Pushing to Protected Github Branch from Azure DevOps pipeline

Question

I have a DevOps pipeline that is tasked with updating a file, and committing it back to a protected branch in Github. Checking out from the repo works just fine. I thought I had the right permission setup, but it doesn't work.

I have allowed azure-pipelines the permissions here:

I have specified the following to preserve the authentication from the original checkout here:

steps:
- checkout: self
  persistCredentials: true  

- task: Bash@3
  inputs:
    targetType: inline
    script: |
      git checkout integration

Then after the changes I make, I want to push back to the integration branch like this:

- task: Bash@3
  inputs:
    targetType: inline
    script: |
      cd ./Test/Test.UWP
      git config --global user.email "test@test.com"
      git status
      cd ../..
      git add .
      git commit -m "Release $(versionNumber)"
      git push origin integration

This returns the following output though and it doesn't push it back to the integration branch:

remote: error: GH006: Protected branch update failed for refs/heads/integration.        
remote: error: At least 1 approving review is required by reviewers with write access.        
To https://github.com/test/test-app
 ! [remote rejected] integration -> integration (protected branch hook declined)
error: failed to push some refs to 'https://github.com/test/test-app'

Does this answer your question? [git request code review from command line git pull](https://stackoverflow.com/questions/50291752/git-request-code-review-from-command-line-git-pull) — Matt, Sep 24 '20 at 00:41

score 0 · Answer 1 · answered Sep 24 '20 at 08:27

0

You may check the solutions in this case: Cannot push on github suddently

You can either give admin access to the azure-pipelines, or go to Settings -->Branches to tick Allow force pushes (Permit force pushes for all users with push access) to have force push.

answered Sep 24 '20 at 08:27

Cece Dong - MSFT

29,631
1
24
39

The right permission is called *Bypass policies when pushing*. – sourcream Jul 25 '22 at 22:31

score -1 · Accepted Answer · answered Dec 07 '20 at 07:48

-1

Solution for this was to create another account and generate a PAT from it with admin access.

Then I cloned the app in a separate directory on the agent. Modified what I needed to and was able to create my tags and everything using git bash.

answered Dec 07 '20 at 07:48

A.Sharma

2,771
1
11
24

You should not need a PAT, especially one with admin rights, if the user behind your pipeline has the proper permissions, which in this case should be *Bypass policies when pushing*. – sourcream Jul 25 '22 at 22:28

Pushing to Protected Github Branch from Azure DevOps pipeline

2 Answers2