Azure Devops:从内联脚本调用模板
Azure Devops: Call a Template from a inline script
我有一个 Template.yml 有一个参数。我想从内联脚本中调用该模板。我怎样才能做到这一点?
Orchastrtor.yml
parameters:
AzureSubscription: []
jobs:
- job: update
condition: succeeded()
pool:
vmImage: "windows-latest"
steps:
- task: AzurePowerShell@4
displayName: Update
inputs:
azureSubscription: 'xxx'
ScriptType: 'InlineScript'
Inline: |
Write-Output "subscription is '${{ parameters.AzureSubscription }}' "
$sub = ${{ parameters.AzureSubscription }}
foreach($Result in $sub ){
# Want to call my template from this.
../template/yaml -parameter
}
azurePowerShellVersion: 'LatestVersion'
FailOnStandardError: true
Template.Yaml - 有一个参数和两个任务。
parameters:
azureSubscription: ''
steps:
- task: AzurePowerShell@4
displayName: Updating ${{ parameters.azureSubscription }}
inputs:
azureSubscription: ${{ parameters.azureSubscription }}
ScriptType: 'FilePath'
ScriptPath: '$(System.DefaultWorkingDirectory)/Foundation/xx.ps1'
azurePowerShellVersion: 'LatestVersion'
有人可以帮助我如何调用模板吗?
这不可能。但我认为您可以使用 expression with the each keyword 实现相同的结果,它的行为类似于您的用例描述的循环。
所以你的 Orchastrtor.yml 会像这样:
parameters:
AzureSubscription: []
jobs:
- job: update
pool:
vmImage: "windows-latest"
steps:
- ${{ each subscription in parameters.AzureSubscription }}:
- template: ../template.yaml
parameters:
azureSubscription: ${{ subscription }}
因为你不能那么容易地通过动态 azure 订阅:
@JoeGaggler this feature isn't supported today. Usage of service endpoints (Azure Subscription is one of kind) in release/build definition is controlled by some permissions. At the time of saving a release/build definition service validates that the author (whoever is saving the definition) has appropriate permissions on the endpoint. If we support variable replacements for service endpoint input then service can't validate that the author has required permissions or not and it might become a security issue.
您需要在此处使用解决方法。我的意思是使用纯 powershell 代码,包括登录到 Azure。所以如果你的模板是
parameters:
- name: 'group'
type: string
- name: 'scriptPath'
type: string
jobs:
- job:
variables:
- group: ${{ parameters.group }}
steps:
- pwsh: |
$pscredential = New-Object -TypeName System.Management.Automation.PSCredential($(applicationId), $sp.SECRET)
Connect-AzAccount -ServicePrincipal -Credential $pscredential -Tenant $(tenantId)
${{ parameters.scriptPath }}
env:
SECRET: secret
这里我假设您将为每个订阅创建一个变量组。每个组应具有以下值:
- applicationId
- 秘密(服务主体秘密在 Azure Devops 上也被视为秘密,这就是为什么需要环境映射的原因)
- 租户编号
然后你会这样称呼它:
parameters:
groups: []
jobs:
- ${{ each subscriptionGroup parameters.groups}}:
- template: ../template.yaml
parameters:
group: ${{ subscriptionGroup }}
scriptPath: '$(System.DefaultWorkingDirectory)/Foundation/xx.ps1'
缺点:
- 以前你在一份工作中有多个步骤,一个你在多个工作中有一个步骤,因此 运行
可能需要更长的时间
我有一个 Template.yml 有一个参数。我想从内联脚本中调用该模板。我怎样才能做到这一点?
Orchastrtor.yml
parameters:
AzureSubscription: []
jobs:
- job: update
condition: succeeded()
pool:
vmImage: "windows-latest"
steps:
- task: AzurePowerShell@4
displayName: Update
inputs:
azureSubscription: 'xxx'
ScriptType: 'InlineScript'
Inline: |
Write-Output "subscription is '${{ parameters.AzureSubscription }}' "
$sub = ${{ parameters.AzureSubscription }}
foreach($Result in $sub ){
# Want to call my template from this.
../template/yaml -parameter
}
azurePowerShellVersion: 'LatestVersion'
FailOnStandardError: true
Template.Yaml - 有一个参数和两个任务。
parameters:
azureSubscription: ''
steps:
- task: AzurePowerShell@4
displayName: Updating ${{ parameters.azureSubscription }}
inputs:
azureSubscription: ${{ parameters.azureSubscription }}
ScriptType: 'FilePath'
ScriptPath: '$(System.DefaultWorkingDirectory)/Foundation/xx.ps1'
azurePowerShellVersion: 'LatestVersion'
有人可以帮助我如何调用模板吗?
这不可能。但我认为您可以使用 expression with the each keyword 实现相同的结果,它的行为类似于您的用例描述的循环。
所以你的 Orchastrtor.yml 会像这样:
parameters:
AzureSubscription: []
jobs:
- job: update
pool:
vmImage: "windows-latest"
steps:
- ${{ each subscription in parameters.AzureSubscription }}:
- template: ../template.yaml
parameters:
azureSubscription: ${{ subscription }}
因为你不能那么容易地通过动态 azure 订阅:
@JoeGaggler this feature isn't supported today. Usage of service endpoints (Azure Subscription is one of kind) in release/build definition is controlled by some permissions. At the time of saving a release/build definition service validates that the author (whoever is saving the definition) has appropriate permissions on the endpoint. If we support variable replacements for service endpoint input then service can't validate that the author has required permissions or not and it might become a security issue.
您需要在此处使用解决方法。我的意思是使用纯 powershell 代码,包括登录到 Azure。所以如果你的模板是
parameters:
- name: 'group'
type: string
- name: 'scriptPath'
type: string
jobs:
- job:
variables:
- group: ${{ parameters.group }}
steps:
- pwsh: |
$pscredential = New-Object -TypeName System.Management.Automation.PSCredential($(applicationId), $sp.SECRET)
Connect-AzAccount -ServicePrincipal -Credential $pscredential -Tenant $(tenantId)
${{ parameters.scriptPath }}
env:
SECRET: secret
这里我假设您将为每个订阅创建一个变量组。每个组应具有以下值:
- applicationId
- 秘密(服务主体秘密在 Azure Devops 上也被视为秘密,这就是为什么需要环境映射的原因)
- 租户编号
然后你会这样称呼它:
parameters:
groups: []
jobs:
- ${{ each subscriptionGroup parameters.groups}}:
- template: ../template.yaml
parameters:
group: ${{ subscriptionGroup }}
scriptPath: '$(System.DefaultWorkingDirectory)/Foundation/xx.ps1'
缺点:
- 以前你在一份工作中有多个步骤,一个你在多个工作中有一个步骤,因此 运行 可能需要更长的时间