Greetings & Salutations!
sheldonhull.com
Back to posts

Using Azure DevOps for Private Go Modules

azure-devops golang devops

TL;DR

This took a few hours of work to iron out, so figured maybe I’d save someone time.

⚡ Just keep it simple and use SSH

⚡ Use dev.azure.com even if using older project.visualstudio.com to keep things simple.

Modules Support

Unlike GitHub, Azure DevOps has some quirks to deal with, specifically in the odd path handling.

My original goal was to set the default handling to be https support, with the SSH override in git config allowing me to use SSH.

This didn’t work.

  • HTTPS requires _git in the path.
  • SSH will not work with that, and also trims out the org name in the url when git config set based on instructions from Microsoft1.

There is a long-running issue with go get imports of Azure DevOps repositories due to the fact that the HTTPS URL contains a _git segment: 2

Compare the path.

TypePath
HTTPSgo get dev.azure.com/<organization>/<project>/_git/<repo>
⚡ What I used with SSHgo get dev.azure.com/<project>/_git/<repo>
SSHgo get dev.azure.com/<organization>/<project>/<repo>.git

Git Config

Set this in your .profile, .bashrc, or $PROFILE

export GOPRIVATE=dev.azure.com

There are two approaches you can take.

One seems focused on allowing other dev.azure.com public projects to be used. I’ve never had that need, so I’m ok with my dev.azure.com references being resolved only to my own organization.

Support All Azure DevOps (Public)

Command:

git config --global url."[email protected]:v3/<organization>/".insteadOf "https://dev.azure.com/<organization>"

Git Config:

[url "[email protected]:v3"]
  insteadOf = https://dev.azure.com
⚡ RECOMMENDED

What I Used for Private Org

Command:

git config --global url."[email protected]:v3/<organization>/".insteadOf "https://dev.azure.com/"

Git Config:

[url "[email protected]:v3/<organization>/"]
  insteadOf = https://dev.azure.com/

HTTPS

If you don’t have restrictions on this, then you can do https with the following command to add the token in or use a more complex credential manager based process.

git config --global url."https://anythinggoeshere:$AZURE_DEVOPS_TOKEN@dev.azure.com".insteadOf "https://dev.azure.com"

Azure Pipelines

If you run into timeout issues with go get, I found this solution worked well.

I provided ORGANIZATION as a value if you are on the legacy url scheme, it’s easier to just set this as variable and not worry about parsing out the org name itself from the url to place it in there. I got stuck on this recently and was pointed to the answer in this great article Using Go Modules With Private Azure Devops Repositories.

parameters:
  - name: workingDirectory
    type: string
    default: $(Pipeline.Workspace)

variables:
    - name: ORGANIZATION
      value: myorg
steps:
- checkout: self
  fetchDepth: 0
  path: $(Build.Repository.Name) # Note: you'll want to provide workingdirectory inputs for tasks if you have multi-repo checkout going on.
- pwsh: |
    git clone "https://$(ORGANIZATION):$(System.AccessToken)@dev.azure.com/$(ORGANIZATION)/$(System.TeamProject)/_git/$(Build.Repository.Name)"
  displayName: git-checkout-with-pat
# internal modules with go-get might fail without this.
- pwsh: |
    git config --global url."https://$(ORGANIZATION):$(System.AccessToken)@dev.azure.com".insteadOf "https://dev.azure.com"
  displayName: ensure-system-token-used-for-other-internal-repos
- pwsh: |
    Write-Host "example, with working directory set"
  displayName: exampleTask
  workingDirectory: ${{ parameters.workingDirectory }}/$(Build.Repository.Name)

Other References

  • SSH key usage in Azure Pipelines3.
  • Using with docker2

Footnotes

  1. Go get command support in Azure Repos Git

  2. Private Go Modules on Azure DevOps 2

  3. Install SSH Key task - Azure Pipelines | Microsoft Docs