Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TF401027: You need the Git 'PullRequestContribute' permission to perform this action #35

Closed
icharleston opened this issue Apr 7, 2020 · 19 comments

Comments

@icharleston
Copy link

Hi,

I used your PR as a task in our Pipeline and I have encountered error below.

I have followed the Azure DevOps Repository guide.

  • Ticked allow scripts to access the OAuth token
  • Allow permission to the Build service account for Contribute Pull request

Only thing I did NOT setup is this yml since I don't know where to add it. I can't update your yaml in the release.
env:
System_AccessToken: $(System.AccessToken)

2020-04-06T22:36:18.4039154Z Task : Create Pull Request
2020-04-06T22:36:18.4039594Z Description : Automatically create a Pull Request for Azure DevOps or GitHub repository from Build or Release pipeline, supports also multi target branch.
2020-04-06T22:36:18.4040045Z Version : 1.2.84
2020-04-06T22:36:18.4040266Z Author : Shayki Abramczyk
2020-04-06T22:36:18.4040651Z Help : More Information
2020-04-06T22:36:18.4041114Z ==============================================================================
2020-04-06T22:36:19.4683155Z The Source Branch is: refs/heads/dev
2020-04-06T22:36:19.4684950Z The Target Branch is: refs/heads/master
2020-04-06T22:36:19.4692491Z The Title is: Create Pull Request from Dev to Master
2020-04-06T22:36:19.4693197Z The Description is: Automatically create a Pull Request from dev to master after successful deployment
2020-04-06T22:36:19.4731382Z Is Draft Pull Request: False
2020-04-06T22:36:20.0406138Z ##[error]{"$id":"1","innerException":null,"message":"TF401027: You need the Git 'PullRequestContribute' permission to perform this action. Details: identity 'Build\8ea776f8-44ff-4a9c-acaf-5a0b6553bf20', scope 'repository'.","typeName":"Microsoft.TeamFoundation.Git.Server.GitNeedsPermissionException, Microsoft.TeamFoundation.Git.Server","typeKey":"GitNeedsPermissionException","errorCode":0,"eventId":3000}
2020-04-06T22:36:20.0898548Z ##[section]Finishing: Create Pull Request

Thank you very much! Looking forward for your response!

Cheers,
Charleston

@icharleston
Copy link
Author

image

@shayki5
Copy link
Owner

shayki5 commented Apr 7, 2020

Hi @icharleston,

Could you check this #28 (comment) and this #31 (comment)?
I think it can helps you :)

Kind regards,
Shayki

@icharleston
Copy link
Author

Hi @shayki5 ,

Thanks for your response! I will check it out.

I have a new error but my work email in AZDO is correct.

2020-04-07T06:25:18.2603151Z ##[error]{"$id":"1","innerException":null,"message":"Invalid argument value.\r\nParameter name:
The identity is not recognized.","typeName":"Microsoft.TeamFoundation.SourceControl.WebServer.InvalidArgumentValueException,
Microsoft.TeamFoundation.SourceControl.WebServer","typeKey":"InvalidArgumentValueException","errorCode":0,"eventId":0}
2020-04-07T06:25:18.3123886Z ##[section]Finishing: Create Pull Request

@shayki5
Copy link
Owner

shayki5 commented Apr 7, 2020

Where you put your email, in the reviewers?

@icharleston
Copy link
Author

Yes! - [email protected];

I have allowed "contribute to pull request" all user groups.

image

2020-04-07T06:25:17.1679024Z The Source Branch is: refs/heads/dev
2020-04-07T06:25:17.1684301Z The Target Branch is: refs/heads/master
2020-04-07T06:25:17.1691520Z The Title is: Create Pull Request from Dev to Master
2020-04-07T06:25:17.1697841Z The Description is: Automatically create a Pull Request from dev to master after successful deployment
2020-04-07T06:25:17.1740144Z Is Draft Pull Request: False
2020-04-07T06:25:17.6561383Z The reviewers are: [email protected]
2020-04-07T06:25:18.2603151Z ##[error]{"$id":"1","innerException":null,"message":"Invalid argument value.\r\nParameter name:
The identity is not recognized.","typeName":"Microsoft.TeamFoundation.SourceControl.WebServer.InvalidArgumentValueException,
Microsoft.TeamFoundation.SourceControl.WebServer","typeKey":"InvalidArgumentValueException","errorCode":0,"eventId":0}
2020-04-07T06:25:18.3123886Z ##[section]Finishing: Create Pull Request

@shayki5
Copy link
Owner

shayki5 commented Apr 7, 2020

Without reviewers, is it works or still got a permissions error?
And, could you please run it with system.debug = true and share here the logs?

