尝试将管道秘密变量传递到 Powershell 脚本时出错

时间:2021-01-13 17:18:33

标签: powershell azure-devops azure-pipelines

我正在尝试将一个秘密变量作为 Azure 管道的一部分传递到 Powershell 脚本中。我通过转到“编辑管道”来添加变量,然后单击“变量”按钮,添加变量并选择“将此值保密”复选框。变量名是 PAT。

我引用了 Powershell 脚本中的变量,它是一个单独的文件,如下所示:

$url = '[Azure DevOps url]'
<# pass PAT as pipeline variable #>
$Token = "$env:PATSECRET"

if ($PAT -eq "") {
    exit 1
}
$AzureAuthHeader = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f "", $Token)))

$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", ("Basic {0}" -f $AzureAuthHeader))
$headers.Add("Content-Type", "application/json")

$response = Invoke-RestMethod -Uri $url -Method GET -Headers $headers

$lastcommit = $response.value[1].commitId

$packageFolder = git diff HEAD $lastcommit --name-only

这是管道中的 Powershell 脚本构建步骤:

steps:
  - task: PowerShell@2
    displayName: 'Detect Subfolder Changes'
    name: setvarStep
    env:
      Pat: $(PAT)
    inputs:
      targetType: 'filePath'
      filePath: $(System.DefaultWorkingDirectory)\detectchanges.ps1
      failOnStderr: true

管道运行时出现此错误:##[error]env:PAT : The term 'env:PAT' is not recognized as the name of a cmdlet, function, script file, or operable program ...

更新: 我使用环境变量映射更新了 Powershell 构建步骤。我仍然遇到同样的错误。我还删除了 $(env:PAT) 周围的括号,但没有任何变化。

2 个答案:

答案 0 :(得分:1)

您可以使用脚本的环境或在 variables 块中映射变量以将机密传递到您的管道。这是我的示例:

1.Script的环境(推荐方式):

steps:
- task: PowerShell@2
  displayName: 'Detect Subfolder Changes'
  name: setvarStep
  env:
    MY_PAT: $(PAT)
  inputs:
    filePath: '$(System.DefaultWorkingDirectory)/test.ps1'
    failOnStderr: true

test.ps1:

$token= "$env:MY_PAT"
if ($token -eq "") {
    exit 1
}
 
$url= "https://dev.azure.com/{Organization}/_apis/wit/wiql?api-version=6.1-preview.2"

$AzureAuthHeader = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f "", $Token)))

$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", ("Basic {0}" -f $AzureAuthHeader))
$headers.Add("Content-Type", "application/json")
 
$JSON = @'
{
  "query": "Select [System.Id], [System.Title], [System.State] From WorkItems Where [System.WorkItemType] = 'Task' AND [State] <> 'Closed' AND [State] <> 'Removed' order by [Microsoft.VSTS.Common.Priority] asc, [System.CreatedDate] desc"
}
'@
 
$response = Invoke-RestMethod -Uri $url -Headers $headers -Method Post -Body $JSON -ContentType application/json
Write-Host "result = $($response | ConvertTo-Json -Depth 100)"

2.变量定义

variables:
  MY_PAT: $(PAT)
steps:
- task: PowerShell@2
  inputs:
    targetType: 'inline'
    script: |
      Write-Host "PAT: $(MY_PAT)"

您可以在此文档中找到有关 set secret variables 的更多详细信息。

答案 1 :(得分:0)

根据微软的说法“秘密变量不会自动映射。如果你有一个名为 Foo 的秘密变量,你可以像这样映射它”:

- powershell: echo $env:MYSECRET
  env:
    MySecret: $(Foo)
相关问题
最新问题