In an azure-pipelines.yml file, how do I enumerate all variables defined in a "Variable Group" created in the UI?
I'd like to do this so I can write these variables to a .env file in the pipeline build stage.
There is no difference at pipeline level between variables set in pipeline and those from variable group. But you can use Azure DevOps CLI to achieve your goal.
Please check az pipelines variable-group variable list.
And this is the way how you can call CLI from pipeline - Azure DevOps CLI in Azure Pipeline YAML
Example for LINUX
steps:
# Updating the python version available on the linux agent
- task: UsePythonVersion#0
inputs:
versionSpec: '3.x'
architecture: 'x64'
# Updating pip to latest
- script: python -m pip install --upgrade pip
displayName: 'Upgrade pip'
# Updating to latest Azure CLI version.
- script: pip install --pre azure-cli --extra-index-url https://azurecliprod.blob.core.windows.net/edge
displayName: 'upgrade azure cli'
- script: az --version
displayName: 'Show Azure CLI version'
- script: az extension add -n azure-devops
displayName: 'Install Azure DevOps Extension'
- script: echo ${AZURE_DEVOPS_CLI_PAT} | az devops login
env:
AZURE_DEVOPS_CLI_PAT: $(System.AccessToken)
displayName: 'Login Azure DevOps Extension'
- script: az devops configure --defaults organization=https://dev.azure.com/{OrganizationName} project="Movie Search Web App" --use-git-aliases true
displayName: 'Set default Azure DevOps organization and project'
- script: |
az pipelines variable-group variable list --group-id 45
displayName: 'Show variable group variables'
We could use REST API and power shell script to loop the variable group
Create PAT token, save it to pipeline variable and set it to secret, then add task power shell and enter below script
Power shell script:
$connectionToken="$(pat)"
$base64AuthInfo= [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$($connectionToken)"))
$URL = "https://dev.azure.com/{Org name}/{Project name}/_apis/distributedtask/variablegroups?groupIds={Variable group ID}&api-version=6.0-preview.2"
$Result = Invoke-RestMethod -Uri $URL -Headers #{authorization = "Basic $base64AuthInfo"} -Method Get
$Variable = $Result.value.variables | ConvertTo-Json -Depth 100
Write-Host $Variable
Result:
You can use Variable Group Formatter extension. In outputFormat you can specify desired format like CLI or JSON
- task: VariableGroupFormatter#0
name: variableGroup
displayName: "Format variables"
inputs:
variableGroupID: '6'
outputFormat: 'JSON'
- script: echo $(variableGroup.formattedVariables)
Result:
Example
Related
From a devops build pipeline, I'd like to run a bicep file for a deployment into a resource group.
My devops service connection is names '365response-tfssc-dev', as seen below:
My yaml job is as follows:
- job: deployAzure
displayName: deploy bicep to Azure
pool:
vmImage: "ubuntu-latest"
dependsOn: [waitForValidation]
steps:
- task: AzureCLI#2
displayName: Deploy Bicep To Azure
inputs:
azureSubscription: "365response-tfssc-dev"
scriptType: "bash"
scriptLocation: "inlineScript"
inlineScript: |
az deployment group create --resource-group rg-365Response-$(env)-001 \
--template-file '$(System.DefaultWorkingDirectory)\bicep\365Response.main.bicep' \
--parameters '$(System.DefaultWorkingDirectory)\bicep\365Response.parameters.$(env).json' \
If I run this from the terminal window of vs code then it works ok.
When this job runs it gives the following message:
/usr/bin/az account set --subscription 'correct subscription id is
listed here' /usr/bin/bash
/home/vsts/work/_temp/azureclitaskscript1654444101122.sh ERROR:
unrecognized arguments:
ENDPOINT_DATA_7940768d-1de7-44d9-92bf-05d293639bc8_SERVICEMANAGEMENTURL=https://m...
this line is very very long
The very long line is as follows:
ERROR: unrecognized arguments: ENDPOINT_DATA_7940768d-1de7-44d9-92bf-05d293639bc8_SERVICEMANAGEMENTURL=https://management.core.windows.net/ ENDPOINT_DATA_7940768d-1de7-44d9-92bf-05d293639bc8_ENVIRONMENT=AzureCloud ENDPOINT_DATA_7940768d-1de7-44d9-92bf-05d293639bc8_ARMMANAGEMENTPORTALURL=https://portal.azure.com/ ENDPOINT_DATA_7940768d-1de7-44d9-92bf-05d293639bc8_MANAGEMENTPORTALURL=https://manage.windowsazure.com/ ENDPOINT_DATA_7940768d-1de7-44d9-92bf-05d293639bc8_GALLERYURL=https://gallery.azure.com/ ENDPOINT_DATA_7940768d-1de7-44d9-92bf-05d293639bc8_SUBSCRIPTIONID=subIdHere ENDPOINT_DATA_7940768d-1de7-44d9-92bf-05d293639bc8={"environment":"AzureCloud","scopeLevel":"Subscription","subscriptionId":"subIdHere","subscriptionName":"dev-001","creationMode":"Manual","environmentUrl":"https://management.azure.com/","galleryUrl":"https://gallery.azure.com/","serviceManagementUrl":"https://management.core.windows.net/","resourceManagerUrl":"https://management.azure.com/","activeDirectoryAuthority":"https://login.microsoftonline.com/","environmentAuthorityUrl":"https://login.windows.net/","graphUrl":"https://graph.windows.net/","managementPortalUrl":"https://manage.windowsazure.com/","armManagementPortalUrl":"https://portal.azure.com/","activeDirectoryServiceEndpointResourceId":"https://management.core.windows.net/","sqlDatabaseDnsSuffix":".database.windows.net","AzureKeyVaultDnsSuffix":"vault.azure.net","AzureKeyVaultServiceEndpointResourceId":"https://vault.azure.net","StorageEndpointSuffix":"core.windows.net","EnableAdfsAuthentication":"false"} ENDPOINT_DATA_7940768d-1de7-44d9-92bf-05d293639bc8_SQLDATABASEDNSSUFFIX=.database.windows.net ENDPOINT_DATA_7940768d-1de7-44d9-92bf-05d293639bc8_ENVIRONMENTAUTHORITYURL=https://login.windows.net/ ENDPOINT_DATA_7940768d-1de7-44d9-92bf-05d293639bc8_CREATIONMODE=Manual ENDPOINT_DATA_7940768d-1de7-44d9-92bf-05d293639bc8_AZUREKEYVAULTSERVICEENDPOINTRESOURCEID=https://vault.azure.net ENDPOINT_DATA_7940768d-1de7-44d9-92bf-05d293639bc8_SUBSCRIPTIONNAME=dev-001 ENDPOINT_DATA_7940768d-1de7-44d9-92bf-05d293639bc8_AZUREKEYVAULTDNSSUFFIX=vault.azure.net ENDPOINT_DATA_7940768d-1de7-44d9-92bf-05d293639bc8_SCOPELEVEL=Subscription agent.jobstatus=Succeeded ENDPOINT_DATA_7940768d-1de7-44d9-92bf-05d293639bc8_ACTIVEDIRECTORYSERVICEENDPOINTRESOURCEID=https://management.core.windows.net/ ENDPOINT_DATA_7940768d-1de7-44d9-92bf-05d293639bc8_GRAPHURL=https://graph.windows.net/ ENDPOINT_DATA_7940768d-1de7-44d9-92bf-05d293639bc8_ENVIRONMENTURL=https://management.azure.com/ ENDPOINT_URL_7940768d-1de7-44d9-92bf-05d293639bc8=https://management.azure.com/ ENDPOINT_DATA_7940768d-1de7-44d9-92bf-05d293639bc8_ACTIVEDIRECTORYAUTHORITY=https://login.microsoftonline.com/ ENDPOINT_DATA_7940768d-1de7-44d9-92bf-05d293639bc8_ENABLEADFSAUTHENTICATION=false ENDPOINT_DATA_7940768d-1de7-44d9-92bf-05d293639bc8_RESOURCEMANAGERURL=https://management.azure.com/ SELENIUM_JAR_PATH=/usr/share/java/selenium-server.jar COMMON_TESTRESULTSDIRECTORY=/home/vsts/work/1/TestResults GOROOT_1_17_X64=/opt/hostedtoolcache/go/1.17.10/x64 CONDA=/usr/share/miniconda SYSTEM_JOBNAME=__default AGENT_RETAINDEFAULTENCODING=false JAVA_HOME_11_X64=/usr/lib/jvm/temurin-11-jdk-amd64 SYSTEM_PIPELINESTARTTIME=2022-06-05 15:48:16+00:00 AZURE_CONFIG_DIR=/home/vsts/work/_temp/.azclitask SYSTEM_TASKINSTANCENAME=AzureCLI AGENT_HOMEDIRECTORY=/home/vsts/agents/2.204.0 AGENT_TEMPDIRECTORY=/home/vsts/work/_temp BUILD_REQUESTEDFOREMAIL=aza.'my email here' VSTS_PROCESS_LOOKUP_ID=vsts_8ec9ddb3-be14-4d39-96fe-b09bdd94b311 SYSTEM_COLLECTIONURI=https://dev.azure.com/idsservicesbeta/ BUILD_DEFINITIONNAME=Scaffolding (1) ENDPOINT_URL_SYSTEMVSSCONNECTION=https://dev.azure.com/idsservicesbeta/ JAVA_HOME=/usr/lib/jvm/temurin-11-jdk-amd64 GRADLE_HOME=/usr/share/gradle-7.4.2 SYSTEM_STAGENAME=deployBicep SYSTEM_JOBPARALLELISMTAG=Private AGENT_OS=Linux BUILD_BUILDURI=vstfs:///Build/Build/1755 AGENT_JOBNAME=deploy bicep to Azure XDG_CONFIG_HOME=/home/vsts/.config DOTNET_SKIP_FIRST_TIME_EXPERIENCE=1 BUILD_REPOSITORY_URI=https://idsservicesbeta#dev.azure.com/idsservicesbeta/365-Response/_git/Scaffolding ANT_HOME=/usr/share/ant RESOURCES_TRIGGERINGALIAS= JAVA_HOME_8_X64=/usr/lib/jvm/temurin-8-jdk-amd64 BUILD_DEFINITIONVERSION=1 HOMEBREW_PREFIX=/home/linuxbrew/.linuxbrew RUNNER_TOOLSDIRECTORY=/opt/hostedtoolcache SYSTEM_SERVERTYPE=Hosted AGENT_USEWORKSPACEID=true BUILD_REQUESTEDFORID=08c91bb3-5fb2-6b27-a830-47c6829ed7f8 SYSTEM_JOBIDENTIFIER=deployBicep.deployAzure.__default SYSTEM_ARTIFACTSDIRECTORY=/home/vsts/work/1/a AGENT_VERSION=2.204.0 HOMEBREW_CLEANUP_PERIODIC_FULL_DAYS=3650 BUILD_SOURCEVERSIONAUTHOR=BizTalkers SYSTEM_JOBDISPLAYNAME=deploy bicep to Azure BUILD_REPOSITORY_NAME=Scaffolding BOOTSTRAP_HASKELL_NONINTERACTIVE=1 PWD=/home/vsts/work/1/s PIPX_BIN_DIR=/opt/pipx_bin BUILD_ARTIFACTSTAGINGDIRECTORY=/home/vsts/work/1/a AGENT_ACCEPTTEEEULA=True BUILD_SOURCEBRANCHNAME=main AGENT_UPLOADTIMELINEATTACHMENTSTOBLOB=true TASK_DISPLAYNAME=Deploy Bicep To Azure BUILD_CONTAINERID=27996509 ANDROID_NDK_LATEST_HOME=/usr/local/lib/android/sdk/ndk/23.2.8568313 RESOURCES_TRIGGERINGCATEGORY= POWERSHELL_DISTRIBUTION_CHANNEL=Azure-DevOps-ubuntu20 SYSTEM_STAGEDISPLAYNAME=deployBicep SYSTEM_PLANID=6892c8d0-c78e-4c67-b035-05b3489e50dc SYSTEM_POSTLINESSPEED=500 BUILD_BUILDNUMBER=Deploy Bicep files 1755 DOTNET_MULTILEVEL_LOOKUP=0 BUILD_REPOSITORY_LOCALPATH=/home/vsts/work/1/s VSTS_AGENT_PERFLOG=/home/vsts/perflog HOME=/home/vsts LANG=C.UTF-8 BUILD_REPOSITORY_PROVIDER=TfsGit STATS_KEEPALIVE=false SYSTEM_TIMELINEID=6892c8d0-c78e-4c67-b035-05b3489e50dc SYSTEM_PHASEDISPLAYNAME=deploy bicep to Azure SYSTEM_TASKDEFINITIONSURI=https://dev.azure.com/idsservicesbeta/ BUILD_STAGINGDIRECTORY=/home/vsts/work/1/a SYSTEM_HOSTTYPE=build