Azure Pipelines - Sprint 236 Update
Features
- Azure service connections indicate when a secret has expired
- New AzureFileCopy@6 task supports secret-less configurations
- Resource utilization alerts for Azure Pipeline agents
Azure service connections indicate when a secret has expired
With this sprint, you can now see the expiration status of secrets in Azure service connections. If your tasks show an error due to an expired secret, such as messages with "AADSTS7000222," go to the service connection details page. If you see this message,the service connection's secret has expired:
To fix the service connection, you can convert it to use workload identity federation. This approach removes the necessity for rotating secrets, offering a more streamlined and secure management process.
New AzureFileCopy@6 task supports secret-less configurations
You might block the use of storage account keys and SAS tokens on your storage accounts. In these situations the AzureFileCopy@5 task, which relies on SAS tokens, can't be used.
The new AzureFileCopy@6 task uses Azure RBAC to access blob storage instead. This requires the identity of the service connection used to have the appropriate RBAC role e.g. Storage Blob Data Contributor. See Assign an Azure role for access to blob data.
The AzureFileCopy@6 task also supports service connections that use workload identity federation.
Resource utilization alerts for Azure Pipeline agents
Last October, we introduced the ability to monitor memory and disk space utilization by the Pipelines agent.
To inform you about these constraints, we've improved the visibility of resource constraint alerts:
Should you encounter messages indicating a lack of responsiveness from the agent, it could signify that a task is exceeding the resource capabilities allocated to the agent, potentially causing pipeline job failures.
"We stopped hearing from the agent"
To address this, enable verbose logs for more detailed tracking of resource utilization, helping to pinpoint where resources are being exhausted. For those utilizing a self-hosted agent, ensure your agent has sufficient resources.
Next steps
Note
These features will roll out over the next two to three weeks.
Head over to Azure DevOps and take a look.
How to provide feedback
We would love to hear what you think about these features. Use the help menu to report a problem or provide a suggestion.
You can also get advice and your questions answered by the community on Stack Overflow.