[Azure Devops Extension][Post-pulling docker image] Unable to clone repository due to authentication issue

[firasrg]

Describe the bug I don't understand why the cloning gets rejected while the PAT (personal access token) has full access to code and PRs? Knowing that image pulling works fine.

My source files This is my .azuredevops/dependabot.yml :

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "daily"

And the following is my pipeline file :

trigger: none

pool:
  name: <MySelfHostedAgentName>

steps:
  - task: dependabot@1
    inputs:
      authToken: <MyPAT>
      azureDevOpsAccessToken: <MyPAT>
      extraEnvironmentVariables: AZURE_ORGANIZATION=tfs/DefaultCollection

Expected behavior Im expecting the clone-repo task to work properly without any issues !

Logs The following is the log im getting on Azure Devops build :

##[section]Démarrage : dependabot
  ==============================================================================
Task         : Dependabot
Description  : Automatically update dependencies and vulnerabilities in your code
Version      : 1.28.708
Author       : Tingle Software
Help         : For help please visit https://github.com/tinglesoftware/dependabot-azure-devops
  ==============================================================================
  [command]/usr/bin/docker run --rm -i -e DEPENDABOT_PACKAGE_MANAGER=npm -e DEPENDABOT_OPEN_PULL_REQUESTS_LIMIT=5 -e DEPENDABOT_DIRECTORY=/ -e DEPENDABOT_FAIL_ON_EXCEPTION=true -e AZURE_ORGANIZATION=DefaultCollection -e AZURE_PROJECT=MY20%PROJECT -e AZURE_REPOSITORY=expo-starter-kit -e AZURE_ACCESS_TOKEN=mvtvk5icfdhkvjqfvr3kans6oonqfdp6ss2bccrincv3l6gk3btq -e AZURE_MERGE_STRATEGY=squash -e AZURE_HOSTNAME=tfs.myeditions.com -e AZURE_VIRTUAL_DIRECTORY=tfs -e AZURE_ORGANIZATION=tfs/DefaultCollection ghcr.io/tinglesoftware/dependabot-updater-npm:1.28 update_script
  Using 'https://tfs.myeditions.com:443/tfs/' as API endpoint
  Pull Requests shall be linked to milestone (work item) 0
  Working in tfs/DefaultCollection/MY20%PROJECT/_git/expo-starter-kit, 'default' branch under '/' directory
  Cloning repository into /home/dependabot/dependabot-updater/tmp/tfs/DefaultCollection/MY20%PROJECT/_git/expo-starter-kit
/home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.253.0/lib/dependabot/file_fetchers/base.rb:175:in `rescue in clone_repo_contents': Cloning into '/home/dependabot/dependabot-updater/tmp/tfs/DefaultCollection/MY20%PROJECT/_git/expo-starter-kit'... (Dependabot::RepoNotFound)
fatal: Authentication failed for 'https://tfs.myeditions.com/tfs/DefaultCollection/MY20%PROJECT/_git/expo-starter-kit/'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.253.0/lib/dependabot/file_fetchers/base.rb:163:in `clone_repo_contents'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation_2_7.rb:59:in `bind_call'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation_2_7.rb:59:in `block in create_validator_method_fast0'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.253.0/lib/dependabot/npm_and_yarn/file_fetcher.rb:50:in `clone_repo_contents'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation.rb:270:in `bind_call'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation.rb:270:in `validate_call'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
  from bin/update_script.rb:505:in `<main>'
/home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.253.0/lib/dependabot/shared_helpers.rb:429:in `run_shell_command': Cloning into '/home/dependabot/dependabot-updater/tmp/tfs/DefaultCollection/MY20%PROJECT/_git/expo-starter-kit'... (Dependabot::SharedHelpers::HelperSubprocessFailed)
fatal: Authentication failed for 'https://tfs.myeditions.com/tfs/DefaultCollection/MY20%PROJECT/_git/expo-starter-kit/'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation.rb:167:in `bind_call'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation.rb:167:in `validate_call_skip_block_type'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation.rb:109:in `block in create_validator_slow_skip_block_type'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.253.0/lib/dependabot/file_fetchers/base.rb:792:in `block in _clone_repo_contents'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.253.0/lib/dependabot/shared_helpers.rb:265:in `with_git_configured'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation.rb:270:in `bind_call'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation.rb:270:in `validate_call'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.253.0/lib/dependabot/file_fetchers/base.rb:776:in `_clone_repo_contents'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation.rb:270:in `bind_call'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation.rb:270:in `validate_call'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.253.0/lib/dependabot/file_fetchers/base.rb:165:in `clone_repo_contents'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation_2_7.rb:59:in `bind_call'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation_2_7.rb:59:in `block in create_validator_method_fast0'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.253.0/lib/dependabot/npm_and_yarn/file_fetcher.rb:50:in `clone_repo_contents'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation.rb:270:in `bind_call'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation.rb:270:in `validate_call'
  from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
  from bin/update_script.rb:505:in `<main>'
##[error]The process '/usr/bin/docker' failed with exit code 1
##[section]Finalisation : dependabot

Extension (please complete the following information):

• Host: Azure Devops On-premise Server
• Version Dev17.M153.5 (2019)

Additional context I checked with our IT team about the issue, they can't find any solution to solve this issue. Pleas help

[mburumaxwell]

@firasrg, your access token mvtvk5icfdhkvjqfvr3kans6oonqfdp6ss2bccrincv3l6gk3btq has been exposed. Remember to roll/regenerate/revoke it if you already haven't

Regarding the authentication issue, there seems to be an issue with TFS or Azure DevOps server according to #1034. We do not use either of the two so fixed related to that will have to be contributed by someone who uses the same since they have the ability and time to test. I will close this, lets track via the issue above.