Azure DevOps pipeline not recognizing pipeline variable in Bash script (not using a YAML file)

Question

The Azure DevOps pipeline has this variable:

Name: pat
Value: Git repo authentication token

The pipeline has a Bash script task. It is set to filepath. Filepath is set to script.sh. script.sh begins with:

git clone https://username:$(PAT)@dev.azure.com/company/project/_git/repo-name

Errors in pipeline logs:

PAT: command not found
Cloning into 'repo-name'...
fatal: Authentication failed for 'https://dev.azure.com/healthcatalyst/CAP/_git/docs-template/'

To validate that the authentication token and repo URL are accurate, I can verify this works when run as inline code:

git clone https://username:$(pat)@dev.azure.com/company/project/_git/repo-name

script.sh file is in repo-name.

However, environment variables work. Both of the following return the accurate value within the script. Note that one has no quotes and the other does.

echo $BUILD_REPOSITORY_NAME
repo-name

echo "$BUILD_REPOSITORY_NAME"
repo-name

Based on documentation I've seen (I am having difficulty with Microsoft's docs because I am not using a YAML file), I've tried unsuccessfully:

$pat
$PAT
$(PAT)
"$(PAT)"
gitToken=echo $PAT

Does anyone know what I'm doing wrong? Thank you for any tips.

Simon30 · Accepted Answer

Is your PAT variable a secret variable ?

If so, then it's not directly accessible in script files

As you can see in the documentation: https://learn.microsoft.com/en-us/azure/devops/pipelines/process/variables?view=azure-devops&tabs=yaml%2Cbatch#secret-variables

Unlike a normal variable, they are not automatically decrypted into environment variables for scripts. You need to explicitly map secret variables.

Example:

...  
  env:
    MY_MAPPED_ENV_VAR: $(mySecret) # the recommended way to map to an env variable

Or if you are using the visual editor, like that:

Azure DevOps pipeline not recognizing pipeline variable in Bash script (not using a YAML file)

Answers (2)

Related Questions