I'm trying to use azure pipeline to upload certificate and binding the app service.
First I use a DEV-stage,all works well.Currently I have to create a new stage for QUAL env.Just clone a new stage from DEV-stage and update the variables,but we run the pipeline can not find the certificate(file) I uploaded.
My download task is:
steps:
- task: DownloadSecureFile#1
displayName: 'Download ***.**.com Certificate for API App'
inputs:
secureFile: dev.pfx
and then use a azure powershell taskļ¼but in my script such error happens:
Certificate does not exist at path D:\a\_temp/
It seems can not find the download file in the agent.
Uploaded task:
steps:
- task: AzurePowerShell#3
displayName: 'Upload Certificate to API app and Bind Domain'
inputs:
azureSubscription: 'Azure: CDA NextGen DEV'
ScriptPath: '$(System.DefaultWorkingDirectory)/CdaApi-ArmTemplates/ArmTemplates/InstallSSLAndCustomDomain.ps1'
ScriptArguments: '-ResourceGroupName $(ResourceGroupName) -AppServiceName $(ApiSiteName) -CustomDomains $(ApiHostName) -CertificatePassword $(Password) -CertificateFileName $(CertificateFileName)'
azurePowerShellVersion: LatestVersion
power shell script:
$CertificateFilePath = $env:AGENT_TEMPDIRECTORY + "/" + $CertificateFileName
$ResourceGroupName -ResourceType Microsoft.Web/sites -ApiVersion 2014-11-01
if ([System.IO.File]::Exists($CertificateFilePath))
{
Write-Host ("Certificate found at {0}" -f $CertificateFilePath)
}
else
{
Write-Error ("Certificate does not exist at path {0}" -f $CertificateFilePath)
throw
}
How to check it?
Updated:
Based on your comment the files has been exists there. Also, combine your powershell script and your error message.
Since you just share the part of your YAML, I could not know how do you define variables. Please ensure your CertificateFileName variable has been stored and passed to powershell successfully.
Because, the complete file name should be displayed in your powershell error message even it does not exists in path.
In fact, it is very easy to cause some issue after you change the agent environment used.
After the Download secure file executed, it will generated one environment variable which name is secureFilePath. You just need set is as output variable and use it directly in your powershell script.
Little changes on your YAML and powershell script:
YAML:
steps:
- task: DownloadSecureFile#1
displayName: 'Download ***.**.com Certificate for API App'
inputs:
secureFile: dev.pfx
name: Path
- task: AzurePowerShell#3
displayName: 'Upload Certificate to API app and Bind Domain'
inputs:
azureSubscription: 'Azure: CDA NextGen DEV'
ScriptPath: '$(System.DefaultWorkingDirectory)/CdaApi-ArmTemplates/ArmTemplates/InstallSSLAndCustomDomain.ps1'
ScriptArguments: '-ResourceGroupName $(ResourceGroupName) -AppServiceName $(ApiSiteName) -CustomDomains $(ApiHostName) -CertificatePassword $(Password) -CertificateFileName $(CertificateFileName) -SecureFilePath $(Path.secureFilePath)'
azurePowerShellVersion: LatestVersion
Powershell:
$CertificateFilePath = $SecureFilePath
$ResourceGroupName -ResourceType Microsoft.Web/sites -ApiVersion 2014-11-01
if ([System.IO.File]::Exists($CertificateFilePath))
{
Write-Host ("Certificate found at {0}" -f $CertificateFilePath)
}
else
{
Write-Error ("Certificate does not exist at path {0}" -f $CertificateFilePath)
throw
}
Related
I am trying to get the variable from the Terraform output and show it/output it. Later I can pass this variable in another step.
Terraform outputs the json that I am trying to loop over and take the variable
However, when I want to see the output in the console in Azure DevOps I only get that the script is saved and cannot see any value written out and therefore check if the variable was correctly assigned.
I would like to output the value of reg_name but so far, even after successfully executing this part, I do not see any after run.
Any tips on what may be wrong here?
Thank you in advance!
Current code:
- task: TerraformTaskV3#3
name: terraformOutput
inputs:
provider: 'azurerm'
command: 'output'
workingDirectory: '$(System.DefaultWorkingDirectory)/.azureDevOps/terraform'
environmentServiceNameAzureRM: 'xxxxx'
- task: AzurePowerShell#5
inputs:
azureSubscription: 'service-connection-creditrisk'
ScriptType: 'InlineScript'
Inline: |
$json = Get-Content $(TerraformOutput.jsonOutputVariablesPath) | Out-String | ConvertFrom-Json
foreach($prop in $json.psobject.properties) {
Write-Host("##vso[task.setvariable variable=$$prop.reg_name;]$($prop.reg_name.value)")
}
workingDirectory: '$(System.DefaultWorkingDirectory)/.azureDevOps/terraform'
azurePowerShellVersion: 'LatestVersion'
I am trying to run a SQL Script with the pipeline in a Automated Deployment for DB changes with below YML file. But i get error saying below.
