In Azure DevOps pipeline, how to update environment variable in variable group so new value persists, so new value can be used even after build is finished.
For example, I'm trying to save new version number, this does not work:
Write-Host "##vso[task.setvariable variable=currentVersion]$newVersion"
how to update environment variable in variable group so new value persists, so new value can be used even after build is finished.
I am afraid there is no such way to update environment variable in variable group and keep it persists after build is finished.
When you use the Logging Command to set the variable, which is environment variable and can only work in the current environment.
So the new value can not be used after build is finished.
on the other hand, just like Daniel said, if we write any persistent value, then this value will compete/conflict with the value in the variable group. The compiler will not know which value to choose.
So, if you want to write any persistent value, we have to update the value in the variable group manually or use REST API to update it in the variable group.
Check the How to modify Azure DevOps release definition variable from a release task? for some more details.
Hope this helps.
Yes, you can update during build, but the Write-Host only persists in the pipeline currently running. You could use Azure CLI and call something like this:
echo %AZ_LOGIN_PAT%|az devops login
az pipelines variable-group variable update --group-id variable_id --org https://dev.azure.com/your_org --project your_project --name VariableName --value %NewValue%
The PAT might be able to be secured better, but this is how I do it. This is a Windows inline command task.
Related
I am using one powershell task and one Azure Cli task in release pipeline of Azure DevOps.
I have some release pipeline's variables. I want to read those variables as they will be required by my script in above two tasks. I used powershell core in Azure cli task
I tried to read them in the inline script directly as $(variableName) or $env:variableName but none of the above worked.
I tried to set read the variable in Environment variables option in the task and then use in the inline scripts using $env:variableName but it also didn't work. On printing the variableName in the script using Write-Host, the value I got is $(valueName) instead of the correct value.
How to read those variables inside these scripts?
The pipeline variables can be reference in the Azure CLI inline script by using the syntax $(variableName). I tested by adding the following in a script
write-host "The variable value: $(variableName)"
I currently have a variable in my release pipeline and need to set its value through a Powershell script. The purpose is to have its value available to be used for postman collections in next tasks.
I'm trying to do that in this way but not working.
$content = Get-Content -Path .\token.txt
Write-Host "RP token found: $content"
Write-Host "##vso[task.setvariable variable=readingProgressToken;]$content"
Write-Host "Variable value in pipeline: $(readingProgressToken)"
And this is the variable
variable
Using the set variable command will make the variable available for all the task steps that follow. It will not be available within the scope of the same task. If you break your task into two steps, one set then one test display, I'd expect you would see the setting is probably going to be as-expected for your postman step.
From the documentation:
To set a variable from a script, use the task.setvariable logging
command. This doesn't update the environment variables, but it does
make the new variable available to downstream steps within the same
job.
In the script task (PowerShell, Bash, etc..), if you use the logging command SetVariable to create or update a variable with the specified value, this variable with the new value is only available to the subsequent tasks in the same job.
For the script task which runs the SetVariable command, the new value is not available.
So, if you want to print the new value of the variable, you should print it in another task after the script task.
Good afternoon, I need help with this case, I want to generate a release description in my pipeline builds, I tried to set the variable in the build and I used a group variable but I was not successful, the idea is to generate a build that contains a description of what contains and when generating the new release already has the value in the variable Release.ReleaseDescription, I have a slack task that sends approvals, it would be good to have this description so that the people who approve see what it contains. This manual procedure is currently performed when the release is generated and a description is placed.
Variable group can only share variables with static values from build pipeline to release pipeline. However there is an extension task tool Variable Tools for Azure DevOps Services that can accomplish this. You can follow below steps:
1, You need first to search for Variable Tools for Azure DevOps Services and install it to your organization.
This task include two subtasks as the task describles:.
Variable Save Task - During your build you can save the variables to a json file stored with your other build assets
Variable Load Task - During your Release you can load the saved variables and gain access to them.
2, Then you need to define a variable (BuildDescription)in your build pipeline
3, Add a powershell task to assign a value to variable BuildDescription.
4, add Variable Save Task to save variable BuildDescription to a json file and store it to the build artifacts folder which will be published to azure devops server as a part of aritfacts.
5, in the release pipeline, add task Variable Load Task, and then you can use the variable (BuildDescription) in your release pipeline.
