[英]Clone a two-factor authentication enabled private GitHub repo from Azure Pipeline template with a PAT as a secret
I want to clone a 2FA enabled private GitHub repo to my azure pipeline.我想将启用 2FA 的私有 GitHub 存储库克隆到我的 azure 管道。 My configuration is as follows.我的配置如下。
trigger: none
pr:
branches:
include:
- azure
pool:
vmImage: ubuntu-latest
steps:
- script: |
echo "--------------- Clone 2FA enabled private repo ---------------"
git clone https://github-azure-pipeline-user:$(PAT)@github.com/parent-org/2fa-enabled-github-repo.git
echo "--------------- Clone Completed ---------------"
displayName: 'Clone 2FA enabled private repo'
Personal access token(PAT) for github-azure-pipeline-user
is configured as a variable from the Azure DevOps UI. github-azure-pipeline-user
的个人访问令牌 (PAT) 配置为 Azure DevOps UI 中的变量。 The issue is when the type of the variable PAT
is changed to secret
from the UI, the git clone does not work.问题是当变量PAT
的类型从 UI 更改为secret
时,git 克隆不起作用。 Authentication failed error is displayed.显示验证失败错误。
--------------- Clone 2FA enabled private repo ---------------
Cloning into '2fa-enabled-github-repo'...
remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/parent-org/2fa-enabled-github-repo.git/'
--------------- Clone Completed ---------------
When PAT
is set as a plain text variable, this works without an issue.当PAT
设置为纯文本变量时,这没有问题。
Is this a bug in Azure pipelines or am I doing something wrong?这是 Azure 管道中的错误还是我做错了什么?
As per documentation :根据文档:
Secret variables are encrypted at rest with a 2048-bit RSA key.秘密变量在 rest 使用 2048 位 RSA 密钥进行加密。 Secrets are available on the agent for tasks and scripts to use.代理上提供了秘密供任务和脚本使用。 Be careful about who has access to alter your pipeline.请注意谁有权更改您的管道。
Unlike a normal variable, they are not automatically decrypted into environment variables for scripts.与普通变量不同,它们不会自动解密为脚本的环境变量。 You need to explicitly map secret variables.您需要明确 map 秘密变量。
So you may try the following syntax:因此,您可以尝试以下语法:
- script: |
echo "--------------- Clone 2FA enabled private repo ---------------"
git clone https://github-azure-pipeline-user:$env:MY_MAPPED_ENV_VAR@github.com/parent-org/2fa-enabled-github-repo.git
echo "--------------- Clone Completed ---------------"
displayName: 'Clone 2FA enabled private repo'
env:
MY_MAPPED_ENV_VAR: $(PAT)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.