System.UnauthorizedAccessException:Azure Devops CI/CD Pipeline Permission Issue- Fix

If you are building CI/CD pipeline for user side and admin panel, you might have faced this following issue ##[error]System.UnauthorizedAccessException:System.IO.IOException: Permission denied.

##[warning]'git config --get remote.origin.url' failed with exit code: 1, output: ''
##[error]One or several exceptions have been occurred.
##[error]System.UnauthorizedAccessException: Access to the path '/home/ubuntu/projectfile/myagent/_work/1/s/.next/cache/images/Nn1+Lvq9fpQugwxAHfYtWM8Fp0OWmIqb38i9HtcZ67Q=/60.1698820786123.R-Lptnv+qGQlQiip-n7JqnPeS4MDNx4NR4C9HBtCcNk=.webp' is denied.
---> System.IO.IOException: Permission denied
 --- End of inner exception stack trace ---

In my case it was permission issue, by defult azure devops agent doesnt support root access and hence sudo command doesnt support. So, due to this, I have applied ubuntu access with following command

chown -R ubuntu:ubuntu myagent
chmod -R u+rw myagent

And after that by connecting agent pool, I run./config.sh, it works with ubuntu access. Now, I was using Next js in my code and image was optimized , so whenever user visits the website or loads for the first time, image is cached and saved in /.next/cache/image directory, but image directory and image(for eg: background.webp) automatic gets root access.

Due to this, when developer push the code for second time, azure try to clean the build artifacts by themselves but it couldn’t delete that background.webp which was saved inside image directory as it has automatic root access.

So, after researching every threads on github, article, stackoverflow, I found the solution that we can provide root access to the agent pool just by adding few script .

Lets go step by step for connecting agent pool and agent name from azure devops to your EC2 instances for performing CI/CD .

1. In you azure devops, we have project called Ecommerce and then go to project setting, you will find Agent pool. You can create your own self hosted agent lets say “ecommerce_agent”
2. After that, clicking on “ecommerce_agent”, you will get button on right side “New Agent”. Click it and choose linux(in my case, i have ec2 instances)
3. There you will get steps, First step is copy the agent
4. Go to you Ubuntu AWS instance and create myagent folder :

sudo mkdir myagent

5. In Ec2 instances and write following command

sudo wget agent_filename // here agent_filename is what you had copied earlier

6. Now, extract the file with this command

sudo tar zxvf vsts-agent-linux-x64-3.227.2.tar.gz //you will get it after you perfrom above command

6. Go to config.sh and you can do sudo nano config.sh or with any editor and add below command so that it support root access:

export AGENT_ALLOW_RUNASROOT="1"

7. Similarly, we can do with run.sh, sudo nano run.sh and add same command:

export AGENT_ALLOW_RUNASROOT="1"

8. Now, write the following command

sudo ./config.sh

9. Give URL of your azure devops in my case it is , https://dev.azure.com/mycompany

10. Give your personal Access Token(PAT) , you may copy from azure devops

11. It will ask for agent pool , provide agent pool name which we have created earlier i.e ecommerce_agent

12. Now, it will ask for agent name, you can give any name ,lets say ecommerce_agentname

13. It will be default ask for (_work).This is the directory where you code will be saved after pipleine successfully executed and find you build artifacts.But you can give your own name like _work_userside_aws

14. Then make agent name online every time which is necessary because after developer push the changes, the pipeline automatic run and deploy . so agent name should be online everytime. Give this following command to make agent name online everytime.

sudo nohup ./run.sh &

Now, After developer push the code and CI/CD gets runs , above permission issue doesn’t occur, because our each directory and image has root access.