AzureCLI@3 - Azure CLI v3 task

Run Azure CLI commands against an Azure subscription in a PowerShell Core/Shell script when running on Linux agent or PowerShell/PowerShell Core/Batch script when running on Windows agent.

# Azure CLI v3
# Run Azure CLI commands against an Azure subscription in a PowerShell Core/Shell script when running on Linux agent or PowerShell/PowerShell Core/Batch script when running on Windows agent.
- task: AzureCLI@3
  inputs:
    connectionType: 'azureRM' # 'azureRM' | 'azureDevOps'. Required. Connection Type. Default: azureRM.
    azureSubscription: # string. Alias: connectedServiceNameARM. Required when connectionType = azureRM. Azure Resource Manager connection. 
    #azureDevOpsServiceConnection: # string. Required when connectionType = azureDevOps. Azure DevOps Service Connection. 
    scriptType: # 'ps' | 'pscore' | 'batch' | 'bash'. Required. Script Type. 
    scriptLocation: 'scriptPath' # 'inlineScript' | 'scriptPath'. Required. Script Location. Default: scriptPath.
    scriptPath: # string. Required when scriptLocation = scriptPath. Script Path. 
    #inlineScript: # string. Required when scriptLocation = inlineScript. Inline Script. 
    #arguments: # string. Alias: scriptArguments. Script Arguments. 
    #powerShellErrorActionPreference: 'stop' # 'stop' | 'continue' | 'silentlyContinue'. Optional. Use when scriptType = ps || scriptType = pscore. ErrorActionPreference. Default: stop.
  # Advanced
    #addSpnToEnvironment: false # boolean. Access service principal details in script. Default: false.
    #useGlobalConfig: false # boolean. Use global Azure CLI configuration. Default: false.
    #workingDirectory: # string. Alias: cwd. Working Directory. 
    #failOnStandardError: false # boolean. Fail on Standard Error. Default: false.
    #powerShellIgnoreLASTEXITCODE: false # boolean. Optional. Use when scriptType = ps || scriptType = pscore. Ignore $LASTEXITCODE. Default: false.
    #visibleAzLogin: true # boolean. az login output visibility. Default: true.
    #allowNoSubscriptions: false # boolean. Allow no Azure subscriptions. Default: false.
    #keepAzSessionActive: false # boolean. [Experimental] Keep Azure CLI session active. Default: false.

connectionType - Connection Type
string. Required. Allowed values: azureRM (Azure Resource Manager), azureDevOps (Azure DevOps). Default value: azureRM.

Type of service connection to use.

azureSubscription - Azure Resource Manager connection
Input alias: connectedServiceNameARM. string. Required when connectionType = azureRM.

Specify an Azure Resource Manager service connection for the deployment.

azureDevOpsServiceConnection - Azure DevOps Service Connection
string. Required when connectionType = azureDevOps.

Specify an Azure DevOps service connection.

scriptType - Script Type
string. Required. Allowed values: ps (PowerShell), pscore (PowerShell Core), batch, bash (Shell).

Type of script. Select a bash or pscore script when running on Linux agent. Or, select a batch, ps, or pscore script when running on Windows agent. A pscore script can run on cross-platform agents (Linux, macOS, or Windows).

scriptLocation - Script Location
string. Required. Allowed values: inlineScript (Inline script), scriptPath (Script path). Default value: scriptPath.

Path to script: File path or Inline script.

scriptPath - Script Path
string. Required when scriptLocation = scriptPath.

Fully qualified path of the script. Use .ps1, .bat, or .cmd when using Windows-based agent. Use .ps1 or .sh when using Linux-based agent or a path relative to the the default working directory.

inlineScript - Inline Script
string. Required when scriptLocation = inlineScript.

You can write your scripts inline here. When using Windows agent, use PowerShell, PowerShell Core, or batch scripting. Use PowerShell Core or shell scripting when using Linux-based agents. For batch files, use the prefix call before every Azure command. You can also pass predefined and custom variables to this script by using arguments.

The following is an example for PowerShell/PowerShellCore/shell.

az --version 
az account show 

The following is an example for batch.

call  az --version 
call az account show

arguments - Script Arguments
Input alias: scriptArguments. string.

Arguments passed to the script.

powerShellErrorActionPreference - ErrorActionPreference
string. Optional. Use when scriptType = ps || scriptType = pscore. Allowed values: stop, continue, silentlyContinue. Default value: stop.

Prepends the line $ErrorActionPreference = 'VALUE' at the top of your powershell/powershell core script.

addSpnToEnvironment - Access service principal details in script
boolean. Default value: false.

Adds service principal id, service principal key and tenant id of the Azure endpoint you chose to the script's execution environment. You can use variables: servicePrincipalId, servicePrincipalKey and tenantId in your script.

This is honored only when the Azure endpoint has Service Principal authentication scheme.

Syntax to access environment variables based on script type.

Powershell script: $env:servicePrincipalId

Batch script: %servicePrincipalId%

Shell script: $servicePrincipalId.

useGlobalConfig - Use global Azure CLI configuration
boolean. Default value: false.

If this input is false, this task will use its own separate Azure CLI configuration directory. This can be used to run Azure CLI tasks in parallel releases.

workingDirectory - Working Directory
Input alias: cwd. string.

Specify the working directory where the script is run. If left blank, the default is the root of the repo (build) or artifacts (release), which is []$(System.DefaultWorkingDirectory)](/azure/devops/pipelines/build/variables#system-variables).

failOnStandardError - Fail on Standard Error
boolean. Default value: false.

If this is true, this task will fail when any errors are written to the StandardError stream. Unselect the checkbox to ignore standard errors and rely on exit codes to determine the status.

powerShellIgnoreLASTEXITCODE - Ignore $LASTEXITCODE
boolean. Optional. Use when scriptType = ps || scriptType = pscore. Default value: false.

If this is false, the line if ((Test-Path -LiteralPath variable:\LASTEXITCODE)) { exit $LASTEXITCODE } is appended to the end of your script. This will cause the last exit code from an external command to be propagated as the exit code of powershell. Otherwise the line is not appended to the end of your script.

visibleAzLogin - az login output visibility
boolean. Default value: true.

If this is set to true, az login command will output to the task. Setting it to false will suppress the az login output.

allowNoSubscriptions - Allow no Azure subscriptions
boolean. Default value: false.

If true, the task will not attempt to set a subscription context and will allow logins where the identity has access to no subscriptions. You can also supply an all-zero SubscriptionID (00000000-0000-0000-0000-000000000000) in the service connection to implicitly skip setting the subscription context.

keepAzSessionActive - [Experimental] Keep Azure CLI session active
boolean. Default value: false.

When enabled, this task will continuously sign into Azure to avoid AADSTS700024 errors when requesting access tokens beyond the IdToken expiry date. Note that this feature is EXPERIMENTAL, may not work in all scenarios and you are using it without any guarantees. Valid only for service connections using the Workload Identity Federation authentication scheme.

None.