@icharleston
Copy link
Author

Without reviewers. I got the error below...

2020-04-07T09:48:27.7667026Z ##[error]{"$id":"1","innerException":null,"message":"TF401027: You need the Git 'PullRequestContribute' permission to perform this action. Details: identity 'Build\8ea776f8-44ff-4a9c-acaf-5a0b6553bf20', scope 'repository'.","typeName":"Microsoft.TeamFoundation.Git.Server.GitNeedsPermissionException, Microsoft.TeamFoundation.Git.Server","typeKey":"GitNeedsPermissionException","errorCode":0,"eventId":3000}

Where to add this "system.debug = true" ?

Thanks!

@shayki5
Copy link
Owner

shayki5 commented Apr 9, 2020

@icharleston did you try to add the "Project Collection Build Service" user to the “Project Collection Build Service Accounts” security group?
BTW - do you use it in a build or in a release?
In the variables add a variable system.debug and the value true.

@icharleston
Copy link
Author

  • "Project Collection Build Service" user to the “Project Collection Build Service Accounts” - Yes I tried that but no luck
  • I used in a release... So your create PR task cannot edit the YAMlL to add the debug.. where to add the system.debug? variable in the release pipeline?

Thanks!

@shayki5
Copy link
Owner

shayki5 commented Apr 12, 2020

@icharleston Yes, in the release pipeline, you have "variables" tab. can you see it?

@krishnamohan1
Copy link

krishnamohan1 commented Apr 23, 2020

Hi @shayki5

I am trying to create a pull request in another project from the other project pipeline.
Example: I have two projects XYZ and ABC

My Job is running in XYZ and trying to create a pull request in ABC. I have done the below

  1. Project ID
    2, Repository ID
  2. Limits the authorization disabled.
  3. For permission to provide, I am unable to see the system user-created(it has only happened when I try to create in another project. within the project user got created and allow the contribute and contribute pull request)

I am getting the same error above mentioned. please do the need full.

For your reference: Below is the debug error after "post"

2020-04-23T02:18:16.1600150Z ##[debug]Leaving RunTask.
2020-04-23T02:18:16.2024541Z ##[debug]Caught exception from task script.
2020-04-23T02:18:16.3339550Z ##[debug]Error record:
2020-04-23T02:18:16.3964585Z ##[debug]CreateAzureDevOpsPullRequest : {"$id":"1","innerException":null,"message":"TF401027: You need the Git 'PullRequestContribute' permission to perform this action. Details: identity 'Build\\d3317344-8da7-41eb-945c-bfa77f915ebe', scope 'repository'.","typeName":"Microsoft.TeamFoundation.Git.Server.GitNeedsPermissionException, Microsoft.TeamFoundation.Git.Server","typeKey":"GitNeedsPermissionException","errorCode":0,"eventId":3000}
2020-04-23T02:18:16.3966613Z ##[debug]At D:\a\_tasks\CreatePullRequest_2f159376-316b-4652-a49c-392f9d534113\1.2.91\createPullRequest.ps1:94 char:9
2020-04-23T02:18:16.3967786Z ##[debug]+         CreateAzureDevOpsPullRequest -teamProject $teamProject -repos ...
2020-04-23T02:18:16.3968511Z ##[debug]+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2020-04-23T02:18:16.3969196Z ##[debug]    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
2020-04-23T02:18:16.3969948Z ##[debug]    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,CreateAzureDevOpsPullRequest
2020-04-23T02:18:16.3976006Z ##[debug] 
2020-04-23T02:18:16.3994881Z ##[debug]Script stack trace:
2020-04-23T02:18:16.4029325Z ##[debug]at CreateAzureDevOpsPullRequest, D:\a\_tasks\CreatePullRequest_2f159376-316b-4652-a49c-392f9d534113\1.2.91\createPullRequest.ps1: line 299
2020-04-23T02:18:16.4041518Z ##[debug]at CreatePullRequest, D:\a\_tasks\CreatePullRequest_2f159376-316b-4652-a49c-392f9d534113\1.2.91\createPullRequest.ps1: line 94
2020-04-23T02:18:16.4053037Z ##[debug]at RunTask, D:\a\_tasks\CreatePullRequest_2f159376-316b-4652-a49c-392f9d534113\1.2.91\createPullRequest.ps1: line 50
2020-04-23T02:18:16.4064328Z ##[debug]at <ScriptBlock>, D:\a\_tasks\CreatePullRequest_2f159376-316b-4652-a49c-392f9d534113\1.2.91\createPullRequest.ps1: line 538
2020-04-23T02:18:16.4075591Z ##[debug]at <ScriptBlock>, <No file>: line 1
2020-04-23T02:18:16.4086804Z ##[debug]at <ScriptBlock>, <No file>: line 22
2020-04-23T02:18:16.4098248Z ##[debug]at <ScriptBlock>, <No file>: line 18
2020-04-23T02:18:16.4109454Z ##[debug]at <ScriptBlock>, <No file>: line 1
2020-04-23T02:18:16.4127531Z ##[debug]Exception:
2020-04-23T02:18:16.4169359Z ##[debug]Microsoft.PowerShell.Commands.WriteErrorException: {"$id":"1","innerException":null,"message":"TF401027: You need the Git 'PullRequestContribute' permission to perform this action. Details: identity 'Build\\d3317344-8da7-41eb-945c-bfa77f915ebe', scope 'repository'.","typeName":"Microsoft.TeamFoundation.Git.Server.GitNeedsPermissionException, Microsoft.TeamFoundation.Git.Server","typeKey":"GitNeedsPermissionException","errorCode":0,"eventId":3000}
2020-04-23T02:18:16.4437802Z ##[error]{"$id":"1","innerException":null,"message":"TF401027: You need the Git 'PullRequestContribute' permission to perform this action. Details: identity 'Build\\d3317344-8da7-41eb-945c-bfa77f915ebe', scope 'repository'.","typeName":"Microsoft.TeamFoundation.Git.Server.GitNeedsPermissionException, Microsoft.TeamFoundation.Git.Server","typeKey":"GitNeedsPermissionException","errorCode":0,"eventId":3000}
2020-04-23T02:18:16.4455017Z ##[debug]Processed: ##vso[task.logissue type=error]{"$id":"1","innerException":null,"message":"TF401027: You need the Git 'PullRequestContribute' permission to perform this action. Details: identity 'Build\\d3317344-8da7-41eb-945c-bfa77f915ebe', scope 'repository'.","typeName":"Microsoft.TeamFoundation.Git.Server.GitNeedsPermissionException, Microsoft.TeamFoundation.Git.Server","typeKey":"GitNeedsPermissionException","errorCode":0,"eventId":3000}
2020-04-23T02:18:16.4464079Z ##[debug]Processed: ##vso[task.complete result=Failed]

