Develop Reference

'az automation runbook start' command doesn't wait for compellation

I'm trying to create an Azure DevOps pipeline to run a few Runbooks by a specific order.
My pipeline currently looks like the following:
trigger: none
pool: <mypool>
jobs:
- job: AzureCLI
steps:
- task: AzureCLI#2
inputs:
azureSubscription: '<mysubscription'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
az config set extension.use_dynamic_install=yes_without_prompt
az automation runbook start --automation-account-name "myaccount" --resource-group "myrg" --name "runbook-1"
az automation runbook start --automation-account-name "myaccount" --resource-group "myrg" --name "runbook-2"
Thing is, when I run it like that what it does is triggering both runbooks in parallel. It triggers runbook-1 and then triggers runbook-2 without waiting for runbook-1 to finish.
In the Az CLI Docs there is no parameter like --wait-for-compellation or something like that.
There is a different command: 'az automation runbook wait' which I thought might wait after triggering the runbook with 'az automation runbook start' but it doesn't, it just exits immediately.
Anyone knows a different way to make the command hang until compellation?

Change ARR affinity property from General Settings with Azure Devops pipeline

I'm trying to modify the "ARR affinity" (clientAffinityEnabled) property in App Service General Settings with a pipeline task but it doesn't work, the value doesn't change.
This pipeline works OK with other General Settings properties.
Another approach to solve this?
Azure DevOps pipeline task:
- task: AzureAppServiceSettings#1
inputs:
azureSubscription: XXXXXXX
ResourceGroupName: XXXXXXX
appName: XXXXXXX
generalSettings: |
[
{
"clientAffinityEnabled": false
}
]

Test the same settings in the AzureAppServiceSettings task, I can reproduce the same situation. It seems that the AzureAppServiceSettings task is not able to update the ARR affinity value.
For a workaround, you can change to use Azure CLI Task to run the Azure CLI: az webapp update to update the ARR affinity value.
For example:
steps:
- task: AzureCLI#2
displayName: 'Azure CLI '
inputs:
azureSubscription: xx
scriptType: ps
scriptLocation: inlineScript
inlineScript: 'az webapp update --name xx --resource-group xx --client-affinity-enabled false'

az tag update ERROR: (MissingSubscription) The request did not have a subscription or a valid tenant level resource provider

I am trying to set a tag named "GitBranch" on an Azure Resource Group:
When I call the command in PowerShell window -
az tag update --resource-id "/subscriptions/79ca5b...7f/resourceGroups/ccg-afarber2" --subscription "79ca5b...7f" --operation merge --tags GitBranch=Test
then it works:
But when I try the same command in Git Bash window, then it fails.
I have also tried calling the following commands before and also tried both double and single quotes
az login
az account set --subscription "79ca5b....7f"
but the error is still the same:
ERROR: (MissingSubscription) The request did not have a subscription or a valid tenant level resource provider.
And the reason why I am trying to get the command working in bash is because I get the same error for my Azure pipeline task:
- task: AzureCLI#2
displayName: 'Set Resource Group tag'
inputs:
azureSubscription: '${{ parameters.ArmConnection }}'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
az tag update \
--resource-id '/subscriptions/${{ parameters.SubscriptionId }}/resourceGroups/${{ parameters.ResourceGroupName }}' \
--subscription '${{ parameters.SubscriptionId }}' \
--operation Merge --tags \
GitBranch=$(git branch --show-current)
What is happening here please?
On my PC I have azure-cli 2.28.0 installed.

I have found a solution myself!
In a AzureCLI pipeline task, when you run an az cli command, which has parameters starting with a slash, then the MinGW bash will auto-append the current path.
To prevent this, you can prepend the following variable to the az command:
MSYS_NO_PATHCONV=1 az ....
A double slash works too:

Deploy/update Azure ML Model Using Az Ml CLI in Azure pipelines

I'm trying to deploy the azure ml model if not exists in the workspace and when the model is already available in the registered workspace then update the model with the latest version only when an update is available, but I don't know how this works in practice.
The Azure pipelines will run on a weekly schedule.
steps:
- task: AzureCLI#2
displayName: 'Install AML CLI'
inputs:
azureSubscription: $(ml_ws_connection)
scriptLocation: inlineScript
scriptType: 'bash'
inlineScript: 'az extension add -n azure-cli-ml'
- task: AzureCLI#2
displayName: 'Attach folder to workspace'
inputs:
azureSubscription: $(ml_ws_connection)
workingDirectory: $(ml_path)
scriptLocation: inlineScript
scriptType: 'bash'
inlineScript: 'az ml folder attach -w $(ml_ws) -g $(ml_rg)'
# Add potential automated tests
- task: AzureCLI#2
displayName: 'Create AKS cluster'
inputs:
azureSubscription: $(ml_ws_connection)
workingDirectory: $(ml_path)
scriptLocation: inlineScript
scriptType: 'bash'
inlineScript: 'az ml computetarget create aks --name $(ml_aks_name) --cluster-purpose DevTest'
- task: AzureCLI#2
displayName: 'Deploy model to AKS '
inputs:
azureSubscription: $(ml_ws_connection)
workingDirectory: $(ml_path)
scriptLocation: inlineScript
scriptType: 'bash'
inlineScript: 'az ml model deploy --name model1_aks --ct $(ml_aks_name) --ic config/inferenceConfig.json -e $(ml_env_name) --ev $(ml_env_version) --dc config/aksDeploymentConfig-aks.json --overwrite'
- task: AzureCLI#2
displayName: 'Update model in AKS '
inputs:
azureSubscription: $(ml_ws_connection)
workingDirectory: $(ml_path)
scriptLocation: inlineScript
scriptType: 'bash'
inlineScript: 'az ml service update --name $(deploy_service_name)

