Closed ahmetgul93 closed 1 month ago
rhyskoedijk
commented
1 month ago @ahmetgul93 if you haven't already, checkout configuring private feeds and registries. Changing token: ':$(PAT)' to token: PAT:${{ PAT }} should work, assuming you have declared an environment variable named PAT.
ahmetgul93
commented
1 month ago Thanks a lot! It passes token now and passed the authentication error. However now I got new authentication error while creating PR.
Error log;
Creating pull request for 'test: bump Microsoft.NET.Test.Sdk from 17.9.0 to 17.11.1 in /xxx/yyy/zzz'.
🌍 --> GET https://dev.azure.com/aaa/bbb/_apis/git/repositories/xxx/commits
🌍 <-- 200 https://dev.azure.com/aaa/bbb/_apis/git/repositories/xxx/commits
🌍 --> GET https://api.nuget.org/v3-flatcontainer/microsoft.net.test.sdk/17.11.1/microsoft.net.test.sdk.nuspec
🌍 <-- 200 https://api.nuget.org/v3-flatcontainer/microsoft.net.test.sdk/17.11.1/microsoft.net.test.sdk.nuspec
🌍 --> GET https://github.com/microsoft/vstest.git/info/refs?service=git-upload-pack
🌍 <-- 200 https://github.com/microsoft/vstest.git/info/refs?service=git-upload-pack
🌍 --> GET https://github.com/microsoft/vstest.git/info/refs?service=git-upload-pack
🌍 <-- 200 https://github.com/microsoft/vstest.git/info/refs?service=git-upload-pack
🌍 --> GET https://dev.azure.com/aaa/bbb/_apis/git/repositories/xxx/refs?filter=heads/dependabot/nuget/xxx/yyy/zzz/main/Microsoft.NET.Test.Sdk-17.11.1
🌍 <-- 200 https://dev.azure.com/aaa/bbb/_apis/git/repositories/xxx/refs?filter=heads/dependabot/nuget/xxx/yyy/zzz/main/Microsoft.NET.Test.Sdk-17.11.1
🌍 --> POST https://dev.azure.com/aaa/bbb/_apis/git/repositories/xxx/pushes?api-version=5.0
🌍 <-- 403 https://dev.azure.com/aaa/bbb/_apis/git/repositories/xxx/pushes?api-version=5.0
2024/10/18 11:52:41 ERROR
I also tried with 2 different tokens(PAT) which has full access to everything. I also updated project to create pr and all needed permissions.
Do you have any idea why dependabot couldnt create PR?
rhyskoedijk
commented
1 month ago @ahmetgul93 does the user who owns the PAT have "Contribute" permission to the repository? Based on the the error, it sounds like a repository permission issue. Can you check that:
It is a bit unintuitive, but a PAT token with full access does not necessarily mean that the user has access to write to the repository.
ahmetgul93
commented
1 month ago I have already given all these permissions. I could not see any feature branch creation log in the logs. Would that be the reason? Dependabot needs to creates a feature branch and then push all changes to that feature branch and create a pull request, right? Is it possible that it tries to push changes to MAIN instead of creating a branch and the PR ?
rhyskoedijk
commented
1 month ago I could not see any feature branch creation log in the logs.
The branch (ref) is created in the /_apis/git/repositories/xxx/pushes API call shown in your logs; There is no "/createBranch" API, if that is what you are expecting.
🌍 --> POST https://dev.azure.com/aaa/bbb/_apis/git/repositories/xxx/pushes?api-version=5.0
🌍 <-- 403 https://dev.azure.com/aaa/bbb/_apis/git/repositories/xxx/pushes?api-version=5.0The logs are pretty clear that the user Dependabot is running as does not have write permission to the repository; it can read commits, but cannot create branches or push commits.
Can you please confirm if this is the entirety of your task configuration?
- task: dependabot@1
displayName: 'Run Dependabot'
inputs:
useUpdateScriptvNext: true
env:
PAT: $(System.AccessToken)If yes, can you share a screenshot of the repository permissions assigned to the "Build Service" user.
If no, can you share a screenshot of the repository permissions assigned to the user you've set in azureDevOpsServiceConnection or azureDevOpsAccessToken.
You might also be able to find some information in https://github.com/tinglesoftware/dependabot-azure-devops/discussions/1245.
ahmetgul93
commented
1 month ago Thanks it fixed my issue.
Describe the bug I couldn't pass token into dependabot.yml to authenticate private feed.
This my dependabot.yml
this my stage in azurepipeline.yaml
After 20 min run (probably it is timeout ), it gets below error;
Discovery JSON content: { "Path": "/xxx/yyy/zzz", "IsSuccess": true, "Projects": [], "DirectoryPackagesProps": null, "GlobalJson": null, "DotNetToolsJson": null, "ErrorType": "AuthenticationFailure", "ErrorDetails": "(https://aaa.pkgs.visualstudio.com/bbb/_packaging/bbb-feed/nuget/v3/index.json)"
In the pipeline log I see this argument in the docker run;
-e DEPENDABOT_EXTRA_CREDENTIALS=[{"type":"nuget_feed","key":"bbb-feed","token":"${PAT}","url":"https://aaa.pkgs.visualstudio.com/bbb/_packaging/bbb-feed/nuget/v3/index.json"}]
The following source could not be reached as it requires authentication (and any provided details were invalid or lacked the required permissions): ([https://api.nuget.org/v3/index.json|https://aaa.pkgs.visualstudio.com/bbb/_packaging/bbb-feed/nuget/v3/index.json...]
Could you please how can I pass this authentication error?