Labeling process failed: Labeling failed: org.eclipse.jgit.errors.TransportException: git-receive-pack not permitted
I am admin user for teamcity and bitbucket for our organization. I have created "App Password" for my account in Bitbucket and when I try to use newly created credentials for authentication - everything works except VCS Labelling.
Below is the debug log we are seeing.
[2023-02-27 20:22:41,538] DEBUG [nio-443-exec-18] - jetbrains.buildServer.VCS - Failed to set label 'Release-15.0.174.1' for build #15.0.174.1 {build id=380470, buildTypeId=NextGen_NextGenSolution_01ci}
jetbrains.buildServer.vcs.VcsException: Labeling failed: org.eclipse.jgit.errors.TransportException: https://bitbucket.org/our-project/nextgen.git: git-receive-pack not permitted on 'https://bitbucket.org/our-project/nextgen.git/'
at jetbrains.buildServer.buildTriggers.vcs.git.OperationContext.wrapException(OperationContext.java:185)
at jetbrains.buildServer.buildTriggers.vcs.git.GitLabelingSupport.tag(GitLabelingSupport.java:95)
at jetbrains.buildServer.buildTriggers.vcs.git.GitVcsSupport.lambda$null$3(GitVcsSupport.java:351)
at jetbrains.buildServer.buildTriggers.vcs.git.RepositoryManagerImpl.runWithDisabledRemove(RepositoryManagerImpl.java:268)
at jetbrains.buildServer.buildTriggers.vcs.git.GitVcsSupport.lambda$getLabelingSupport$4(GitVcsSupport.java:350)
at jetbrains.vcs.api.services.impl.LabelingServiceProvider$1.label(LabelingServiceProvider.java:2)
at jetbrains.buildServer.vcs.impl.VcsLabeler.lambda$doSetLabel$6(VcsLabeler.java:152)
at jetbrains.buildServer.serverSide.impl.BaseAccessChecker.runWithDisabledChecks(BaseAccessChecker.java:31)
at jetbrains.buildServer.serverSide.impl.SecondaryNodeSecurityManager.executeSafe(SecondaryNodeSecurityManager.java:27)
at jetbrains.buildServer.serverSide.IOGuardInitializer$IOGuardDelegateImpl.allowNetworkAndCommandLine(IOGuardInitializer.java:12)
at jetbrains.buildServer.serverSide.IOGuard.allowNetworkAndCommandLine(IOGuard.java:117)
at jetbrains.buildServer.vcs.impl.VcsLabeler.doSetLabel(VcsLabeler.java:47)
at jetbrains.buildServer.vcs.impl.VcsLabeler.setLabel(VcsLabeler.java:40)
at jetbrains.buildServer.serverSide.impl.FinishedBuildImpl.setLabel(FinishedBuildImpl.java:102)
at jetbrains.buildServer.serverSide.impl.auth.SecuredFinishedBuildImpl.setLabel(SecuredFinishedBuildImpl.java:60)
at jetbrains.buildServer.controllers.actions.SetLabelAction.doProcess(SetLabelAction.java:23)
at jetbrains.buildServer.controllers.actions.OneParamAction.process(OneParamAction.java:8)
at jetbrains.buildServer.controllers.BaseActionController.doAction(BaseActionController.java:59)
at jetbrains.buildServer.controllers.BaseAjaxActionController$1.handleRequest(BaseAjaxActionController.java:47)
at jetbrains.buildServer.controllers.AjaxRequestProcessor.processRequest(AjaxRequestProcessor.java:48)
at jetbrains.buildServer.controllers.BaseAjaxActionController.doHandle(BaseAjaxActionController.java:44)
at jetbrains.buildServer.controllers.BaseController.handleRequestInternal(BaseController.java:114)
at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:174)
at jetbrains.buildServer.controllers.BaseController.handleRequest(BaseController.java:93)
at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:50)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
at jetbrains.buildServer.maintenance.WebDispatcherServlet.doService(WebDispatcherServlet.java:9)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:681)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:764)
at jetbrains.buildServer.maintenance.TeamCityDispatcherServlet.processedByMainServlet(TeamCityDispatcherServlet.java:27)
at jetbrains.buildServer.maintenance.TeamCityDispatcherServlet.service(TeamCityDispatcherServlet.java:48)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at jetbrains.buildServer.web.jsp.JspPrecompilerFilter.doFilter(JspPrecompilerFilter.java:125)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at jetbrains.buildServer.web.DisableSessionIdFromUrlFilter.doFilter(DisableSessionIdFromUrlFilter.java:4)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at jetbrains.buildServer.web.UserIdProviderFilter.doFilter(UserIdProviderFilter.java:5)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at jetbrains.buildServer.web.BannedIPsFilter.doFilter(BannedIPsFilter.java:3)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at jetbrains.buildServer.web.NodeInfoHeaderFilter.doFilter(NodeInfoHeaderFilter.java:9)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:107)