AGENT_WORKFOLDER=/home/vsts/work SYSTEM_STAGEID=bc4f992b-d3a8-5fa4-4306-364494a1b562 SYSTEM_DEFINITIONID=45 INVOCATION_ID=ddfbd830e49e4577879f4d283f4ac321 INPUT_SCRIPTARGUMENTS= AGENT_DISABLELOGPLUGIN_TESTFILEPUBLISHERPLUGIN=true TF_BUILD=True JAVA_HOME_17_X64=/usr/lib/jvm/temurin-17-jdk-amd64 AGENT_TASKRESTRICTIONSENFORCEMENTMODE=Enabled AGENT_ROOTDIRECTORY=/home/vsts/work SYSTEM_JOBATTEMPT=1 ANDROID_NDK_HOME=/usr/local/lib/android/sdk/ndk-bundle SYSTEM_DEFINITIONNAME=Scaffolding (1) HOMEBREW_NO_AUTO_UPDATE=1 BUILD_BINARIESDIRECTORY=/home/vsts/work/1/b NVM_DIR=/home/vsts/.nvm SGX_AESM_ADDR=1 SYSTEM_PHASEATTEMPT=1 SYSTEM_ENABLEACCESSTOKEN=SecretVariable SYSTEM_TEAMFOUNDATIONSERVERURI=https://dev.azure.com/idsservicesbeta/ SYSTEM_TASKDISPLAYNAME=Deploy Bicep To Azure BUILD_BUILDID=1755 TEMPLATEFILE=bicep/365Response.main.json BUILD_REPOSITORY_ID=92e4e7ea-8e17-425b-ad1c-899f9922bc0f AGENT_NAME=Hosted Agent ANDROID_HOME=/usr/local/lib/android/sdk SYSTEM_JOBPOSITIONINPHASE=1 AGENT_MACHINENAME=fv-az414-868 ACCEPT_EULA=Y SYSTEM_PULLREQUEST_ISFORK=False SYSTEM_JOBTIMEOUT=60 SYSTEM_TEAMPROJECTID=4009b106-170a-496d-9af8-9ec836b38dc3 SYSTEM_COLLECTIONID=b3e27278-2d93-48a2-af86-fa3370179011 USER=vsts SYSTEM_TEAMPROJECT=365-Response HOMEBREW_CELLAR=/home/linuxbrew/.linuxbrew/Cellar BUILD_SOURCEVERSION=715f5872b0f65eade29314d0f30bf57a3f191896 PIPX_HOME=/opt/pipx AGENT_DISABLELOGPLUGIN_TESTRESULTLOGPLUGIN=true SYSTEM_PHASEID=f1ebf77f-30ac-526d-968c-fab23fa199f8 GECKOWEBDRIVER=/usr/local/share/gecko_driver BUILD_REASON=Manual SYSTEM_STAGEATTEMPT=1 CHROMEWEBDRIVER=/usr/local/share/chrome_driver SHLVL=0 SYSTEM=build ANDROID_SDK_ROOT=/usr/local/lib/android/sdk VCPKG_INSTALLATION_ROOT=/usr/local/share/vcpkg HOMEBREW_REPOSITORY=/home/linuxbrew/.linuxbrew/Homebrew ImageVersion=20220529.1 BUILD_SOURCEBRANCH=refs/heads/main AZURE_HTTP_USER_AGENT=VSTS_b3e27278-2d93-48a2-af86-fa3370179011_build_45_0 DOTNET_NOLOGO=1 BUILD_SOURCESDIRECTORY=/home/vsts/work/1/s MSDEPLOY_HTTP_USER_AGENT=VSTS_b3e27278-2d93-48a2-af86-fa3370179011_build_45_0 TASK_SKIPTRANSLATORFORCHECKOUT=False SYSTEM_CULTURE=en-US SYSTEM_WORKFOLDER=/home/vsts/work STATS_PFS=true GRAALVM_11_ROOT=/usr/local/graalvm/graalvm-ce-java11-22.1.0 AGENT_READONLYVARIABLES=true AGENT_ID=8 BUILD_QUEUEDBYID=08c91bb3-5fb2-6b27-a830-47c6829ed7f8 AZURE_EXTENSION_DIR=/opt/az/azcliextensions AGENT_BUILDDIRECTORY=/home/vsts/work/1 BUILD_REQUESTEDFOR=Rob Bowman ANDROID_NDK_ROOT=/usr/local/lib/android/sdk/ndk-bundle CHROME_BIN=/usr/bin/google-chrome AGENT_UPLOADBUILDARTIFACTSTOBLOB=true SYSTEM_DEFAULTWORKINGDIRECTORY=/home/vsts/work/1/s GOROOT_1_18_X64=/opt/hostedtoolcache/go/1.18.2/x64 JOURNAL_STREAM=8:23147 AGENT_OSARCHITECTURE=X64 LEIN_HOME=/usr/local/lib/lein LEIN_JAR=/usr/local/lib/lein/self-installs/leiningen-2.9.8-standalone.jar SYSTEM_ISSCHEDULED=False BUILD_REPOSITORY_GIT_SUBMODULECHECKOUT=False