We are using a task group for all of our builds. Some of the steps pick variables from variable groups and some variables are just system varibles like $(Get-Date).
When editing the task group all variables detected in the build steps are listed under the parameter section and concequently all builds will also show this list of varibles for the corresponding task group.
However in our case we would only like to display three of the variables. We would like variables such as $(Get-Date), some configuration variables and variables from the library variable group not to be listed since the user should not be able to edit these parameters.
Is there a way to choose which parameters will be listed under the task group or in the corresponding builds?
It seems that there is no way to control which parameter should be listed under task groups.
But there is way to control who have the permission to edit these parameters.
If it is acceptable to you, You can modify the security of the task group, which allows you to control the edit permission for individual user and also groups.
After you deny a user's permission to edit the task group. User will get an error when he tries to change the parameter.
Related
I'm working on an integration between Azure Pipelines and ServiceNow's change management module. To achieve that the ServiceNow Change Management extension has been installed and configured according to this documentation page. In Azure DevOps we are using multistage yaml pipelines, which should create standard preapproved changes in ServiceNow.
The connection itself between the two applications works fine, I managed to put together a pipeline that creates change requests, waits until their status changes and then closes them. However, I'd like to pass some values set in the pipeline runs to the created change requests and I couldn't find a way to do it.
First I added a service connection to our Azure DevOps project, and created the ServiceNow check for it. I experimented a little with adding different expressions to it, like setting the short description to ${{ parameters.shortDescription }}, or defining a variable in the pipeline as ShortDescription: ${{ parameters.shortDescription }} and using that variable in the check as $(ShortDescription) or $[ variables.ShortDescription ]. Unfortunately none of these expressions got resolved. I also realized it is possible to use the predefined variables, but the values I'd like to set are not possible to describe by predefined variables. For example, selecting an assignment group would be pretty straightforward from a parameter defined as a list, but impossible to select from predefined variables.
So as a next idea, I tried to link a variable group to the check and update the variables through logging commands. Even though the variables from the group got resolved, they only showed the values I set them through the UI as a static default value. The dynamic values set via the logging commands were not visible. I played around some time and verified that I can update the definition of the variable groups through Azure CLI or REST API, so I can add new variables or update existing ones. Thus I tried to add a new variable to the linked group during the pipeline run named as ShortDescription_$(Build.BuildId). Even though it got added properly, I could not use it within the check, because it required double variable resolution, like $(ShortDescription_$(Build.BuildId)) and this expression was not resolved, not even partly. It remained $(ShortDescription_$(Build.BuildId)).
Then I started thinking about using only one variable from the group with a static name (e.g. ShortDescription) for all pipeline runs. However, I feel it would create a race condition and could cause some inconsistencies.
So as a last resort, I tried to put together an extension with an Agent and a ServerGate task, which are capable of storing the values I want to pass to change request and reading the stored values in an agentless environment. The problem here is, that the second task is not visible as a check for service connections. It's there as a release pipeline gate and looks good there, but I can't utilize it that way. Based on a question I found, this does not seem to be the problem with my task. To verify it, I copied the content of the same ServiceNow check I used before, and added it to my extension as a contribution with a different task id. And it did not show up as the question stated.
Which means now I can either
create a change request through my custom server task (as the ServerGate task can be used properly in yaml if it is changed to a Server task), but that way I can't wait for the state change of the ServiceNow ticket, or
create the change request in a separate stage where I want to use it, update it first in the same stage where I created it via the first-party check and wait for the state change in the stage where I would normally create it.
The second can work, but it has its own problems, like having misleading values stored in the changed request for the stage id field, or not having multiple change requests created for multiple run attempts of the deployment stage. Also I feel like it's not how the extension's task and check should be used.
Unfortunately, I'm out of ideas how this dynamic value passing can be achieved, if it's possible to do so in the first place. Could you please help me by sharing ideas, or pointing out errors in my attempts?
What is the difference between linked task parameters (process parameters) and variables in classic Azure DevOps build pipeline? Don't they all allow having a single place where to change values?