Thanks,
Krishna Mohan

@shayki5
Copy link
Owner

shayki5 commented Apr 23, 2020

@krishnamohan1 Can you give me permissions to your organization?

@krishnamohan1
Copy link

Hi @shayki5 - it is in my client network I cannot provide access to the organization.

Any suggestion for your end?

@krishnamohan1
Copy link

Hi, @shayki5- I replicate the same error in my local trail azure instance,

Do let me know your id. I will provide access to you and let me know the best time I will also connect with you

Thanks,
Krishna Mohan

@shayki5
Copy link
Owner

shayki5 commented Apr 28, 2020

Hi @krishnamohan1, my id is: [email protected]
I live in Israel, where do you live?
Thank you!

@krishnamohan1
Copy link

@shayki5 I invited you to my organisation and provided the required access.

Have sent an email

I live in Melbourne, Australia

@krishnamohan1
Copy link

@shayki5 Thanks a ton for your time. The issue has been resolved in both my local and Client organisation.

Normally people will face this error in below scenarios

  1. Create a pull request with in the project
  2. Create a pull request from one project to another project.

Problem 1: When you try to create a pull request with your automated job within the project. if you face "PullRequestContribute" permission error.

Solution: if you face this error means you have already executed a job.
Go to the _project settings--> Repository--> select your branch in the list--> right side you will see the user and the newly created user under users. Allow "Contribute Pull Request" for the created user._

Problem 2: When you try to create a pull request with your automated Job from one project to another project and you face "PullRequestContribute" permission error.

Solution: Now you have to go to your organization settings. it is not related to your project setting anymore.
Go to Organization _Settings-->under Security-->Permissions--> Project Collection Build Service Accounts-->Memebers-->Add -->Project Collection Build Service (xxxxxxxx)_

Note: "xxxxxxxx" is your name or organization name.

I suggest using this troubleshooting. it will resolve your issues.

I have tested in both build and release pipeline. it worked perfectly.

Now I am going to test this to one organization to another organization. Hope it will work!!:)

The issue is ready to close

Thanks,
Krishna Mohan Gannamraju

@shayki5
Copy link
Owner

shayki5 commented Apr 29, 2020

Thank you so much for the detailed explanation!

@kwickramasekara
Copy link

@shayki5 Thanks a ton for your time. The issue has been resolved in both my local and Client organization. ...

@krishnamohan1 OMG! Thank you for sharing the outcome! I have been scratching my head for so long trying to figure this out with a different task!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants