When running a Databricks workflow with a Git provider source using a Service Principal, you’re encountering permission issues despite using the GitHub App for authentication. This is a common challenge because Service Principals cannot use Personal Access Tokens (PATs) with GitHub.
The core problem is that while the Databricks GitHub App provides several advantages over PATs (OAuth 2.0 authentication, automatic token renewal, and more granular access control), there’s a specific configuration needed for Service Principals to access Git repositories.
Service Principals cannot create tokens like PATs or SSH Keys in GitHub, which creates an authentication challenge when they need to access Git repositories for workflows.
Solutions
1. Configure Git Credentials for the Service Principal
You need to explicitly set up Git credentials for your Service Principal using the Git Credential API:
- Use the Databricks REST API to add Git credentials for your Service Principal
- Specify the correct parameters:
For GitHub, use the appropriate git_provider value
Include the personal_access_token (this would be a token created by a user with appropriate access)
Set git_username to the Service Principal’s display name
