Authentication to access other parts of Azure DevOps within a custom task
I want to create a Azure DevOps custom task that accesses other parts of Azure DevOps. Specifically, I want to create a custom task that adds a comment to a PR.
Unfortunately, I can't figure out how to authenticate properly. I found this code and added it to my task:
let token: string = tl.getEndpointAuthorizationParameter("SYSTEMVSSCONNECTION", "AccessToken", false);
let collectionUrl: string = tl.getEndpointUrl("SYSTEMVSSCONNECTION", false).replace(".vsrm.visualstudio.com", ".visualstudio.com");
let authHandler = token.length === 52 ? vsts.getPersonalAccessTokenHandler(token) : vsts.getBearerHandler(token);
let connection = new vsts.WebApi(collectionUrl, authHandler);
but I get the error:
TF401027: You need the Git 'PullRequestContribute' permission to perform this action. Details: identity 'Build\XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX', scope 'repository'.
I verified that the build service should have the correct permissions:
I've also tried checking the box "Allow scripts to access the OAuth token" in the Job settings, but that had no effect.
What am I missing?
You need to give permissions to the build users:
In Microsoft hosted agent is "Build Service (user-name)" and "Project Collection Build Service (Project)" (Sometimes the last only show up if you type the UUID (8837...) on "Search for user or groups".)
Can be found in project settings > repositories > permissions
- The term 'script:' is not recognized as the name of a cmdlet, function, script file, or operable program
- Unable to complete a partial restore of our Azure DevOps database
- Azure Devops Jekyll site build fails, worked previously
- Why I am receiving the error: Error: Template file pattern matches a directory instead of a file: /home/vsts/work/1/s in my yaml file pipeline file?
- Conditional dependent job in Azure Devops YAML pipelines
- Azure DevOps REST API: Match Manual Test Case steps to Test Run results?
- Is there a way to get more than 1000 Packages and versions from Azure DEVOPs Feed RESTAPI for GET Packages?
- Pipeline Shows as Failed When Successful
- Yaml manual approval step in jobs.template
- Environment variables as parameter of type object in Azure DevOps pipelines
- Skip Azure Pipeline jobs (or the whole pipeline) if change is from a merge from a specific branch
- Visual Studio 2022 can't connect to a project due to bad filters
- Azure Data Factory CI npm validate step suddenly crashing
- Error using Azure DevOps REST API and classificationnodes
- Remove TFS Connection From Visual Studio 2019
- Restricting branch creation based on Azure DevOps group permissions
- ADO - Granular Permission for Users on Team
- Dev env is skipping
- Must delete massive inadvertent checkin from remote git repo
- Job Conditions in Azure Pipelines
- Access Denied using Azure App Configuration Task in DevOps Pipeline
- Passing output variable to a template in the same job in Azure devops
- Secrets inject securely Dockerfile during build .NET
- Azure Pipeline: how to delete a variable inside Azure build pipeline
- How do I specify playwright chromium version in azure pipeline
- Azure Devops - YAML - not reading .net version from props file
- Azure yaml trigger pipeline every 14 days on a Saturday
- How can I give a containerRegistry to a DevcontainersCi task in an Azure DevOps YAML Pipeline?
- How to assign organization-level permissions to create repositories across all projects in organization in Azure DevOps?
- Updating Node js on internal windows ADO build agent