Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Deployment variables not being passed to pipeline step

I'm trying to use the atlassian/azure-web-apps-deploy pipe to deploy a web api to an Azure app service, but the deployment variables aren't being passed in.

I've started by adding a step into `bitbucket-pipelines.yml`, with "test" as the deployment:

- step:
name: Deploy API service
deployment: test
- pipe: atlassian/azure-web-apps-deploy:1.0.1
AZURE_RESOURCE_GROUP: 'workery-test'
AZURE_APP_NAME: 'workery-admin-api-test'
ZIP_FILE: 'example.api-$'

 Then, in the repository's deployment settings, I've added corresponding variables:

deployment variables.png

But when I run the pipeline, it appears that the variables aren't being set and the script is just using "$AZURE_APP_ID", etc, as a literal value, as shown in the build output:

+ docker container run \
--volume=/opt/atlassian/pipelines/agent/build:/opt/atlassian/pipelines/agent/build \
--volume=/opt/atlassian/pipelines/agent/ssh:/opt/atlassian/pipelines/agent/ssh:ro \
--volume=/usr/local/bin/docker:/usr/local/bin/docker:ro \
--volume=/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes:/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes \
--volume=/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes/atlassian/azure-web-apps-deploy:/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes/atlassian/azure-web-apps-deploy \
--workdir=$(pwd) \
--label=org.bitbucket.pipelines.system=true \
--env=CI="$CI" \
--env=DOCKER_HOST="tcp://host.docker.internal:2375" \
--env=BITBUCKET_PIPE_SHARED_STORAGE_DIR="/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes" \
--env=BITBUCKET_PIPE_STORAGE_DIR="/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes/atlassian/azure-web-apps-deploy" \
--env=AZURE_APP_NAME="workery-admin-api-test" \
--env=AZURE_RESOURCE_GROUP="workery-test" \
--env=ZIP_FILE="workery.api.admin-$" \
--add-host="host.docker.internal:$BITBUCKET_DOCKER_HOST_INTERNAL" \
Unable to find image 'bitbucketpipelines/azure-web-apps-deploy:1.0.1' locally
1.0.1: Pulling from bitbucketpipelines/azure-web-apps-deploy
ff3a5c916c92: Pulling fs layer
471170bb1257: Pulling fs layer
d487cc70216e: Pulling fs layer
9358b3ca3321: Pulling fs layer
d4d73eb5841d: Pulling fs layer
9f415444218d: Pulling fs layer
125e6a08cb0b: Pulling fs layer
916559c791cf: Pulling fs layer
0186b42ee688: Pulling fs layer
050cccc5820a: Pulling fs layer
b5746912eb9b: Pulling fs layer
18711e7a33e6: Pulling fs layer
6c735c858592: Pulling fs layer
0356a960dc92: Pulling fs layer
2cc7cd602945: Pulling fs layer
0186b42ee688: Waiting
050cccc5820a: Waiting
b5746912eb9b: Waiting
18711e7a33e6: Waiting
6c735c858592: Waiting
9358b3ca3321: Waiting
0356a960dc92: Waiting
2cc7cd602945: Waiting
d4d73eb5841d: Waiting
9f415444218d: Waiting
916559c791cf: Waiting
125e6a08cb0b: Waiting
471170bb1257: Download complete
ff3a5c916c92: Download complete
ff3a5c916c92: Pull complete
9358b3ca3321: Verifying Checksum
9358b3ca3321: Download complete
471170bb1257: Pull complete
d487cc70216e: Verifying Checksum
d487cc70216e: Download complete
d4d73eb5841d: Verifying Checksum
d4d73eb5841d: Download complete
916559c791cf: Download complete
125e6a08cb0b: Verifying Checksum
125e6a08cb0b: Download complete
9f415444218d: Verifying Checksum
9f415444218d: Download complete
d487cc70216e: Pull complete
9358b3ca3321: Pull complete
b5746912eb9b: Verifying Checksum
b5746912eb9b: Download complete
d4d73eb5841d: Pull complete
050cccc5820a: Verifying Checksum
050cccc5820a: Download complete
0186b42ee688: Verifying Checksum
0186b42ee688: Download complete
18711e7a33e6: Verifying Checksum
18711e7a33e6: Download complete
6c735c858592: Verifying Checksum
6c735c858592: Download complete
0356a960dc92: Verifying Checksum
0356a960dc92: Download complete
2cc7cd602945: Verifying Checksum
2cc7cd602945: Download complete
9f415444218d: Pull complete
125e6a08cb0b: Pull complete
916559c791cf: Pull complete
0186b42ee688: Pull complete
050cccc5820a: Pull complete
b5746912eb9b: Pull complete
18711e7a33e6: Pull complete
6c735c858592: Pull complete
0356a960dc92: Pull complete
2cc7cd602945: Pull complete
Digest: sha256:827be0e17a482114b6a9caceedbf1bed6abba544fe5902c456fc8bf1ab4a17cb
Status: Downloaded newer image for bitbucketpipelines/azure-web-apps-deploy:1.0.1
INFO: Signing in...
az login --service-principal --username $AZURE_APP_ID --password $AZURE_PASSWORD --tenant $AZURE_TENANT_ID
ERROR: No subscriptions were found for '$AZURE_APP_ID'. If this is expected, use '--allow-no-subscriptions' to have tenant level accesses
INFO: Starting deployment to Azure app service...
az webapp deployment source config-zip --resource-group workery-test --name workery-admin-api-test --src
ERROR: Please run 'az login' to setup account.
ERROR: Please run 'az login' to setup account.

As the output shows, the variables being set in the config - AZURE_APP_NAME, AZURE_RESOURCE_GROUP and ZIP_FILE - are correct, but the deployment variables are not.  This results in authentication failing when deployment to Azure starts.

So can anyone point out where I'm going wrong in my config?


1 answer

1 accepted

2 votes
Answer accepted
Patrik S Atlassian Team Jun 20, 2022

Hello @David Geary ,

You are not able to see the value of those variables directly in the logs because you have configured them as secure variables, so their value is masked from the logs for security reasons. If a value matching a secured variable appears in the logs, Pipelines will replace it with $VARIABLE_NAME.

In order to check the value of those variables you can output them to a file, and make that file available as an artifact, as the below example :

- step:
name: Deploy API service
deployment: test
- echo $AZURE_APP_ID >> my_variables.txt
- echo $AZURE_PASSWORD >> my_variables.txt
- echo $AZURE_TENANT_ID >> my_variables.txt
- pipe: atlassian/azure-web-apps-deploy:1.0.1
AZURE_RESOURCE_GROUP: 'workery-test'
AZURE_APP_NAME: 'workery-admin-api-test'
ZIP_FILE: 'example.api-$'
- my_variables.txt

After the build finishes, the file should be available in the artifacts tab of that build, so you can download and verify if the values of the variables are correct.

Another option is to edit one of those variables, for example, AZURE_APP_ID,  and uncheck the option Secure, so when you run the pipeline again, the value of that variable will not be masked in the logs and you will be able to confirm if its value is indeed correct.

Hope that helps! Let me know if you have any questions.

Thank you @David Geary .

Kind regards,

Patrik S

Of course the values aren't shown in the logs - they're secrets!  Duh! ;-)

Thanks for pointing out the blindingly obvious - I need that sometimes!

Like # people like this

Suggest an answer

Log in or Sign up to answer

Atlassian Community Events