Deployment variables not being passed to pipeline step

David Geary June 17, 2022

I'm trying to use the atlassian/azure-web-apps-deploy pipe to deploy a web api to an Azure app service, but the deployment variables aren't being passed in.

I've started by adding a step into `bitbucket-pipelines.yml`, with "test" as the deployment:

- step:
name: Deploy API service
deployment: test
script:
- pipe: atlassian/azure-web-apps-deploy:1.0.1
variables:
AZURE_APP_ID: $AZURE_APP_ID
AZURE_PASSWORD: $AZURE_PASSWORD
AZURE_TENANT_ID: $AZURE_TENANT_ID
AZURE_RESOURCE_GROUP: 'workery-test'
AZURE_APP_NAME: 'workery-admin-api-test'
ZIP_FILE: 'example.api-$BITBUCKET_BUILD_NUMBER.zip'

 Then, in the repository's deployment settings, I've added corresponding variables:

deployment variables.png

But when I run the pipeline, it appears that the variables aren't being set and the script is just using "$AZURE_APP_ID", etc, as a literal value, as shown in the build output:

+ docker container run \
--volume=/opt/atlassian/pipelines/agent/build:/opt/atlassian/pipelines/agent/build \
--volume=/opt/atlassian/pipelines/agent/ssh:/opt/atlassian/pipelines/agent/ssh:ro \
--volume=/usr/local/bin/docker:/usr/local/bin/docker:ro \
--volume=/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes:/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes \
--volume=/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes/atlassian/azure-web-apps-deploy:/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes/atlassian/azure-web-apps-deploy \
--workdir=$(pwd) \
--label=org.bitbucket.pipelines.system=true \
--env=BITBUCKET_STEP_TRIGGERER_UUID="$BITBUCKET_STEP_TRIGGERER_UUID" \
--env=BITBUCKET_REPO_FULL_NAME="$BITBUCKET_REPO_FULL_NAME" \
--env=BITBUCKET_GIT_HTTP_ORIGIN="$BITBUCKET_GIT_HTTP_ORIGIN" \
--env=BITBUCKET_PROJECT_UUID="$BITBUCKET_PROJECT_UUID" \
--env=BITBUCKET_REPO_IS_PRIVATE="$BITBUCKET_REPO_IS_PRIVATE" \
--env=BITBUCKET_WORKSPACE="$BITBUCKET_WORKSPACE" \
--env=BITBUCKET_DEPLOYMENT_ENVIRONMENT_UUID="$BITBUCKET_DEPLOYMENT_ENVIRONMENT_UUID" \
--env=BITBUCKET_REPO_OWNER_UUID="$BITBUCKET_REPO_OWNER_UUID" \
--env=BITBUCKET_BRANCH="$BITBUCKET_BRANCH" \
--env=BITBUCKET_REPO_UUID="$BITBUCKET_REPO_UUID" \
--env=BITBUCKET_PROJECT_KEY="$BITBUCKET_PROJECT_KEY" \
--env=BITBUCKET_DEPLOYMENT_ENVIRONMENT="$BITBUCKET_DEPLOYMENT_ENVIRONMENT" \
--env=BITBUCKET_REPO_SLUG="$BITBUCKET_REPO_SLUG" \
--env=CI="$CI" \
--env=BITBUCKET_REPO_OWNER="$BITBUCKET_REPO_OWNER" \
--env=BITBUCKET_STEP_RUN_NUMBER="$BITBUCKET_STEP_RUN_NUMBER" \
--env=BITBUCKET_BUILD_NUMBER="$BITBUCKET_BUILD_NUMBER" \
--env=BITBUCKET_GIT_SSH_ORIGIN="$BITBUCKET_GIT_SSH_ORIGIN" \
--env=BITBUCKET_PIPELINE_UUID="$BITBUCKET_PIPELINE_UUID" \
--env=BITBUCKET_COMMIT="$BITBUCKET_COMMIT" \
--env=BITBUCKET_CLONE_DIR="$BITBUCKET_CLONE_DIR" \
--env=PIPELINES_JWT_TOKEN="$PIPELINES_JWT_TOKEN" \
--env=BITBUCKET_STEP_UUID="$BITBUCKET_STEP_UUID" \
--env=BITBUCKET_DOCKER_HOST_INTERNAL="$BITBUCKET_DOCKER_HOST_INTERNAL" \
--env=DOCKER_HOST="tcp://host.docker.internal:2375" \
--env=BITBUCKET_PIPE_SHARED_STORAGE_DIR="/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes" \
--env=BITBUCKET_PIPE_STORAGE_DIR="/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes/atlassian/azure-web-apps-deploy" \
--env=AZURE_APP_ID="$AZURE_APP_ID" \
--env=AZURE_APP_NAME="workery-admin-api-test" \
--env=AZURE_PASSWORD="$AZURE_PASSWORD" \
--env=AZURE_RESOURCE_GROUP="workery-test" \
--env=AZURE_TENANT_ID="$AZURE_TENANT_ID" \
--env=ZIP_FILE="workery.api.admin-$BITBUCKET_BUILD_NUMBER.zip" \
--add-host="host.docker.internal:$BITBUCKET_DOCKER_HOST_INTERNAL" \
bitbucketpipelines/azure-web-apps-deploy:1.0.1
Unable to find image 'bitbucketpipelines/azure-web-apps-deploy:1.0.1' locally
1.0.1: Pulling from bitbucketpipelines/azure-web-apps-deploy
ff3a5c916c92: Pulling fs layer
471170bb1257: Pulling fs layer
d487cc70216e: Pulling fs layer
9358b3ca3321: Pulling fs layer
d4d73eb5841d: Pulling fs layer
9f415444218d: Pulling fs layer
125e6a08cb0b: Pulling fs layer
916559c791cf: Pulling fs layer
0186b42ee688: Pulling fs layer
050cccc5820a: Pulling fs layer
b5746912eb9b: Pulling fs layer
18711e7a33e6: Pulling fs layer
6c735c858592: Pulling fs layer
0356a960dc92: Pulling fs layer
2cc7cd602945: Pulling fs layer
0186b42ee688: Waiting
050cccc5820a: Waiting
b5746912eb9b: Waiting
18711e7a33e6: Waiting
6c735c858592: Waiting
9358b3ca3321: Waiting
0356a960dc92: Waiting
2cc7cd602945: Waiting
d4d73eb5841d: Waiting
9f415444218d: Waiting
916559c791cf: Waiting
125e6a08cb0b: Waiting
471170bb1257: Download complete
ff3a5c916c92: Download complete
ff3a5c916c92: Pull complete
9358b3ca3321: Verifying Checksum
9358b3ca3321: Download complete
471170bb1257: Pull complete
d487cc70216e: Verifying Checksum
d487cc70216e: Download complete
d4d73eb5841d: Verifying Checksum
d4d73eb5841d: Download complete
916559c791cf: Download complete
125e6a08cb0b: Verifying Checksum
125e6a08cb0b: Download complete
9f415444218d: Verifying Checksum
9f415444218d: Download complete
d487cc70216e: Pull complete
9358b3ca3321: Pull complete
b5746912eb9b: Verifying Checksum
b5746912eb9b: Download complete
d4d73eb5841d: Pull complete
050cccc5820a: Verifying Checksum
050cccc5820a: Download complete
0186b42ee688: Verifying Checksum
0186b42ee688: Download complete
18711e7a33e6: Verifying Checksum
18711e7a33e6: Download complete
6c735c858592: Verifying Checksum
6c735c858592: Download complete
0356a960dc92: Verifying Checksum
0356a960dc92: Download complete
2cc7cd602945: Verifying Checksum
2cc7cd602945: Download complete
9f415444218d: Pull complete
125e6a08cb0b: Pull complete
916559c791cf: Pull complete
0186b42ee688: Pull complete
050cccc5820a: Pull complete
b5746912eb9b: Pull complete
18711e7a33e6: Pull complete
6c735c858592: Pull complete
0356a960dc92: Pull complete
2cc7cd602945: Pull complete
Digest: sha256:827be0e17a482114b6a9caceedbf1bed6abba544fe5902c456fc8bf1ab4a17cb
Status: Downloaded newer image for bitbucketpipelines/azure-web-apps-deploy:1.0.1
INFO: Signing in...
az login --service-principal --username $AZURE_APP_ID --password $AZURE_PASSWORD --tenant $AZURE_TENANT_ID
ERROR: No subscriptions were found for '$AZURE_APP_ID'. If this is expected, use '--allow-no-subscriptions' to have tenant level accesses
INFO: Starting deployment to Azure app service...
az webapp deployment source config-zip --resource-group workery-test --name workery-admin-api-test --src workery.api.admin-6.zip
ERROR: Please run 'az login' to setup account.
ERROR: Please run 'az login' to setup account.

As the output shows, the variables being set in the config - AZURE_APP_NAME, AZURE_RESOURCE_GROUP and ZIP_FILE - are correct, but the deployment variables are not.  This results in authentication failing when deployment to Azure starts.

So can anyone point out where I'm going wrong in my config?

 

1 answer

1 accepted

2 votes
Answer accepted
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 20, 2022

Hello @David Geary ,

You are not able to see the value of those variables directly in the logs because you have configured them as secure variables, so their value is masked from the logs for security reasons. If a value matching a secured variable appears in the logs, Pipelines will replace it with $VARIABLE_NAME.

In order to check the value of those variables you can output them to a file, and make that file available as an artifact, as the below example :

- step:
name: Deploy API service
deployment: test
script:
- echo $AZURE_APP_ID >> my_variables.txt
- echo $AZURE_PASSWORD >> my_variables.txt
- echo $AZURE_TENANT_ID >> my_variables.txt
- pipe: atlassian/azure-web-apps-deploy:1.0.1
variables:
AZURE_APP_ID: $AZURE_APP_ID
AZURE_PASSWORD: $AZURE_PASSWORD
AZURE_TENANT_ID: $AZURE_TENANT_ID
AZURE_RESOURCE_GROUP: 'workery-test'
AZURE_APP_NAME: 'workery-admin-api-test'
ZIP_FILE: 'example.api-$BITBUCKET_BUILD_NUMBER.zip'
artifacts:
- my_variables.txt

After the build finishes, the file should be available in the artifacts tab of that build, so you can download and verify if the values of the variables are correct.

Another option is to edit one of those variables, for example, AZURE_APP_ID,  and uncheck the option Secure, so when you run the pipeline again, the value of that variable will not be masked in the logs and you will be able to confirm if its value is indeed correct.

Hope that helps! Let me know if you have any questions.

Thank you @David Geary .

Kind regards,

Patrik S

David Geary June 21, 2022

Of course the values aren't shown in the logs - they're secrets!  Duh! ;-)

Thanks for pointing out the blindingly obvious - I need that sometimes!

Like # people like this

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events