Run Git commands in a script
Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019
For some workflows, you need your build pipeline to run Git commands. For example, after a CI build on a feature branch is done, the team might want to merge the branch to main.
Git is available on Microsoft-hosted agents and on on-premises agents.
Note
Before you begin, be sure your account's default identity is set with the following code. This must be done as the very first step after checking out your code.
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
Go to the project settings page for your organization at Organization Settings > General > Projects.
Select the project you want to edit.
Within Project Settings, select Repositories. Select the repository you want to run Git commands on.
Select Security to edit your repository security.
Search for Project Collection Build Service. Choose the identity {{your project name}} Build Service ({your organization}) (not the group Project Collection Build Service Accounts ({your organization})). By default, this identity can read from the repo but can’t push any changes back to it. Grant permissions needed for the Git commands you want to run. Typically you'll want to grant:
- Create branch: Allow
- Contribute: Allow
- Read: Allow
- Create tag: Allow
Go to the Version Control control panel tab
Azure Repos:
https://dev.azure.com/{your-organization}/{your-project}/_admin/_versioncontrol
On-premises:
https://{your-server}:8080/tfs/DefaultCollection/{your-project}/_admin/_versioncontrol
If you see this page, select the repo, and then select the link:
On the Version Control tab, select the repository in which you want to run Git commands, and then select Project Collection Build Service. By default, this identity can read from the repo but can’t push any changes back to it.
Grant permissions needed for the Git commands you want to run. Typically you'll want to grant:
- Create branch: Allow
- Contribute: Allow
- Read: Allow
- Create tag: Allow
When you're done granting the permissions, make sure to select Save changes.
On the options tab, select Allow scripts to access OAuth token.
Certain kinds of changes to the local repository aren't automatically cleaned up by the build pipeline. So make sure to:
- Delete local branches you create.
- Undo git config changes.
If you run into problems using an on-premises agent, make sure the repo is clean:
On the repository tab, set Clean to true.
On the variables tab, create or modify the
Build.Clean
variable and set it tosource
On the build tab, add this task:
Task | Arguments |
---|---|
Utility: Command Line List the files in the Git repo. |
Tool: git Arguments: ls-files |
You want a CI build to merge to main if the build succeeds.
On the Triggers tab, select Continuous integration (CI) and include the branches you want to build.
Create merge.bat
at the root of your repo:
@echo off
ECHO SOURCE BRANCH IS %BUILD_SOURCEBRANCH%
IF %BUILD_SOURCEBRANCH% == refs/heads/main (
ECHO Building main branch so no merge is needed.
EXIT
)
SET sourceBranch=origin/%BUILD_SOURCEBRANCH:refs/heads/=%
ECHO GIT CHECKOUT MAIN
git checkout main
ECHO GIT STATUS
git status
ECHO GIT MERGE
git merge %sourceBranch% -m "Merge to main"
ECHO GIT STATUS
git status
ECHO GIT PUSH
git push origin
ECHO GIT STATUS
git status
On the build tab add this as the last task:
Task | Arguments |
---|---|
Utility: Batch Script Run merge.bat. |
Path: merge.bat |
Can I run Git commands if my remote repo is in GitHub or another Git service such as Bitbucket Cloud?
Yes
Add ***NO_CI***
to your commit message. Here are examples:
git commit -m "This is a commit message ***NO_CI***"
git merge origin/features/hello-world -m "Merge to main ***NO_CI***"
Add [skip ci]
to your commit message or description. Here are examples:
git commit -m "This is a commit message [skip ci]"
git merge origin/features/hello-world -m "Merge to main [skip ci]"
You can also use any of these variations for commits to Azure Repos Git, Bitbucket Cloud, GitHub, and GitHub Enterprise Server.
[skip ci]
or[ci skip]
skip-checks: true
orskip-checks:true
[skip azurepipelines]
or[azurepipelines skip]
[skip azpipelines]
or[azpipelines skip]
[skip azp]
or[azp skip]
***NO_CI***
You need at least one agent to run your build or release.
See Troubleshoot Build and Release.
See Agent pools.
My NuGet push task is failing with the following error: "Error: unable to get local issuer certificate". How can I fix this?
This can be fixed by adding a trusted root certificate. You can either add the NODE_EXTRA_CA_CERTS=file
environment variable to your build agent, or you can add the NODE.EXTRA.CA.CERTS=file
task variable in your pipeline. See Node.js documentation for more details about this variable. See Set variables in a pipeline for instructions on setting a variable in your pipeline.
Some of these features are available only on Azure Pipelines and not yet available on-premises. Some features are available on-premises if you have upgraded to the latest version of TFS.