I'm trying to run git push command inside my Azure DevOps build pipeline but getting below error-
fatal: could not read Password for 'https://dev.azure.com': terminal prompts disabled.
Then I tried to execute same command with my Personal Access Token (PAT) like
MY_PAT= 'MY_PAT'
B64_PAT=$(printf ":$MY_PAT" | base64)
git -c http.extraHeader="Authorization: Basic ${B64_PAT}" push
and it worked. But owing to security compliance I can't use my PAT in pipeline is there any way to use git push command without exposing my PAT. Please explain oauth2 authentication step by step if that will work.
You do not need to use your PAT. You can use the predefined variable System.Accesstoken directly. See here.
System.AccessToken is a special variable that carries the security token used by the running build.
Change your command to below:
B64_PAT=$(printf ":$(System.AccessToken)" | base64)
git -c http.extraHeader="Authorization: Basic ${B64_PAT}" push
You can also use the AccessToken directly like this:
git push https://$(System.AccessToken)@dev.azure.com/org/proj/_git/repo -q