Authentication to access other parts of Azure DevOps within a custom task
I want to create a Azure DevOps custom task that accesses other parts of Azure DevOps. Specifically, I want to create a custom task that adds a comment to a PR.
Unfortunately, I can't figure out how to authenticate properly. I found this code and added it to my task:
let token: string = tl.getEndpointAuthorizationParameter("SYSTEMVSSCONNECTION", "AccessToken", false);
let collectionUrl: string = tl.getEndpointUrl("SYSTEMVSSCONNECTION", false).replace(".vsrm.visualstudio.com", ".visualstudio.com");
let authHandler = token.length === 52 ? vsts.getPersonalAccessTokenHandler(token) : vsts.getBearerHandler(token);
let connection = new vsts.WebApi(collectionUrl, authHandler);
but I get the error:
TF401027: You need the Git 'PullRequestContribute' permission to perform this action. Details: identity 'Build\XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX', scope 'repository'.
I verified that the build service should have the correct permissions:
I've also tried checking the box "Allow scripts to access the OAuth token" in the Job settings, but that had no effect.
What am I missing?
You need to give permissions to the build users:
In Microsoft hosted agent is "Build Service (user-name)" and "Project Collection Build Service (Project)" (Sometimes the last only show up if you type the UUID (8837...) on "Search for user or groups".)
Can be found in project settings > repositories > permissions
- Microsoft Azure DevOps Repo: search for text/code in specific branch
- Is there any way to retrieve webhook trigger information from a pipeline?
- Azure Devops Apple App Store Release.Missing value for the attribute 'whatsNew'
- How to use environment variables in React app hosted in Azure
- How to manage variable declarations according to parameters
- Get All Pipeline Parameters Through Azure DevOps REST API
- Create a counter variable in Azure Devops for every pipeline successful run
- Use script file in Azure Devops yaml deployment pipeline
- How to properly use Azure Function Build and Deploy in Azure DevOps with multiple projects
- Azure devops - build number vs build id
- Run script on Azure VM Scale Set when deprovisioning
- Azure Pipeline to trigger Pipeline using YAML
- Make Azure Keyvault secrets available in entire pipeline
- Cannot authorize variable group in Azure Pipelines
- How to set up a simple Next.js web app with CI/CD on Azure?
- How to override the object and array parameters in the Arm template?
- Azure DevOps Oryx build of my ReactJS app fails with 'unable to resolve' error
- Secret Pipeline Parameter in Azure Devops
- Build validation on Azure DevOps branch: YAML in different repository?
- Azure Devops yml pipeline if else condition with variables
- How to Generate .AAB file and Sign Android app Bundle using azure pipeline
- nlohmann.json - "NuGet restore" in Azure DevOps pipeline cannot find it
- Azure DevOps Yaml pipeline - GitVersionfor additional repository
- Azure Web App Cannot Access Azure Container Registry Using Managed Identity
- Azure pipeline - run shell script on the remote server
- How to Enable Docker layer caching in Azure DevOps
- Notification send when second pipeline run completes
- Variable evaluates fine for displayName but not for condition, why is that?
- Not possible to use containers in Azure Pipelines self-hosted agents deployed as Azure K8s pods
- Triggering 2nd Azure Pipeline After Successful Run on 1st pipeline