Closed maxricketts closed 1 year ago
@maxricketts Ok so error code 5 reported by PowerShell indicates an access denied error. This could happen both for inputs and outputs.
With OutputPath
set to rule-report.xml
I don't think it is related to the outputs.
This looks like a problem. Using Source: C:\a\1\s.ps-rule
which would not be valid.
Are you able to provide the pipeline YAML code for the ps-rule-assert@2
task and any settings configured within ps-rule.yaml
under the input:
and output:
keys.
Also this discussion may help: https://github.com/microsoft/PSRule-pipelines/discussions/387
@BernieWhite. Here is the yaml for the psrule stage. This happens randomly, even when no changes have been applied to the code or yaml. Run the pipeline again and it will work. This does look like the same issue as 387
but I have the inputType set to repository and still get the random occurence or error code 5.
Please let me know if you require any more information.
# yaml-language-server: $schema=./deploy.yml
stages:
- stage: PSRuleScanning
displayName: PSRule validation and governance
jobs:
- job: PSRule
displayName: Checkout and scan code
steps:
- checkout: Exg.DevOps.ImageBuilder
# Analyze Azure resources using PSRule for Azure
- task: ps-rule-assert@2
displayName: Analyze Azure bicep files
inputs:
modules: PSRule.Rules.Azure
inputType: repository
inputPath: newImage/bicep/
outputFormat: Nunit3
outputPath: rule-report.xml
env:
# Define environment variables within Azure Pipelines
AZURE_CLIENT_ID: $(psrule-clientid)
AZURE_CLIENT_SECRET: $(psrule-secret)
AZURE_TENANT_ID: $(psrule-tenant)
# PSRule results
- task: PublishTestResults@2
displayName: 'Publish PSRule results'
inputs:
testRunTitle: 'PSRule'
testRunner: NUnit
testResultsFiles: 'rule-report.xml'
mergeTestResults: true
publishRunAttachments: true
condition: succeededOrFailed()
@maxricketts Looks like the missing \
was just how the output sample was pasted. The paths look correct now as a text block.
The task parameters look fine.
We're going need to collect more information. You can enable verbose output by setting the SYSTEM_DEBUG
pipeline variable to true
.
I have attached the logs for you. It seems like it always fails the first time on a fresh vm instance on the scale set. run it again and its fine. I have also attached a log of when it runs all ok at the bottom
@maxricketts Thanks for the logs. From the logs, PSRule is running and it starting to process files. It start to expand a Bicep file here:
2022-11-25T16:13:58.1294941Z ##[debug][Azure.ExpandBicep] -- Expanding bicep source: C:\a\1\s\newImage\bicep\imagebuilder.bicep
That's the last action in the logs.
With your VMSS setup, do you have additional custom scripts that might be running in the background while this job is running?
@maxricketts Also additionally, I've added some additional verbose logging for testing in pre-release v1.22.0-B0203. This might help confirm if the Bicep compile is definitely the cause of the failure.
To use the pre-release you will need to enable the pre-release by setting the prerelease: true
input parameter for the ps-rule-assert@2
task.
@BernieWhite - I have added prerelease: true
- and I am getting the below error.
- task: ps-rule-assert@2
displayName: Analyze Azure bicep files
inputs:
prerelease: true
modules: PSRule.Rules.Azure
inputType: repository
inputPath: newImage/bicep/
outputFormat: Nunit3
outputPath: rule-report.xml
@BernieWhite - I have added
prerelease: true
- and I am getting the below error.- task: ps-rule-assert@2 displayName: Analyze Azure bicep files inputs: prerelease: true modules: PSRule.Rules.Azure inputType: repository inputPath: newImage/bicep/ outputFormat: Nunit3 outputPath: rule-report.xml
[error]An error occurred installing a dependency module. A parameter cannot be found that matches parameter name 'AllowPrerelease'.
Ah thanks for the feedback. This could occur if you have an old version of PowerShellGet
installed. You could do either of the following to address that error:
PowerShellGet
on the host.ps-rule-install@2
task to install PSRule.Rules.Azure
as a pre-release before ps-rule-assert@2
, then you can avoid using prerelease: true
on ps-rule-assert@2
.However the latest v1.22.0 is out so you can avoid installing the pre-release anyway :)
@BernieWhite What version of powershellget is needed as the latest version of powershell was installed only a couple of weeks ago and that came with close to the latest powershellget version.
