0

In the classic release pipeline when you rerun a release build the same variables that were used when the release was initially created were used. In multi stage pipeline I am seeing the value is picked freshly/newly when even when we rerun the existing deployed stage.

Expected: Use the same variable which was used in the initial run rather than using the new one.

The variable which I am referring being overridden is read from Keyvault which is kept in the Azure DevOps variable group.

https://github.com/MicrosoftDocs/azure-devops-docs/issues/7663

spazm
  • 4,399
  • 31
  • 30
Raju Rh
  • 127
  • 1
  • 9

2 Answers2

2

Any changes made centrally to a variable group, such as a change in the value of a variable or the addition of new variables, will automatically be made available to all the definitions or stages to which the variable group is linked. In YAML pipeline, to use a variable from a variable group, you need to add a reference to the group in your YAML file:

variables:
- group: my-variable-group

So each time you run or rerun a YAML pipeline, it will get the variables from the variable group. If there is any changes made to variable group, the pipeline will get the new changes.

While in the classic release pipeline, the variables won't change in the variable group linked to an existing release, so when you redeploy the pipeline or stages, you can still use the original variables.

enter image description here

It's the default behavior of classic release pipeline and YAML pipeline, we can not change it.

Cece Dong - MSFT
  • 29,631
  • 1
  • 24
  • 39
  • Not exactly with classic release pipeline, it keeps a snapshot of the variables so if you redeploy the release it picks the previous release version variable value, not the new one. I myself validated and been using this feature in the classic release pipeline for quite a long time. Same when I am trying with multi stage pipeline it's always picking new value when I rerun the previous release which is the question I am asking here. – Raju Rh Jan 13 '21 at 20:19
  • I am referring to the below issue https://github.com/MicrosoftDocs/azure-devops-docs/issues/7663 – Raju Rh Jan 13 '21 at 20:31
  • Yes, you are correct and this is what I mentioned in my reply. In the classic release pipeline, the variables won't change in the variable group linked to an existing release (keep a snapshot of the variables). But in YAML pipeline, to use a variable from a variable group, you need to add a reference to the group in your YAML file, each time you run or rerun a YAML pipeline, it will get the variables from the variable group. If there is any changes made to variable group, the YAML pipeline will get the new changes. Unfortunately, we can not change this behavior in YAML build. – Cece Dong - MSFT Jan 14 '21 at 09:35
  • Ok, thanks - in that case, it's a breaking change and as an end-user we never able to redeploy the same version in the above scenario. I am seeing this behavior with Azure Key Vault referenced variable group as well. What is the alternatives apart from keeping variables with in the pipeline :( which will be bad solution. – Raju Rh Jan 14 '21 at 20:08
  • You may try to create multiple Key vault, and use Azure Key Vault Task in your pipeline: https://github.com/microsoft/azure-pipelines-tasks/blob/master/Tasks/AzureKeyVaultV1/README.md. – Cece Dong - MSFT Jan 15 '21 at 09:51
  • I tried with the Azure Key Vault task rather than referencing the variable group. Even with the Azure Key Vault task when the stage is rerun it picks the latest value from Azure Key Vault which leads to the same problem. – Raju Rh Jan 19 '21 at 01:25
  • I mean you may need to create multiple Key vaults to store the old and new keys. When you need to use the old values, select the old Key vault. – Cece Dong - MSFT Jan 19 '21 at 09:46
0

I know this is an old question, but as I found myself here looking for a solution to this issue I thought I'd add an answer/work around for anyone else who may require it.

As already answered, with yaml pipelines, the library variables will always retrieve the current variable value from the variable group even if re-running an old completed pipeline.

As a work around solution I have done the following:

  • Previously in my pipeline, in a single stage I would replace tokens in our yaml files with variables from our variable group and then immediately apply the yaml files in Kubernetes.
  • I removed the replace tokens step from that stage of the pipeline and put it into its own stage, earlier in the pipeline.
  • Inside my replace token stage, after the tokens are replaced I publish each yaml file into my artifact staging directory, example code below:
    - publish: '$(Build.ArtifactStagingDirectory)/deployment.yaml'
      artifact: 'deployment'
      displayName: 'Publishing the deployment yaml file'
  • Back to the stage of my pipeline where the yaml files are applied. I first download the published yaml files as per the code below:
    - task: DownloadPipelineArtifact@2
      inputs:
        artifactName: 'deployment'
        targetPath: $(Build.ArtifactStagingDirectory)/bin
  • When applying the yaml files, I now point the command to the downloaded artifact versions e.g. $(Build.ArtifactStagingDirectory)/bin/deployment.yaml

The downloaded versions of the yaml files still contain the variable values from when the file was first published. Therefore if you need to re-run an old pipeline, the old variable values will be used. The published yaml files exist for as long as the record of your pipeline exists in Azure DevOps.

kuytsce
  • 47
  • 7