Renovate: versions after 19.52.3 fail to connect to azure devops
What Renovate type are you using?
I am using the docker version
Describe the bug
Running this command
docker run --rm renovate/renovate:19.52.3 --platform azure --endpoint https://{REDACTED}.visualstudio.com/ --token {REDACTED} "{REDACTED}/{REDACTED}"
logs this:
INFO: Using default gitAuthor: Renovate Bot bot@renovateapp.com
INFO: Renovating repository (repository={REDACTED}/{REDACTED})
INFO: Initialising git repository into /tmp/renovate/repos/azure/{REDACTED}/{REDACTED} (repository={REDACTED}/{REDACTED})
INFO: Platform error - skipping (repository={REDACTED}/{REDACTED})
INFO: Finished repository (repository={REDACTED}/{REDACTED})
INFO: Renovate finished
running with a version number of 19.52.2 works correctly
4540 is the change that was introduced in version 19.52.3
stocksr
All 15 comments
@jycouet @JamieMagee I think we need to consider reverting #4540, unless we can quickly determine why this is happening or if it's an isolated case.
rarkins
on 4 Oct 2019
Testing now...
JamieMagee
on 4 Oct 2019
@rarkins This also fails for me. I vote for reverting.
I tried with 19.52.3 and 19.56.0, as well as *.visualstudio.com and dev.azure.com/* and all fail.
@jycouet Can you share what settings you used to get this to work on Azure DevOps SaaS?
JamieMagee
on 4 Oct 2019
Thanks, I have reverted it in master just now. Let's keep this issue open to track efforts to re-implement
rarkins
on 4 Oct 2019
Working very well on my side! Running every day with @latest tag.
Here is my config:
***/*** --platform azure --endpoint https://***.visualstudio.com/ --token ***
I'm not using the "docker version". Can you get more logs?
:(
jycouet
on 4 Oct 2019
On my side I'm using windows machines. Can it have an effect?
jycouet
on 4 Oct 2019
I guess that different implementations of git could potentially have an affect
rarkins
on 4 Oct 2019
@jycouet Are you running via PowerShell? I've experienced in the past that it will authenticate you behind the scenes and allow you to do things like clone a repo via https:// without any auth prompt.
JamieMagee
on 4 Oct 2019
I'm on windows.
Powershell, Windows Command Line, Git Bash for Cloud & On-Premise git clone https://:<PAT>@MYHOST/yourOrgName/yourProjectName/_git/yourRepoName => Working.
Powershell, Windows Command Line, Git Bash for Cloud git clone https://token:<PAT>@MYHOST/yourOrgName/yourProjectName/_git/yourRepoName => Working.
Powershell, Windows Command Line, Git Bash for On-Premise git clone https://token:<PAT>@MYHOST/yourOrgName/yourProjectName/_git/yourRepoName => Not Working!
jycouet
on 5 Oct 2019
More data for you:
On-premise Azure Devops Server 2019 Version Dev17.M153.3.
Linux, git version 2.17.1
git clone https://token:<PAT>@MYHOST/collection/project/_git/repofailsgit clone https://:<PAT>@MYHOST/collection/project/_git/repofailsgit clone https://<PAT>@MYHOST/collection/project/_git/repofailsgit clone https://<PAT>:<PAT>@MYHOST/collection/project/_git/repofails
Windows, git version 2.19.2.windows.1
git clone https://token:<PAT>@MYHOST/collection/project/_git/repofailsgit clone https://:<PAT>@MYHOST/collection/project/_git/repoworksgit clone https://<PAT>@MYHOST/collection/project/_git/repoworksgit clone https://<PAT>:<PAT>@MYHOST/collection/project/_git/repofails
Microsoft states that their documentation on this matter is wrong but they don't plan on updating it because they think it's a rarely used case:
https://github.com/MicrosoftDocs/vsts-docs/issues/2444#issuecomment-438837800
There's a lot more information about what others have tried here:
https://stackoverflow.com/questions/53106546/cannot-clone-git-from-azure-devops-using-pat
What works for me on both linux and windows (with the aforementioned git versions) is using http.extraheader like this:
git -c http.extraheader="Authorization: Basic <BASE64>" clone https://MYHOST/collection/project/_git/repowhereBASE64is the base64 encoding oftoken:<PAT>
I'm not sure if this works for Azure DevOps Service. Can someone please test that out?
codepunkt
on 31 Oct 2019
@codepunkt Thanks for the detailed investigation. I haven't checked for myself, but I do know that Azure Pipelines uses the http.extraheader method to checkout at the start of every build. Here's an excerpt from a PR I did recently:
git -c http.extraheader="AUTHORIZATION: bearer ***" fetch --force --tags --prune --progress --no-recurse-submodules origin +refs/heads/*:refs/remotes/origin/* +refs/pull/53915/merge:refs/remotes/pull/53915/merge
What's the next step here? Should this issue be closed and another opened to support self-hosted azure devops?
rarkins
on 13 Dec 2019
@rarkins Yes, Renovate works against Azure DevOps now so this issue is closed. However there appears to be some work to do around the on premises version. At the very least clarifying what the issue is more.
JamieMagee
on 20 Dec 2019
git clone https://<PAT>@MYHOST/collection/project/_git/repo works does not seem to work for self-hosted Azure Devops Server.
Though git clone https://<user:passoword>@MYHOST/collection/project/_git/repo works did work.
Like bitbucket allowing user/password configuration for self-hosted Azure DevOps Server should work.
nishants
on 10 Jun 2020
@nishants please open a new issue here and fill the template. Azure DevOps Server should generally work
viceice
on 10 Jun 2020
Related issues
dlouzan
路
53Comments
vestimir
路
34Comments
rarkins
路
40Comments
felixfbecker
路
45Comments
brummelte
路
38Comments