I'll test the fix and let you know
many thanks
@BernieWhite What version of powershellget is needed as the latest version of powershell was installed only a couple of weeks ago and that came with close to the latest powershellget version.
I'll test the fix and let you know
many thanks
Any latest version installed in the last year should be fine. It's not a new feature, but does not ship in the PowerShell modules installed in Windows by default. If that's not your experience then maybe there is an old version installed in Windows PowerShell.
@maxricketts Did you get a chance to check this with PSRule for Azure v1.22.0?
@BernieWhite - This has re-appeared a few times. I think it's when the scale set creates a new image. I have checked and it is on the latest version.
@maxricketts Did you get a chance to check this with PSRule for Azure v1.22.0?
@BernieWhite - This has re-appeared a few times. I think it's when the scale set creates a new image. I have checked and it is on the latest version.
@mpr555 @maxricketts If you are able to post the debugs logs again since v1.22.0 because we added additional logging to help track specifically where the failure occurred. Thanks.
@BernieWhite I have attached the log files with the exit 5 issue. psruleext5issue.txt
@maxricketts @mpr555 So based on the additional logging the crash is occurring when calling Bicep CLI.
Are you using Bicep CLI via the Azure CLI?
If not, to test if there is any different behaviour can you insert a new step before PSRule to install the Bicep CLI via Azure CLI.
For example:
- script: |
az bicep install
az bicep upgrade
Then add the PSRULE_AZURE_BICEP_USE_AZURE_CLI
environment variable called out in Using Azure CLI.
@maxricketts @mpr555 An update on this one. We were able to reproduce a case where path probing of the Bicep binaries was causing an issue and generating exit code 5. We've improved the behaviour to be less noisy. I'm not sure if this resolves your specific case however if you are able to test pre-release v1.25.0-B0035 and let us know.
If that does not resolve the issue, can I suggest that you:
PSRULE_AZURE_BICEP_PATH
environment variable to the specific location of the Bicep binary.Details are further included here: https://azure.github.io/PSRule.Rules.Azure/setup/setup-bicep/#installing-bicep-cli
Please let us know how you go so that we can close the issue or update guidance docs as required.
@maxricketts @mpr555 v1.25.0 is now released. Hopefully this has resolved the issue. Thanks for your patience to test and collect information. Please let us know if there is still an issue.
@BernieWhite - I am still getting an error on some builds.
##[error]One or more assertions failed.
---
##[error]Exit code 1 returned from process: file name 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe', arguments '-NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command ". ([scriptblock]::Create('if ([Console]::InputEncoding -is [Text.UTF8Encoding] -and [Console]::InputEncoding.GetPreamble().Length -ne 0) { [Console]::InputEncoding = New-Object Text.UTF8Encoding $false } if (!$PSHOME) { $null = Get-Item -LiteralPath ''variable:PSHOME'' } else { Import-Module -Name ([System.IO.Path]::Combine($PSHOME, ''Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1'')) ; Import-Module -Name ([System.IO.Path]::Combine($PSHOME, ''Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1'')) }')) 2>&1 | ForEach-Object { Write-Verbose $_.Exception.Message -Verbose } ; Import-Module -Name 'C:\a\_tasks\ps-rule-assert_8804fc31-b62f-4d49-b2a1-c80dc0879dae\2.6.2301031\ps_modules\VstsTaskSdk\VstsTaskSdk.psd1' -ArgumentList @{ NonInteractive = $true } -ErrorAction Stop ; $VerbosePreference = 'SilentlyContinue' ; $DebugPreference = 'SilentlyContinue' ; Invoke-VstsTaskScript -ScriptBlock ([scriptblock]::Create('. ''C:\a\_tasks\ps-rule-assert_8804fc31-b62f-4d49-b2a1-c80dc0879dae\2.6.2301031\powershell.ps1'''))"'.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.
This issue was closed because it has not had any recent activity.
Description of the issue
Random pipelines fail with the below error
Module in use and version: