github-actions[bot]
commented
3 years ago This issue is marked default for generating issues report.
Open dpantaz opened 3 years ago
github-actions[bot]
commented
3 years ago This issue is marked default for generating issues report.
github-actions[bot]
commented
3 years ago This issue is stale because it has been open for 7 days with no activity.
marvinbuss
commented
3 years ago @bishal-pdMSFT We are running into issues, when trying to do this. Due to the AZURE_CREDENTIALS, it also seems like that any { and } get replaced with *** in the Actions page and passing a JSON array always fails with Failed to parse JSON. Here are more details:
github-actions[bot]
commented
3 years ago This issue is marked default for generating issues report.
github-actions[bot]
commented
3 years ago This issue is stale because it has been open for 7 days with no activity.
t-dedah
commented
3 years ago Hi @marvinbuss, will it be possible to share the exact parameter input. Are you passing a json or a json string something like this '{\"costCenter\":\"ABCD\", \"owner\":\"XYZ\"}'
marvinbuss
commented
3 years ago Hi @t-dedah, I am passing a JSON string as input (e.g. '{"costCenter":"ABCD", "owner":"XYZ"}'). It seems like { and } get replaced with ***. Using a JSON as secret is also not recommended by the Actions team. We should consider moving to a different authentication method for Azure/login with individual secrets for clientId and clientSecret. See here: https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-secrets
github-actions[bot]
commented
3 years ago This issue is marked default for generating issues report.
t-dedah
commented
3 years ago @marvinbuss I am little confused. What secrets are you trying to pass as parameters? shouldn't we use azure login task for that? Also I consoled out '{"costCenter":"ABCD", "owner":"XYZ"}' and everything looks okay to me.
Will it be possible to share repro steps for the issue?
marvinbuss
commented
3 years ago Please try this workflow, then you will see the issue:
name: Deployment
on:
push:
branches: [ main ]
paths:
- 'infra/**'
pull_request:
branches: [ main ]
paths:
- 'infra/**'
env:
AZURE_SUBSCRIPTION_ID: 'your-sub-id'
AZURE_LOCATION: 'northeurope'
AZURE_TAGS: '{"costCenter":"ABCD", "owner":"XYZ"}'
jobs:
create-resource-groups:
runs-on: ubuntu-latest
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Login to Azure
- name: Azure Login
id: azure_login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Deploy Resource Groups
- name: Deploy Resource Groups
id: resource_groups_deployment
uses: azure/arm-deploy@v1
with:
scope: subscription
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/ResourceGroups/deploy.resourceGroups.json
parameters: ${{ github.workspace }}/infra/ResourceGroups/params.resourceGroups.json tags='${{ env.AZURE_TAGS }}'
# Log out from Azure
- name: Log out from Azure
id: azure_logout
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
az logoutThis issue is marked default for generating issues report.
github-actions[bot]
commented
3 years ago This issue is marked default for generating issues report.
github-actions[bot]
commented
3 years ago This issue is marked default for generating issues report.
github-actions[bot]
commented
3 years ago This issue is marked default for generating issues report.
t-dedah
commented
3 years ago @marvinbuss Thanks for sharing the workflow. So we tested it out and the issue is with AZ CLI, workaround is to not store AZURE_TAGS as env variable but just directly use it as a string tags='{"costCenter":"ABCD", "owner":"XYZ"}'
marvinbuss
commented
3 years ago Thanks, but what if I want to reuse the value for x number of deployments? I want to create a variable for it.
t-dedah
commented
3 years ago @marvinbuss I agree its inconvenient but as its how AZ CLI works we might not have any good option.
marvinbuss
commented
3 years ago But the root cause of the replacement is not the Azure CLI, but how the Azure credentials are stored. Were you able to resproduce this behavior?
t-dedah
commented
3 years ago I get same error even without storing any AZURE CREDENTIAL. Just running this command without login gives a 'json parse failed' error. I might be wrong but isnt it the behaviour of az comand?
az deployment group validate --resource-group E2eTestResourceGroupForArmAction --template-uri https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/emptyRG.json --parameters tags='${{ env.AZURE_TAGS }}'
github-actions[bot]
commented
3 years ago This issue is marked default for generating issues report.
marvinbuss
commented
3 years ago I get same error even without storing any AZURE CREDENTIAL. Just running this command without login gives a 'json parse failed' error. I might be wrong but isnt it the behaviour of az comand?
az deployment group validate --resource-group E2eTestResourceGroupForArmAction --template-uri https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/emptyRG.json --parameters tags='${{ env.AZURE_TAGS }}'
@t-dedah No this is not the behavior of az cli. The issue is, that we are storing a JSON as secret (AZURE_CREDENTIALS). If you remove the reference to it, everything will run just fine. The issue is Azure/login. The Action needs to accept individual secrets rather than a json. This requires an improvment.
github-actions[bot]
commented
3 years ago This issue is marked default for generating issues report.
github-actions[bot]
commented
3 years ago This issue is stale because it has been open for 7 days with no activity.
github-actions[bot]
commented
3 years ago This issue is idle because it has been open for 14 days with no activity.
gummigroda
commented
2 years ago Hi,
Are there any updates regarding how to add for example tags as parameters? Or even more complex structures as objects in an array?