Update:
As above tasks cannot be run on linux system. We can write bash scripts to do the variable save task and variable load task.
To save the variable, you only need to replace above variable save task with bash task to run below command.
echo '{"des":"description"}' > variable-meta.json
To load the variable. Add bash task to replace variable load task
val= ($(jq '.description' variable-meta.json))
echo "##vso[task.setvariable variable=BuildDescription]$val"
I'm trying to share version information from different pipelines to later use them to create a release config in a release pipeline. So basically I need to share information between different pipelines.
To create a somehow unique version I want to always use the output of git rev-parse HEAD.
I've already tried to use variable groups, but I was only able to read them and not to set them. And I'm not aware of another way which is supported by azure devops, I could of course use files and publish them.
I used the example which was provided by the documentation.
#!/bin/bash
echo "##vso[task.setvariable variable=sauce]crushed tomatoes"
I expect to get a change variable in the variable group in order to read that variable later on in a release pipeline.
Any help is appreciated.
Could be done via the Azure devops CLI.
Create the powershell task:
echo $env:AZURE_DEVOPS_EXT_PAT | az devops login
az devops configure -d organization=https://dev.azure.com/<your_organisation>/ project=<your_project>
az pipelines variable-group variable update --id <id_here> --name <name_here> --value <value_here>
and also create the variable in the task like so
You can not change a variable in a variable group with the logging command task.setvariable (the logging command can change only for a specific run).
The only way to update a variables in the variable group is with the Rest API:
PUT https://dev.azure/com/{organization}/{project}/_apis/distributestask/variablegroups/{groupId}?api-version=5.0-preview.1
Request body:
{
"variables": {
"key1": {
"value": "value1"
}
},
"type": "Vsts",
"name": "TestVarialeGroup",
}
So you need to add a task that excute the above Rest API, for example, PowerShell:
You need to allow scripts to access the
OAuth token (check the checkbox in the agent job options):
And give Administrate permissions to the build user (to the variable group):
I'm passing a secret Release Task Variable to a PowerShell script and trying to set that value as an environment variable using logging commands so I can use it in other tasks in the same Release. I'm able to do this with a non-secret variable, but not with a secret one.
So, the following is working (I can see it using ls env: and also use it to connect to a tfs instance as a Personal Access Token) when PAT is a non-secret variable:
Inline Script Arguments: -token "$(PAT)"
Param(
[string]$token
)
Write-Host "##vso[task.setvariable variable=API_TOKEN;]$token"
I can only use the environment variable set above if I use it in a subsequent powershell task - it's not available within the task where PAT is passed.
But the following does not seem to be working when PAT is a secret variable:
Inline Script Arguments: -token "$(PAT)"
Param(
[string]$token
)
Write-Host "##vso[task.setvariable variable=API_TOKEN;issecret=true]$token"
(Note: I also tried changing API_TOKEN to something else like MYTOKEN, in case API_TOKEN is reserved, but still don't see MYTOKEN var at all if I do ls env: in a subsequent PowerShell task.)
How can I set an environment variable to a secret value passed from a Release Task, for use by that task or by other tasks in the Release? In other words, when or how can I access the environment variable set by the above-referenced logging commands with issecret=true? (I'm not actually sure I'm setting it properly, since I can't see it, but I assume I am since the non-secret version works.)
Not sure if it matters, but I have ticked the box in the release definition that says "Allow scripts to access OAuth token".
Update
There is more information here, but it's very confusing. I couldn't figure out how to set and access a secret environment variable - I suspect they are not actually environment variables, but in that case I don't understand why the logging commands are needed at all, since we can already pass secret variables to scripts. I was able to workaround by passing the secret variable from the Release Task directly to the PowerShell script, and then from there to other scripts, instead of trying to set/access the value as an environment variable.
Actually the logging command also works for secret variables (what you tried should work). As the logging command usage mentions:
When issecret is set to true, the value of the variable will be saved
as secret and masked out from log. Secret variables are not passed
into tasks as environment variables and must be passed as inputs.
You can use the script echo $(API_TOKEN) instead of ls env: (since secret variables are not showing by the command ls env:), then you will get ********.
And for the use of the secret variable $(API_TOKEN) in your following release tasks, the value should be passed as inputs (as the usage mentions).
There is no way to set a secret environment variable using the mentioned logging commands.