Delete the Azure Resources if any of the task in azure pipeline fails - azure

I have Azure Pipeline which creates VMs, Storage , NICs etc. And i want that these resources should be deleted if any of the task in the pipeline got failed. How this can be achieved, do I need to use script in my YAML or is there any extension available?


A sample for you. You just need to output the vars and then use condition to check:
trigger:
- none
pool:
vmImage: windows-latest
steps:
- task: AzurePowerShell#5
displayName: Create Storage1
name: createstorage1
inputs:
azureSubscription: 'xxx'
ScriptType: 'InlineScript'
Inline: |
$resourceGroup = "xxx"
$location = "westus"
$accountName = "bowman08191"
Write-Host "##vso[task.setvariable variable=resourceGroup;isoutput=true]$resourceGroup"
Write-Host "##vso[task.setvariable variable=location;isoutput=true]$location"
Write-Host "##vso[task.setvariable variable=accountName;isoutput=true]$accountName"
New-AzStorageAccount -ResourceGroupName $resourceGroup `
-Name $accountName `
-Location $location `
-SkuName Standard_RAGRS `
-Kind StorageV2
azurePowerShellVersion: 'LatestVersion'
- task: AzurePowerShell#5
displayName: Create Storage2
name: createstorage2
inputs:
azureSubscription: 'xxx'
ScriptType: 'InlineScript'
Inline: |
$resourceGroup = "xxx"
$location = "westus"
$accountName = "bowman08192"
Write-Host "##vso[task.setvariable variable=resourceGroup;isoutput=true]$resourceGroup"
Write-Host "##vso[task.setvariable variable=location;isoutput=true]$location"
Write-Host "##vso[task.setvariable variable=accountName;isoutput=true]$accountName"
New-AzStorageAccount -ResourceGroupName $resourceGroup `
-Name $accountName `
-Location $location `
-SkuName Standard_RAGRS `
-Kind StorageV2
azurePowerShellVersion: 'LatestVersion'
- task: AzurePowerShell#5
displayName: This will be failed
inputs:
azureSubscription: 'xxx'
ScriptType: 'InlineScript'
Inline: |
xxx
azurePowerShellVersion: 'LatestVersion'
- task: AzurePowerShell#5
displayName: Create Storage1
name: createstorage3
inputs:
azureSubscription: 'xxx'
ScriptType: 'InlineScript'
Inline: |
xxx
$resourceGroup = "xxx"
$location = "westus"
$accountName = "bowman08193"
Write-Host "##vso[task.setvariable variable=resourceGroup;isoutput=true]$resourceGroup"
Write-Host "##vso[task.setvariable variable=location;isoutput=true]$location"
Write-Host "##vso[task.setvariable variable=accountName;isoutput=true]$accountName"
New-AzStorageAccount -ResourceGroupName $resourceGroup `
-Name $accountName `
-Location $location `
-SkuName Standard_RAGRS `
-Kind StorageV2
azurePowerShellVersion: 'LatestVersion'
- task: AzurePowerShell#5
condition: failed()
continueOnError: true
inputs:
azureSubscription: 'xxx'
ScriptType: 'InlineScript'
Inline: |
Remove-AzStorageAccount -Name $(createstorage1.accountName) -ResourceGroupName $(createstorage1.resourceGroup) -Force
Remove-AzStorageAccount -Name $(createstorage2.accountName) -ResourceGroupName $(createstorage2.resourceGroup) -Force
Remove-AzStorageAccount -Name $(createstorage3.accountName) -ResourceGroupName $(createstorage3.resourceGroup) -Force
azurePowerShellVersion: 'LatestVersion'
The above is Storage service, other service are similar.
By the way, you can deploy all of the services to a new resource group, if failed, just delete the whole group.


You haven't mentioned which scripting language you are using to deploy these resources. It depends on both scripting language and logic. In this case YAML pipeline can be more useful like having stages or jobs. Also use 'continue on error' as true
Set a variable to find your job executed successfully or not
echo "##vso[task.setvariable variable=ISVALIDBUILD;isOutput=true]True"
Create a new job if previous job fails. here InfraBuild is previous job.
- job: RunOnceifFailed
dependsOn: InfraBuild
variables:
PrintResults: $[ dependencies.InfraBuild.outputs['DetermineResult.PrintResults'] ]
condition: eq(dependencies.InfraBuild.outputs['DetermineResult.ISVALIDBUILD'], 'False')
Write the tasks to delete the resources in the new job.
Likewise you can also have a job if 'Infrabuild' Job executed successfully.
Please refer MS documents to get to know more about this, hope it helps you get started.

