VSTS任何设法使用“安全文件"的人都可以使用VSTS.在azure-pipelines.yml中? [英] VSTS anybody managed to use "secure file" in azure-pipelines.yml?

问题描述

我想在开发Azure任务中使用下载安全文件"，并且该任务在发布管道"(在发布"中)中的任务中完全按预期工作.但是，当我尝试在azure-pipelines.yml中的构建"任务中执行相同的操作时，我得到找不到文件 some-uuid ".

I would like to use "download secure file" in a dev azure task - and that works exactly as expected within a task in "release pipeline" (in "Releases"). However, when I try to do the same in a "Builds" task in azure-pipelines.yml I get "file some-uuid not found".

在官方文档中，如果在内部版本"或发布版本"中使用了自定义任务，我找不到任何区别-无论在何处使用它都仅指任务-

From the official documentation I cannot find any difference if a custom task is used in "Builds" or "Releases" - it just refers to tasks no matter where it is being used -

在azure-pipelines.yml(构建"任务)中，是否可以做一些事情来从库中访问我的安全文件之一?

Is there anything I can do to access one of my secure files from the library in an azure-pipelines.yml ("Builds" task) ?

推荐答案

我在这里找到了答案: https://github.com/Microsoft/azure-pipelines-agent/issues/1809

I found the answer here: https://github.com/Microsoft/azure-pipelines-agent/issues/1809

在 Some 情况下，Azure会在幕后以及存在以下情况时扫描"azure-pipeline.yml"找到对资源(例如库/安全文件"或服务连接")的请求，然后Azure静默设置适当的权限-这样执行构建脚本不会出错.

Under SOME circumstances Azure scans the 'azure-pipeline.yml' behind the scenes and when there is e.g. a request for a resource such as 'Library/secure file' or a 'service connection' is found then the appropriate permissions are set by Azure silently - so executing the build script won't run into an error.

但是这种对资源的扫描将不总是发生，例如提交时-仅当azure-pipeline.yml是新创建的或添加或更改了变量时.

BUT this scan for resources will NOT happen always e.g. on commit - only if the azure-pipeline.yml is created new or a variable is added or changed.

因此，诸如azure-pipeline.yml的写入/提交之类的常规编辑将不会(重新)启动这种扫描-如果以后添加需要安全文件或服务连接的任务，您将遇到一条错误消息，提示文件找不到"或权限不足".

So normal editing such as write / commit of azure-pipeline.yml will not (re-)start such a scan - and if you add tasks that requires secure file or service connection later on you will experience an error saying 'file not found' or 'insufficient permissions'.

通过权限调整实施重新扫描的最简单方法是转到变量"标签，例如将变量system.debug = false更改为true-或添加新变量foo = bar.

The easiest way to enforce a rescan with permission adjustment is to go to the variable tab and e.g. change the variable system.debug = false to true - or add a new variable foo = bar .

我无法在官方文档中找到任何这些提示或某些背景-或在与该问题有关的有用上下文中-截至撰写本文时(2018年11月)，尚不清楚是错误或功能-在任何情况下，如果Microsoft可以将此链接后面的疑难解答说明扩展为 https://aka.ms/yamlauthz 包含在错误消息中.

I was not able to find any of these hints or some background in the official docs - or not in a context which was helpful to relate to this problem - and as of this writing (Nov 2018) it is not clear if this is a bug or a feature - in any case it would be helpful if Microsoft could extend the Troubleshoot instructions behind this link https://aka.ms/yamlauthz which is included into the error message.

似乎这种扫描或不扫描"特定于构建"脚本"azure-pipeline.yml"-这就是为什么在发行"脚本中未出现此类错误的原因.

It seems that this scan-or-not-scan is specific to 'build' scripts 'azure-pipeline.yml' - that is why no such error appears in 'release' scripts.

这篇关于VSTS任何设法使用“安全文件"的人都可以使用VSTS.在azure-pipelines.yml中?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！