PATH=/home/linuxbrew/.linuxbrew/bin:/home/linuxbrew/.linuxbrew/sbin:/home/vsts/.local/bin:/opt/pipx_bin:/home/vsts/.cargo/bin:/home/vsts/.config/composer/vendor/bin:/usr/local/.ghcup/bin:/home/vsts/.dotnet/tools:/snap/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin SYSTEM_JOBID=d562b731-90ac-599c-aa5d-b4e5e0c32cf4 BUILD_QUEUEDBY=Rob Bowman SWIFT_PATH=/usr/share/swift/usr/bin PIPELINE_WORKSPACE=/home/vsts/work/1 ImageOS=ubuntu20 BUILD_SOURCEVERSIONMESSAGE=ubuntu-latest SYSTEM_TEAMFOUNDATIONCOLLECTIONURI=https://dev.azure.com/idsservicesbeta/ AGENT_LOGTOBLOBSTORAGESERVICE=true LOCATION=uksouth SYSTEM_TASKINSTANCEID=44b963b8-127f-5c06-baab-44a1330fee42 AGENT_JOBSTATUS=Succeeded DEBIAN_FRONTEND=noninteractive GIT_TERMINAL_PROMPT=0 AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache SYSTEM_PHASENAME=deployAzure OLDPWD=/home/vsts/work/1/s SYSTEM_TOTALJOBSINPHASE=1 GOROOT_1_16_X64=/opt/hostedtoolcache/go/1.16.15/x64 _=/usr/bin/env-001
Anyone see where I've gone wrong?
Please check if your service connection's Azure AD service principal has access to the Azure subscription you are trying to deploy to. Your error message doesn't really look like that, but the error message is not fully shown in your question. (That "very long" error message can be very important. ;) )
Most likely you should debug the az deployment group create ... script locally with the variable values replaced for yourself manually, and see if you can reproduce the error. That would mean that Azure Pipelines has nothing to do with this, you should just make your deployment instruction work and all will be good.
If #1 is not applicable for you (e.g. your deployment instruction is working totally fine locally but it is still failing in the pipeline), my recommendation is to look into Azure CLI version on the pipelines agent vs. the one you need and maybe add az Azure CLI upgrade/downgrade task to suit your needs.
For example, we have used these 2 steps to update AzureCLI when the MS hosted agent version contained a bug.
- script: sudo apt-get update
- task: AzureCLI#2
inputs:
azureSubscription: ${{ parameters.armServiceConnection }}
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |-
az --version
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
az --version
Problem was using ubuntu image - should have been windows-2022
I have a build process where I need to use a token, received through the AWSCLI. So far I have connected aws to my azure pipelines but I am having trouble setting up my yaml.
I want to fetch the relevant token to use it later as a variable in my script.
As you can see in my yaml I am running a powershell script with codeartifact and I am saving the value to my myOutputVar. The powershell script does not throw an error.
However, later when I run the building script that variable is not present resulting in ECHO is off.
How can I ensure the value received in the task can be used later in the script/build part?
