Grant "Pipeline Resources Use and Manage" for System.AccessToken
I have an Azure DevOps pipeline where I am generating an https://learn.microsoft.com/en-us/azure/devops/pipelines/process/environments?view=azure-devops, then I trigger new pipelines that target these environment. Before I do this, however, I am allowing pipelines to be used in this environment with the following script: $EnvironmentId = (terraform output -raw devops_environment_id) $base64EncodedPat = [Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes("-:$(System.AccessToken)")) $apiHeaders = @{ Authorization = "Basic $base64EncodedPat"} Write-Host "Getting environments for ID $EnvironmentId" # Get all agent pools, and filter by naming convention on name of "environment-$EnvironmentId" $deploymentTargetsRaw = (Invoke-WebRequest ` -Headers $apiHeaders ` -Uri "https://dev.azure.com/MyOrganisation/_apis/distributedtask/pools?poolType=deployment&api-version=7.1-preview.1").Content $deploymentTargets = $deploymentTargetsRaw | ConvertFrom-Json -Depth 100 $resources = @( @{ resource = @{ type = "environment" id = $EnvironmentId } allPipelines = @{ authorized = $true } } ) $deploymentTargets.value ` | Where-Object { $_.name.StartsWith("environment-$EnvironmentId") } ` | ForEach-Object { Write-Host "Matched agent ID $($_.id) because it has name $($_.name)" $resources += @{ resource = @{ type = "agentpool" id = $_.id } allPipelines = @{ authorized = $true } } } #Now disable pipeline granting permissions on all agentpools and the environment $result = Invoke-WebRequest ` -Headers $apiHeaders ` -Uri "https://dev.azure.com/MyOrganisation/MyProject/_apis/pipelines/pipelinepermissions?api-version=7.1-preview.1" ` -Body (ConvertTo-Json $resources) ` -Method Patch ` -ContentType "application/json" Write-Host "Status = $($result.StatusCode) granting resources for $($resources.Length) resources in environment $EnvironmentId" Write-Host "response from API call`r`n$($result.Content)" This has, however, stopped working because Azure DevOps have released a new PAT scope https://learn.microsoft.com/en-gb/azure/devops/release-notes/2023/sprint-215-update#new-pat-scope-for-managing-pipeline-authorization-and-approvals-and-checks, which the $(System.AccessToken) does not have. Does anyone know if it is possible to grant this scope to the $(System.AccessToken)?GitHub App authentication for Azure Pipelines causes webhooks to dissapear
Greetings, we are using GitHub as the code repository service together with Azure DevOps Pipelines for CI/CD. All the pipelines need to have their triggers authenticated to GitHub in order for the pipelines to trigger Authentication works either with personal OAuth Service Connections or via the Azure Pipelines App for GitHub The recommended way is using the Pipelines App The problem: when I authenticate the pipeline trigger via the GitHub Azure Pipelines App, the webhooks from the repository which the pipeline is pointing to dissapear and the automatic triggering stops working! To make the issue even more ridiculous - we have 5 pipelines but only with 4 of them this happens! One is working completely fine with with the recommended GitHub App authentication. What I tried: Recreating service connections in Azure DevOps Reinstalling the Azure Pipelines GitHub App Recreating the pipelines Nothing worked, I am forced to use OAuth which is always throwing a warning to switch to app authentication because it's better performing and more reliable. Quite ridiculous to recommend a certain way of doing things, then making it work less reliable than the not-recommended way. Anyone has any ideas? Thanks in advance.
Sudden errors with pipelines and artefacts: Can't download artifacts from other pipelines
Hi, since today I'm experiencing issues with the DownloadArtifactPipeline suddenly. What we do is basically downloading an artifact from a different pipeline. ##[error]No builds currently exist in the pipeline definition supplied. This is strange because it worked flawlessly before, has something changed with this task? Or have someone experienced the same issue before - task: DownloadPipelineArtifact@2 displayName: 'Download Pipeline Artifact' inputs: source: 'specific' project: 'xxxx' pipeline: '2303' buildVersionToDownload: 'latestFromBranch' branchName: 'refs/heads/main' path: '$(Pipeline.Workspace)/stages'
