Sunday 31 March 2024

Update Azure Pipeline Library Group Variable Value in Azure Pipeline using CLI

We can set a variable value in Azure piplines using task.setvariable. This will only set a variable in the pipeline but not in a variable group. If we want to set a variable in a library variable group in Azure DevOps, we have to use command line azure-devops extension  for Azure CLI. Let's explore how to update a library variable group variable value using Azure pipeline step.

We can use a task similar to below to update an existing variable in a variable group.

      - task: PowerShell@2
        name: setup_blue_green_controls_vars
        displayName: 'Setup blue-green control variables'
          targetType: 'inline'
          script: |
            $env:AZURE_DEVOPS_EXT_PAT = '$(System.AccessToken)'
            $env_var_group_id = '$(env_var_group_id)';
            az extension add --name azure-devops

            az pipelines variable-group variable update --group-id $env_var_group_id --name 'sys_rollback' --value 'false' --detect true 
            az pipelines variable-group variable update --group-id $env_var_group_id --name 'sys_rollback_attempted' --value 'false' --detect true

The expected out come is as below, getting the variables in the variable group updated.

As you can see in the above task the first step is to set authntication to the variable group, so that variable group can be updated via pipeline. We can set the $env:AZURE_DEVOPS_EXT_PAT to the '$(System.AccessToken)', which is the sytem token which will be used by the build service account in Azure DevOps.

We have to ensure the variable group is set with Administrator permission for the build servie account in order to use the system access token as mentioned above.

The pipline step must be run on an agent where Azure CLI is already installed. Installing Azure CLI is not explained in the post. On top of Azure CLI we need to have the azure-devops extension installed. That is done via the az extension add --name azure-devops.

Then we can use the command similar to below to update existing variables in a avariable group. the  --detect true says detect the current team project and organization in which the Azure pipline is running. We can specify them as well in the command. For more information see the documentation here.

az pipelines variable-group variable update --group-id $env_var_group_id --name 'nameofvariable' --value 'valueofvariabletoset' --detect true 

No comments:

Popular Posts