0

I created AzureDevOps pipeline for CodeQL scanner analysis. I am using Powershell sript in the YAML file. I need to pass the token stored in environmental variable UPLOAD_TOKEN.

It looks that passing output from one pipe to another does not work on Azure while the same script works successfully locally on Powershell.

The script in YAML file that does not work (authentication fails):

Write-Output $env:UPLOAD_TOKEN | codeql github upload-results --repository=xxxxx --sarif=$(Build.SourcesDirectory)\scan-results.sarif --ref=$(Build.SourceBranch) --commit=$(Build.SourceVersion) --github-auth-stdin

Result:

A fatal error occurred: Error uploading SARIF to 'https://api.github.com/repos/....' from 'D:\a\1\s\scan-results.sarif'. REASON: HTTP/1.1 404 Not Found

The same script run locally on Powershell is successful:

Write-Output $env:UPLOAD_TOKEN | codeql github upload-results --repository=xxxx --sarif=xxxx\scan-results.sarif --ref=refs/heads/main --commit=11111111 --github-auth-stdin

I also tried to pass token in the file instead of environmental variable using Get-Content token.txt | codeql github upload-results ...... but result is the same. Error 404.

Paolo
  • 21,270
  • 6
  • 38
  • 69
Daria Łach
  • 1

1 Answers1

1

I had a similar problem: locally everything worked fine, but during the pipeline the PowerShell task failed when the standard input was redirected.

What did the trick for me: using PowerShell Core. In the PowerShell@2 task, you can specify the use of pwsh (Micorsoft: PowerShell@2 task).

(I use a local agent and had to install PowerShell Core on that agent and restart the agent, then the pipeline worked as expected.)

nibo
  • 11
  • 1
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jul 13 '23 at 20:04