What I mean by "linked" task parameters are what you get by clicking the link icon when configuring tasks like below
which leads to adding a textbox for the linked value in settings page for the pipeline as you see below
Regarding parameters in the classic pipeline, we generally use Process parameters. You can link all important arguments for tasks used across the build definition as process parameters, which are then shown at one place-the Pipeline view. This means you can quickly edit these arguments without needing to click through all the tasks. Templates come with a set of predefined process parameters.
Variables give you a convenient way to get key bits of data into various parts of the pipeline. The most common use of variables is to define a value that you can then use in your pipeline. All variables are stored as strings and are mutable. The value of a variable can change from run to run or job to job of your pipeline.
The difference between them is:
Variables can be a convenient way to collect information from the
user up front. You can also use variables to pass data from step to
step within a pipeline.Unlike variables, pipeline parameters can't be
changed by a pipeline while it's running.
Parameters have data types such as number and string, and they can be
restricted to a subset of values. Restricting the parameters is
useful when a user-configurable part of the pipeline should take a
value only from a constrained list. The setup ensures that the
pipeline won't take arbitrary data.
Process parameters differ from variables in the kind of input supported by them. Variables only take in string inputs while process parameters in addition to string inputs support additional data types like check boxes and drop-down list boxes.
For detailed information, please refer to the following documents:
Define variables
Process parameters
Variables and parameters
I have several variable groups defined under Pipeline Library. I'm using a different group for each release environment (e.g., DEV, QA, PROD). The deployment for each environment needs all the same variables but with different values.
It's a long list of variables and I have no way to tell if my groups are getting out of sync with one another over time as we add and remove variables.
I really wish I had something like a C# interface to make all the groups match. I was hoping the new YAML templates could help somehow but I can't find anything that would solve this.
Anyone have a good solution to this? It seems like a very common use of variable groups.
Can I enforce the same variables across variable groups in the Azure
DevOps Pipeline Library?
No, we can't do that. It seems what you want is to sync the variable groups for DEV,QA,PROD environments, making these groups have same variable list but different values.
As I know this is not supported for now. Variable groups is originally designed to share variables across pipelines instead of other directions, so Azure Devops Service doesn't support such out-of-box feature to compare and sync variable groups.
Update1:
I submitted a feature request in User Voice forum that you can vote and track.
Update2:
1.Another direction if you want to check the variable list easily: If you want to check the variable list manually, you can consider using Rest API to get a Json response of your variable list for one specific variable group.
2.There're many related topics about how to convert Json to CSV/Excel file online, and after my test it's quite convenient. So maybe you can get three josn response and then convert then into text file/excel file to compare the difference between these three variable lists. It could be a temporary workaround ~
Hope it helps :)
We are creating deployments with TFS 2018.3. If I click on tasks in a deployment and create a Task Group out if it, it recognizes the used parameters but if I change parameter usage in an already existing Task Group, or edit the newly create group, parameter changes are not applied to the parameter list in the group.
I have a Task Group that I created out of a set of build tasks. I am able to edit the tasks quite well, but i now realise i will need to add another parameter to the task group. How do I go about doing that?
Task group parameters are automatically created based on the variables used in the tasks. If you reference a new variable in a task that's within a task group, it will pop up.
In addition to the accepted answer, if you want to add parameters that are not directly referenced by tasks within the tasks group (e.g. to use in a config file token replacement task) then you can export your task group, edit the .json file then import it back in. The parameters are in an inputs array near the end of file. You can also hide parameters here if you only want to use them internally to the task group by setting a default value and adding a 'visibleRule' property, see this article for details: https://medium.com/objectsharp/how-to-hide-a-task-group-parameter-b95f7c85870c
This will create a new task group rather than updating your current task group. If you want to update the task group, you can use this REST API:
https://learn.microsoft.com/en-us/rest/api/azure/devops/distributedtask/taskgroups/update?view=azure-devops-rest-5.1