Run Git commands in a script

Article
03/25/2024

Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019

For some workflows, you need your build pipeline to run Git commands. For example, after a CI build on a feature branch is done, the team might want to merge the branch to main.

Git is available on Microsoft-hosted agents and on on-premises agents.

Enable scripts to run Git commands

Note

Before you begin, be sure your account's default identity is set with the following code. This must be done as the very first step after checking out your code.

git config --global user.email "you@example.com"
git config --global user.name "Your Name"

Grant version control permissions to the build service

Go to the project settings page for your organization at Organization Settings > General > Projects.
Select the project you want to edit.
Within Project Settings, select Repositories. Select the repository you want to run Git commands on.
Select Security to edit your repository security.
Search for Project Collection Build Service. Choose the identity {{your project name}} Build Service ({your organization}) (not the group Project Collection Build Service Accounts ({your organization})). By default, this identity can read from the repo but can’t push any changes back to it. Grant permissions needed for the Git commands you want to run. Typically you'll want to grant:
- Create branch: Allow
- Contribute: Allow
- Read: Allow
- Create tag: Allow

Go to the Version Control control panel tab

Azure Repos: https://dev.azure.com/{your-organization}/{your-project}/_admin/_versioncontrol
On-premises: https://{your-server}:8080/tfs/DefaultCollection/{your-project}/_admin/_versioncontrol

manage project

If you see this page, select the repo, and then select the link:

control panel top to project

control panel project version control tab

On the Version Control tab, select the repository in which you want to run Git commands, and then select Project Collection Build Service. By default, this identity can read from the repo but can’t push any changes back to it.

permissions

Grant permissions needed for the Git commands you want to run. Typically you'll want to grant:

Create branch: Allow
Contribute: Allow
Read: Allow
Create tag: Allow

When you're done granting the permissions, make sure to select Save changes.

Add a checkout section with persistCredentials set to true.

steps:
- checkout: self
  persistCredentials: true

Learn more about checkout.

On the options tab, select Allow scripts to access OAuth token.

Make sure to clean up the local repo

Certain kinds of changes to the local repository aren't automatically cleaned up by the build pipeline. So make sure to:

Delete local branches you create.
Undo git config changes.

If you run into problems using an on-premises agent, make sure the repo is clean:

YAML
Classic

Make sure checkout has clean set to true.

steps:
- checkout: self
  clean: true

On the repository tab, set Clean to true.
On the variables tab, create or modify the Build.Clean variable and set it to source

Examples

List the files in your repo

On the build tab, add this task:

Task	Arguments
Utility: Command Line List the files in the Git repo.	Tool: `git` Arguments: `ls-files`

Merge a feature branch to main

You want a CI build to merge to main if the build succeeds.

On the Triggers tab, select Continuous integration (CI) and include the branches you want to build.

Create merge.bat at the root of your repo:

@echo off
ECHO SOURCE BRANCH IS %BUILD_SOURCEBRANCH%
IF %BUILD_SOURCEBRANCH% == refs/heads/main (
   ECHO Building main branch so no merge is needed.
   EXIT
)
SET sourceBranch=origin/%BUILD_SOURCEBRANCH:refs/heads/=%
ECHO GIT CHECKOUT MAIN
git checkout main
ECHO GIT STATUS
git status
ECHO GIT MERGE
git merge %sourceBranch% -m "Merge to main"
ECHO GIT STATUS
git status
ECHO GIT PUSH
git push origin
ECHO GIT STATUS
git status

On the build tab add this as the last task:

Task	Arguments
Utility: Batch Script Run merge.bat.	Path: `merge.bat`

FAQ

Can I run Git commands if my remote repo is in GitHub or another Git service such as Bitbucket Cloud?

Yes

Which tasks can I use to run Git commands?

How do I avoid triggering a CI build when the script pushes?

Add ***NO_CI*** to your commit message. Here are examples:

git commit -m "This is a commit message ***NO_CI***"
git merge origin/features/hello-world -m "Merge to main ***NO_CI***"

Add [skip ci] to your commit message or description. Here are examples:

git commit -m "This is a commit message [skip ci]"
git merge origin/features/hello-world -m "Merge to main [skip ci]"

You can also use any of these variations for commits to Azure Repos Git, Bitbucket Cloud, GitHub, and GitHub Enterprise Server.

[skip ci] or [ci skip]
skip-checks: true or skip-checks:true
[skip azurepipelines] or [azurepipelines skip]
[skip azpipelines] or [azpipelines skip]
[skip azp] or [azp skip]
***NO_CI***

Do I need an agent?

You need at least one agent to run your build or release.

I'm having problems. How can I troubleshoot them?

See Troubleshoot Build and Release.

I can't select a default agent pool and I can't queue my build or release. How do I fix this?

See Agent pools.

My NuGet push task is failing with the following error: "Error: unable to get local issuer certificate". How can I fix this?

This can be fixed by adding a trusted root certificate. You can either add the NODE_EXTRA_CA_CERTS=file environment variable to your build agent, or you can add the NODE.EXTRA.CA.CERTS=file task variable in your pipeline. See Node.js documentation for more details about this variable. See Set variables in a pipeline for instructions on setting a variable in your pipeline.

I use TFS on-premises and I don't see some of these features. Why not?

Some of these features are available only on Azure Pipelines and not yet available on-premises. Some features are available on-premises if you have upgraded to the latest version of TFS.

Share via