Tutorial I follow is: https://learn.microsoft.com/en-us/azure/devops/pipelines/targets/azure-sqldb?view=azure-devops&tabs=yaml
trigger:
- main
pool:
vmImage: windows-2022
variables:
AzureSubscription: 'XXX'
ResourceGroupName: 'XXX'
ResourceDBGroupName: 'XXX'
ServerName: 'XXX'
DatabaseName: 'XXX'
AdminUser: 'XXX'
AdminPassword: 'XXX'
SQLFile: 'DatabasePipelineTest/scripts/script.sql'
AzureFirewallName: 'allow-pipe'
steps:
- script: dir
displayName: 'Run a one-line script to test'
- task: AzurePowerShell#2
displayName: Azure PowerShell
inputs:
azureSubscription: '$(AzureSubscription)'
ScriptPath: '$(Build.SourcesDirectory)/DatabasePipelineTest/scripts/SetAzureFirewallRule.ps1'
ScriptArguments: '-ServerName $(ServerName) -ResourceGroupName $(ResourceDBGroupName) -AzureFirewallName $(AzureFirewallName)'
azurePowerShellVersion: LatestVersion
- task: CmdLine#1
displayName: Run Sqlcmd
inputs:
filename: Sqlcmd
arguments: '-S $(ServerName) -U $(AdminUser) -P $(AdminPassword) -d $(DatabaseName) -i $(SQLFile)'
- task: AzurePowerShell#5
displayName: Azure PowerShell
inputs:
azureSubscription: '$(AzureSubscription)'
ScriptPath: '$(Build.SourcesDirectory)/DatabasePipelineTest/scripts/RemoveAzureFirewallRule.ps1'
ScriptArguments: '$(ServerName)'
azurePowerShellVersion: LatestVersion
Output I get in the Console is as below,
Azure PowerShell
View raw log
Starting: Azure PowerShell
==============================================================================
Task : Azure PowerShell
Description : Run a PowerShell script within an Azure environment
Version : 2.198.0
Author : Microsoft Corporation
Help : https://learn.microsoft.com/azure/devops/pipelines/tasks/deploy/azure-powershell
==============================================================================
Added TLS 1.2 in session.
Import-Module -Name C:\Modules\azurerm_6.13.1\AzureRM\6.13.1\AzureRM.psd1 -Global
Clear-AzureRmContext -Scope Process
Disable-AzureRmContextAutosave -ErrorAction Stop
Disconnect-AzureRmAccount -Scope Process -ErrorAction Stop
Clear-AzureRmContext -Scope Process -ErrorAction Stop
##[error]The term 'New-AzSqlServerFirewallRule' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
Finishing: Azure PowerShell
The script that has the issue is below
[CmdletBinding(DefaultParameterSetName = 'None')]
param
(
[String] [Parameter(Mandatory = $true)] $ServerName,
[String] [Parameter(Mandatory = $true)] $ResourceGroupName,
[String] [Parameter(Mandatory = $true)] $AzureFirewallName
)
$agentIP = (New-Object net.webclient).downloadstring("https://api.ipify.org")
New-AzSqlServerFirewallRule -ResourceGroupName $ResourceGroupName -ServerName $ServerName -FirewallRuleName $AzureFirewallName -StartIPAddress $agentIp -EndIPAddress $agentIP
Can you check in the DevOps task if you have specified the task version: 4. (Preview) or higher to use the Az powershell module
parameters:
- name: AzureSubscription
default: 'abc'
- name: BlobName
type: string
default: ""
stages:
- stage: MyStage
displayName: 'My Stage'
variables:
- name: sas
jobs:
- job: ABC
displayName: ABC
steps:
- task: AzureCLI#2
displayName: 'XYZ'
inputs:
azureSubscription: ${{ parameters.AzureSubscription }}
scriptType: pscore
arguments:
scriptLocation: inlineScript
inlineScript: |
$sas=az storage account generate-sas --account-key "mykey" --account-name "abc" --expiry (Get-Date).AddHours(100).ToString("yyyy-MM-dTH:mZ") --https-only --permissions rw --resource-types sco --services b
Write-Host "My Token: " $sas
- task: PowerShell#2
inputs:
targetType: 'filepath'
filePath: $(System.DefaultWorkingDirectory)/psscript.ps1
arguments: >
-Token "????"
-BlobName "${{parameters.BlobName}}"
displayName: 'some work'
In this Azure Devops yaml, i have created 2 tasks. AzureCLI#2 and PowerShell#2
In AzureCLI#2 i get value in $sas varaible. Write-Host confirms that, but $sas does not get passes as parameter to PowerShell#2 powershell file as parameter.
"${{parameters.BlobName}}" is working fine. In powershell i am able to read that value.
How to pass sas variable value?
Tried
-Token $sas # not worked
-Token "${{sas}}" # not worked
Different tasks in Azure Pipeline don't share a common runspace that would allow them to preserve or pass on variables.
For this reason Azure Pipelines offers special logging commands that allow to take string output from a task to update an Azure Pipeline environment variable that can be used in subsequent tasks: Set variables in scripts (Microsoft Docs).
