Reputation: 9906
Create a tag during a release pipeline in azure-devops
Setup
When running a release pipeline, i do
- consume a artifact of build-pipeline projectA ( which uses the repository projectA )
- this artifact is a node package build
- I will inject (re-version) the package version ( using a pipeline variable
VERSION) and then release to the npm registry as the final step
Goal
Beside all the build / release tasks work, we have one specific issue, and that is the missing checkout of the repository in the release step. We do not want to have the repository for actually "rebuilding" something, but for tagging the commit we build using the variable $VERSION and pushing it the the repository.
Issue
I do know how to get the commit hash of our source project repository build ( env var Build.SourceVersion ) and the repository name ( env var Build.Repository.Name ), but i do not understand how i actually would get the repository checked out since i miss the credentials.
Right now i have the repository on Github ( private repository ), might though also move to a private Bitbucket.
The actual concrete question is, how would one checkout the repository with
- either using a static name
- or using
Build.Repository.Name
And with
- either a generic task ( some git repo )
- or a specific SCM repo task ( like
checkout-from-githuborcheckout-from-bitbucketusing some sort of service connection ).
I assume i need some sort of credentials, in my current case it would be some sort of Github access token or similar ( oAuth )?
Upvotes: 13
Views: 17444
Answers (2)
Reputation: 295
There were additional steps to interact with the git repo in my instance. I managed to automate tag creation to the commit of an associated build artifact with the following:
New command prompt or PowerShell script task
(Working directory = $(System.DefaultWorkingDirectory)/{source-alias}/)
git config --global user.email "[email protected]"
git config --global user.name "Azure DevOps Pipeline"
git init
git remote add origin https://$(System.AccessToken)@dev.azure.com/{organization}/{project}/_git/{repo-name}
git fetch origin {branch-name}
git tag -a {new-tag-name} $(Release.Artifacts.{source-alias}.SourceVersion) -m "new-release"
git push origin {new-tag-name}
- {source-alias} = DevOps' Artifacts' source alias (usually has an underscore prefix)
- $(System.AccessToken) = System variable in all release pipelines. Make sure you've set Allow scripts to access the OAuth token on the Agent job so this is populated
- {organization} = your DevOps' organisation
- {project} = your DevOps' project
- {repo-name} = your DevOps' repository name
- {branch-name} = name of the git branch you're adding a tag to
- {new-tag-name} = name of the tag you'd like to add to the build's latest commit
- $(Release.Artifacts.{source-alias}.SourceVersion) = System variable to obtain the git commit from your release artifact for this specific build
In my instance, setting the git origin with a PAT token $(System.AccessToken) was important to overcome auth issues with git.
I also had to grant specific git privileges to the DevOps' build user. Accessed via Project settings -> Repositories -> {repo-name} -> Security - then selecting "Project Collection Build Service ({project})", and setting "Allow" on:
- Contribute
- Create tag
- Read
Note: I had two users with similar names:
- Project Collection Build Service
- Project Collection Build Service {project}
I had to assign the privileges to the latter, the user which included the name of my project in brackets
Screen to apply security settings currently looks as below (this is not showing the correct user to apply to)
Upvotes: 0
Reputation: 2560
So I am not sure if you are using GUI based Releases or the newer multi-stage pipeline feature.
For the classic release GUI you can add an Artifact that is your Github repository from the release definition editor. When you go to add the Artifact it will ask you to configure the service connection back to github, or you can use an existing connection.
In the release definition editor at the Agent Job level, you will want to be sure to check the Allow scripts to access the OAuth token
From there navigate to the release directory that contains your repository and then you can push a tag.
cd $(Agent.ReleaseDirectory)\_enufacas_azureDevOps.Postman
git tag Rel-$(Build.BuildNumber)
git push --tags
The multi-stage pipeline also has a similar path using the checkout task
Upvotes: 14
Related Questions
- How to automatically create a Build Pipeline TAG (not a GIT TAG) after a successful build?
- Azure devops Create custom tags
- Triggering a Release pipeline when adding git tag in Github
- Setting up tags on resource creation stage through Azure CLI
- Azure Devops Unable to create release trigger based on Github tag
- Can I create a tag automatically after PR approved in target branch in azure devops?
- Associated tags in an Azure DevOps release
- How to add/use a build tag?
- Automatically Tagging a PR Build in Azure Devops
- Adding a tag to the build doesn't trigger release?