search

microsoft / AL-Go

The plug-and-play DevOps solution for Business Central app development on GitHub
MIT License
267 stars 113 forks source link

[Bug]: Deploy to Environment #1136

Closed pzentner closed 4 weeks ago

pzentner commented 1 month ago

Using: AL-Go-Preview (current)

We have environments configured in GitHub (UAT, for instance) and have an environment secret "AUTHCONTEXT" created with the proper Json in there. However, when we run the CI/CD pipeline, it throws the following errors when trying to deploy the apps to the environment.

Did anything change in the way this is working or has to be defined? It used to work (not sure exactly when last).

Waiting for other process executing ReadSecrets
Other process completed ReadSecrets
Masking value for ClientSecret
Trying to get the secret (UAT-AuthContext) from the github environment.
Trying to get the secret (UAT-AuthContext) from Key Vault (*****).
Module Az.KeyVault is available in version 6.0.1
Importing module Az.KeyVault (minimum version 5.2.0)
Connecting to Azure using clientId and clientSecret.
Selecting subscription ***
Successfully connected to Azure
Trying to get the secret (UAT_AuthContext) from the github environment.
Trying to get the secret (UAT_AuthContext) from Key Vault (*****).
Error: Unexpected error when running action. Error Message: Error trying to get secrets from Azure Key Vault. Error was Operation returned an invalid status code 'BadRequest' Code: BadParameter Message: The request URI contains an invalid name: UAT_AuthContext, StackTrace: at GetKeyVaultSecret, C:\1\_work\_actions\microsoft\AL-Go\5eeeec54ab7e6a9d97701effe[42](https://github.com/***/***/actions/runs/9858901855/job/27290709587#step:6:44)0ef74bda08c67\Actions\ReadSecrets\ReadSecretsHelper.psm1: line 150 <- at GetSecret, C:\1\_work\_actions\microsoft\AL-Go\5eeeec54ab7e6a9d97701effe420ef74bda08c67\Actions\ReadSecrets\ReadSecretsHelper.psm1: line 186 <- at <ScriptBlock>, C:\1\_work\_actions\microsoft\AL-Go\5eeeec54ab7e6a9d97701effe420ef74bda08c67\Actions\ReadSecrets\ReadSecrets.ps1: line 88 <- at <ScriptBlock>, C:\1\_work\_temp\ed2defd3-3cb5-4bde-bb87-26a618228d5e.ps1: line 4 <- at <ScriptBlock>, <No file>: line 1
Error: Process completed with exit code 1.
freddydk commented 1 month ago

Looks like a bug. We did some changes to this area, which shouldn't have affected the functionality though. Do you have an AZURE_CREDENTIALS defined with access to a keyvault? Are you using the keyvault for secrets?

If you change to use microsoft/AL-Go-PTE@main -. I assume it works then?

pzentner commented 1 month ago

I changed it to use microsoft/AL-Go-PTE@main and yes, it is working. I also have the AZURE_CREDENTIALS defined with access to a keyvault and am using the keyvault for secrets, but not for the environment secrets.

freddydk commented 1 month ago

The reason for this issue is that this powershell command:

Get-AzKeyVaultSecret -VaultName "BuildVariables" -Name 'UAT-AUTHCONTEXT'

will return the secret if it exists or null if it doesn't, whereas this command

Get-AzKeyVaultSecret -VaultName "BuildVariables" -Name 'UAT_AUTHCONTEXT'

Will throw due to an illegal secret name.

GitHub secrets allows '_', but not '-' Azure DevOps keyvault allows '-', but not '_'

Therefore, we look for both, but it obviously shouldn't throw.

freddydk commented 4 weeks ago

Shipped in preview