In your case you would use a logging command like this to make your sas token available to the next task:
Write-Host "##vso[task.setvariable variable=sas]$sas"
In the argument of your subsequent task (within the same job) use the variable syntax of Azure Pipelines:
-Token '$(sas)'
In Azure DevOps we have the follwing YAML pipeline which is applying Terraform configuration from a CmdLine task.
The Output task should return the ObjectId of a Data Factory after it is deployed by Terraform.
I would like to use that ObjectId and pass it to the next Azure Powershell Task as a parameter so I can add that Id as member to an AzureADGroup.
How can I use the output from the step called 'Terraform output' in the next Powershell Task?
- task: CmdLine#2
displayName: Terraform Apply
enabled: False
inputs:
script: terraform apply -auto-approve -input=false tfplan
workingDirectory: infrastructure/tf_scripts/dev
- task: CmdLine#2
displayName: Terraform output
enabled: False
inputs:
script: |
terraform output adf_objectid
workingDirectory: infrastructure/tf_scripts/dev
- task: AzurePowerShell#4
displayName: 'Azure PowerShell script: InlineScript'
inputs:
azureSubscription: 'a6cb1cd3-8d5e-4db6-8af5-bcb66492d5cc'
ScriptType: 'InlineScript'
Inline: |
$spn=(terraform output adf_objectid)
Connect-AzureAD -AadAccessToken $aadToken -AccountId $context.Account.Id -TenantId $context.tenant.id -MsAccessToken $graphToken
Add-AzureADGroupMember -ObjectId xxxxx-xxxxx-xxxxx -RefObjectId $spn
workingDirectory: wd/scripts/dev
azurePowerShellVersion: 'LatestVersion'
Passing Terraform output to Powershell task in Azure Devosps
You could try to use the the Logging Command to set the adf_objectid as an azure devops pipeline variable:
echo ##vso[task.setvariable variable=spn]$(terraform output adf_objectid)
Check the similar thread for some details.
So, I'm new to Azure Devops (but not Azure or PowerShell). I've got two scripts as tasks in my pipeline, the first runs perfectly (Note: no az module commands). The second one fails (It has one Az call). The error I get in the pipeline is:
ParserError: /home/vsts/work/_temp/3f7b3ce1-6afb-46f3-b00d-1efe35fbac71.ps1:5
Line |
5 | } else {
| ~
| Unexpected token '}' in expression or statement.
Here is the thing... I don't have '} else {' in my script or at least, I removed it and got the same error.
So whatever is causing this is more fundamental than my script. I assumed that '/home/vsts/work/_temp/3f7b3ce1-6afb-46f3-b00d-1efe35fbac71.ps1' was my script copied to the remote syste, but it doesn't seem to be the case.
Is there any way, I can find out what that file is?
The task is 'PowerShell#2' with 'pwsh: true' set.
Thanks!
YAML:
trigger:
- main
pool:
vmImage: ubuntu-latest
steps:
- task: AzureResourceManagerTemplateDeployment#3
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: 'Pay-As-You-Go(<guid>)'
subscriptionId: '<guid>'
action: 'Create Or Update Resource Group'
resourceGroupName: 'project-Test'
location: 'East US 2'
templateLocation: 'Linked artifact'
csmFile: 'deploy.template.json'
csmParametersFile: 'deploy.parameters.json'
deploymentMode: 'Incremental'
deploymentOutputs: 'DeploymentOutput'
- task: PowerShell#2
inputs:
targetType: 'inline'
script: $(System.DefaultWorkingDirectory)/Get-ArmDeploymentOutput.ps1 -ArmOutputString '$(DeploymentOutput)' -MakeOutput -ErrorAction Stop
pwsh: true
displayName: Get-ArmDeploymentOutput
- task: PowerShell#2
inputs:
targetType: 'inline'
script: $(System.DefaultWorkingDirectory)/Set-AzWebAppIPRestriction.ps1 -Priority 100 -Action 'Allow' -WebAppId '$(WebAppId)' -PipId '$(gwpipId)'' -ErrorAction Stop
pwsh: true
displayName: Set-AzWebAppIPRestriction
I found there is an extra ' in -PipId '$(gwpipId)'' in the script of your second powershell task. Maybe it caused the error.
script: $(System.DefaultWorkingDirectory)/Set-AzWebAppIPRestriction.ps1 -Priority 100 -Action 'Allow' -WebAppId '$(WebAppId)' -PipId '$(gwpipId)'' -ErrorAction Stop
Since you were running your scripts in .ps1 file. You should change the targetType parameter of powershell task to filePath. And set .ps1 file in the filePath parameter. See below example:
steps:
- task: PowerShell#2
displayName: 'PowerShell Script'
inputs:
targetType: filePath
filePath: '$(System.DefaultWorkingDirectory)/Set-AzWebAppIPRestriction.ps1'
arguments: '-Priority 100 -Action "Allow" -WebAppId "$(WebAppId)" -PipId "$(gwpipId)" -ErrorAction Stop'
pwsh: true
If you are using azure powershell module in your scripts. You can use Azure powershell task instead of powershell task..