trigger:
- azure-pipelines
pool:
vmImage: windows-latest
steps:
- task: NodeTool#0
inputs:
versionSpec: '10.x'
displayName: 'Install Node.js'
- task: AWSPowerShellModuleScript#1
inputs:
awsCredentials: 'AWS Connection'
regionName: 'eu-central-1'
scriptType: 'inline'
inlineScript: '##vso[task.setvariable variable=myOutputVar;]aws codeartifact get-authorization-token --domain somedomain --domain-owner 444.... --query authorizationToken --output text; '
- script: |
echo %myOutputVar%
npm ci
npm run build
displayName: 'npm install and build'
Your inline script can be multiple lines, and since this is PowerShell you can do something like:
inlineScript: |
$authToken = aws codeartifact get-authorization-token `
--domain somedomain `
--domain-owner 444.... `
--query authorizationToken `
--output text
Write-Host "##vso[task.setvariable variable=myOutputVar;]$authToken"
Trying to dynamically retrieve all the variables from a variable group via Azure DevOps task in a YAML Pipeline. Originally tried leveraging the AzureCLI#2 task with the following code to retrieve the variableGroupID which would be used to get the variables inside of it:
$variableGroupId = $(az pipelines variable-group list --org $(System.CollectionUri) --project $(System.TeamProject) --query "[?name=='{{ parameters.variableGroupName }}'].id" -o tsv)
This command works locally but not when executing on a MS hosted agent like this:
parameters:
variableGroupName: ''
steps:
- task: AzureCLI#2
displayName: Azure CLI
inputs:
azureSubscription: ${{ parameters.azureSubscriptionName }}
scriptType: pscore
scriptLocation: inlineScript
inlineScript: |
az upgrade
$variableGroupId = $(az pipelines variable-group list --org $(System.CollectionUri) --project $(System.TeamProject) --query "[?name=='{{ parameters.variableGroupName }}'].id" -o tsv)
write-Host $variableGroupId
$variables = $(az pipelines variable-group variable list --group-id $variableGroupId --org $(System.CollectionUri) --project $(System.TeamProject) -o yaml)
write-Host $variables
This fails with the error:
Before you can run Azure DevOps commands, you need to run the login command (az login if using AAD/MSA identity else az devops login if using PAT token) to setup credentials. Please see https://aka.ms/azure-devops-cli-auth for more information
I have opened up an issue
In the meantime, I tried to run the commands to install the necessary pieces via scripts
strategy:
runOnce:
deploy:
steps:
- task: AzureRmWebAppDeployment#3
inputs:
azureSubscription: Example - Dev
WebAppName: wapp-Example-dev-eus
Package: $(Pipeline.Workspace)/drop/Web.Example.zip
TakeAppOfflineFlag: True
- task: UsePythonVersion#0
inputs:
versionSpec: '3.x'
architecture: 'x64'
- task: CmdLine#2
displayName: 'Upgrade pip'
inputs:
script: python -m pip install --upgrade pip
- task: CmdLine#2
displayName: 'upgrade azure cli'
inputs:
script: pip install --pre azure-cli --extra-index-url https://azurecliprod.blob.core.windows.net/edge
- task: CmdLine#2
displayName: 'Show Azure CLI version'
inputs:
script: az --version
- task: CmdLine#2
displayName: 'Install Azure DevOps Extension'
inputs:
script: az extension add -n azure-devops
- task: CmdLine#2
env:
AZURE_DEVOPS_CLI_PAT: $(patCredential)
displayName: 'Login Azure DevOps Extension'
inputs:
script: echo ${AZURE_DEVOPS_CLI_PAT} | az devops login
- task: CmdLine#2
displayName: 'Show List of Variables'
inputs:
script: |
$variableGroupId = $(az pipelines variable-group list --org $(System.CollectionUri) --project $(System.TeamProject) --query "[?name=='{{ parameters.variableGroupName }}'].id" -o tsv)
write-Host $variableGroupId
$variables = $(az pipelines variable-group variable list --group-id $variableGroupId --org $(System.CollectionUri) --project $(System.TeamProject) -o yaml)
write-Host $variables
However, when using both latest Ubuntu agents and those designated in the doc get an error:
WARNING: Failed to store PAT using keyring; falling back to file storage.
WARNING: You can clear the stored credential by running az devops logout.
WARNING: Refer https://aka.ms/azure-devops-cli-auth to know more on sign in with PAT.
I have opened up an issue with the documentation team as at the very least the provided steps do not work. Any assistance would be appreciated!
I was getting the same error, and was able to get mine working by adding:
echo $(System.AccessToken) | az devops login
to the top of my inline script. Here's what it looks like:
variables:
variableGroupName: 'my-variable-group'
...
- task: AzureCLI#2
displayName: 'Set environment variables'
inputs:
azureSubscription: '$(azureSubscription)'
scriptType: 'pscore'
scriptLocation: 'inlineScript'
inlineScript: |
echo $(System.AccessToken) | az devops login
$groupId = (az pipelines variable-group list `
--organization $(System.CollectionUri) `
--project $(System.TeamProject) `
--group-name $(variableGroupName) | ConvertFrom-Json).id
...
You can use the REST API instead of Azure CLI to get the information. It can be used with the standard tools already present on the Microsoft Hosted agents. It requires only vanilla powershell or powershell core, meaning to works on both windows and linux agents. The below example was successfully tested on windows-latest/windows-2019 and ubuntu-latest/ubuntu-20.04
The approach is the same as with Azure CLI.
