Josh-01
commented
3 years ago Hi @ackermann81 ,
This behaviour is by design - the resources (with approvals and checks) in the stage are evaluated before the stage is run. Since the build agent name is inferred from a config and then used in next job , could you please try the following:
` stages:
- stage: SetStage
jobs:
- job: SetJob
pool:
vmimage: Windows-latest
steps:
- checkout: none
- task: PowerShell@2 name: SetTask inputs: targetType: 'inline' script: | Write-Output "##vso[task.setvariable variable=buildagent;isOutput=true]INT"
- job: SetJob
pool:
vmimage: Windows-latest
steps:
- stage: Stage2
variables:
agent: $[ stageDependencies.SetStage.SetJob.outputs['SetTask.buildagent'] ]
jobs:
- job: test
pool:
name: $(agent)
steps:
- checkout: none
- task: PowerShell@2 inputs: targetType: 'inline' script: | Write-Output "HALLO $env:Test" env: Test: $(agent) `
- job: test
pool:
name: $(agent)
steps:
Not sure if you have already tried this and this has not worked. Please do let me know. Thanks!
thesattiraju
ackermann81
Hi, Short introduction for our current setup. We have around 50 customers with different environments to build. OnPrem we only had a fixed set of environments and had fixed the build agents for these stages. We choose the stages by Stagedependencies to a output variable set daone at the first CreatePackage Stage and that worked well. The approvals were set on the Build Agents and we can define several environments to keep track of the installation status of each customer. Now with the move to azure we see that the buildagents we need to use are more spreaded and different. So we started to set them by variable. We have a Set condition Job to determine the agent from the configuration file and transporting the chosen agent to the next job. This works he is choosing the right agent. What is not working is to create the approval query. As it wasn´t and also can´t be done at Stage start he is missing now the approval and can´t use the agent with the error:
[error]The job is using protected resource(s) for which checks have not been evaluated queue: INT. For more details, refer to https://aka.ms/pipelinechecks.
If i remove the Approval the Pipeline runs through successfully. So i get the problem Approvals are done at stage begin and if it wasn´t done i won´t get it. But here it is starting to get worse. We tried several other approaches like setting Stage Variables and using these Stage Variables to set the Agent. But as he is already setting the agent at Job start he can´t instantiate the stage variable and will try to get an agent with name ''. So the Set Condition Job was the only successful approach for us. We also tried to place the checks on the environment and take a universal Agentpool and chose by demand where to deploy. But the result is the same at Stage start the Environment isn´t set and we cannot get the Approval query.
So what would be the right approach as it is not only the buildagent we need to change dynamically? Its also important for the service endpoints for our resource creation and other stuff. Everything works well if i remove the Approvals but this is not an option for us.
Example Yaml: name: $(buildid) trigger: none stages:
stage: SetStage jobs: job: SetJob pool: vmimage: Windows-latest steps: checkout: none task: PowerShell@2 name: SetTask inputs: targetType: 'inline' script: | Write-Output "##vso[task.setvariable variable=buildagent;isOutput=true]INT" job: GetBuildDynamicAgent dependsOn: SetJob variables: agent: $[ dependencies.SetJob.outputs['SetTask.buildagent'] ] pool: name: $(agent) steps: checkout: none task: PowerShell@2 inputs: targetType: 'inline' script: | Write-Output "HALLO $env:Test" env: Test: $(agent)