Azure DevOps Powershell Task for Building and Deploying Applications

The Azure DevOps PowerShell task is a powerful tool for building and deploying applications. It allows you to automate complex tasks with ease.

With Azure DevOps, you can create a PowerShell script that can be run as a task in your pipeline, making it easy to automate repetitive tasks. This can save you a significant amount of time and effort.

The PowerShell task can be used to build and deploy applications to various environments, including Azure, on-premises, and other cloud platforms. This flexibility makes it a popular choice among developers and DevOps engineers.

You can also use the PowerShell task to run custom scripts that are specific to your organization's needs, making it a highly customizable tool.

Curious to learn more? Check out: Azure Devops Use Service Connection in Powershell Task

To set up the Azure DevOps PowerShell task, you'll need to create a new pipeline and add the task to it.

The task requires a PowerShell script, which can be written in a file or directly in the task's input field.

A different take: Create Task Group Azure Devops

You'll also need to specify the version of PowerShell you want to use, as Azure DevOps supports multiple versions.

The task's input field can be used to write the PowerShell script directly, which can be beneficial for small scripts or scripts that don't require a lot of editing.

The script can include variables, which can be used to customize the script's behavior.

You can also use the task's output variable to capture the result of the PowerShell script.

The task's input field supports multi-line input, which is useful for scripts that contain multiple lines of code.

Expand your knowledge: Azure Key Vault Task

To create the script for your Azure DevOps PowerShell task, it's essential to start with a new file. I put my script in a new file called New-Password.ps1.

The script should be designed to perform the actual task, and you can find an example script version in the article. The script path should be specified correctly in the build definition.

You can use the same script I used last week, but change it up a bit to fit your needs. I removed the sample from the script to maintain a consistent structure.

To add the VstsTaskSdk module to your task, you'll need to save it to a folder called ps_modules in your task folder. Save the module using the cmdlet Save-Module –Name VstsTaskSdk –Path .\[taskname]\ps_modules –Force.

The module will be stored in a subfolder showing its version, but you'll need to copy the files from the 0.x folder and place them directly in the VstsTaskSdk folder. Remove the version-named folder to achieve the desired result.

Explore further: Do You Need Powershell for Azure

To create the script, you'll need to add a PowerShell script that performs the actual task. The example script is a good starting point, and you can find a version of the task script here.

This script was used last week, but it's been modified to work with the task at hand. You can put this script in a new file called New-Password.ps1 to keep things organized.

Removing the sample from the script will give you a clean slate to work with. This will allow you to focus on adding the necessary cmdlets to catch input.

To create a manifest file, you need one more file called vss-extension.json. The syntax of this file can be found by following a link, but it's not necessary to set all options.

The documentation for this file is very well written and can help you out, so don't worry if you're not sure what to do. You can create a simple file like the one I created for my password generator.

The vss-extension.json file can be a lot shorter than you might think, and many of the properties are self-explanatory. For example, you can leave out the property publisher, as it will be set in the following step.

Using a build.ps1 script is a great way to make your project buildable locally, which is a big plus for flexibility. This approach also makes it easy to switch to a different build system if needed.

The build.ps1 script takes care of everything else in your pipeline, as demonstrated by the author who uses it with AppVeyor. This script is the backbone of your build process.

Having a build.ps1 script allows you to decouple your build process from a specific build system, giving you more freedom to choose the tools you need. This is a key benefit of using a build.ps1 script.

Expand your knowledge: Azure Devops Ticketing

To configure the PowerShell task in Azure DevOps, you'll need to shape the task.json file to fit your script. The syntax for task.json can be found on GitHub.

You can change the properties in task.json to suit your needs, but many of them speak for themselves or can be left at the default. The Inputs section is where you define the parameters your script uses.

For example, if you want to set three parameters like Length, isPlainText, and ResultName, you can replace the input with the following: {"helpMarkDown": "Set to true to get an output in plain text"}.