List all available groups filtered by name to retrieve the variable group in question
Get all variables in the variable group using the variable group id from step
In fact, the pipeline also has an out of the box PAT token available with read access to variable groups. It is stored in the variable System.AccessToken. Using that instead of a manually managed one will further simplify things.
The script below is executed in a pwsh step, which is the built in Powershell task in Powershell core mode
- pwsh: |
# Construct PAT authentication header
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f "user",$env:SYSTEM_ACCESSTOKEN)))
$headers = #{Authorization=("Basic {0}" -f $base64AuthInfo)}
# Retrieve variable group id. Filter the result by setting the groupName query parameter
$variableGroupId = $(Invoke-RestMethod -Headers $headers "$(System.CollectionUri)$(System.TeamProject)/_apis/distributedtask/variablegroups?groupName=${{ parameters.variableGroupName }}&api-version=6.0-preview.2").value[0].id
# Retrieve variables in variable group with id $variableGroupId
$variables = $(Invoke-RestMethod -Headers $headers "$(System.CollectionUri)$(System.TeamProject)/_apis/distributedtask/variablegroups/${variableGroupId}?api-version=6.0-preview.2").variables
#Print variables as json (for demo purpose)
$variables | ConvertTo-Json
env:
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
displayName: 'Retrieve variables'
Testing the above pipeline in a project on a variable group with two variables yields the following output:
{
"Variable 1": {
"value": "Value 1"
},
"Variable 2": {
"value": "Value 2"
}
}
I have a Stage that runs my Terraform Code, but I need to whitelist the agent IP on my Azure SQL server, so I have a PowerShell script that can handle this, however, the environment variables inside the script (for instance $env:company_name) are all showing as null I believe because its bash. Not sure....the part of YAML is shown below. Any ideas on how I can accomplish this? Thanks
******************** YAML from pipeline**************************
steps:
- checkout: self
- task: Bash#3
displayName: 'Install AZ Modules'
inputs:
targetType: 'inline'
script: |
sudo /usr/bin/pwsh -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -File "$(Build.Repository.LocalPath)/STAGE2/Scripts/buildazmodule.ps1"
- task: PowerShell#2
displayName: 'Add Firewall Rules'
inputs:
targetType: filePath
filePath: './STAGE2/Scripts/firewallrules.ps1'
- task: ms-devlabs.custom-terraform-tasks.custom-terraform-installer-task.TerraformInstaller#0
inputs:
terraformVersion: '0.12.28'
- script: terraform version
displayName: 'Terraform Version'
- script: az cloud set --name $(cloud)
displayName: 'Set Cloud'
- script: az login --service-principal -u $(client_id) -p $(client_secret) --tenant $(tenant_id)
displayName: 'Log Into Azure'
- script: terraform init -backend-config=resource_group_name=$(sg_resource_group) -backend-config="storage_account_name=$(sg_name)" -backend-config="container_name=$(blob_storage)" -backend-config="access_key=$(sg_accesskey)" -backend-config="key=$(state_file)" -backend-config="environment=$(cloud_environment_name)"
displayName: 'Terraform Init'
workingDirectory: $(System.DefaultWorkingDirectory)/STAGE2
- script: terraform plan -var="client_id=$(client_id)" -var="client_secret=$(client_secret)" -var="tenant_id=$(tenant_id)" -var="subscription_id=$(subscription_id)" -var="environment=$(cloud_environment_name)" -var="company_name=$(company_name)" -var="cloudsitename=$(cloudsitename)" -var="envtype=$(envtype)" -var="builddate=$(builddate)" -var="is_public=$(is_public)" -var="region=$(region)" -var="os_image_skey=$(os_image_skey)" -var="is_osmanaged_ad=$(is_osmanaged_ad)" -var="remote_tenant=$(remote_tenant)" -var="is_fedramp=$(is_fedramp)" -var="level=$(level)" -var="onestream_version=$(onestream_version)" -out="out.plan"
displayName: 'Terraform Plan'
workingDirectory: $(System.DefaultWorkingDirectory)/STAGE2
- script: terraform apply out.plan
displayName: 'Terraform Apply'
workingDirectory: $(System.DefaultWorkingDirectory)/STAGE2
************************ Part of script code***********************
$envtype = $env:envtype
$CompanyName = $env:company_name
$CompanyNameTemp = $CompanyName.ToLower() #input production environment name e.g. the "tmfgroup" in rg"tmfgroup" ***PIPELINE VAR***
$CompanyName = ($CompanyNametemp.subString(0, [System.Math]::Min(8, $CompanyNametemp.Length))).Trim()
$sgname = "sg${CompanyName}"
$rgname = "rg${CompanyName}"
$kvName = "kv${CompanyName}"
$sqlName = "sql${CompanyName}${envtype}"
*************************** Error**********************
InvalidOperation: /home/vsts/work/1/s/STAGE2/Scripts/firewallrules.ps1:4
Line |
4 | $CompanyNameTemp = $CompanyName.ToLower() #input production environme …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| You cannot call a method on a null-valued expression.
