I have one main pipeline pipeline.yml that calls a template called firewall.yml which finally calls the template artifact.deploy.yml.
The validation fails on the 3rd pipeline (artifact.deploy.yml) throwing errors like:
Unexpected value 'jobs' and Unexpected value 'stages' when I try using stages. I've tried all kinds of alignments, jobs and stages but to no avail. All input is greatly appreciated.
pipeline.yml:
- stage: Firewall
variables:
RCGFileNames: $[ stageDependencies.FirewallPreparation.ParamFiles.outputs['PS.RCGParamFileNames'] ]
displayName: "Azure Firewall - Deployment"
dependsOn:
- Network
- IPGroups
- RemoveLocks
- FirewallPreparation
jobs:
- template: ./firewall.yml
parameters:
vmImage: "$(vmImage)"
poolName: "$(poolName)"
serviceConnection01: "$(serviceConnection01)"
firewall.yml:
parameters:
vmImage: $(vmImage)
poolName: $(poolName)
serviceConnection01: "$(serviceConnection01)"
jobs:
## Azure Firewall base Policy
- job: basePolicy
displayName: "Deploy firewall basepolicy p weu 01"
steps:
- template: ./artifact.deploy.yml
parameters:
moduleName: "$(fwpModuleName)"
moduleVersion: "$(fwpModuleVersion)"
parameterFilePath: "../source/parameters/firewall-policies/afwp-basepolicy-p-weu-01.parameters.json"
vmImage: "${{ parameters.vmImage }}"
poolName: "${{ parameters.poolName }}"
serviceConnection: "${{ parameters.serviceConnection01 }}"
enabled: true
artifact.deploy.yml:
parameters:
moduleName: ""
moduleVersion: ""
parameterFilePath: ""
dependsOn: []
timeoutInMinutes: 60
artifactFeedPath: "$(artifactFeedPath)"
serviceConnection: "$(serviceConnection)"
vmImage: "$(vmImage)"
poolName: "$(poolName)"
location: "$(location)"
resourceGroupName: "$(resourceGroupName01)"
managementGroupId: "$(managementGroupId)"
displayName: "Deploy module"
enabled: true
jobs:
- job: DeployModule
displayName: deploy ${{ parameters.moduleName }} ${{ parameters.moduleVersion }}
steps:
- script: |
oras pull coolestacr.azurecr.io/bicep/modules/$(parameters.moduleName):$(parameters.moduleVersion)
echo '{
"$schema": ".json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceGroupName": {
"value": "$(parameters.resourceGroupName)"
},
"tags": {
"value": {
"cooltags": "aintIt?"
}
}
}
}' > "$(Build.SourcesDirectory)"/parameters.json
displayName: download acr module
I have one main pipeline pipeline.yml that calls a template called firewall.yml which finally calls the template artifact.deploy.yml.
The validation fails on the 3rd pipeline (artifact.deploy.yml) throwing errors like:
Unexpected value 'jobs' and Unexpected value 'stages' when I try using stages. I've tried all kinds of alignments, jobs and stages but to no avail. All input is greatly appreciated.
