Referencing Variable Groups in Azure DevOps Pipeline Templates

Referencing Variable Groups in Azure DevOps Pipeline templates is quite simple – in this blog post, I will show how you can do this! In my example, I will be templating an Azure DevOps pipeline job!

Recently I have blogged a few posts relating to this, which I recommend you check out!

• Creating templates in Azure DevOps Pipelines
• Storing and retrieving secrets in Azure KeyVault with Variable Groups in Azure DevOps Pipelines

What are variable groups in Azure DevOps?

I really do like variable groups; they are awesome! Use a variable group to store any values that you want to control and possibly made available across multiple pipelines. You can even use variable groups to store secrets and other values that might need to be passed into the YAML pipeline.

Read more here about variable groups and their usage 

Hopefully you have read my two blog posts referenced above also, time to show an example of referencing a variable group in an Azure DevOps pipeline template!

Variable Group Setup

In this setup, I will be using a Variable Group named: azure-back-to-school-2021 that is linked to an Azure Key Vault with a few secrets assigned.

In this example, I created a secret RGNAME with value of variable-group-template

Azure DevOps Pipeline with Template

I will be creating a main pipeline.yaml file that will have a template to create a resource group using the secret value RGNAME as mentioned above

Folder structure

Azure-DevOps-Variable-Groups-In-Templates
    └── pieplines
      └── pipeline-with-template.yaml
      └── templates
        └── az-cli.yaml

pipeline-with-template.yaml

name: $(BuildDefinitionName)_$(date:yyyyMMdd)$(rev:.r)

trigger: none

pr: none

variables:
  - group: azure-back-to-school-2021
  - name: backendServiceArm
    value: 'thomasthorntoncloud'
 
stages :   
  - stage: az_cli_example
    jobs:
      - template: templates/az-cli.yaml

In this main pipeline, I have referenced the variable group created previously, as highlighted above.

Stage az_cli_example will call an Azure CLI template from the templates folder!

az-cli.yaml

  jobs:
    - job: create_azure_rg_job
      steps:
            - task: AzureCLI@2
              displayName: 'Create Azure RG'
              inputs:
                azureSubscription: 'thomasthorntoncloud'
                scriptType: bash
                scriptLocation: inlineScript
                addSpnToEnvironment: true
                inlineScript: |
                  #!/usr/bin/env bash

                  az group create -l uksouth -n $(RGNAME)

Within the template file, I am referencing the variable group secret RGNAME using $(RGNAME)

Reviewing the pipeline pipeline-with-template.yaml as shown below the secrets referenced in the variable group are downloaded at the stage run time

Output from az-cli-yaml a resource group variable-group-template has been created

{
  "id": "/subscriptions/04109105-f3ca-44ac-a3a7-66b4936112c3/resourceGroups/***",
  "location": "uksouth",
  "managedBy": null,
  "name": "***",
  "properties": {
    "provisioningState": "Succeeded"
  },
  "tags": null,
  "type": "Microsoft.Resources/resourceGroups"
}

Viewing in the Azure Portal, the resource group can be seen!

Awesome, hope you enjoyed this blog post, that has covered referencing a variable group in an Azure DevOps pipeline template

GitHub Repository with code used