Agree with Krzysztof Madej.
As far as I know, linux system is case sensitive.
When you set the variable in azure devops, it will be converted to uppercase letters in environment variables.
For example:
So when you use the environment variable in Linux system, you need to change the format as
$env:COMPANY_NAME.
By the way, you could use the script to output all environment variables(e.g. env | sort).
Then you could check the environment variable format.
I have this azure devops ci/cd pipeline using yaml. My yaml has two stages CI and CD. My CI stage has one job called BuildandDeploy. The CD stage has one deployment job. I am using universal artifacts to publish and downloading the same. In the CD phase I am using UniversalPackages devops task to download the artifact. The task has a input variable called vstsPackageVersion which is the package version that is shown in universal artifacts. I have known of two other variables that could be used $(Build.BuildId) and $(Build.BuildNumber). As a temporary work around I am hard coding the package version for the universal artifact.
I wasn't able to download the artifact with either of the built-in variables. Since the CI and CD are in the same pipeline, is there any way to store and retrieve the package version of the artifact? Is there a identifier like latest that I could use to get the latest artifact from universal package.
# specific branch build with batching
trigger:
batch: true
branches:
include:
- master
stages:
- stage: CI
jobs:
- job: BuildAndPublish
pool:
vmImage: 'Ubuntu-16.04'
steps:
-
script: |
docker build -t $(dockerId).azurecr.io/$(imageName):$(version) .
docker login -u $(dockerId) -p $(pswd) $(dockerId).azurecr.io
docker push $(dockerId).azurecr.io/$(imageName):$(version)
- task: Bash#3
displayName: Initialize Helm Client - create local repo
inputs:
targetType: 'inline'
script: '
helm init --client-only
'
- task: HelmDeploy#0
displayName: Package helm chart
inputs:
connectionType: 'Kubernetes Service Connection'
command: 'package'
chartPath: 'my-helm-dir'
- task: UniversalPackages#0
displayName: Publish helm package to my-company-artifacts
inputs:
command: 'publish'
publishDirectory: '$(Build.ArtifactStagingDirectory)'
feedsToUsePublish: 'internal'
vstsFeedPublish: '$(my-feed-guid)'
vstsFeedPackagePublish: 'my-artifact-name'
versionOption: patch
packagePublishDescription: 'My helm package descrition'
- stage: CD
jobs:
- deployment: DeployJob
displayName: Deploy Job
pool:
vmImage: Ubuntu-16.04
environment: dev
strategy:
runOnce:
deploy:
steps:
- task: UniversalPackages#0
displayName: 'Universal download'
inputs:
command: download
vstsFeed: '$(my-feed-name)'
vstsFeedPackage: 'my-artifact-name'
vstsPackageVersion: 0.0.32
- task: ExtractFiles#1
displayName: 'Extract files '
inputs:
archiveFilePatterns: '*.tgz'
destinationFolder: 'my-folder'
cleanDestinationFolder: true
The Universal Packages task based on az artifacts universal cli that not support "latest version", but only specific version (by the way, this cli is on preview).
As workaround, you can use the Rest API to retrieve the latest version and set a new variable, then, in the download task use this variable.
For example, add a PowerShell task that get the version number and set the variable:
- powershell: |
$head = #{ Authorization = "Bearer $env:TOKEN" }
$url = "https://feeds.dev.azure.com/{organization}/_apis/packaging/Feeds/{feed-name}/packages/{package-guid}?api-version=5.0-preview.1"
$package = Invoke-RestMethod -Uri $url -Method Get -Headers $head -ContentType application/json
$latestVersion = ($package.versions.Where({ $_.isLatest -eq $True })).version
Write-Host "The latest version is $latestVersion"
Write-Host "##vso[task.setvariable variable=latestVersion]$latestVersion"
env:
TOKEN: $(system.accesstoken)
Now, in the download task use it:
vstsPackageVersion: $(latestVersion)