TechTips

The Issue We have used SonarQube and the OWASP Dependency Checker Plugin for many years to perform analysis and vulnerability checking within our Azure DevOps Pipelines. Recently, whilst picking up an old project for a new phase of development, I came across a couple of problems due to changes in both tools since the project CI/CD pipelines were last run. The OWASP Dependency Checker vulnerabilities were not appearing in SonarQube as issues The OWASP Dependency Checker HTML report could not (always) be loaded in SonarQube The issues were just down to changes in both tools over time. It just goes to show that you can’t just setup a CI/CD system and expect it work forever, changes are always being introduced in cloud based tools. ...

Introduction Previously Rik Hepworth has posted on ‘Importing bicep lint output as test results in Azure DevOps pipelines’. In his post he showed how you could move from using the ARM-TTK to validate ARM templates to using the built inBicep Linter. Rik’s solution involved taking the Bicep Lint output and converting it via the .SARIF format to JUnit so that it could be published to an Azure DevOps pipeline run as a set of test results. ...

Introduction Last year I posted on how to create your own Azure DevOps maintenance jobs. This solution has been working well for me, until the Azure DevOps Service connection’s Entra ID Service Principle secret expired. So, I thought it well worth revisiting the creation of this maintenance job but this time using Workload Identity federation to authenticate, and hence never again have to worry about the secret expiring. Updated Setup Process Note: This is a modification to the creation of the service connection, but the core the maintenance job setup remains the same as in my original post ...

The Issue Whilst refreshing an end-to-end devops demo, one I use for both Azure DevOps and GitHub, I hit a problem. The new Playwright UX Tests, that were replacing old Selenium ones, were failing on the GitHub hosted runner. The strange thing was the same tests worked perfectly on: My local development machine The Azure DevOps hosted runner And strangest of all, a GitHub self hosted runner The Solution Adding some logging to the tests showed the actual issue was that on the GitHub hosted runner the code to count the rows in an HTML table was always returning 0. ...

The Issue I have been recently refreshing a GitHub end-to-end demo I use for talks and workshops that I had not looked at for a while. It shows how legacy code bases can be deployed with GitHub Actions and Azure App Services. The demo uses MSDeploy to deploy a ASP.NET web application to Azure App Services. The MSDeploy package is created as part of the GitHub Action workflow. The workflow uses a PowerShell script to do the deployment using the following: ...

Background Our on premise build agents, though using the same image as the Microsoft hosted agents (generated using Packer, as I have previously posted about), have some extra setup done by Lability as they are deployed to a Hyper-V host. Most of this is specific to the needs of running on Hyper-V e.g. setting up networking, creating a 2nd disk to act as a working store for the build agent, and of course installing the Azure DevOps agent itself. ...

Background We have for many years based our Azure DevOps build and release pipelines on on-premise agents. This was done to provide a means to scale up each agent using ‘bigger & faster’ local VMs then the Microsoft Hosted agents provided, and to utilise spare Hyper-V hosts we had after moving services such as SharePoint to Office 365. To provide consistency of build agent experience to our developers, we decided we wished to use the same VM images on our on-premise agents as used by the Microsoft’s hosted agent pools. I have blogged previously on the process of creating these images with Packer and deploying them to Hyper-V with Lability. This is a process we still follow every couple of months to keep the images reasonably up to date. ...

Azure DevOps Server 2022.2 has recently been released. Unexpectedly this minor 2022.2 release includes a change in supported versions of SQL, SQL2017 support has been dropped. So, if someone attempted an upgrade from 2022.1 to 2022.2 they will get the error “TF255146: The SQL Server instance you specified (nnnnn) is version ‘SQL Server 2017 RTM’, which is not supported by this version of Azure DevOps Server. For more information about supported versions of SQL Server, visit https://www.visualstudio.com/docs/setup-admin/requirements " ...

The Issue Yesterday I posted about converting ARM output variables to Azure DevOps pipeline variables Whilst using the pattern I discussed we hit an interesting problem. On my test pipeline I had the following YAML and it was working as expected. - task: PowerShell@2 displayName: Obtain Azure Deployment outputs inputs: targetType: 'inline' script: | if (![string]::IsNullOrEmpty( $env:deploymentOutputs )) { $DeploymentOutputs = convertfrom-json $env:deploymentOutputs $DeploymentOutputs.PSObject.Properties | ForEach-Object { $keyname = $_.Name $value = $_.Value.value Write-Host "The value of [$keyName] is [$value]" Write-Host "##vso[task.setvariable variable=$keyname]$value" } } However, on the first production project I tried this on, the script ran but did not create the expected variables. The issue was that the variable $env:deploymentOutputs was empty, even though the ARM deployment had completed successfully and the outputs were available in the pipeline debug logs. ...

The Issue Historically, we have used Kees Schollaart’s ARM Outputs Azure DevOps task to convert the output from an ARM template deployment into a variable that can be used in a subsequent Azure DevOps pipeline task, using the general form - task: AzureResourceManagerTemplateDeployment@3 displayName: Deploy the main template inputs: deploymentScope: 'Resource Group' azureResourceManagerConnection: 'ARMConnEndpoint' subscriptionId: '$(SubscriptionId)' action: 'Create Or Update Resource Group' resourceGroupName: '$(ResourceGroup)' location: '$(AzureRegion)' templateLocation: 'Linked artifact' csmFile: '$(Pipeline.Workspace)/ARMtemplates/azuredeploy.json' overrideParameters: >- -staticSitelocation "westeurope" -projectName "$(projectName)" -env "$(environment)" deploymentMode: 'Incremental' - task: ARM Outputs@6 displayName: Obtain outputs from the deployment of the Main Deploy name: 'MainDeployOutput' inputs: ConnectedServiceNameSelector: 'ConnectedServiceNameARM' ConnectedServiceNameARM: 'ARMConnEndpoint' resourceGroupName: '$(ResourceGroup)' whenLastDeploymentIsFailed: 'fail' This process has been working well until we upgraded our service connections to workload identity federation. As soon as we did this the ARM Outputs@6 task started failing with the error message ...