我正在尝试将一个秘密变量作为 Azure 管道的一部分传递到 Powershell 脚本中。我通过转到“编辑管道”来添加变量,然后单击“变量”按钮,添加变量并选择“将此值保密”复选框。变量名是 PAT。
我引用了 Powershell 脚本中的变量,它是一个单独的文件,如下所示:
$url = '[Azure DevOps url]'
<# pass PAT as pipeline variable #>
$Token = "$env:PATSECRET"
if ($PAT -eq "") {
exit 1
}
$AzureAuthHeader = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f "", $Token)))
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", ("Basic {0}" -f $AzureAuthHeader))
$headers.Add("Content-Type", "application/json")
$response = Invoke-RestMethod -Uri $url -Method GET -Headers $headers
$lastcommit = $response.value[1].commitId
$packageFolder = git diff HEAD $lastcommit --name-only
这是管道中的 Powershell 脚本构建步骤:
steps:
- task: PowerShell@2
displayName: 'Detect Subfolder Changes'
name: setvarStep
env:
Pat: $(PAT)
inputs:
targetType: 'filePath'
filePath: $(System.DefaultWorkingDirectory)\detectchanges.ps1
failOnStderr: true
管道运行时出现此错误:##[error]env:PAT : The term 'env:PAT' is not recognized as the name of a cmdlet, function, script file, or operable program ...
更新:
我使用环境变量映射更新了 Powershell 构建步骤。我仍然遇到同样的错误。我还删除了 $(env:PAT)
周围的括号,但没有任何变化。
答案 0 :(得分:1)
您可以使用脚本的环境或在 variables 块中映射变量以将机密传递到您的管道。这是我的示例:
1.Script的环境(推荐方式):
steps:
- task: PowerShell@2
displayName: 'Detect Subfolder Changes'
name: setvarStep
env:
MY_PAT: $(PAT)
inputs:
filePath: '$(System.DefaultWorkingDirectory)/test.ps1'
failOnStderr: true
test.ps1:
$token= "$env:MY_PAT"
if ($token -eq "") {
exit 1
}
$url= "https://dev.azure.com/{Organization}/_apis/wit/wiql?api-version=6.1-preview.2"
$AzureAuthHeader = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f "", $Token)))
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", ("Basic {0}" -f $AzureAuthHeader))
$headers.Add("Content-Type", "application/json")
$JSON = @'
{
"query": "Select [System.Id], [System.Title], [System.State] From WorkItems Where [System.WorkItemType] = 'Task' AND [State] <> 'Closed' AND [State] <> 'Removed' order by [Microsoft.VSTS.Common.Priority] asc, [System.CreatedDate] desc"
}
'@
$response = Invoke-RestMethod -Uri $url -Headers $headers -Method Post -Body $JSON -ContentType application/json
Write-Host "result = $($response | ConvertTo-Json -Depth 100)"
2.变量定义
variables:
MY_PAT: $(PAT)
steps:
- task: PowerShell@2
inputs:
targetType: 'inline'
script: |
Write-Host "PAT: $(MY_PAT)"
您可以在此文档中找到有关 set secret variables 的更多详细信息。
答案 1 :(得分:0)
根据微软的说法“秘密变量不会自动映射。如果你有一个名为 Foo 的秘密变量,你可以像这样映射它”:
- powershell: echo $env:MYSECRET
env:
MySecret: $(Foo)