added with git lfs. While calling the If I manually call |
|
Just as a test - does it work if it's just gig fetch? Trying to figure out if it's an lfs thing ... |
|
A |
|
@bryanmacfarlane I opened a ticket on git-lfs regarding this: git-lfs/git-lfs/issues/906 |
|
Closing the issue since the VSTS related part seems to work fine with standard Git commands. Lfs related stuff should be handled in git-lfs/git-lfs/issues/906. Thanks @bryanmacfarlane for the help! |
|
As some feedback i think we could have a GetSources as a task,where we have a primary source but can i have other sources.. TeamCity allows this with multiple VCS roots |
|
@rmarinho agreed. we are working toward that. |
|
@ericsciple is there any reference on VSTS features timeline about it I can look for to know when this will be completed and actually released? |
|
@ggirard07 no but we've been wanting to do it for a long time and we're working a feature now that i think is going to force it (next few months would be my best guess). we've also been making incremental steps along the way to decouple get sources from the agent. for a workaround today you could clone the repo yourself. if you check Allow scripts access to OAuth token then you can use the token for the Project Collection Build Service identity. |
|
@ericsciple - would you happen to have any additional info on the possibility of VSTS builds being able to checkout multiple git repositories? Would be very nice to have first-class support for this. Dave Burnison mentions the steps needed to cleanly clone the git repo yourself:
(see his 'June 1, 2016 at 8:22 pm' comment here: https://blogs.msdn.microsoft.com/premier_developer/2016/04/13/tips-for-writing-powershell-scripts-to-use-in-build-and-release-tasks/) |
|
It's something we want to do for multiple reasons. It's not next though. |
This is maybe not directly on issue with the tasks but more with the agent. What is the recommended approach to run Git operation during a build?
My use case is that I have a repository utilizing git-lfs. Since VSTS only does a checkout I manually need to call
git lfs fetchafterwards. The problem here is the authentication. I want to avoid to have to setup an service account for accessing the repo just for this case. The agent already somehow manages to checkout the repo. Is it possible to use the same approach for additional operations?The text was updated successfully, but these errors were encountered: