Use Variables to specify SecureFile to download in DownloadSecureFile Task #6885
Comments
|
Completely agree with this request. Not being able to use a variable or dynamically select a secure file prevents using the library for some purposes it is otherwise perfectly suited for. As mentioned here (quote below in case the link goes stale): https://stackoverflow.com/questions/49678831/how-to-use-variable-to-specify-secure-file-input-value-in-tfs-2017u2-build-and-r "Our workflows include generating new x509 certificates and pushing them into the Secure Files library and setting properties on the entries such as CN, thumbprint, SAN, etc. We then need to pull the file down to an agent for tasks later in the workflow. However, because the file is not in the library at design time, we cannot select it in the list. We tried implementing a custom download task. However, if you don't use the "securefile" input type and specify the exact file you need when defining the build, TFS won't issue a download ticket to the agent and you thus can't download the actual file (only metadata)." Any chance for a solution? |
|
is there any ETA for this enhancement? thanks, regards |
|
+1 request for this |
|
This is something we want to enable. The closest fit today would be conditional tasks or yaml templates. Both requiring knowing the file up front. |
|
Also waiting for this enhancement. Is there a workaround? |
|
This is supported via yaml but we don't have an ETA on support in the classic designer. E.g. |
|
@madhurig This doesn't work if you nest this within a job definition |
|
@madhurig still no ETA for the classic designer? thanks, regards |
|
This works today - you can use the step - task: DownloadSecureFile@1
name: CaCert
displayName: 'Download CA cert'
inputs:
secureFile: 'ca.pem'
- script: |
echo Installing $(CaCert.secureFilePath) to trusted CA directory...
sudo chown root:root $(CaCert.secureFilePath)
sudo chmod a+r $(CaCert.secureFilePath)
sudo ln -s -t /etc/ssl/certs/ $(CaCert.secureFilePath) |
|
@fume - sorry for the mixup. The original issue says you can set it in the UI, which is true; and you can set it in YAML, though it wasn't documented. I suppose I don't know what the classic design is.... |
|
@johncrim regards, F. |
|
Since we currently cannot use YAML do define Release Pipelines with the On-Prev Azure DevOps Server, we need this in the classic UI. |
|
I completely agree with @henning-krause - The lack of ability to set this in the Release pipeline is frustrating. +1 request for this feature! |
This doesn't seem to work at all, I have to specify both the certFileName and certPwd specifically, or i get an error (in the case of the certFileName it's a validation error, saying the job isn't valid) and in the case of the certPwd it clearly is including the literal "$(p12Pass)" name in the command line rather than replacing with the variable. Everything builds correctly if I specify them as literals, but not when using variables at all. This is for the InstallAppleCertificate@2 task, which looks almost exactly like the image you show. EDIT: I think the above will work if your password is just an instance variable, but if your password is a group variable that you link (which it should be, in order to secure the password) then you have to do some gymnastics. You have to redefine the group variable as a local variable, essentially.. redeclare actually, not really redefine using the alternate syntax. The reason for this seems to be that the task cannot access the group library variables directly, so you have to locally declare them at the top level. |
|
Hi, I am using a secureFile in my pipeline yaml file as below : However, this works only if I use a global variable. If the 'SECURE_FILE' variable is defined in stage or job scope, the variable is not fetched. Please note that this works fine for all other variables, and the issue is only with secureFile. Is this expected ? What is the specific issue with Stage/Job scope variables and any workaround for the same ? |
|
This does not work for me either. I want to retrieve the name of the secure file dynamically (output from another task)
|
|
This issue is stale because it has been open for 180 days with no activity. Remove the stale label or comment on the issue otherwise this will be closed in 5 days |
|
This issue is still relevant. I want this feature to pass the name of a secure file to a task group in my pipeline. |
|
+1 |
|
Just found an easy workaround for this issue that might partially fix the problem on the classic UI, specifically it may helps on having parametrized taskgroup containing this task.
The UI won't help as it still won't show the variable in the taskgroup, it eventually show it in the release if the input type is It is as dirty as it seems. |
|
The solution described below may help somebody get around the problem. You can use parameters instead of variables. And in template.yml: |
|
Use compile time template expression |
|
@bandarlogen , @amarkevich this could work for YAML pipelines but not for Classic UI Pipelines |
|
Looking for this feature to use variable for downloading secure file in Classic(UI) pipelines, instead of selecting from drop down for every release.. |
|
Amazing. Very impressive
…On Thu, 4 Aug 2022 at 14:51, Matteo Marenghi ***@***.***> wrote:
Just found an easy workaround for this issue that might partially fix the
problem on the classic UI, specifically it may helps on having parametrized
taskgroup containing this task.
- Create a taskgroup containing the DownloadSecureFileV1 task (you can
obviously add as many task as you want).
- Manually edit the json so that you can pass to the
DownloadSecureFileV1 task the variable as below
"inputs":{
"secureFile":"$(secureFile)",
"retryCount":"3",
"socketTimeout":""
},
- Then define a new input as below
{
"aliases":[],
"options":{},
"properties":{},
"name":"secureFile",
"label":"secureFile",
"defaultValue":"",
"required":true,
"type":"secureFile", # or "type":"string",
"helpMarkDown":"",
"groupName":""
}
The UI won't help as it still won't show the variable in the taskgroup, it
eventually show it in the release if the input type is secureFile. No way
to have evidence in the UI of the file name if the input type is string.
Anyway while running the release it succesfully download the file (tested
adding a task that print the content of the file)
It is as dirty as it seems.
—
Reply to this email directly, view it on GitHub
<#6885 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAB2QOB7EHGUAKGQ6IJTI7DVXPDELANCNFSM4EZAONKQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
|
This issue is stale because it has been open for 180 days with no activity. Remove the stale label or comment on the issue otherwise this will be closed in 5 days |
|
This issue is not stale by any means.... It's still relevant... |
|
no stale even after 5 years! 😄 |
|
Definitely not stale. We need this! |
|
Absolutely still needed! @fume time to open another 5 year long request? |
|
Just ran into this issue. Would really appreciate if this gets fixed. |
|
Same issue for us. |
|
Same here, ran into this issue yesterday. |
|
I found a dirty workaround. I'm using a yaml template where one of the parameters comes from a variable group (with the $(foo) syntax). |
|
Now that's a creative workaround 😁 |
|
Same issue; would like to use a variable group variable for the secureFile value. |
max-zaytsev
added
regression
|
Ran into similar problem. Would wish this problem to be fixed. |
KonstantinTyukalov
added
Area: ABTT
|
What does ABTT mean? Anyone? |
I'm pretty sure it stands for Akvelon Build Task Team |
and others
Hi,
this is not an issue but just a suggestion about the DownloadSecureFile task.
I think that could be very useful to be able to specify the SecureFile name via a variable, but the "secureFile" type only allows the selection via UI. This will also allow to create parametrized Task groups containing this task.
thanks, regards
The text was updated successfully, but these errors were encountered: