Azure pipeline stageList parameter to extend template

1
votes

I'm trying to pass stage list from azure pipeline shown below

# File: azure-pipelines.yml
trigger:
- master

extends:
  template: start_stage.yml
  parameters:
    cdstages:  
    - stage: secure_buildstage
      pool: Hosted VS2017
      jobs:
      - job: secure_buildjob
        steps:
        - bash: echo This happens before code 
          displayName: 'Base: Pre-build'
        - bash: echo Building
          displayName: 'Base: Build'

        - bash: echo This happens after code
          displayName: 'Base: Signing'

    - stage: secure_deploystage
      pool: Hosted VS2017
      jobs:
      - job: secure_deployjob
        steps:
        - bash: echo This happens before code 
          displayName: 'Base: Pre-build'
        - bash: echo Building
          displayName: 'Base: Build'

        - script: echo This happens after code
          displayName: 'Base: Signing'

to extend template shown below

parameters:
- name: cdstages # the name of the parameter is buildSteps
  type: stageList # data type is StepList
  default: [] # default value of buildSteps
stages:
- ${{ each stage in parameters.cdstages }}:
  - ${{ each job in stage.jobs }}:
    - ${{ each step in job.steps }}:
      - ${{ each pair in step }}:
          ${{ if ne(pair.value, 'CmdLine@2') }}:
            ${{ pair.key }}: ${{ pair.value }}       
          ${{ if eq(pair.value, 'CmdLine@2') }}: 
            '${{ pair.value }}': error

The goal is to take stage list and validate if users are only running steps approved by firm's compliance team.

I'm getting error [enter image description here][1

not sure why getting "task" error, there are no task keywords used anywhere. Any help?

1
azure-devopsazure-pipelinesazure-pipelines-release-pipelineazure-pipelines-yaml
Hi @Sanjeev, is there any update for this issue? Feel free to let me know if the answer could give some help. Just a reminder of this. - Kevin Lu-MSFT
as per this docs.microsoft.com/en-us/azure/devops/pipelines/security/… a job array can be passed and then we can access both jobs and steps in extend template, then we should be able to access stage->job->steplist - Sanjeev

1 Answers

1
votes

Based on my test , it seems that the stagelist in start_stage.yml doesn't support to add eachdirective to get deeper content (e.g. job and steps).

When you use the stagelist, it could get the stage and use it for comparison.

For example:

parameters:
- name: cdstages # the name of the parameter is buildSteps
  type: stageList # data type is StepList
  default: [] # default value of buildSteps

stages:
- ${{ each stage in parameters.cdstages }}:
  - ${{ each pair in stage }}:
      ${{ if ne(pair.value, 'abc') }}:
        ${{ pair.key }}: ${{ pair.value }}       
      ${{ if eq(pair.value, 'abc') }}: 
        '${{ pair.value }}': error

This Yaml template could work.

But when I add the each directive behind the stage to get the jobs. The jobs are is not available.

parameters:
- name: cdstages 
  type: stageList 
  default: [] 

stages:
- ${{ each stage in parameters.cdstages }}:
  - ${{ each job in stage.jobs }}:
    - ${{ each pair in job }}:
        ${{ if ne(pair.value, 'abc') }}:
          ${{ pair.key }}: ${{ pair.value }}       
        ${{ if eq(pair.value, 'abc') }}: 
          '${{ pair.value }}': error

job issue

According to your requirements, you need to get the build step and use it for comparison.

You could try to directly use the steplist type.

Here is an example about steplist, you could refer to it.

Hope this helps.