3

So I'm working on a bunch of pipelines and I've set everything up using yml templates. However I struggle with getting protected variable expanded inside of my template steps. I've tried passing in the protected variables by normal means, but they seem to not get expanded. Then I tried using a variable group, which I supposedly can directly reference inside of templates. I say supposedly, because Microsoft says so on their website https://learn.microsoft.com/en-us/azure/devops/pipelines/library/variable-groups?view=azure-devops&tabs=yaml:

"You can also reference a variable group in a template. In the template variables.yml, the group my-variable-group is referenced. The variable group includes a variable named myhello."

variables:
- group: my-variable-group

However, whenever I include a variables section into my template code, Azure DevOps immediately complains about it when parsing the yml, before running the pipeline. It spits out the following message:

/ymls/my-template@my-repo (Line: 1, Col: 1): Unexpected value 'variables'

I don't insist on using variable groups, I just want to have my protected variables expanded in my yml template. Does anybody know how to do that???

Any help greatly appreciated!

DanDan
  • 1,038
  • 4
  • 15
  • 28
  • I found few more detailed [here](https://rollendxavier.medium.com/use-variables-inside-azure-devops-pipelines-a9f7f1c4e137) – Raygun Oct 19 '22 at 05:19

2 Answers2

11

You should define your variable group on your main pipeline and not in the template. Then you can call your template and use the variable that you defined.

For example lets say that you have your main.yml which calls template.yml

You should define the below variable group on main.yml

variables:
- group: my-variable-group

And call the variable on your template.yml

$(MY_VARIABLE)

https://thomasthornton.cloud/2021/09/02/referencing-variable-groups-in-azure-devops-pipeline-templates/

GeralexGR
  • 2,973
  • 6
  • 24
  • 33
  • Thanks for the post, this works perfectly fine *except* for secret variables, which is my main problem. What the guy in the post is doing is a little different from what I am doing. He is using an AzureCLI@2 step, which can take an inline script and from there he can appearantly directly reference his secret variable. But for normal script steps you have to pass in secret variables, which also works for me, *except* for secret variables. – DanDan Apr 11 '22 at 08:07
1

Finally figured it out. Thanks to @GeralexGR. Turns out, when you reference a variable group in the main pipeline yml, you automatically have access to it in the template yml. But for normal script steps you still have to pass it in explicitly.

It then looks s.th. like this:

main-pipeline.yml:

variables:
- group: my-variable-group
...
jobs:
- job: my-job
  steps:
  - template: ymls/my-template.yml@my-repo
  # no need to pass in the variable group s parameter

my-template.yml:

steps:
- task: ShellScript@2
  inputs:
    scriptPath: 'my-script.sh'
    args: '$(my-secret-variable)'
DanDan
  • 1,038
  • 4
  • 15
  • 28