pipeline.yml:
- stage: Firewall
variables:
RCGFileNames: $[ stageDependencies.FirewallPreparation.ParamFiles.outputs['PS.RCGParamFileNames'] ]
displayName: "Azure Firewall - Deployment"
dependsOn:
- Network
- IPGroups
- RemoveLocks
- FirewallPreparation
jobs:
- template: ./firewall.yml
parameters:
vmImage: "$(vmImage)"
poolName: "$(poolName)"
serviceConnection01: "$(serviceConnection01)"
firewall.yml:
parameters:
vmImage: $(vmImage)
poolName: $(poolName)
serviceConnection01: "$(serviceConnection01)"
jobs:
## Azure Firewall base Policy
- job: basePolicy
displayName: "Deploy firewall basepolicy p weu 01"
steps:
- template: ./artifact.deploy.yml
parameters:
moduleName: "$(fwpModuleName)"
moduleVersion: "$(fwpModuleVersion)"
parameterFilePath: "../source/parameters/firewall-policies/afwp-basepolicy-p-weu-01.parameters.json"
vmImage: "${{ parameters.vmImage }}"
poolName: "${{ parameters.poolName }}"
serviceConnection: "${{ parameters.serviceConnection01 }}"
enabled: true
artifact.deploy.yml:
parameters:
moduleName: ""
moduleVersion: ""
parameterFilePath: ""
dependsOn: []
timeoutInMinutes: 60
artifactFeedPath: "$(artifactFeedPath)"
serviceConnection: "$(serviceConnection)"
vmImage: "$(vmImage)"
poolName: "$(poolName)"
location: "$(location)"
resourceGroupName: "$(resourceGroupName01)"
managementGroupId: "$(managementGroupId)"
displayName: "Deploy module"
enabled: true
jobs:
- job: DeployModule
displayName: deploy ${{ parameters.moduleName }} ${{ parameters.moduleVersion }}
steps:
- script: |
oras pull coolestacr.azurecr.io/bicep/modules/$(parameters.moduleName):$(parameters.moduleVersion)
echo '{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceGroupName": {
"value": "$(parameters.resourceGroupName)"
},
"tags": {
"value": {
"cooltags": "aintIt?"
}
}
}
}' > "$(Build.SourcesDirectory)"/parameters.json
displayName: download acr module
Please refer to the YAML pipeline schema. A pipeline has the following structure:
You can write templates for stages, jobs, steps and variables and you can substitute each of these elements with a corresponding template.
In your scenario, you're trying to nest a job inside a list of steps, which isn't valid.
Two options:
You could modify your firewall.yml by replacing your basePolicy job with a reference to your artifact.deploy.yml job template.
# firewall.yml
parameters:
...
jobs:
- template: ./artifact.deploy.yml
parameters:
moduleName: "$(fwpModuleName)"
moduleVersion: "$(fwpModuleVersion)"
parameterFilePath: "../source/parameters/firewall-policies/afwp-basepolicy-p-weu-01.parameters.json"
vmImage: "${{ parameters.vmImage }}"
poolName: "${{ parameters.poolName }}"
serviceConnection: "${{ parameters.serviceConnection01 }}"
enabled: true
Or, change artifact.deploy.yml from a job template into a step template.
# artifact.deploy.yml
parameters:
...
steps: # <-- change "jobs" to "steps"
- script: |
...
Jobs (jobs:) can only be declared for a stage once. Since you do this in pipeline.yml file, your templates will need to use steps and tasks instead, and tasks can reference other templates.
For example, firewall.yaml should look like as follows:
parameters:
vmImage: $(vmImage)
poolName: $(poolName)
serviceConnection01: "$(serviceConnection01)"
## CHANGED TO STEPS
steps:
## CHANGED FROM STEPS TO TEMPLATE
## Azure Firewall base Policy
- template: ./artifact.deploy.yml
parameters:
moduleName: "$(fwpModuleName)"
moduleVersion: "$(fwpModuleVersion)"
parameterFilePath: "../source/parameters/firewall-policies/afwp-basepolicy-p-weu-01.parameters.json"
vmImage: "${{ parameters.vmImage }}"
poolName: "${{ parameters.poolName }}"
serviceConnection: "${{ parameters.serviceConnection01 }}"
enabled: true
And artifact.deploy.yml should look like the following:
parameters:
moduleName: ""
moduleVersion: ""
parameterFilePath: ""
dependsOn: []
timeoutInMinutes: 60
artifactFeedPath: "$(artifactFeedPath)"
serviceConnection: "$(serviceConnection)"
vmImage: "$(vmImage)"
poolName: "$(poolName)"
location: "$(location)"
resourceGroupName: "$(resourceGroupName01)"
managementGroupId: "$(managementGroupId)"
displayName: "Deploy module"
enabled: true
# CHANGED TO STEPS AND USE SCRIPT AS THE TASK
steps:
- script: |
oras pull coolestacr.azurecr.io/bicep/modules/$(parameters.moduleName):$(parameters.moduleVersion)
echo '{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceGroupName": {
"value": "$(parameters.resourceGroupName)"
},
"tags": {
"value": {
"cooltags": "aintIt?"
}
}
}
}' > "$(Build.SourcesDirectory)"/parameters.json
displayName: download acr module