Closed MateuszPeczek closed 1 month ago
@vhvb1989 @weikanglim can you take a look? related issue https://github.com/Azure/azure-dev/issues/3795
@MateuszPeczek , please add the env var:
AZD_INITIAL_ENVIRONMENT_CONFIG: $(AZD_INITIAL_ENVIRONMENT_CONFIG)
as mentioned here: https://learn.microsoft.com/en-us/azure/developer/azure-developer-cli/configure-devops-pipeline?tabs=azdo#create-a-pipeline-definition
When you run azd pipeline config
, azd creates a secret with the content from the config.json in the environment. You need to use this env var for the first step that runs azd in the pipeline to make azd to re-construct the initial configuration based on it.
For example, for your pipeline, it would be:
- task: AzureCLI@2
displayName: Provision Infrastructure
inputs:
azureSubscription: azconnection
scriptType: bash
scriptLocation: inlineScript
inlineScript: |
cd src/IntegrationEngine.AppHost
azd provision --no-prompt
env:
AZURE_SUBSCRIPTION_ID: $(AZURE_SUBSCRIPTION_ID)
AZURE_ENV_NAME: $(AZURE_ENV_NAME)
AZURE_LOCATION: $(AZURE_LOCATION)
# This env var is required only by the first step that uses azd (provision, up, deploy, etc) to create the env config
AZD_INITIAL_ENVIRONMENT_CONFIG: $(AZD_INITIAL_ENVIRONMENT_CONFIG)
Also, you can use the setup-azd@0
step to install azd, like here: https://github.com/Azure-Samples/todo-csharp-sql/blob/main/.azdo/pipelines/azure-dev.yml#L16C11-L16C22 (if you can add it to your Azdo org).
Thanks @vhvb1989 , this solved my issue, It could be a good idea to give the same information as an example code in those two places. As you can see, the documentation page I've pasted originally misses that information about AZD_INITIAL_ENVIRONMENT_CONFIG variable.
Is there a way to retrieve the secret generated from the config.json other than running a azd pipeline config
? That command creates quite a few resources that I have already stood up. I'm getting the same error that MateuszPeczek was seeing, but I'd rather not run the azd pipeline config
command. I believe once I can get ahold of this secret, then adding it to my Azure DevOps library set with a key name of AZD_INITIAL_ENVIRONMENT_CONFIG
will fix the error above in the same way it fixed the issue for MateuszPeczek.
@flutteryscrubbers , sure, you can manually set the secret. Try doing this:
azd env list
. The default=true
is the environment used by default when you don't set the e
flag.config.json
file locally at .azure/<environment name>/config.json
and copy its content to a new file.infra.parameters
key, like:
*** If you don't see that section, you can manually add it. Use the name of the input parameters you defined in your AppHost
vault
(if it is present), like
*** This key is to save secrets outside the repository (in local user's directory). If the vault
key is present, it means that some of the parameter's value are secrets, and its value would look like:
vault://...
value with the actual value you want to set on CI/CD. Look at this quick example. For a config like:You should convert it to something like:
lmk if you face any issues.
I created a new issue to allow folks not to use the AZD_INITIAL_ENVIRONMENT_CONFIG
and define unique secrets/variables in CI for each input: https://github.com/Azure/azure-dev/issues/4162
Hi @MateuszPeczek, since you haven’t asked that we “/unresolve
” the issue, we’ll close this out. If you believe further discussion is needed, please add a comment “/unresolve
” to reopen the issue.
@flutteryscrubbers , sure, you can manually set the secret. Try doing this:
- Find out the environment name you are currently using. You can run
azd env list
. Thedefault=true
is the environment used by default when you don't set thee
flag.- Find the
config.json
file locally at.azure/<environment name>/config.json
and copy its content to a new file.- There should be an
infra.parameters
key, like:*** If you don't see that section, you can manually add it. Use the name of the input parameters you defined in your AppHost
- Remove the key
vault
(if it is present), like*** This key is to save secrets outside the repository (in local user's directory). If the
vault
key is present, it means that some of the parameter's value are secrets, and its value would look like:
- Replace any
vault://...
value with the actual value you want to set on CI/CD. Look at this quick example. For a config like:You should convert it to something like:
- Having your file ready, copy the content and create the secret for your CI provider (azdo or gh). The content of the secret is the raw json content.
lmk if you face any issues.
Hi @vhvb1989, sorry I don't follow.... how do I use a value or seret value form a YML variable or variable group? Thanks!
Output from
azd version
azd version 1.9.5 (commit cd2b7af9995d358aab33c782614f801ac1997dde)Describe the bug After running
azd pipeline config --provider azdo
(based on steps in: https://learn.microsoft.com/en-us/dotnet/aspire/deployment/azure/aca-deployment-github-actions?tabs=windows&pivots=azure-pipelines) and deploying pipeline to DevOps project I'm receiving error on provisioning step:To Reproduce
azd init --from-code --environment dev
on AppHost projectazd pipeline config --provider azdo
and provide secrets for dependencies.Expected behavior Provisioning of all services as in given example.
Environment Azure Devops Pipelines
VS 2022 v17.10.5
Additional context Devops Pipeline:
config.json from .env file (guids replaced by
...
)When providing values for secrets, I've tried both wrapping them in "" and without it without any change.