Unauthorized on the dependabot reviewers
I'm trying to setup dependabot on azure devops on my repo. Below is my yml file:
version: 2
updates:
- package-ecosystem: 'nuget'
directory: '/'
target-branch: 'dev'
open-pull-requests-limit: 10
ignore:
- dependency-name: 'Microsoft.Extensions.Caching.SqlServer'
schedule:
interval: 'daily'
# Check for npm updates on Sundays
day: "sunday"
time: "09:00"
timezone: "America/Los_Angeles"
# Add reviewers
reviewers:
- "my-email"
# Labels on pull requests for security and version updates
labels:
- "npm dependencies"
However, I got the unauthorized error.
Failed to resolve user id: Error: Request to 'https://vssps.dev.azure.com/_apis/identities' failed: 401 Unauthorized
Based on the error, it seems like I don't or have not setup permission correctly for my account on the repo ??? If so, how do I give my account proper permission ?
Thank you.
According to the error message, the task is sending request to this API Identities - Read Identities to resolve the identity information of use reviewers. From the API scope, it should have the vso.identity scope to grant the ability to read identities and groups.
It seems that when you are using the dependabot@V2 task in the pipeline, you are using the Task Parameter azureDevOpsAccessToken to avoid using permissions for the Build Service account either because you cannot change its permissions or because you prefer that the Pull Requests be done by a different user.
In this case, you should give the personal access token the identity read permission and code read&write permission.
The test yaml to reproduce the error:
trigger:
- none
pool:
vmImage: ubuntu-latest
steps:
- task: dependabot@2
inputs:
azureDevOpsAccessToken: '$(pat)'
displayName: 'Dependabot'
Using PAT without the identity read permission :
Using PAT with the identity read permission :
- How can I delete an Azure DevOps build definition that it claims is retained by a release?
- How to link test results to user story in Azure DevOps (VSTS)?
- YAML CI is flattening file structure
- How to add new secrets (from Azure Key Vault) to the variable group in Azure Devops
- Best practice for SPA rollback on Azure Static Webapp with Azure Devops Deployment?
- Azure Pipeline: Unable to locate executable file: 'gulp'. during task Gulp@1
- Azure Pipeline dynamic parameters to template file from YAML pipeline
- How to Simplify a Complex Azure DevOps Release Pipeline with 11 Environments and Unique Task
- (Azure DevOps Testplans) Is it possible to associate an automated Test to a testcase without Visual Studio?
- Can't update Azure Pipepline. Error: Failed to fetch App Service publishing credentials
- View is not found when a Web App is deployed with Azure DevOps
- Re-checking for merge conflicts in VSTS (Azure DevOps)
- How to pass Environment Variables to Helmfile Values file
- Create a new pipeline from existing YML file in the repository (Azure Pipelines)
- How to reference a secret variable from an AzurePowerShell@5 task
- How can you insert suggestions on a PR in Azure Devops?
- .Net Core - Use AzureAD/EntraID Authentication to Access Azure DevOps REST APIs
- Azure-DevOps clone shows references as warnings
- Is it possible to rename a release?
- How to assign test point to a tester in Azure DevOps with API
- Access Azure Devops Query Results Using C#
- What does --runAsAutoLogon do when configuring an Azure Devops Windows self-hosted agent?
- How to export multiple Azure DevOps Variable Groups?
- Passing branch names between pipelines
- Show list of work items I am following in VSTS?
- Prevent Azure Pipelines from failing build: No Agent Found in Pool which satisfies demand
- How do I get my Azure DevOps Pipeline build to fail when my linting script returns an error?
- Encountered conflicts when cherry-picking commit . This operation needs to be performed locally error in Azure DevOps
- Adding / setting Virtual Applications (Path mappings) to a Web App (App Service Azure) - via Powershell Script
- How do I filter releases for a specific Environment (Stage)?