Good morning, I have problems checking out a secure file during the build process in azure devops 2019. My task is defined as:
- task: DownloadSecureFile@1
inputs:
secureFile: 'oimPictureEditor_test'
displayName: 'download configuration'
but it fails with:
2022-12-30T10:10:27.9053899Z ##[section]Starten: download configuration
2022-12-30T10:10:28.0009766Z ==============================================================================
2022-12-30T10:10:28.0010142Z Task : Sichere Datei herunterladen
2022-12-30T10:10:28.0010245Z Description : Hiermit wird eine sichere Datei an einen temporären Speicherort auf dem Agent-Computer heruntergeladen.
2022-12-30T10:10:28.0010357Z Version : 1.151.2
2022-12-30T10:10:28.0010489Z Author : Microsoft Corporation
2022-12-30T10:10:28.0010653Z Help : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/download-secure-file
2022-12-30T10:10:28.0010783Z ==============================================================================
2022-12-30T10:10:28.5506559Z ##[error]Error: unable to get local issuer certificate
2022-12-30T10:10:28.5593478Z ##[section]Abschließen: download configuration
does anyone has any idea how to fix this?
thx in advance iisiggi
CodePudding user response:
Place your secure files on Azure Pipeline and download it.
*Here are the steps:
- Upload the secure file in Library on Pipeline
- Download the files in the agent machine with using
DownloadSecureFile@1
task
Download the secure files
use the download task DownloadSecureFIle@1
task like below.
- task: DownloadSEcureFile@1
name: <nameof the Task>
inputs:
secureFile: <secure file Name>
The secure file is downloaded to $(Agent.TempDirectory)
. you can check the path with using the prepared variable such as $(<task name>.secureFIlePath)
Reference taken from MSDoc.
CodePudding user response:
This is a known issue for Azure DevOps Server, and you can try the way below to resolve the issue.
steps:
. . .
- task: PowerShell@2
displayName: 'Set CA Cert'
inputs:
targetType: inline
script: |
if ($env:AGENT_HOMEDIRECTORY -ne $null) { $TargetFolder = $env:AGENT_HOMEDIRECTORY }
else { $TargetFolder = [System.Environment]::GetEnvironmentVariable('TEMP','Machine') }
Get-ChildItem -Path Cert:\LocalMachine\CA | ForEach-Object {
$Cert = "-----BEGIN CERTIFICATE-----`n"
$Cert = $([System.Convert]::ToBase64String($_.export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert),'InsertLineBreaks'))
$Cert = "`n-----END CERTIFICATE-----`n"
$Chain = $Cert
}
$CertFile = "$TargetFolder\TrustedRootCAs.pem"
$Chain | Out-File $CertFile -Force -Encoding ASCII
$Chain = $null
Write-Host "##vso[task.setvariable variable=NODE.EXTRA.CA.CERTS]$CertFile"
- task: DownloadSecureFile@1
displayName: 'download configuration'
inputs:
secureFile: 'oimPictureEditor_test'
. . .
The step 'Set CA Cert
' will try to get the CA certificate and set it as the variable "NODE.EXTRA.CA.CERTS
" for use.
For more details about this issue and the solution, you can reference the following tickets:
- Azure DevOps Server pipeline build fails when using self-signed SSL certificate with "unable to get local issuer certificate" during NuGet restore
- https://github.com/microsoft/azure-pipelines-tasks/issues/11508
CodePudding user response:
I put the content of my secret file into a secret variable. That worked for me, but is for sure no general solution.