Versions Compared

Old Version 6

changes.mady.by.user John McKeever

Saved on

compared with

New Version 7

changes.mady.by.user John McKeever

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Create the variable group, recording the id (referred to later as <GROUP_ID>). Regular variables (not the secret value variables we use for passwords) can be added at this time (<VARIABLES> is entered as variable=value, each pair separated by a space)

    Code Block
    $> az pipelines variable-group create \
  --name <VRAIABLE_GROUP_NAME> \
  --variables <VARIABLES> \
  --authorize true \
  --description <GROUP_DESCRIPTION> \
  --organization <ORGANISATION_URL> \
  --project <PROJECT_NAME>

  2. Add secret value variables to the group individually for MCIPASSWORD and IISPASSWORD

    Code Block
    $> az pipelines variable-group variable create \
  --org <ORGANISATION_URL> \
  --project <PROJECT_NAME> \
  --group-id <GROUP_ID> \
  --name <VARIABLE_NAME> \
  --secret true \
  --value <VARIABLE_VALUE>

Info

Note: I have seen We have observed instances in Azure DevOps where the secret value variable is created but the value is not assigned. In this case you will need to update the value manually in the Azure DevOps administration console.

...

  1. Encode the previously-created PAT as Base64. Note that the colon : inside the single quotes, before the PAT, is critical.

    Code Block
    $> echo -n ':<PERSONAL_ACCESS_TOKEN>' | base64

  2. Add the encoded value as part of the authorisation in the cURL header.

    Code Block
    $> curl POST \
-H 'Content-Type: application/json' \
-H 'Authorization: Basic <ENCODED_COLON_THEN_PAT>' \
'https://dev.azure.com/<ORGANISATION_NAME>/<PROJECT_NAME>/_apis/distributedtask/environments?api-version=5.0-preview.1' \
-d '{"description":"<ENVIRONMENT_DESCRIPTION>","name":"<ENVIRONMENT_NAME"}'

    Record the id field from the result. This is used below as <ENVIRONMENT_ID>.

  3. If the environment requires approval, use <ENVIRONMENT_NAME>, <ENVIRONMENT_ID>, <GROUP_ORIGIN_ID> and <GROUP_PRINCIPAL_NAME> to fill out the information required for the body of the request.

    Code Block
    $> curl POST \
-H 'Content-Type: application/json' \
-H 'Authorization: Basic <ENCODED_COLON_THEN_PAT>' \
'https://dev.azure.com/<ORGANISATION_NAME>/<PROJECT_NAME>/_apis/pipelines/checks/configurations?api-version=7.1-preview.1' \
-d '{"type":{"id":"8C6F20A7-A545-4486-9777-F762FAFE0D4D","name":"Approval"},"settings":{"approvers":[{"displayName":"<GROUP_PRINCIPAL_NAME>","id":"<GROUP_ORIGIN_ID>"}],"executionOrder":1,"blockedApprovers":[],"minRequiredApprovers":0,"requesterCannotBeApprover":false},"resource":{"type":"environment","id":"<ENVIRONMENT_ID>","name":"<ENVIRONMENT_NAME"}}'

Info

Note: In the creation of an Approval for an Environment, the type section ({"id":"8C6F20A7-A545-4486-9777-F762FAFE0D4D","name":"Approval"}) contains a hard-coded id value. This is not neither project or - nor pipeline-specific, rather it but is the internal id of the “Approval” class in Azure DevOps, and does not need to be changedshould be used verbatim as described here.