Last active
August 17, 2023 11:51
-
-
Save johlju/c7be5816c52c9aff7b4a00ff01d435a8 to your computer and use it in GitHub Desktop.
Automate setting GitHubToken secret variable
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Install Azure CLI: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli | |
| # Install AzureDevOps extension: az extension add --name azure-devops | |
| # Login with the account that access DSC Community pipelines: az login --allow-no-subscriptions | |
| # Run this script and pass the PAT in the parameter. | |
| [CmdletBinding()] | |
| param | |
| ( | |
| # TODO: Fix as PSCredential so that PAT is not part of PowerShell command line history | |
| [Parameter(Mandatory = $true)] | |
| [System.String] | |
| $PAT | |
| ) | |
| $organization = 'https://dev.azure.com/dsccommunity' | |
| $azureDevopsProjectsJson = az devops project list --organization $organization | |
| $azureDevopsProjects = $azureDevopsProjectsJson | ConvertFrom-Json -Depth 5 | |
| if ($azureDevopsProjects.continuationToken) | |
| { | |
| throw ("The property continuationToken was set to the non-null value '{0}', so the command 'az devops project list' must be called again with the argument '--continuation-token', this is not yet supported." -f $azureDevopsProjects.continuationToken) | |
| } | |
| # We got all the project names in property 'value'. | |
| $azureDevopsProjects = $azureDevopsProjects.value | |
| $projectNames = $azureDevopsProjects.name # Use to debug: | Where-Object -FilterScript { $_ -like 'DscResource*' } | |
| foreach ($projectName in $projectNames) | |
| { | |
| Write-Verbose -Verbose -Message ('Looking at project: {0}' -f $projectName) | |
| $pipelinesJson = az pipelines list --organization $organization --project $projectName | |
| $pipelines = $pipelinesJson | ConvertFrom-Json -Depth 5 | |
| foreach ($pipeline in $pipelines) | |
| { | |
| Write-Verbose -Verbose -Message ("`tUpdating pipeline: {0}" -f $pipeline.name) | |
| # The arguments "--secret true -prompt-value true" was not needed, it kept the variable as secret. | |
| $variableUpdateResultJson = az pipelines variable update --name GithubToken --pipeline-id $pipeline.id --organization $organization --project $projectName --value $PAT | |
| $variableUpdateResult = $variableUpdateResultJson | ConvertFrom-Json -Depth 5 | |
| # If $variableUpdateResult did not return anything the variable did not exist in the project. | |
| if ($variableUpdateResult -and $VariableUpdateResult.GithubToken.isSecret -ne $true) | |
| { | |
| Write-Warning -Message ('The variable was NOT secret in the pipeline {0} of project {1}.' -f $projectName, $pipeline.name) | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment