17

My build script uses the SYSTEM_ACCESSTOKEN environment variable.

In the designer build definition I checked Allow scripts to access the OAuth token and everything works.

After copying the designer generated YAML definition I cannot access the SYSTEM_ACCESSTOKEN environment variable.

How do I allow my YAML build to access the OAuth Token?

This is my azure-pipelines.yaml:

queue:
  name: Hosted VS2017

steps:
- checkout: self
  lfs: true
  persistCredentials: true

- powershell: ./build.ps1
Christian Held
  • 2,321
  • 1
  • 15
  • 26
  • Is there any other option available other than 'self" for the - checkout? How to checkout a different repository, if you have another repository define under resources? – phandinhlan Dec 28 '18 at 01:38
  • @phandinhlan The only options are `self` to checkout sources before build or `none` to run the build without sources. If you want to use the build for another repo, just drop the yaml file there. If you need additional repos you could checkout other sources with a script task. – Christian Held Dec 29 '18 at 20:24
  • thanks! I was struggling to find a way, but it seems there's no way. – phandinhlan Dec 30 '18 at 23:14

2 Answers2

26

I found the solution in the Pipeline Variable docs: The variable must be declared in YAML.

At pipeline level for all jobs / tasks:

variables:
  system_accesstoken: $(System.AccessToken)

jobs:
  job: ...

Or at script / task level for example PowerShell:

- powershell: ./build.ps1
  env:
      system_accesstoken: $(System.AccessToken)
Christian Held
  • 2,321
  • 1
  • 15
  • 26
  • I tried doing this but for yml, do we need to specify this variable in the Variable tab as well in the yml definition? – alchemist95 Oct 17 '18 at 08:31
  • 1
    You only need to define the variable in the yml. – Christian Held Oct 17 '18 at 09:12
  • 1
    Yes I got it. It needed to be spelled out in capitals for a third party task :) – alchemist95 Oct 18 '18 at 14:34
  • 2
    The first option, adding a pipeline-level variable, did not work for me. However, adding the environment specification for PowerShell tasks (Desktop or Core) worked. – srbrills Jul 30 '19 at 21:27
  • 1
    The name of the environment variable passed to the PowerShell task needs to be in upper-case. https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml#systemaccesstoken – Lymedo Feb 12 '20 at 20:12
  • The second option to add env in task worked for me – Yusufali2205 Feb 10 '22 at 18:26
5

This is what worked for me.

  - pwsh: |
      $pat = "Bearer $env:SYSTEM_ACCESSTOKEN"
      Write-Host "PAT is: $pat"

      $getItemsUrl = "$($env:SYSTEM_TEAMFOUNDATIONCOLLECTIONURI)$env:SYSTEM_TEAMPROJECTID/_apis/git/repositories/$(Build.Repository.ID)/items?recursionLevel=Full&includeContentMetadata=true&api-version=6.0"
      Write-Host "url: $getItemsUrl"
      $data = Invoke-RestMethod -Uri "$getItemsUrl" -Headers @{Authorization = $pat}
      Write-Host "Raw data returned from Get Items API call: $data"

      Foreach ($i in $data.value)
      {
        Write-Host "Detailed data  returned from Get Items API call: $i"
      }
    env:
     SYSTEM_ACCESSTOKEN: $(System.AccessToken)
    displayName: Power!
Louis Cribbins
  • 121
  • 1
  • 2