简体   繁体   English

从 Azure 管道模板克隆一个启用双因素身份验证的私有 GitHub 存储库,并将 PAT 作为机密

[英]Clone a two-factor authentication enabled private GitHub repo from Azure Pipeline template with a PAT as a secret

I want to clone a 2FA enabled private GitHub repo to my azure pipeline.我想将启用 2FA 的私有 GitHub 存储库克隆到我的 azure 管道。 My configuration is as follows.我的配置如下。

trigger: none

pr:
  branches:
    include:
    - azure

pool:
  vmImage: ubuntu-latest

steps:
- script: |
    echo "--------------- Clone 2FA enabled private repo ---------------"
    git clone https://github-azure-pipeline-user:$(PAT)@github.com/parent-org/2fa-enabled-github-repo.git
    echo "--------------- Clone Completed ---------------"
  displayName: 'Clone 2FA enabled private repo'

Personal access token(PAT) for github-azure-pipeline-user is configured as a variable from the Azure DevOps UI. github-azure-pipeline-user的个人访问令牌 (PAT) 配置为 Azure DevOps UI 中的变量。 The issue is when the type of the variable PAT is changed to secret from the UI, the git clone does not work.问题是当变量PAT的类型从 UI 更改为secret时,git 克隆不起作用。 Authentication failed error is displayed.显示验证失败错误。

--------------- Clone 2FA enabled private repo ---------------
Cloning into '2fa-enabled-github-repo'...
remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/parent-org/2fa-enabled-github-repo.git/'
--------------- Clone Completed ---------------

When PAT is set as a plain text variable, this works without an issue.PAT设置为纯文本变量时,这没有问题。

Is this a bug in Azure pipelines or am I doing something wrong?这是 Azure 管道中的错误还是我做错了什么?

As per documentation :根据文档

Secret variables are encrypted at rest with a 2048-bit RSA key.秘密变量在 rest 使用 2048 位 RSA 密钥进行加密。 Secrets are available on the agent for tasks and scripts to use.代理上提供了秘密供任务和脚本使用。 Be careful about who has access to alter your pipeline.请注意谁有权更改您的管道。

Unlike a normal variable, they are not automatically decrypted into environment variables for scripts.与普通变量不同,它们不会自动解密为脚本的环境变量。 You need to explicitly map secret variables.您需要明确 map 秘密变量。

So you may try the following syntax:因此,您可以尝试以下语法:

- script: |
    echo "--------------- Clone 2FA enabled private repo ---------------"
    git clone https://github-azure-pipeline-user:$env:MY_MAPPED_ENV_VAR@github.com/parent-org/2fa-enabled-github-repo.git
    echo "--------------- Clone Completed ---------------"
  displayName: 'Clone 2FA enabled private repo'
  env:
    MY_MAPPED_ENV_VAR: $(PAT)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure cmdlet - 使用双因素身份验证时会话无效 - Azure cmdlets - Session is invalid when using two-factor authentication 跳过远程 azure 管道模板存储库中的步骤 - Skip steps from remote azure pipeline template repo NPM 依赖于另一个私有 Bitbucket 存储库 Azure DevOps 管道身份验证失败 - NPM dependencies to another private Bitbucket repo Azure DevOps pipeline authentication fails 如何使用带有命令行 git 或 sourcetree 的 PAT 克隆 azure 开发操作 git 存储库? - how to clone an azure dev ops git repo using PAT with command line git or sourcetree? 私有 vnet:Git 从 Azure 克隆我的 azure 存储库 ML 计算实例是不可能的 - private vnet: Git clone my azure repo from Azure ML compute instance is impossible Azure 数据工厂 GitHub 集成私有存储库 - Azure Data Factory GitHub Integration Private Repo 如何在 Azure 管道中获取 github 存储库名称 - How to get the github repo name in Azure pipeline 令牌认证(而不是 PAT 令牌)到 Azure DevOps REST API 通过 Azure DevOps 管道 - Token authentication (instead of PAT token) to Azure DevOps REST API via Azure DevOps Pipeline 将 GitHub 应用程序身份验证用于 Azure Pipelines(而不是 OAuth 或 PAT)的实际好处是什么? - The actual benefits in using GitHub App authentication for Azure Pipelines (instead of OAuth or PAT)? 如何在虚拟机中创建 Azure 管道以拉取 github 存储库 - How to create Azure pipeline to pull github repo in Virtual Machine
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM