In my powershell script, I call the following azure function:
az repos import create --git-source-url https://incommunities#dev.azure.com/my-organisation/Templates/_git/$($Framework) --detect true --project $ProjectAlias --repository $ProjectAlias --requires-authorization
When running, it prompts the user for a Password/PAT token, e.g:
Git Password / PAT:
Is there a way to automatically pass the password/token to the user input without having to enter manually?
I attempted to pipe the value through, however this does not seem to work e.g
my-pat-token | az repos import create --git-source-url https://incommunities#dev.azure.com/my-organisation/Templates/_git/$($Framework) --detect true --project $ProjectAlias --repository $ProjectAlias --requires-authorization
Is this both a) possible and then if so b) how can I do this?
There are two approaches you can use, both come courtesy from this nice blog post which you'll probably want to read, as it talks about a bunch of Azure Devops tasks.
Use an environmental variable
These commands will check for the presence of an environmental variable and will use it instead of prompting.
To do this, set an environment variable called AZURE_DEVOPS_EXT_PAT to the value of your PAT. (More info on how these tokens work here from the Microsoft Docs)
# set environment variable for current process
$env:AZURE_DEVOPS_EXT_PAT = 'xxxxxxxxxx'
When you're automating things, just set this variable before running the Azure commands.
Pipe the value in
I am not as big of a fan of this sort of approach but you can "echo out" the PAT value and pipe that into a command, which might work. IMHO this is more fragile and frunky and I wouldn't advise it.
$pat | az devops login
Related
In Azure DevOps pipeline, how to update environment variable in variable group so new value persists, so new value can be used even after build is finished.
For example, I'm trying to save new version number, this does not work:
Write-Host "##vso[task.setvariable variable=currentVersion]$newVersion"
how to update environment variable in variable group so new value persists, so new value can be used even after build is finished.
I am afraid there is no such way to update environment variable in variable group and keep it persists after build is finished.
When you use the Logging Command to set the variable, which is environment variable and can only work in the current environment.
So the new value can not be used after build is finished.
on the other hand, just like Daniel said, if we write any persistent value, then this value will compete/conflict with the value in the variable group. The compiler will not know which value to choose.
So, if you want to write any persistent value, we have to update the value in the variable group manually or use REST API to update it in the variable group.
Check the How to modify Azure DevOps release definition variable from a release task? for some more details.
Hope this helps.
Yes, you can update during build, but the Write-Host only persists in the pipeline currently running. You could use Azure CLI and call something like this:
echo %AZ_LOGIN_PAT%|az devops login
az pipelines variable-group variable update --group-id variable_id --org https://dev.azure.com/your_org --project your_project --name VariableName --value %NewValue%
The PAT might be able to be secured better, but this is how I do it. This is a Windows inline command task.
I'm trying to share version information from different pipelines to later use them to create a release config in a release pipeline. So basically I need to share information between different pipelines.
To create a somehow unique version I want to always use the output of git rev-parse HEAD.
I've already tried to use variable groups, but I was only able to read them and not to set them. And I'm not aware of another way which is supported by azure devops, I could of course use files and publish them.
I used the example which was provided by the documentation.
#!/bin/bash
echo "##vso[task.setvariable variable=sauce]crushed tomatoes"
I expect to get a change variable in the variable group in order to read that variable later on in a release pipeline.
Any help is appreciated.
Could be done via the Azure devops CLI.
Create the powershell task:
echo $env:AZURE_DEVOPS_EXT_PAT | az devops login
az devops configure -d organization=https://dev.azure.com/<your_organisation>/ project=<your_project>
az pipelines variable-group variable update --id <id_here> --name <name_here> --value <value_here>
and also create the variable in the task like so
You can not change a variable in a variable group with the logging command task.setvariable (the logging command can change only for a specific run).
The only way to update a variables in the variable group is with the Rest API:
PUT https://dev.azure/com/{organization}/{project}/_apis/distributestask/variablegroups/{groupId}?api-version=5.0-preview.1
Request body:
{
"variables": {
"key1": {
"value": "value1"
}
},
"type": "Vsts",
"name": "TestVarialeGroup",
}
So you need to add a task that excute the above Rest API, for example, PowerShell:
You need to allow scripts to access the
OAuth token (check the checkbox in the agent job options):
And give Administrate permissions to the build user (to the variable group):
I've been trying to store the output of multiple az cli commands in a variable defined in my pipeline with 0 success.
This being my last attempt:
The way I try to make sure is getting pass to the var is by doing an echo, which it outputs this(in all attempts):
At the end what im trying to achieve is to get the key value stored to use later:
Any suggestions on how to do this in the Azure CLI task from Azure DevOps Pipeline?
PS: Have being trying some commands from shell and batch and must of the attempts failures are related to not recognizing commands(batch/shell) inside the script. Which is confusing since in Azure cli task Docs:
Answer
#4c74356b41 Answer helped a lot since I didn't know I could do query in azure cli commands to get a specific value of a command. But it didn't quite answer my questions. All that said, this link Set Output Variable in Azure CLI task on VSTS has the Answer to my question.
just use query path filtering, something like this:
--query 'properties.properties.sites[0].key' -o tsv
this should output only the key you are interested it. reading:
https://learn.microsoft.com/en-us/cli/azure/query-azure-cli?view=azure-cli-latest
I'm passing a secret Release Task Variable to a PowerShell script and trying to set that value as an environment variable using logging commands so I can use it in other tasks in the same Release. I'm able to do this with a non-secret variable, but not with a secret one.
So, the following is working (I can see it using ls env: and also use it to connect to a tfs instance as a Personal Access Token) when PAT is a non-secret variable:
Inline Script Arguments: -token "$(PAT)"
Param(
[string]$token
)
Write-Host "##vso[task.setvariable variable=API_TOKEN;]$token"
I can only use the environment variable set above if I use it in a subsequent powershell task - it's not available within the task where PAT is passed.
But the following does not seem to be working when PAT is a secret variable:
Inline Script Arguments: -token "$(PAT)"
Param(
[string]$token
)
Write-Host "##vso[task.setvariable variable=API_TOKEN;issecret=true]$token"
(Note: I also tried changing API_TOKEN to something else like MYTOKEN, in case API_TOKEN is reserved, but still don't see MYTOKEN var at all if I do ls env: in a subsequent PowerShell task.)
How can I set an environment variable to a secret value passed from a Release Task, for use by that task or by other tasks in the Release? In other words, when or how can I access the environment variable set by the above-referenced logging commands with issecret=true? (I'm not actually sure I'm setting it properly, since I can't see it, but I assume I am since the non-secret version works.)
Not sure if it matters, but I have ticked the box in the release definition that says "Allow scripts to access OAuth token".
Update
There is more information here, but it's very confusing. I couldn't figure out how to set and access a secret environment variable - I suspect they are not actually environment variables, but in that case I don't understand why the logging commands are needed at all, since we can already pass secret variables to scripts. I was able to workaround by passing the secret variable from the Release Task directly to the PowerShell script, and then from there to other scripts, instead of trying to set/access the value as an environment variable.
Actually the logging command also works for secret variables (what you tried should work). As the logging command usage mentions:
When issecret is set to true, the value of the variable will be saved
as secret and masked out from log. Secret variables are not passed
into tasks as environment variables and must be passed as inputs.
You can use the script echo $(API_TOKEN) instead of ls env: (since secret variables are not showing by the command ls env:), then you will get ********.
And for the use of the secret variable $(API_TOKEN) in your following release tasks, the value should be passed as inputs (as the usage mentions).
There is no way to set a secret environment variable using the mentioned logging commands.
I am new to octopus and have a bunch of steps. For each steps we have "Machine Roles".
As part of the steps I have a script tasks/step and I wish to access the roles assigned to this step in the (powershell) script. How can I achieve this.
I tried a few things, i.e. Octopus.Machine.Roles, Octopus.Tentacle.CurrentDeployment.TargetedRoles in the (powershell) script. But does not see anything.
As found in this example, if you have a variable in Octopus, you can access it using the variable name, prefixed with a $ in PowerShell, so for a variable TestUrl use:
$TestUrl
For Octopus Parameters, you use the following:
$OctopusParameters['Octopus.Machine.Roles']
This should give you access to all the system variables.