Good morning, I have problems checking out a secure file during the build process in azure devops 2019. My task is defined as:
- task: DownloadSecureFile@1
inputs:
secureFile: 'oimPictureEditor_test'
displayName: 'download configuration'
but it fails with:
2022-12-30T10:10:27.9053899Z ##[section]Starten: download configuration
2022-12-30T10:10:28.0009766Z ==============================================================================
2022-12-30T10:10:28.0010142Z Task : Sichere Datei herunterladen
2022-12-30T10:10:28.0010245Z Description : Hiermit wird eine sichere Datei an einen temporären Speicherort auf dem Agent-Computer heruntergeladen.
2022-12-30T10:10:28.0010357Z Version : 1.151.2
2022-12-30T10:10:28.0010489Z Author : Microsoft Corporation
2022-12-30T10:10:28.0010653Z Help : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/download-secure-file
2022-12-30T10:10:28.0010783Z ==============================================================================
2022-12-30T10:10:28.5506559Z ##[error]Error: unable to get local issuer certificate
2022-12-30T10:10:28.5593478Z ##[section]Abschließen: download configuration
does anyone has any idea how to fix this?
thx in advance iisiggi
CodePudding user response:
Place your secure files on Azure Pipeline and download it.
*Here are the steps:
- Upload the secure file in Library on Pipeline
- Download the files in the agent machine with using
DownloadSecureFile@1task
Download the secure files
use the download task DownloadSecureFIle@1 task like below.
- task: DownloadSEcureFile@1
name: <nameof the Task>
inputs:
secureFile: <secure file Name>
The secure file is downloaded to $(Agent.TempDirectory). you can check the path with using the prepared variable such as $(<task name>.secureFIlePath)
Reference taken from MSDoc.
CodePudding user response:
This is a known issue for Azure DevOps Server, and you can try the way below to resolve the issue.
steps:
. . .
- task: PowerShell@2
displayName: 'Set CA Cert'
inputs:
targetType: inline
script: |
if ($env:AGENT_HOMEDIRECTORY -ne $null) { $TargetFolder = $env:AGENT_HOMEDIRECTORY }
else { $TargetFolder = [System.Environment]::GetEnvironmentVariable('TEMP','Machine') }
Get-ChildItem -Path Cert:\LocalMachine\CA | ForEach-Object {
$Cert = "-----BEGIN CERTIFICATE-----`n"
$Cert = $([System.Convert]::ToBase64String($_.export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert),'InsertLineBreaks'))
$Cert = "`n-----END CERTIFICATE-----`n"
$Chain = $Cert
}
$CertFile = "$TargetFolder\TrustedRootCAs.pem"
$Chain | Out-File $CertFile -Force -Encoding ASCII
$Chain = $null
Write-Host "##vso[task.setvariable variable=NODE.EXTRA.CA.CERTS]$CertFile"
- task: DownloadSecureFile@1
displayName: 'download configuration'
inputs:
secureFile: 'oimPictureEditor_test'
. . .
The step 'Set CA Cert' will try to get the CA certificate and set it as the variable "NODE.EXTRA.CA.CERTS" for use.
For more details about this issue and the solution, you can reference the following tickets:
- Azure DevOps Server pipeline build fails when using self-signed SSL certificate with "unable to get local issuer certificate" during NuGet restore
- https://github.com/microsoft/azure-pipelines-tasks/issues/11508
CodePudding user response:
I put the content of my secret file into a secret variable. That worked for me, but is for sure no general solution.