at jetbrains.buildServer.diagnostic.web.DiagnosticFilter.doFilter(DiagnosticFilter.java:15)
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
at jetbrains.buildServer.web.DependencyParametersCalculationContextFilter.doFilter(DependencyParametersCalculationContextFilter.java:3)
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
at jetbrains.buildServer.diagnostic.web.HttpRequestsDurationMetricsReporter.doFilter(HttpRequestsDurationMetricsReporter.java:5)
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
at jetbrains.buildServer.web.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:3)
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
at jetbrains.buildServer.controllers.filters.DisableSessionCookieTokenAuthFilter.doFilter(DisableSessionCookieTokenAuthFilter.java:10)
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
at jetbrains.buildServer.controllers.filters.ProxyDetailsFilter.doFilter(ProxyDetailsFilter.java:5)
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
at jetbrains.buildServer.controllers.filters.ClearSecurityContextFilter.doFilter(ClearSecurityContextFilter.java:23)
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:73)
at jetbrains.buildServer.web.DelegatingFilter.doFilter(DelegatingFilter.java:74)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at jetbrains.buildServer.web.ResponseFragmentFilter.doFilter(ResponseFragmentFilter.java:42)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:196)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:624)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1650)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: org.eclipse.jgit.errors.TransportException: https://bitbucket.org/our-project/nextgen.git: git-receive-pack not permitted on 'https://bitbucket.org/our-project/nextgen.git/'
at org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:548)
at org.eclipse.jgit.transport.TransportHttp.openPush(TransportHttp.java:437)
at jetbrains.buildServer.buildTriggers.vcs.git.GitLabelingSupport.push(GitLabelingSupport.java:110)
at jetbrains.buildServer.buildTriggers.vcs.git.GitLabelingSupport.tag(GitLabelingSupport.java:93)
Please let me know if you need any other details.
Please sign in to leave a comment.
Does `git push` work manually from the command line when the client is configured to use the same app password?
Does labeling work if you switch the server to the native Git mode (that option is only available since version 2022.04: https://www.jetbrains.com/help/teamcity/git.html#Native+Git+for+VCS-related+operations+on+the+server).
Lastly, you could check the Git server logs for more details when the server reports "git-receive-pack not permitted" to see if any entries indicate the cause of the error.
Hi Anatoly,
We have upgraded the Teamcity to version 2202.04. And we have changed to use native Git mode. Now we are getting below error:
Labeling process failed: "C:\Program Files\Git\bin\git.exe" -c core.askpass=C:\TeamCity\temp\pass16383376729118253490.bat -c credential.helper= push -v https://eacoredevelopment@bitbucket.org/our-project/nextgen.git fb-0.0.1.46424 command failed. exit code: 128 stderr: remote: Your credentials lack one or more required privilege scopes. fatal: unable to access 'https://bitbucket.org/our-project/nextgen.git/': The requested URL returned error: 403 Pushing to https://bitbucket.org/our-project/nextgen.git
User does have all the permission needed to push. In bitbucket – when creating app password, we have provided Account Email/Read and Repositories Read/Write permissions.
I have tried to access using below curl script and it works fine.
curl -i -u "eacoredevelopment:{app password}" https://api.bitbucket.org/2.0/repositories/centium-our-project/nextgen.git
Any idea on why are we getting this issue?
Additionally, as mentioned in my previous message, you can check if labeling works in TeamCity with a different username/password pair or with a valid SSH key;
If you use the parameter references in the VCS root settings, see if labeling works when the values are provided explicitly.