I am stuck with the following. Being trying to use a variable group in azure depending in the variable of an another vg. Example below:
variables:
- group: automation-marionette
- name: workingEnv
value: $(variables.envName)
- group: $(workingEnv)
stages:
- stage: test
jobs:
- job: test
steps:
- script: |
echo 'envName: ' $(envName)
echo $(VALUES_FILE)
even though I changed the variable call with many different ways , it never works. I tried:
but always I get the error:
An error occurred while loading the YAML build pipeline. Variable group was not found or is not authorized for use. For authorization details, refer to https://aka.ms/yamlauthz.
Permissions have been checked and the vg has no restrictions from pipelines and every user has admin rights.
You can't do this based on the variable, but you can use parameters instead
parameters:
- name: environment
displayName: Environment
type: string
default: QA
values:
- QA
- PROD
stages:
- stage:
displayName: 'Build and Restore'
variables:
- group: ${{ parameters.environment }}
jobs:
- job:
steps:
- script: echo $(name)
Take a look also here.
Using variable groups this is not possible. References by you link to the documentation presents different case
variables:
- group: my-variable-group
- name: my-passed-variable
value: $[variables.myhello] # uses runtime expression
steps:
- script: echo $(myhello) # uses macro syntax
- script: echo $(my-passed-variable)
It uses a compile-time expression for setting variable group - group: my-variable-group
and runtime expression for setting variable.
In this step here - group: $(workingEnv)
you try to use the runtime expression to set the variable group. And this is not possible. It has to be a compile-time expression.
As it is written here:
It also answers another common issue: why can't I use variables to resolve service connection / environment names? Resources are authorized before a stage can start running, so stage- and job-level variables aren't available. Pipeline-level variables can be used, but only those variables explicitly included in the pipeline. Variable groups are themselves a resource subject to authorization, so their data is likewise not available when checking resource authorization.
There is a mistake in documentation. It is possible to set value for variable but it is not possible to set variable group name in this way
This is likely a case that can be fixed by using a different kind of expression. In our yaml language, we have a few kinds of expressions that are evaluated at different points in the execution of a pipeline.
https://docs.microsoft.com/en-us/azure/devops/pipelines/process/expressions?view=azure-devops
If you are using variables to reference resources, those will need to be “compile time constants”, or at least knowable at the start of a stage when resources are auth’d.
In your case, I expect switching to the compile-time expression ${{}} will solve your issue. In a release of AzureDevops which is currently deploying, we are adding new functionality to increase the power of ${{}} expressions. I expect that even if the ${{}} do not work for you at the moment, they will starting with the rollout of process parameters.
The variable group is a resource and it has to be a compile-time expression.