We can do CICD for automated model release as documented here Continuously deploy Azure Machine Learning models - Azure Machine Learning | Microsoft Docs.
Please follow the references for CLI spec.
Here is link to update a deployment using configuration.
The ml extension to the Azure CLI is the improved interface for Azure Machine Learning users. It enables you to train and deploy models from the command line, with features that accelerate scaling the data science process up and out, all while tracking the model lifecycle.
Using the CLI enables you to run distributed training jobs on GPU compute, automatically sweep hyperparameters to improve your results, and then monitor jobs in the AML studio user interface to see all details including important metrics, metadata and artifacts like the trained model, checkpoints and logs.
Additionally, the CLI is optimized to support YAML-based job, endpoint, and asset specifications to enable users to create, manage, and deploy models with proper CI/CD (or GitOps) best practices for an end-to-end MLOps solution.
To get started with the 2.0 machine learning CLI extension for Azure, please check the link here.

How to securely login in Az CLI from a DevOps Pipeline

I want to execute AZ cli commands from my Azure DevOps Pipeline. In my YAML file I have this:
trigger:
- master
pool:
vmImage: 'ubuntu-latest'
variables:
buildConfiguration: 'Release'
steps:
- task: UsePythonVersion#0
inputs:
versionSpec: '3.x'
architecture: 'x64'
# Updating pip to latest
- script: python -m pip install --upgrade pip
displayName: 'Upgrade pip'
# Updating to latest Azure CLI version.
- script: pip install --pre azure-cli --extra-index-url https://azurecliprod.blob.core.windows.net/edge
displayName: 'upgrade azure cli'
- script: az --version
displayName: 'Show Azure CLI version'
- script: az extension add -n azure-devops
displayName: 'Install Azure DevOps Extension'
- script: echo ${AZURE_DEVOPS_CLI_PAT} | az devops login
env:
AZURE_DEVOPS_CLI_PAT: $(System.AccessToken)
displayName: 'Login Azure DevOps Extension'
- script: az aks show --name census-k8s --resource-group Census
displayName: 'Show AKS'
The echo ${AZURE_DEVOPS_CLI_PAT} | az devops login step is completed (with success apparently) with a warning message
Failed to store PAT using keyring; falling back to file storage.
You can clear the stored credential by running az devops logout.
Refer https://aka.ms/azure-devops-cli-auth to know more on sign in with PAT.
The az aks show step fails:
Please run 'az login' to setup account.
I am a little bit lost. The az devops login command should enable me to use the az cli, right? If not, Am I supposed to use az login instead of az devops login? And if I am supposed to use az login, how can I pass my credentials in a secure way?

No, you don't need az devops login. What you need is Azure CLI Task:
- task: AzureCLI#2
displayName: Azure CLI
inputs:
azureSubscription: <Name of the Azure Resource Manager service connection>
scriptType: ps
scriptLocation: inlineScript
inlineScript: |
az --version
az account show
but then you don't have to do any login. Please call there your az aks show --name census-k8s --resource-group Census

Just to Add to Krzysztof's answer (and jeromerg question in the comment): in Azure CLI step you can also use other tools then az, which require being logged in with AzureCLI:
- task: AzureCLI#2
displayName: Publish Function
inputs:
azureSubscription: <Name of the Azure Resource Manager service connection>
scriptType: ps
scriptLocation: inlineScript
inlineScript: |
func azure publish <function-name>

If your scriptLocation is a scriptPath use the following example
- task: AzureCLI#2
displayName: 'update function appsettings'
inputs:
azureSubscription: 'MY-AzureSubscriptionName'
scriptType: ps
scriptLocation: 'scriptPath'
scriptPath: '$(System.DefaultWorkingDirectory)/Scripts/updateSettings.ps1'
arguments:
-ResourceGroupName 'MY-ResourceGroupName' `
-FunctionAppName 'MY-FunctionAppName'
updateSettings.ps1
param (
[string]$ResourceGroupName,
[string]$FunctionAppName)
)
.
. script body here
.

To use Azure CLI from a script (powershell or batch) you must assign $(System.AccessToken) to an environment variable named AZURE_DEVOPS_EXT_PAT.
- pwsh: |
az pipelines build list
displayName: 'Show build list'
env:
AZURE_DEVOPS_EXT_PAT: $(System.AccessToken)
Source: https://learn.microsoft.com/en-us/azure/devops/cli/azure-devops-cli-in-yaml?view=azure-devops