I want to pass in --isolation process to the az acr build, but cannot find a way to do it from Azure docs, what is the right way to do it?
According to this case with similar problem, it seems that you cannot pass the isolation parameter to az acr build command. No isolation parameter is provided in az acr build.
As workaround , you can define a task's steps in a YAML file. You can then run the task manually by passing the file to the az acr run command.
Multi-step task definition in ACR Tasks provides a container-centric compute primitive focused on building, testing, and patching containers. ACR Tasks supports multi-step task declaration in standard YAML syntax.
The build step type supports isolation property. For a detailed guide, please refer to this document.
Related
I was trying to do this in Pulumi where I had a local Dockerfile and wanted it to be sent to build the same as the command 'az acr build' sadly it kept erroring as it wanted a full url.
I did some digging but I can't quite figure it out. I'm not a developer as such, just a dabbler.
what is az acr build doing under the hood and can this be replicated using the APIs ?
This is the build command
https://github.com/Azure/azure-cli/blob/dev/src/azure-cli/azure/cli/command_modules/acr/build.py
And it also calls this as part of it
https://github.com/Azure/azure-cli/blob/dev/src/azure-cli/azure/cli/command_modules/acr/_archive_utils.py
What it seems to be doing is calling the api to get a storage account and sas that lives behind the ACR and then Tar/gzip and uploading to it and then referencing it?
But I can't find any documented behaviour for that for ACR. Like how do you see that zip and remove it once it's built. That kind of thing.
https://learn.microsoft.com/en-us/rest/api/containerregistry/registries%20(tasks)/get-build-source-upload-url
If anyone can explain what's going on there that would be great thanks.
I have a most of my Azure infrastructure managed with Terraform.
However, I am quickly finding that a lot of the small details are missing.
e.g. client secrets aren't fully supported https://github.com/terraform-providers/terraform-provider-azuread/issues/95
It doesn't seem possible to add an Active Directory Provider to APIM
How Do I Add Active Directory To APIM Using Terraform?
Creating the APIM leaves demo products on it that can't be removed
How Can I Remove Demo Products From APIM Created With Terraform?
etc, etc.
Solutions to these seems to be utilising the cli
e.g. https://learn.microsoft.com/en-us/cli/azure/ad/app/permission?view=azure-cli-latest#az-ad-app-permission-add
Or falling back to the REST API:
e.g.
https://learn.microsoft.com/en-us/rest/api/apimanagement/2019-01-01/apis/delete
How can I mix terraform with the CLI and REST API?
Can they be embedded in terraform?
Or do I just run some commands to run them after terraform has finished?
Is there a way to do these commands in a cross platform way?
Will running the CLI and REST API after terraform cause the state to be wrong and likely cause problems the next time terraform is run?
How can I mix terraform with the CLI and REST API?
You can use the Terraform provisioner local-exec or remote-exec. In these ways, you can run the script with CLI commands or the REST API. For more details, see local-exec and remote-exec. But you need to take care of them. These two ways just run the scripts and display the output, but they do not have the outputs.
If you want to use the result of the script in the same Terraform file for other resources, you need to use the Terraform external data source, see the details here.
Update:
Here is an example.
Bash script file vmTags.sh:
#!/bin/bash
az vm show -d -g myGroup -n myVM --query tags
Terraform external data source:
data "external" "test" {
program = ["/bin/bash", "./vmTags.sh"]
}
output "value" {
value = "${data.external.test.result}"
}
So I am attempting to create a downstream project trying to use an artifact stored in azure pipeline artifact to build. I am using the task
DownloadPipelineArtifact#0
https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/utility/download-pipeline-artifact?view=azure-devops
It talks about the need for a pipelineId, not really sure where to find out the id for my other pipeline. Is there any easy way, its supposed to be a ~4 digit number according the documentation.
Thanks
Go to the target pipeline you want -> Edit.
Check the URL. There you have the pipeline id.
.../_apps/hub/ms.vss-build-web.ci-designer-hub?pipelineId=1234&branch=main
I'm sorry I could not find a proper way to refer this without hardcoding.
There is an existing open issues on the pipeline ID.
The doc which you mentioned doesn't provide much information about pipelineID.