Tried as sugested:
and get the error:
Or is it better to skip this action and run a regular shell with AZ CLI ?
t-dedah
commented
2 years ago Hi @gummigroda Can you please try this?
tags="{\"costCenter\":\"12345\", \"owner\":\"IT\", \"Service\": \"Identity\"}"
marvinbuss
commented
2 years ago I get same error even without storing any AZURE CREDENTIAL. Just running this command without login gives a 'json parse failed' error. I might be wrong but isnt it the behaviour of az comand?
az deployment group validate --resource-group E2eTestResourceGroupForArmAction --template-uri https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/emptyRG.json --parameters tags='${{ env.AZURE_TAGS }}'
@t-dedah No this is not the behavior of az cli. The issue is, that we are storing a JSON as secret (AZURE_CREDENTIALS). If you remove the reference to it, everything will run just fine. The issue is Azure/login. The Action needs to accept individual secrets rather than a json. This requires an improvment.
This is the reason why it will not work. If you use the new Workload Identity Federation, this issue will most likely be solved, as you are not storing a JSON as secret then.
github-actions[bot]
commented
2 years ago This issue is idle because it has been open for 14 days with no activity.
github-actions[bot]
commented
2 years ago This issue is stale because it has been open for 7 days with no activity.
aavdberg
commented
2 years ago Please try this workflow, then you will see the issue:
name: Deployment on: push: branches: [ main ] paths: - 'infra/**' pull_request: branches: [ main ] paths: - 'infra/**' env: AZURE_SUBSCRIPTION_ID: 'your-sub-id' AZURE_LOCATION: 'northeurope' AZURE_TAGS: '{"costCenter":"ABCD", "owner":"XYZ"}' jobs: create-resource-groups: runs-on: ubuntu-latest steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Check Out Repository id: checkout_repository uses: actions/checkout@v2 # Login to Azure - name: Azure Login id: azure_login uses: azure/login@v1 with: creds: ${{ secrets.AZURE_CREDENTIALS }} # Deploy Resource Groups - name: Deploy Resource Groups id: resource_groups_deployment uses: azure/arm-deploy@v1 with: scope: subscription subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }} region: ${{ env.AZURE_LOCATION }} template: ${{ github.workspace }}/infra/ResourceGroups/deploy.resourceGroups.json parameters: ${{ github.workspace }}/infra/ResourceGroups/params.resourceGroups.json tags='${{ env.AZURE_TAGS }}' # Log out from Azure - name: Log out from Azure id: azure_logout uses: azure/cli@v1 with: azcliversion: latest inlineScript: | az logout
I think you have to put the line between quotes, did you try understanding?
parameters: "${{ github.workspace }}/infra/ResourceGroups/params.resourceGroups.json tags='${{ env.AZURE_TAGS }}'"And better to use https://docs.microsoft.com/en-us/azure/active-directory/develop/workload-identity-federation
vRune4
commented
7 months ago When googling "azure/arm-deploy json array parameter" this issue is the first hit.
After reading the comments above, I'm none the wiser.
I've tried escaping quotes, encapsulating the whole thing with a single quote and without escapes, and... No go. & gh variable set ELASTIC_POOL_SKU --env dev --body '''{\"name\": \"BasicPool\", \"tier\": \"Basic\", \"capacity\": 50}''' is my last attempt at setting a variable.
parameters: >
el_sku=${{vars.ELASTIC_POOL_SKU}}
Result: Error: ERROR: Failed to parse string as JSON: '{\maxSizeBytes":5242880000, "perDatabaseSettings":{"maxCapacity": 5, "minCapacity": 0}}' el_sku='{"name": "BasicPool", "tier": "Basic", "capacity": 50}'
Which leads me to believe I should not have escaped the double quotes.
So... Change that so that gh variable list shows:
ELASTIC_POOL_PROPERTIES {"maxSizeBytes":5242880000, "perDatabaseSettings":{"maxCapacity": 5, "minCapacity": 0}}
Error: ERROR: Failed to parse string as JSON: {maxSizeBytes:5242880000, Error detail: Expecting property name enclosed in double quotes: line 1 column 2 (char 1)
Wait... What?!? gh variable list clearly disagrees. "maxSizeBytes" is definitively quoted.
anthony-c-martin
commented
7 months ago @vRune4 A shot in the dark, but here's what I would try:
Setting the variable:
& gh variable set ELASTIC_POOL_SKU --env dev --body '{"name": "BasicPool", "tier": "Basic", "capacity": 50}'Using the variable:
parameters: >
el_sku='${{vars.ELASTIC_POOL_SKU}}'parameters: > el_sku='${{vars.ELASTIC_POOL_SKU}}'
Quoting the value is one of the things I tried.
It expands into:
parameters: services.json location=norwayeast environment=dev retention=7 project_name=smartskill ip_list=[] elastic_pool_properties='{"maxSizeBytes":5242880000, "perDatabaseSettings":{"maxCapacity": 5, "minCapacity": 0}}' el_sku='{"name": "BasicPool", "tier": "Basic", "capacity": 50}' adAdminUser='***'
(the last parameter is a secret)
Error: ERROR: Failed to parse string as JSON: '{maxSizeBytes:5242880000, Error detail: Expecting value: line 1 column 1 (char 0)
If the error message is to be believed, the double quote goes AWOL somewhere along the way. (I am reworking this to single parameters now)
Hello.
Is it possible to use a JSON array as a parameter value in the parameters input? For example parameters: param1=
Thank you.