Related

How to pass KeyVault secrets to a template or a script file in Azure Pipelines?

I have this YAML file:
steps:
- task: AzureKeyVault#2
displayName: Get secret from AzureVault
inputs:
azureSubscription: 'subName'
KeyVaultName: 'vaultName'
SecretsFilter: 'mySecret'
RunAsPreJob: true
- template: \pipelines\templates\vm_setup.yml
parameters:
os_pass: $(mySecret)
How do I use mySecret inside myScript.ps1 or inside myTemplate.yml?
I tried to pass it as an argument, or map it to an env variable then pass that env variable as an argument but neither worked!
My myTemplate.yml looks like this:
parameters:
- name: os_pass
type: string
steps:
- task: PowerShell#2
displayName: Trial
inputs:
targetType: 'filepath'
filePath: '${{ parameters.workingDirectory }}\myScript.ps1'
arguments: >-
- OS_Pass ${{ parameters.os_pass }}
And this is myScript.ps1
param (
[Parameter(Mandatory = $true)]
[string]$OS_Pass
)
$password = ConvertTo-SecureString -String $OS_Pass -AsPlainText -Force
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList 'admin', $password
Write-Host '---------'
Write-Host $OS_Pass
Doing so the secret is now a string! How do I pass it without changing its type?

Take a look at the official documentation here: https://learn.microsoft.com/en-us/azure/devops/pipelines/process/set-secret-variables?view=azure-devops&tabs=yaml%2Cbash.
There are a few different ways to accomplish what you want to do. Without knowing exactly what you want to do, it is hard to recommend a specific method to use. Take a look above and let us know if that resolves your issue.

Only SPN credential auth scheme is supported for non windows agent

I have a linux agent where I want to run a PowerShell script with an azcli command, using Azure Resource Manager service connection.
This is the task I am using :
- task: AzurePowerShell#5
displayName: 'Add webapp OutboundIPs into SA FW'
inputs:
azureSubscription: ${{ parameters.serviceConnection }}
ScriptType: 'FilePath'
ScriptPath: '$(path)/update-SA-firewall.ps1'
ScriptArguments: '-webappOutboundIPs "$(webappOutboundIPs)" -SAName $(SAName) -RG ${{ parameters.resourceGroupName }}'
azurePowerShellVersion: 'LatestVersion'
And this is the script:
Param(
[string] [Parameter(Mandatory=$true)] $webappOutboundIPs,
[string] [Parameter(Mandatory=$true)] $SAName,
[string] [Parameter(Mandatory=$true)] $RG
)
# get the Array of IPs from the given string
$IPs = $webappOutboundIPs.Split(",")
# Add these IPs into the SA Firewall
foreach ($ip in $IPs) {
az storage account network-rule add -g $RG --account-name $SAName --ip-address $ip | out-null
}
The error I get is :
Line | 106 | throw ("Only SPN credential auth scheme is
supported for non wind …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Only SPN credential auth scheme is supported for non windows
| agent.
##[error]PowerShell exited with code '1'.
Am I missing something here :/ ?

Unable to create staging slot via YAML

I am trying to create a staging slot via yml. Here is my yml snippet:
- task: AzurePowerShell#4
displayName: 'Run Prerequisite Script'
inputs:
azureSubscription: ${{parameters.serviceConnection}}
scriptType: inlineScript
inline: |
cd\
cd ${{parameters.root}}
$fileExists = Test-Path -Path 'functions_scripts/${{ parameters.name }}/scripts/Prerequisite.ps1' -PathType Leaf
if ($fileExists) {
cd 'functions_scripts/${{ parameters.name }}/scripts'
. ./Prerequisite.ps1
Prerequisite -SolutionAbbreviation ${{parameters.solutionAbbreviation}} -EnvironmentAbbreviation ${{parameters.environmentAbbreviation}} -FunctionName ${{parameters.name}}
}
azurePowerShellVersion: LatestVersion
name: Prerequisite_${{ parameters.name }}
Here is the script:
try{
# variables
$resourceGroupName = "rg"
$functionAppname = "fa"
$slotName = 'staging'
$isFunctionAppExist = az functionapp show --name $functionAppname -g $resourceGroupName
if($null -ne $isFunctionAppExist ) {
Write-Host "Function App: $functionAppname exists."
$isDeploymentSlotExist = az functionapp deployment slot list --name $functionAppname --query "[?name=='$slotName'] | length(#)" -g $resourceGroupName
if($isDeploymentSlotExist -eq 0) {
Write-Host "Creating $slotName slot since it does not exist for function App: $functionAppname"
$success = az functionapp deployment slot create --name $functionAppname --resource-group $resourceGroupName --slot $slotName
if($null -eq $success) {
Write-Host "Slot deployment failed due to some issues, please retry again." -ForegroundColor Red
exit
}
else {
Write-Host "Slot deployment successful on Function App: $functionAppname."
}
}
else {
Write-Host "Slot: $slotName already available on Function App: $functionAppname"
}
}
}
catch
{
Write-Host "Something went wrong, please try again." -ForegroundColor Red
}
On running this, I see the following error:
##[error]ERROR: Please run 'az login' to setup account.
What am I missing? Is there a better way to create staging slot?

How to retrieve certificate from a keyvault and import it into another without saving it?

In an Azure pipeline there are following tasks
AzureResourceManagerTemplateDeployment#3 deploys a Key Vault from an ARM template
Then a AzurePowerShell#5 checks if the Key vault contains a "my-self-signed-cert" and if not - imports it into the Key Vault
Finally another AzureResourceManagerTemplateDeployment#3 deploys a Service Fabric cluster and configures the SF cluster and its VMSS to use the certificate
Here are the tasks:
- task: AzureResourceManagerTemplateDeployment#3
displayName: 'Deploy Keyvault'
inputs:
deploymentScope: 'Resource Group'
subscriptionId: '${{ parameters.SubscriptionId }}'
azureResourceManagerConnection: '${{ parameters.ArmConnection }}'
action: 'Create Or Update Resource Group'
resourceGroupName: '${{ parameters.resourceGroupName }}'
location: 'West Europe'
templateLocation: 'Linked artifact'
csmFile: '$(Build.SourcesDirectory)/pipelines/templates/keyvault.json'
csmParametersFile: '$(Build.SourcesDirectory)/pipelines/templates/keyvault-params.json'
deploymentMode: 'Incremental'
- task: ARM Outputs#5
displayName: 'Collect Keyvault output'
inputs:
ConnectedServiceNameSelector: 'ConnectedServiceNameARM'
ConnectedServiceNameARM: '${{ parameters.ArmConnection }}'
resourceGroupName: '${{ parameters.resourceGroupName }}'
whenLastDeploymentIsFailed: 'fail'
- task: AzurePowerShell#5
displayName: 'Import certificate'
inputs:
azureSubscription: '${{ parameters.ArmConnection }}'
ScriptType: 'InlineScript'
azurePowerShellVersion: '3.1.0'
Inline: |
$Cert = Get-AzKeyVaultCertificate -VaultName my-kv -Name my-self-signed-cert
if (!$Cert) {
$Base64 = 'MIIWMgIBA___3000_chars_here____o7WqDoWm5I7fg=='
$Cert = Import-AzKeyVaultCertificate -VaultName my-kv -Name my-self-signed-cert -CertificateString $Base64
}
# set the pipeline variables Thumbprint and SecretId - needed for SF deployment
echo "##vso[task.setvariable variable=Thumbprint]$($Cert.Thumbprint)"
echo "##vso[task.setvariable variable=SecretId]$($Cert.SecretId)"
# deploy SF cluster by ARM template and use the SF Cluster certificate thumbsprint as admin cert
- task: AzureResourceManagerTemplateDeployment#3
displayName: 'Deploy SF cluster'
inputs:
deploymentScope: 'Resource Group'
subscriptionId: '${{ parameters.SubscriptionId }}'
azureResourceManagerConnection: '${{ parameters.ArmConnection }}'
action: 'Create Or Update Resource Group'
resourceGroupName: '${{ parameters.resourceGroupName }}'
location: 'West Europe'
templateLocation: 'Linked artifact'
csmFile: '$(Build.SourcesDirectory)/pipelines/templates/sfcluster.json'
csmParametersFile: '$(Build.SourcesDirectory)/pipelines/templates/sfcluster-params.json'
overrideParameters: '-certificateThumbprint $(Thumbprint) -sourceVaultResourceId $(KeyvaultId) -certificateUrlValue $(SecretId)'
deploymentMode: 'Incremental'
This works well, but now I am trying to replace the self-signed certificate by a real certificate, hosted at another Key Vault.
My plan is to download the new certificate contents (including the key) from the other Key Vault, then Base64-encode it (to avoid creating any temporary files) - and finally Import-AzKeyVaultCertificate ... -CertificateString $Base64 into my Key Vault (see the "Step 2" in my list of tasks).
My problem is that I am stuck in retrieving the certificate contents.
I am able to retrieve the "real" certificate with the following PowerShell commands:
$Cert = Get-AzKeyVaultCertificate -VaultName the-company-kv -Name the-real-cert
$Secret = Get-AzKeyVaultSecret -VaultName the-company-kv -Name the-real-cert
They above commands return some metadata, but there is nothing resembling the contents that I would be able to (if not already base64-encoded):
$Base64 = [System.Convert]::ToBase64String($Bytes)
Import-AzKeyVaultCertificate -VaultName my-kv -Name my-self-signed-cert -CertificateString $Base64

Here a solution for how to copy a certificate from one Key Vault to another (here: the-company-kv -> my-kv) without saving it into a temporary file:
$Cert = Get-AzKeyVaultCertificate -VaultName my-kv -Name the-real-cert
if (!$Cert) {
$OrigCert = Get-AzKeyVaultCertificate -VaultName the-company-kv -Name the-real-cert
$Secret = Get-AzKeyVaultSecret -VaultName the-company-kv -Name $OrigCert.Name
$Cert = Import-AzKeyVaultCertificate -VaultName my-kv -Name $OrigCert.Name -CertificateString $Secret.SecretValueText
}
I didn't realize, that PowerShell is not showing all properties, when I enter $Secret at the command prompt and thus I didn't see the $Secret.SecretValueText at first.

PowerShell error: Set-AzureDeployment : CurrentStorageAccountName is not set

I need deploy package (mvc site) from powershel script to azure. But when I start script, I see that it doesn't work. The powershell show that Azure Cloud Service deploy script finished, but in fact doesn't any change. Can you help me to fix it?
This is my powershell command:
PS C:\Windows\SysWOW64\WindowsPowerShell\v1.0> PowerShell C:\scripts\WindowsAzur
e\PublishCloudApp.ps1 -environment Production -enableDeploymentUpgrade 1 -servic
eName testLocalAzure -storageAccountName testcloudservice -packageLocation C:\dr
ops\app.publish\WindowsAzureC.cspkg -cloudConfigLocation C:\drops\app.publish\Se
rviceConfiguration.Cloud.cscfg -subscriptionDataFile C:\scripts\WindowsAzure\def
aul.publishsettings
1/13/2014 1:12 AM - Azure Cloud Service deploy script started.
1/13/2014 1:12 AM - Preparing deployment of ContinuousDeploy to testLocalAzure
for default with Subscription ID .
1/13/2014 1:12 AM - Deployment exists in testLocalAzure. Upgrading deployment.
1/13/2014 1:12 AM - Upgrading Deployment: In progress
Set-AzureDeployment : CurrentStorageAccountName is not set. Use
Set-AzureSubscription subname -CurrentStorageAccountName storageaccount to set
it.
At C:\scripts\WindowsAzure\PublishCloudApp.ps1:78 char:22
+ $setdeployment = Set-AzureDeployment -Upgrade -Slot $slot -Package
$packageL ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
+ CategoryInfo : NotSpecified: (:) [Set-AzureDeployment], Argumen
tException
+ FullyQualifiedErrorId : System.ArgumentException,Microsoft.WindowsAzure.
Commands.ServiceManagement.HostedServices.SetAzureDeploymentCommand
1/13/2014 1:12 AM - Upgrading Deployment: Complete, Deployment ID: 1d90a71030f4
437bab45b21de76ec308
1/13/2014 1:12 AM - Created Cloud Service with URL http://testlocalazure.clouda
pp.net/.
1/13/2014 1:12 AM - Azure Cloud Service deploy script finished.
PS C:\Windows\SysWOW64\WindowsPowerShell\v1.0>
This is script, which I call:
Param( $serviceName = "",
$storageAccountName = "",
$packageLocation = "",
$cloudConfigLocation = "",
$environment = "Staging",
$deploymentLabel = "ContinuousDeploy to $servicename",
$timeStampFormat = "g",
$alwaysDeleteExistingDeployments = 1,
$enableDeploymentUpgrade = 1,
$selectedsubscription = "default",
$subscriptionDataFile = ""
)
function Publish()
{
$deployment = Get-AzureDeployment -ServiceName $serviceName -Slot $slot -ErrorVariable a -ErrorAction silentlycontinue
if ($a[0] -ne $null)
{
Write-Output "$(Get-Date –f $timeStampFormat) - No deployment is detected. Creating a new deployment. "
}
#check for existing deployment and then either upgrade, delete + deploy, or cancel according to $alwaysDeleteExistingDeployments and $enableDeploymentUpgrade boolean variables
if ($deployment.Name -ne $null)
{
switch ($alwaysDeleteExistingDeployments)
{
1
{
switch ($enableDeploymentUpgrade)
{
