Someone, asked me at work if I could generate a list of Release pipelines definitions which did not have a specific task (AzSK SVT task) missing or disabled.
This was more for an internal audit purpose and can definitely be built upon.
I recently read that Az CLI got an extension support for Az DevOps.
Please read on the GitHub repository on how to install this extension for Az CLI.
Time to put this to try.
Below gist describes the steps I used in pwsh (PowerShell Core) with Az CLI & DevOps extension installed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Set the PAT as an Environment variable, put this in your profile. | |
| # I only use the CLI for read operations so make sure you grant the PAT only that access | |
| $env:AZURE_DEVOPS_EXT_PAT = "<Insert PAT Token here>" | |
| # configure the defaults for the Az DevOps extension for Az CLI to use | |
| az devops configure --defaults organization=https://dev.azure.com/dexterposh project=Test.Project | |
| # see the configured defaults | |
| az devops configure --list | |
| # fetch all the release pipelines metadata for the project | |
| $ProjectName = 'Test.Project' | |
| # Explore one of the Task Release definition to fetch the taskID | |
| # Create or reference an existing Release definition containing the task you want to look for | |
| # In my case, I created a new pipeline only with AzSK_SVTs task | |
| $dummyReleaseDef = az pipelines release definition show --name test-pipeline-with-azsk | ConvertFrom-Json | |
| # Now check the task Id in the | |
| $dummyReleaseDef.environments.deployphases.workflowtasks | Select-Object -Property name, taskId, enabled | |
| # From the above I derived that the taskID for AzSK_SVTs is the below | |
| $TaskID = "c016cc55-9914-4a9c-b9df-f24d6f9a40f6" | |
| # make a note here that we query the release definition list | |
| $ReleaseDefs = az pipelines release definition list --project $ProjectName | ConvertFrom-Json | |
| # Generate output | |
| $AzSKTaskReleaseAudit = foreach ($releaseDef in $ReleaseDefs) | |
| { | |
| # fetch the full Release definition Object for the Release def | |
| $releaseDefObject = az pipelines release definition show --id $releaseDef.Id | ConvertFrom-Json | |
| # Filter the workflow tasks across environments & deploy phases to see the task is present | |
| # Note how I use taskID instead of task name | |
| $AzSKTaskFound = $releaseDefObject.environments.deployphases.workflowtasks | | |
| Where-Object -Property taskId -eq $TaskID | |
| # generate the Output | |
| if ($AzSKTaskFound) | |
| { | |
| [PSCustomObject]@{ | |
| ReleaseName = $releaseDefObject.Name | |
| ReleaseId = $releaseDefObject.Id | |
| AzSKTask = $true | |
| AzSKTaskEnabled = @($AzSKTaskFound.Enabled) | |
| } | |
| } | |
| else | |
| { | |
| [PSCustomObject]@{ | |
| ReleaseName = $releaseDefObject.Name | |
| ReleaseId = $releaseDefObject.Id | |
| AzSKTask = $false | |
| AzSKTaskEnabled = @($false) | |
| } | |
| } | |
| } | |
| # Analyze the resuls | |
| $AzSKTaskReleaseAudit |
The above script should be self explanatory (read the comments). Please leave a comment if you have any queries.