Configuring your PowerShell task's JSON file is a crucial step in getting everything set up correctly. The syntax for this can be found on GitHub.

You'll want to start by looking at the inputs section of your task.json file. Here, you can define the parameters your script uses. In my experience, it's best to keep this section concise and focused on the essential parameters.

For example, let's say you want to set three parameters: Length, isPlainText, and ResultName. You can replace the input with the following: {"helpMarkDown": "Set to true to get an output in plain text"}.

The full syntax for the task.json file can be quite extensive, so don't be afraid to refer back to GitHub if you need a refresher.

A unique perspective: Set Subscription Azure Powershell

The PowerShell task is incredibly versatile, allowing you to accomplish just about anything. It's often the go-to solution when there isn't a specific DevOps task available.

You can use the PowerShell task to output environment variables to the logs, which can be super helpful when setting up a Pipeline. This can also give you a sense of what's available variable-wise, depending on the trigger of the run.

The script can be an inline script or run from a file, and it works on both Windows and Linux agents. This versatility makes it a valuable tool in your Pipeline setup.

Being able to see what paths the built-in path variables actually map to can be a huge help, especially when files need to be moved around.

Intriguing read: Azure Devops Pipeline Webhook

In the classic experience, the variable group must be declared in the Variables tab beforehand, allowing the inline script to reference the secret directly via $(kvTestSecret).

You can also map a variable group to a KeyVault, giving access to the secret kvTestSecret, and reference it directly via $env:MY_MAPPED_ENV_VAR_KV in your inline script.

To make this work, you'll need to add the env:parameter at each task, as this is a required statement for mapped environment variables.

In the classic experience, both local variables and variable groups must be declared in the Variables tab beforehand, and the syntax for referencing them in inline scripts is similar: $env:normalVariable.

For instance, you could have a variable group declared as myVariableGroup linked to KeyVault, and then reference the secret kvTestSecret directly via $env:MY_MAPPED_ENV_VAR_KV in your inline script.

In general, the PowerShell script will require a binding statement at the top, as shown in the content of testArg.ps1.

See what others are reading: Azure Devops Variable Groups

A NuGetApiKey environment variable can be created by adding a new variable in the Variables tab, specifying the API key, and then clicking the little padlock icon to secure it.

To use this variable in your script, you'll need to map it into your script by adding the API key as an environment variable in the PowerShell build step, using the same name and syntax: $(NuGetApiKey).

Discover more: Azure Devops Api Documentation

In Azure Pipelines, a mapped environment variable is created by linking a variable group to a KeyVault, giving access to a secret. This is shown in Example 1, where the variable group myVariableGroup is linked to KeyVault, allowing access to the secret kvTestSecret.

To reference the secret in an inline script, you use the syntax $env:MY_MAPPED_ENV_VAR_KV. For instance, you can use Write-Host "Mapped ENV from KeyVault VG: $env:MY_MAPPED_ENV_VAR_KV" to print the value of the secret.

The key statement here is that the env:parameter is required at each task, as seen in Example 1. This is a crucial detail to keep in mind when working with mapped environment variables in Azure Pipelines.

Additional reading: Azure Devops Environment Approval

When using PowerShell to retrieve secrets, you can leverage the existing wiring to get the secret from the script. This approach requires an access policy in Azure Key Vault for the Azure DevOps project application principal with List/Get permissions on Secrets.

The PowerShell cmdlet Get-AzKeyVaultSecret can be used for this purpose. The syntax is similar in every configuration.

In every configuration, the Key Vault name and Secret name should be retrieved via variables. These variables can be inherited from environment variables.

To use the Get-AzKeyVaultSecret cmdlet, you'll need to have an access policy in Azure Key Vault with the necessary permissions. This policy should grant List/Get permissions on Secrets to the Azure DevOps project application principal.

Readers also liked: Azure Devops Repository Permissions