I defined variable groups for my various environments with a variable board.subscription
which specifies the Azure Service Connection to be used in WebApp deployment.
These variable groups are referenced for the deployment jobs:
name: $(Date:yyyyMMdd)-$(Rev:r)
trigger:
- master
- dev
- feature/*
- bug/*
stages:
- stage: build
...
- stage: deploy_test
displayName: deploy to TEST
dependsOn: build
variables:
- group: 'Test-Deployment'
jobs:
- template: azure-pipelines/deploy.yml
parameters:
environment: TEST
- stage: deploy_prod
displayName: deploy to PROD
dependsOn: deploy_test
variables:
- group: 'Production-Deployment'
jobs:
- template: azure-pipelines/deploy.yml
parameters:
environment: PROD
and then the variable is used in the deploy.yml
file:
parameters:
environment: ''
agentImage: 'ubuntu-latest'
jobs:
- deployment: ${{ parameters.environment }}
displayName: deploy to ${{ parameters.environment }}
environment: ${{ parameters.environment }}
pool:
vmImage: ${{ parameters.agentImage }}
strategy:
runOnce:
deploy:
steps:
- download: current
artifact: drop
- task: AzureWebApp@1
inputs:
azureSubscription: '$(board.subscription)'
appName: '$(board.functionapp)'
However when queueing the pipeline, the expression seems to be evaluated before the variable is populated which leads to this error:
There was a resource authorization issue: "The pipeline is not valid. Job TEST: Step input azureSubscription references service connection $(board.subscription) which could not be found.
When I use a literal value for azureSubscription
it is working fine.
Question: Can this evaluation be delayed or is there another way for not having the Service Connection Name hardcoded in the YAML file?