There was an error reading pull request statuses. Please ensure that the build account has sufficient permissions

[careywalker]

I'm getting the error: "There was an error reading pull request statuses" and I'm not really sure how to solve it.

The build account is my own account and I am the collection administrator so my account has rights to do everything.

I'm sure it's something simple but I'm stuck on where else to look.

Here is my yml configuration:

• task: BuildQualityChecks@7 displayName: 'Check Code Coverage' inputs: checkCoverage: true coverageFailOption: 'fixed' coverageType: 'blocks' treat0of0as100: true coverageThreshold: '100'

`Starting: Check Code Coverage

Task : Build Quality Checks Description : Breaks a build based on quality metrics like number of warnings or code coverage. Version : 7.6.1 Author : Microsoft Help : [Docs]

SystemVssConnection exists true Using IdentifierJobResolver Validating code coverage policy... Successfully read code coverage data from build. Evaluating coverage data from 1 filtered code coverage data sets... Total blocks: 11 Covered blocks: 7 Code Coverage (%): 63.6364 [ERROR] The code coverage value (63.6364%, 7 blocks) is lower than the minimum value (100%)!

[error]The code coverage value (63.6364%, 7 blocks) is lower than the minimum value (100%)!

There was an error reading pull request statuses. Please ensure that the build account has sufficient permissions (see https://github.com/MicrosoftPremier/VstsExtensions/blob/master/BuildQualityChecks/en-US/PullRequests.md#prerequisites-1)! Finishing: Check Code Coverage `

[ReneSchumacher]

Hi @careywalker,

we should probably make the log output a little less drastic :) The "error" that occurs when reading pull request status information is not a problem unless you want to use BQC as a pull request status policy. If so, you need to follow the guidance from our documentation that is linked in the log message:

In addition you must ensure that your build account has the Contribute to pull requests permission so it can publish pull request statuses! See Git repository permissions for more information. Depending on your build job authorization scope you need to either give that permission to your project build account (e.g., YourProject Build Service (YourOrganization)) or your project collection build account (e.g., Project Collection Build Service (YourOrganization)).

To be clear: this is not about the account that executes the agent service. Azure Pipelines uses one of two internal technical accounts that are called "MyProject Build Service (MyOrganization)" or "Project Collection Build Service (My Organization)". These are the account you need to se permissions for if you want to use the pull request status feature.

Does that help?

[careywalker]

@ReneSchumacher Thanks for getting back to me, I am trying this now. I do want to use BQC as a pull request status policy so this is what I was trying to get working.

[careywalker]

I think have set-up the permissions correctly, please see attachments. Do you see something that is missing?

[ReneSchumacher]

Looks good; however, you need to check the job authorization scope for your build to make sure that you're actually using the project collection build account and not the project build account. Or make sure that your COREGIT Build Service (DefaultCollection) also has sufficient permissions.

[careywalker]

Thanks, I know you can't see it in the screen shot but both accounts have the same permissions.

[careywalker]

Ok, so it was the setting in the Status Policy that was the source of the issue. I don't really understand why this was causing the problem but removing that configuration worked.

Thanks for your support :)

[ReneSchumacher]

Thanks for letting me know about the root cause. I'm not really sure why this would cause the issue, but I'll put an investigation task on our backlog.

Since the issue is resolved now, I'm closing it. Feel free to add additional comments or open a new one if you need anything else.