我想将一个启用2FA的私有GitHub回购克隆到我的azure管道中。我的配置如下。
trigger: none
pr:
branches:
include:
- azure
pool:
vmImage: ubuntu-latest
steps:
- script: |
echo "--------------- Clone 2FA enabled private repo ---------------"
git clone https://github-azure-pipeline-user:$(PAT)@github.com/parent-org/2fa-enabled-github-repo.git
echo "--------------- Clone Completed ---------------"
displayName: 'Clone 2FA enabled private repo'
github-azure-pipeline-user的个人访问令牌(PAT(配置为Azure DevOps UI中的变量。问题是,当变量PAT的类型从UI更改为secret时,git克隆不起作用。显示身份验证失败错误。
--------------- Clone 2FA enabled private repo ---------------
Cloning into '2fa-enabled-github-repo'...
remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/parent-org/2fa-enabled-github-repo.git/'
--------------- Clone Completed ---------------
当PAT被设置为纯文本变量时,这不会产生问题。
这是Azure管道中的错误还是我做错了什么?
根据文档:
机密变量在静止时使用2048位RSA密钥加密。代理上有可供任务和脚本使用的机密。是小心谁有权更改您的管道。
与普通变量不同,它们不会自动解密为脚本的环境变量。您需要显式映射机密变量。
因此您可以尝试以下语法:
- script: |
echo "--------------- Clone 2FA enabled private repo ---------------"
git clone https://github-azure-pipeline-user:$env:MY_MAPPED_ENV_VAR@github.com/parent-org/2fa-enabled-github-repo.git
echo "--------------- Clone Completed ---------------"
displayName: 'Clone 2FA enabled private repo'
env:
MY_MAPPED_ENV_VAR: $(PAT)