Reputation: 59
Set password on published zip artifact in azure pipeline
I have this azure pipeline which creates a zip file of the build output. is there any way to set password on that created zip file automatically from the pipeline ? With a password taken from the user when running the pipeline, I mean the user get popup to type the password he needs to protect the artifact with.
variables:
solution: '**/*.sln'
buildPlatform: 'Any CPU'
buildConfiguration: 'Release'
steps:
- task: NuGetToolInstaller@1
- task: NuGetCommand@2
inputs:
restoreSolution: '$(solution)'
- task: VSBuild@1
inputs:
solution: '$(solution)'
msbuildArgs: '/p:DeployOnBuild=true /p:WebPublishMethod=Package /p:PackageAsSingleFile=true /p:SkipInvalidConfigurations=true /p:DesktopBuildPackageLocation="$(build.artifactStagingDirectory)\WebApp.zip" /p:DeployIisAppPath="Default Web Site"'
platform: '$(buildPlatform)'
configuration: '$(buildConfiguration)'
- task: VSTest@2
inputs:
platform: '$(buildPlatform)'
configuration: '$(buildConfiguration)'
- task: CopyFiles@2
displayName: 'Copy Files to: $(Build.ArtifactStagingDirectory)'
inputs:
# SourceFolder: '$(agent.builddirectory)'
Contents: |
**\ABBExpressionPlugin.dll
TargetFolder: '$(Build.ArtifactStagingDirectory)'
- task: ArchiveFiles@2
inputs:
rootFolderOrFile: '$(Build.ArtifactStagingDirectory)'
includeRootFolder: true
archiveType: 'zip'
tarCompression: 'gz'
archiveFile: '$(Build.ArtifactStagingDirectory)/$(Build.BuildId).zip'
replaceExistingArchive: true
- task: PublishBuildArtifacts@1
inputs:
PathtoPublish: '$(Build.ArtifactStagingDirectory)'
ArtifactName: 'ibaPlugInDLL'
publishLocation: 'Container'
Upvotes: 0
Views: 1316
Answers (2)
Reputation: 2883
I found a semi-solution to this old question but surprisingly nothing has really changed in DevOps from the supported tasks point of view.
TL;DR this is not supported and may break in the future, but you can use this builtin, at least on Ubuntu agents. Windows agents may use the equivalent Windows build of Info-ZIP but I haven't tested it.
- task: CmdLine@2
inputs:
workingDirectory: 'folder'
script: |
/usr/bin/zip --password $(zipPassword) --recurse-paths /path/to/file.zip .
Don't use the --encrypt option, as it is interactive.
Disclaimer
There is no guarantee any tools that come with the current agent will:
- remain the same version/compatible
- keep shipping with the agent
See this answer for more information.
Verify
Using an Ubuntu agent, at the time of writing, ArchiveFiles@2 uses /usr/bin/zip in the backend. You can see this by inspecting the log file. The following task:
- task: ArchiveFiles@2
inputs:
rootFolderOrFile: 'folder'
archiveType: 'zip'
archiveFile: '/path/to/file.zip'
produces the command /usr/bin/zip -r /path/to/file.zip folder from the working directory folder.
/usr/bin/zip --version produces the output
Copyright (c) 1990-2008 Info-ZIP - Type 'zip "-L"' for software license.
This is Zip 3.0 (July 5th 2008), by Info-ZIP.
Currently maintained by E. Gordon. Please send bug reports to
the authors using the web page at www.info-zip.org; see README for details.
Latest sources and executables are at ftp://ftp.info-zip.org/pub/infozip,
as of above date; see http://www.info-zip.org/ for other sites.
Compiled with gcc 11.2.0 for Unix (Linux ELF).
The Info-ZIP webpage is still there, but most links are broken. Using the wayback machine you can see the documentation here.
Further enhancements
Note the order of arguments. It must be zip [options] <archive> <inpath ...>
With this, you can add a list of excluded file/directory names and make various other customisations:
- task: CmdLine@2
inputs:
workingDirectory: 'folder'
script: |
/usr/bin/zip --password $(zipPassword) --exclude @exclude.lst --recurse-paths /path/to/file.zip .
Upvotes: 0
Reputation: 30432
is there any way to set password on that created zip file automatically from the pipeline ?
You can use the extension Secure Zip with Secure Zip task to create a zip archive that is protected by a password in pipeline. And use another Secure Unzip task to extract a password protected zip file.
However, it will not popup a window asking you to enter your password, because the pipeline is not interactive if your are running as a service. You can set a secret variable in pipeline and set a password as the value. Then you can use the variable in the tasks to encrypt and decrypt the zip files.
- task: ArchiveFilesWithEncryption@2
inputs:
Source: '$(Build.ArtifactStagingDirectory)'
Dest: '$(Build.ArtifactStagingDirectory)/$(Build.BuildId).zip'
Encryption: '$(secure)'
- task: ExtractFilesWithEncryption@1
inputs:
Source: '$(Build.ArtifactStagingDirectory)/$(Build.BuildId).zip'
Dest: '$(Build.ArtifactStagingDirectory)/$(Build.BuildId)'
Encryption: '$(secure)'
Upvotes: 1
Related Questions
- How to manually publish a file to Azure Artifacts?
- How to add credential for private nuget feed into Azure DevOps Pipelines?
- How to connect/ authenticate a azure devops pipeline to artifacts
- Using published pipeline artifact in azure devops using YAML
- How to upload zip file on remote server using Azure DevOps
- Password Protection a ZIP file using Azure Data Factory
- Azure Pipelines secure file unique identifier
- Maven release:perform on azure pipeline fails as it can't read password for the repo
- How to get the secure signed artifacts from Azure devops pipeline agent
- Azure build pipeline - published zip file