bat file not running git push as generic user in task scheduler

Question

I have set up a schedule in task scheduler to run a bat file containing git commands as a generic user.

This bat file contains the following commands:

cd C:\repo
call D:\path\to\git --git-dir=C:\repo\.git add --all > log.txt
call D:\path\to\git --git-dir=C:\repo\.git -c user.name="genericUser" -c user.email="[email protected]" commit --author="genericUser <[email protected]>" -m "message" >> log.txt
echo Pushing changes... >> log.txt
set GIT_TRACE=true
call D:\path\to\git --git-dir=C:\repo\.git push origin main >> log.txt
EXIT /B

and the task scheduler properties look like this:

General tab

• user account is set to "genericUser"
• "Run whether user is logged on or not" is selected
• "Run with highest privileges" checked

Actions tab

• Action set to "start a program"

in the properties of this action:

• program/script is set to C:\Window\System32\cmd.exe
• Add arguments set to /c start "" "C:\repo\commit.bat"
• Start in set to C:\repo

Conditions tab

• Default checks in place
• Wake the computer to run this task is checked

When I run the schedule, it runs everything but gets stuck when it hits the git push command.

I have set up the windows credentials for this generic user and have made a successful push as the generic user. git config --global user.name and user.email has been set up for this generic user as well. When running the git commands manually in git bash, I do not get prompted for credentials on git push.

my global .gitconfig looks like this:

[credential]
    helper = manager
[user]
    name = genericUser
    email = [email protected]
[commit]
    name = genericUser
    email = [email protected]

Answer 1

From the comments, you can:

• use the full path to git.exe instead of git or call D:\path\to\git. That makes sure the correct executable is called without ambiguity.
• add 2>&1, to redirect both standard output and error output to log.txt for all commands. That will capture any error messages.
• use cd /D C:\repo ensures the script will work even if the current directory is on a different drive.
• remove EXIT /B at the end of the batch file.
• set variables explicitly, based on the issues with HOMEDRIVE and HOMEPATH not being set.
• change the Task Scheduler arguments to /D /C C:\repo\commit.bat for a more direct call to the batch file.

Your script would be:

@echo off
cd /D C:\repo

:: Set environment variables explicitly for Git
set HOMEDRIVE=C:
set HOMEPATH=\Users\genericUser
set GIT_TRACE=true
set PATH=%PATH%;D:\path\to\git\bin

:: Capture both standard output and error output for all commands
D:\path\to\git.exe --git-dir=C:\repo\.git add --all >> log.txt 2>&1
D:\path\to\git.exe --git-dir=C:\repo\.git -c user.name="genericUser" -c user.email="[email protected]" commit --author="genericUser <[email protected]>" -m "message" >> log.txt 2>&1
echo Pushing changes... >> log.txt
D:\path\to\git.exe --git-dir=C:\repo\.git push origin main >> log.txt 2>&1

Pay extra attention to who is running the script: check the security options of the task to make sure it is running as the correct user.

---

That last part is the crux of the issue: using GCM (Microsoft Git Credential Manager) (with git config --global credential.helper manager) means using the Windows vault (Windows Credential Manager).

Even if you enter the credentials of another account in said vault, only you (your current account) would be able to read those back.

If your task runs as a generic account, you need to store those credentials in a Runas /profile /user:Company\accountName CMD session.
There, you will be able to store credentials that your task will be able to read back.