1 #Update deployment inplace (usually faster, cheaper, won't destroy VIP)
{
Write-Output "$(Get-Date –f $timeStampFormat) - Deployment exists in $servicename. Upgrading deployment."
UpgradeDeployment
}
0 #Delete then create new deployment
{
Write-Output "$(Get-Date –f $timeStampFormat) - Deployment exists in $servicename. Deleting deployment."
DeleteDeployment
CreateNewDeployment
}
} # switch ($enableDeploymentUpgrade)
}
0
{
Write-Output "$(Get-Date –f $timeStampFormat) - ERROR: Deployment exists in $servicename. Script execution cancelled."
exit
}
} #switch ($alwaysDeleteExistingDeployments)
} else {
CreateNewDeployment
}
}
function CreateNewDeployment()
{
write-progress -id 3 -activity "Creating New Deployment" -Status "In progress"
Write-Output "$(Get-Date –f $timeStampFormat) - Creating New Deployment: In progress"
$opstat = New-AzureDeployment -Slot $slot -Package $packageLocation -Configuration $cloudConfigLocation -label $deploymentLabel -ServiceName $serviceName
$completeDeployment = Get-AzureDeployment -ServiceName $serviceName -Slot $slot
$completeDeploymentID = $completeDeployment.deploymentid
write-progress -id 3 -activity "Creating New Deployment" -completed -Status "Complete"
Write-Output "$(Get-Date –f $timeStampFormat) - Creating New Deployment: Complete, Deployment ID: $completeDeploymentID"
StartInstances
}
function UpgradeDeployment()
{
write-progress -id 3 -activity "Upgrading Deployment" -Status "In progress"
Write-Output "$(Get-Date –f $timeStampFormat) - Upgrading Deployment: In progress"
# perform Update-Deployment
$setdeployment = Set-AzureDeployment -Upgrade -Slot $slot -Package $packageLocation -Configuration $cloudConfigLocation -label $deploymentLabel -ServiceName $serviceName -Force
$completeDeployment = Get-AzureDeployment -ServiceName $serviceName -Slot $slot
$completeDeploymentID = $completeDeployment.deploymentid
write-progress -id 3 -activity "Upgrading Deployment" -completed -Status "Complete"
Write-Output "$(Get-Date –f $timeStampFormat) - Upgrading Deployment: Complete, Deployment ID: $completeDeploymentID"
}
function DeleteDeployment()
{
write-progress -id 2 -activity "Deleting Deployment" -Status "In progress"
Write-Output "$(Get-Date –f $timeStampFormat) - Deleting Deployment: In progress"
#WARNING - always deletes with force
$removeDeployment = Remove-AzureDeployment -Slot $slot -ServiceName $serviceName -Force
write-progress -id 2 -activity "Deleting Deployment: Complete" -completed -Status $removeDeployment
Write-Output "$(Get-Date –f $timeStampFormat) - Deleting Deployment: Complete"
}
function StartInstances()
{
write-progress -id 4 -activity "Starting Instances" -status "In progress"
Write-Output "$(Get-Date –f $timeStampFormat) - Starting Instances: In progress"
$deployment = Get-AzureDeployment -ServiceName $serviceName -Slot $slot
$runstatus = $deployment.Status
if ($runstatus -ne 'Running')
{
$run = Set-AzureDeployment -Slot $slot -ServiceName $serviceName -Status Running
}
$deployment = Get-AzureDeployment -ServiceName $serviceName -Slot $slot
$oldStatusStr = #("") * $deployment.RoleInstanceList.Count
while (-not(AllInstancesRunning($deployment.RoleInstanceList)))
{
$i = 1
foreach ($roleInstance in $deployment.RoleInstanceList)
{
$instanceName = $roleInstance.InstanceName
$instanceStatus = $roleInstance.InstanceStatus
if ($oldStatusStr[$i - 1] -ne $roleInstance.InstanceStatus)
{
$oldStatusStr[$i - 1] = $roleInstance.InstanceStatus
Write-Output "$(Get-Date –f $timeStampFormat) - Starting Instance '$instanceName': $instanceStatus"
}
write-progress -id (4 + $i) -activity "Starting Instance '$instanceName'" -status "$instanceStatus"
$i = $i + 1
}
sleep -Seconds 1
$deployment = Get-AzureDeployment -ServiceName $serviceName -Slot $slot
}
$i = 1
foreach ($roleInstance in $deployment.RoleInstanceList)
{
$instanceName = $roleInstance.InstanceName
$instanceStatus = $roleInstance.InstanceStatus
if ($oldStatusStr[$i - 1] -ne $roleInstance.InstanceStatus)
{
$oldStatusStr[$i - 1] = $roleInstance.InstanceStatus
Write-Output "$(Get-Date –f $timeStampFormat) - Starting Instance '$instanceName': $instanceStatus"
}
$i = $i + 1
}
$deployment = Get-AzureDeployment -ServiceName $serviceName -Slot $slot
$opstat = $deployment.Status
write-progress -id 4 -activity "Starting Instances" -completed -status $opstat
Write-Output "$(Get-Date –f $timeStampFormat) - Starting Instances: $opstat"
}
function AllInstancesRunning($roleInstanceList)
{
foreach ($roleInstance in $roleInstanceList)
{
if ($roleInstance.InstanceStatus -ne "ReadyRole")
{
return $false
}
}
return $true
}
# specify path for Azure module (anyone knows how to configure PSModuleuPath?)
$env:PSModulePath=$env:PSModulePath+";"+"C:\Program Files (x86)\Microsoft SDKs\Windows Azure\PowerShell"
#configure powershell with Azure 1.7 modules
Import-Module Azure
#configure powershell with publishsettings for your subscription
$pubsettings = $subscriptionDataFile
Import-AzurePublishSettingsFile $pubsettings
Set-AzureSubscription -CurrentStorageAccount $storageAccountName -SubscriptionName $selectedsubscription
#set remaining environment variables for Azure cmdlets
$subscription = Get-AzureSubscription $selectedsubscription
$subscriptionname = $subscription.subscriptionname
$subscriptionid = $subscription.subscriptionid
$slot = $environment
#main driver - publish & write progress to activity log
Write-Output "$(Get-Date –f $timeStampFormat) - Azure Cloud Service deploy script started."
Write-Output "$(Get-Date –f $timeStampFormat) - Preparing deployment of $deploymentLabel for $subscriptionname with Subscription ID $subscriptionid."
Publish
$deployment = Get-AzureDeployment -slot $slot -serviceName $servicename
$deploymentUrl = $deployment.Url
Write-Output "$(Get-Date –f $timeStampFormat) - Created Cloud Service with URL $deploymentUrl."
Write-Output "$(Get-Date –f $timeStampFormat) - Azure Cloud Service deploy script finished."

It is -CurrentStorageAccountName and you used it as -CurrentStorageAccount with Set-AzureSubscription cmdlet. So include name.

I had the issue too and it turns out that the active subscription is not updated with the storage info.
After the Set-AzureSubscription line you should add
Select-AzureSubscription $selectedsubscription
Added a pull request at https://github.com/Azure/azure-content/pull/2115

The error pretty much tells you what is going on (bold is mine) -
1/13/2014 1:12 AM - Upgrading Deployment: In progress
Set-AzureDeployment : CurrentStorageAccountName is not set. Use
Set-AzureSubscription subname -CurrentStorageAccountName storageaccount to set
it.
In the context the script is running the default storage account to use is not set.
You can set it using Set-AzureSubscription which I do not see being called anywhere in your script.

Link to original script: http://www.windowsazure.com/en-us/documentation/articles/cloud-services-dotnet-continuous-delivery/
Please, check the Windows Azure Subscription name: in my case it was not "default".
So you have to edit the $selectedsubscription param in the script with the name of the right subscription. You can get it using Get-AzureSubscription command.

Resources