As per microsoft
pipelineId appears to be BuildId, and not the build definition id. It
needs the actual instance id of where the artifact is associated. I
was able to make this work by referencing a release variable tied to
the artifact alias. My alias is named "artifacts" and using
$(RELEASE_ARTIFACTS_ARTIFACTS_BUILDID) did the trick. So the format
would be $(RELEASE_ARTIFACTS_<alias>_BUILDID)
If you were trying to consume in a build and not a release pipeline
you would need to somehow get the value of $(Build.BuildId)
I hope as this matures there are plans to make pipeline artifacts
published from a build automatically in release, just like they are
when using the old Build Artifacts. Currently for me that is not
happening so I am forced to manually add this step to my release
pipeline and associate it with the build pipeline.
I was facing the same problem in my azure devops pipelines, I don't know if it applies the same way for you, but here is my solution to do it :
There is the function az pipeline show that gives you the id of a pipeline with its name:
Pipeline_to_find="$1"
pipelineInfo=$(az pipelines show --name "$Pipeline_to_find")
id=$(echo "$pipelineInfo" | python -c "import sys, json; print(json.load(sys.stdin)['id'])")
#export this var to be used in any other task of your pipeline
echo "##vso[task.setvariable variable=id;]$id"
You can get pipeline ID from a pipeline directly from portal.
Go Azure Pipeline
Now select the pipeline you want the ID from and choose “Edit”
Once in EDIT PIPELINE mode, click the dotted menu and select “TRIGGERS”
Now, click on “variables” tab
Here you will see a variable — system.definitionId which is aka PipelineId
There are two IDs you may need to know in Azure Pipelines.
Build Pipeline ID / Definition ID: This is the ID of the Pipeline not a particular run of the pipeline. You can get it via System.DefinitionId
Build Record ID / Build ID: This is the ID for a particular run/record of your pipeline run. You can access it in your pipeline as Build.BuildId
In your case, you will need to use the Build.BuildId since you are trying to get the artifact from a particular run of a pipeline.
Reference: Predefined Azure Pipeline Variables
The following command uses Azure CLI (with DevOps extension) and jq to get the pipeline id in Bash shell:
az pipelines show --name <PIPELINE_NAME> | jq -r .id
If you want to use this inside an Azure Pipeline, you need to use an Azure CLI task and probably install jq on the run agent.
See ultimatom's answer for how to set the id as a variable in the pipeline.
I have a container image (rancher/rancher:latest) that I need to pass "--acme-domain=" flag.
How can this be done in Azure Aci?
After a lot of trial and error I was able to do this using the command parameter in the Azure Resource Manager template. The gist of it was that I had to explicitly call the container entry point, e.g. "command":["./scripts/entry","--acme-domain=foo"]. I suppose you could do the same with the --command-line argument in the Azure CLI.
You can try to set an environment variable for your tag "--acme-domain=" in Azure ACI.
For more details, see Set environment variables in Azure ACI.
I have a problem on my build/release pipeline with Azure Container Reigstry.
I use a Azure Resource Group Deployment task to deploy Azure Container Registry (and other stuff) and it works perfectly.
I have the loginServer, username and password in output variables to reuse it.
Then I want to build and push image to ACR but I can't set the name of the registry (that I get from output variable) with a variable. I have to choose the registry when I setup the definition, but it is not created at this moment.
Is there a way to do this ?
As a workaround, I use the Azure Resource Group Deployment the create the registry and then I send output variables to a powershell script which build, tag and push my images to the registry.
If nobody has a better way, I think I will post a uservoice to change that.
When you say you use an Azure Resource Group Deployment task, are you referring to VSTS?
If you could provide more specific repro steps, I might be more helpful.
I'd also suggest you might take a look at https://aka.ms/acr/build as easy way to natively docker build images with your registry. ACR Build is now available in all regions and simplifies may of the experiences you may be hitting.
Daniel just made this post that helps with the VSTS integration: https://www.danielstechblog.io/building-arm-based-container-images-with-vsts-and-azure-container-registry-build/
Steve
Sorry for the delay, I was off the office.
I just retry to fix my problem and it seems that I can now enter a free text (and so, a release variable) to the VSTS docker task to specify the ACR I just created before with a Azure Resource Group Deployment task.
So no problem anymore.
Thank you for your response, I will take a look to ACR build :)
Bastien