Search code examples
azurepowershellazure-devopsazure-pipelinesazure-container-registry

Pull bicep modules from ACR to consume using AzurePowershell@5 task in Azure pipeline

I'm trying to deploy my Bicep modules published in an Azure Container Registry, but I'm encountering issues when using my service connection. It works fine locally with my own user account, but the service connection, which has the AcrPull role on the container registry, is failing. I'm receiving the following error:

Deploying stack [] failed. Retrying in 10 seconds... WARNING: Cannot retrieve the dynamic parameters for the cmdlet. /home/vsts/work/1/s//////*/.//.bicep/.bicep(37,13) : Error BCP192: Unable to restore the artifact with reference "br:.azurecr.io////**.bicep:20241000.30": Unhandled exception: Azure.Identity.CredentialUnavailableException: The ChainedTokenCredential failed to retrieve a token from the included credentials.

  • Please run 'az login' to set up account
  • Please run 'Connect-AzAccount' to set up account. ---> System.AggregateException: Multiple exceptions were encountered while attempting to authenticate. (Please run 'az login' to set up account) (Please run 'Connect-AzAccount' to set up account.) ---> Azure.Identity.CredentialUnavailableException: Please run 'az login' to set up account at Azure.Identity.AzureCliCredential.RequestCliAccessTokenAsync(Boolean async, TokenRequestContext context, CancellationToken cancellationToken) at Azure.Identity.AzureCliCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken) at...

My pipeline job looks like this:

stages:
- stage: CD
  jobs:
    - job: Deployment
      steps:
        - checkout: self
        - checkout: governance
          fetchDepth: 2
        - task: AzurePowerShell@5
          displayName: "Deploy Deployment Stacks"
          inputs:
            azureSubscription: service-conn
            ScriptType: FilePath
            ScriptPath: $(Build.SourcesDirectory)/***/**.ps1
            ScriptArguments: -RegistryName "***"
              -Verbose
              -InformationAction 'Continue'
            FailOnStandardError: true
            errorActionPreference: stop
            azurePowerShellVersion: LatestVersion
            pwsh: true
          env:
            SYSTEM_ACCESSTOKEN: $(System.AccessToken)

And I have tried running both in my script:

Connect-AzContainerRegistry -Name $RegistryName
az acr login --name $RegistryName

What could be causing the issue? I've considered whether it needs to be an Azure CLI job to work.

Solution

  • i just needed to use "set-azcontext" to a random subscription, then i worked