Following the MS documentation here: https://learn.microsoft.com/en-us/azure/devops/pipelines/release/approvals/servicenow?view=azure-devops
I've set up an Azure DevOps environment with the Service Now Pre-deployment check and can successfully create a new standard change request in Service Now and update it using the UpdateServiceNowChangeRequest#2 task.
However, I'm struggling to find a way to access the CHANGE_REQUEST_NUMBER and CHANGE_CORRELATION_ID that are available to the UpdateServiceNowChangeRequest#2 tasks
The documentation describes how to get to these using the release pipeline by having a name for the gate and using $(PREDEPLOYGATE.mygatename.CHANGE_REQUEST_NUMBER), but there is no option in the YAML setup to name a gate and I can't seem to find another way to get to these variables
I've tried just enumerating all the environment variables in the pwsh task (i.e. gci env:\ ) but nothing relating to these variables shows up.
Related
We are working on creating a custom azure policy with DiNE effect to deploy certain resources based on the tags existence.
Looking at the Built-in policies for tagging, it seems there is a way to determine the tag existence and run deployments using azure policies.
Due to our internal deployments and SDPs, I need to convert the custom policy definition to Bicep and then deploy it.
I have installed Bicep tools/ VS Code and hitting below errors during conversion.
Can you share inputs on how to handle these? Or there any extended production documentation on how to use Scope and resource functions in Biceps as the current product documentation doesn’t have these details?
Issue: Unable to check the subscription tag existence in Bicep azure policy definition file.
[enter image description here] (https://i.stack.imgur.com/MKcGj.jpg)
Policy definitions for tagging resources - Azure Resource Manager | Microsoft Learn
https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fb27a0cbd-a167-4dfa-ae64-4337be671140
Tried to escape the subscription function check but it is not working in bicep file.
We Have Automated scripts that we would like to build and Test on Azure DevOps but our pipeline cannot run our Test Scripts on Azure
We have a Database Service Account that we want to configure on Azure but we don't know how to go about it. Please assist.
Here is a well explained video (by Hassan Habib from Microsoft) on exactly how to run a console app (you create) in an Azure Pipeline that securely gets credentials to immediately do stuff in Azure (https://youtu.be/ht0xhQyF1x4?t=1688)
He basically, in a handful of minutes shows exactly how to:
Link Pipeline Variables to KeyVault Secrets, so when accessed, the variables do a get() from KeyVault and return that value.
Securely links Pipeline Variables to Azure Environment Variables.
As a step in the release pipeline the console app reads the Azure Environment Variables to get credentials to do stuff in Azure.
In his case he created an Azure Resource Group in Azure.
In your case if I’m understanding correctly. You could possibly make a simple console app that runs in the pipeline, that gets creds\connections strings for your database to do whatever in the DB and could possibly test your scripts.
I hope you are all well!
I need to ask a question about azure devops, I already read the documentation, but I did not find a way to resolve these doubts
I have the X, Y and Z projects and in the X project create in the Pipeline >> Libray a group of variables called general that I would like to be shared with the Y and Z pipelines, when configuring this group I enabled the option "Allow Access to all pipelines" .
In the YAML of the Y and Z pipelines I made the following configuration:
**variables:
group: general**
When running the pipeline he returns an authorization request and even clicking authorize it, according to the print below:
Print Authorization error
There was a resource authorization issue:
"An error occurred while loading the YAML build pipeline.
Variable group was not found or is not authorized for use.
For authorization details, refer to https://aka.ms/yamlauthz."
My question is, is there any way to share variables between pipelines of different purposes, if there is, can you please send me some documentation that can help me to configure this?
Testing in my side and I can reproduce this issue, setting the Allow access to all pipelines option will enable the variable group to be accessible for any pipelines in current project not across projects. It should be a known limitation and this is the feedback ticket. You can vote and follow this ticket. You can also create a new suggestion ticket here. The product group will review these tickets regularly, and consider to take it as roadmap.
In addition, as a workaround, you could try to add these shared variables to Azure Key Vault, and then use Azure Key Vault task to fetch the latest values of all or a subset of secrets from the vault, and set them as variables that can be used in subsequent tasks of a pipeline. See: Use Azure Key Vault secrets in Azure Pipelines for details.
This link gives a good overview of using variables in Azure DevOps pipelines:
https://learn.microsoft.com/en-us/azure/devops/pipelines/process/variables
In the most common case, you set the variables and use them within the
YAML file.
In the YAML file, you can set a variable at various scopes:
At the root level, to make it available to all jobs in the pipeline.
At the stage level, to make it available only to a specific stage.
At the job level, to make it available only to a specific job.
Q: It sounds like you would like to share variables between YAML pipeline roots, correct? You're currently trying to use variable groups to accomplish this, correct?
Another solution would be to have your pipeline read from a "shared file". For example:
Is there a way to read file from Azure DevOps YAML?
... you can use any scripting language you like to parse the file and
"spit out" whatever you need as a build variable and consume it later
on. here's what I've been doing:
- script: echo "##vso[task.setvariable variable=dp]$(cat $(Build.Repository.LocalPath)/deployment/dp)"
- script: az group delete -n $(dp)-k8s -y --no-wait
In other words:
Create a file with the variables you wish to "export". It can be any script format: Powershell, bash, etc., etc.
Modify your pipeline(s) to read the file and "import" the variable definitions at runtime.
There are many ways to do this. The SO link above is just an example.
Looking for suggestions on a problem I'm facing in pipeline deployments for Azure Functions. I'm using the new Azure App Config service to pull app configuration variables to the pipeline.
These are then being used by an Azure App Service Deploy Task in the App settings section to populate the app configuration of an Azure Function. I'm in need of a way to hide the release logs for this from our developer group in the production stage of our deployment. Otherwise it will display the the app settings in the log file from the release. We still want devs to be able to see other stages of the release pipeline.
I believe I could write a powershell script to mark the variables as secrets, but that seems less manageable based on the number of release pipelines and variables that would need to be scripted. I would rather just be able to hide the logs from everyone besides a select group of users or turn them off for that release task in general by stage.
I'm also trying to avoid using Key-Vault for this scenario.
So long story short-
Is there a way to turn off logs for a specific release task in AzDo? If possible by stage?
Is there a way to hide logs by stage? Can that be done on a user level?
Suggestions are appreciated.
No, this is not possible and leads to security by obscurity.
Just use keyvault or use a script to register the secret values. You don't have to hard-code them in a powershell step or anything, you can register secrets by parsing whatever settings file you have and calling:
write-host "##vso[task.setvariable variable=$name;issecret=true]$valueToRegister"
See:
https://github.com/Microsoft/azure-pipelines-tasks/blob/master/docs/authoring/commands.md
I am using Azure Devops (formerly VSTS) releases to deploy a project.
In my release pipeline I have a power shell task that may not succeed in ways that do not indicate a deployment failure. I would like to alert users when these conditions arise.
I have suppressed the errors in the power shell script and am using them to control flow to subsequent pipeline tasks.
Is there a way include pipeline variables in the notifications Azure Devops sends when a deployment is complete?
No, the notification template is not customizable and this feature was requested: Customise VSTS email templates
But you may log your pipeline variables with powershell script: Write-Host "My var: $(my_variable)"
User-defined variables