Introduction
An ADO (Azure DevOps) variable group is a collection of variables that can be used across multiple pipelines in the same project. These variables can store values and secrets that you might want to be passed into a YAML pipeline or make available across multiple pipelines.
Suppose there is an organization that uses Azure DevOps (ADO) as their CI/CD process. Almost every team in that organization uses a common variable group in their pipeline, which contains common values that change every week. To automate this manual process of updating the variables every week, we can write a pipeline in ADO that uses the REST API provided by Microsoft to update the data of the variable group using json payload.
Azure DevOps provides REST API for variable group for different use cases Ex: Create, Update, Delete etc. Click here For more information about REST API of variable group in ADO
Requirement of REST API
1. ADO Personal Access Token with read and write access to update the variable group
2. Name of your ADO organization
3. Project name of your organization
4. Variable group name which data you want to update
5. Json payload with data and correct format which is supported by ADO
Example custom json payload which can also be used to create the variable group :
{
“description”: “New var group”,
“name”: “‘”$variableGroupName“‘”,
“providerData”: “null”,
“type”: “Vsts”,
“variables”: {
“variableName” : {
“value” : “valueofVariable“
}
},
“variableGroupProjectReferences”: [{
“description”: “New Var Group”,
“name”: “‘”$variableGroupName“‘”,
“projectReference”: {
“id”: “adoProjectId“,
“name”: “adoProjectName“
}
}
]
}
you can get your adoProjectId by hitting the variable group access REST API that is:
curl -u “:${PAT}” -X GET “https://dev.azure.com/${organization}/${project}/_apis/distributedtask/variablegroups/${target_group_id}?api-version=7.2-preview.2
Here, target_group_id is required to access the variable group. You can find it on URL in ADO UI when you click on variable group.
You can also filter variable group id using variable group name using jq like command line tools.
Json Payload format
Using json key value pairs you can update the variable group values for example
{
“key”: “value”,
”key”: “value”,
”key”: “value”
}
This is a simple json key value format that you can use while updating the variable group using API but, first you have to convert it into the format which can be integrated to json payload that is accepted by the Azure DevOps.
Steps to update the variable group
Store the json key value in a variable:
json_payload= $(cat input.json)
Modify it using jq command line tool
modified_json_payload=$(echo “$json_payload” | jq ‘. |= with_entries(.value = {“value”: .value})’)
Filter the target_group_id using variable group name
//Access the details of all variable groups
response=$(curl -u “:${PAT}” https://dev.azure.com/${organization}/${project}/_apis/distributedtask/variablegroups/?api-version=7.2-preview.2)
//Filter the id using variable group name
target_group_id=$(echo “$response” | jq –arg varGroupName “$variableGroupName” ‘.value | map(select(.name == $varGroupName)) | .[0].id’)
Access the json payload of target variable group
target_json_data=$(curl -u “:${PAT}” -X GET “https://dev.azure.com/${organization}/${project}/_apis/distributedtask/variablegroups/${target_group_id}?api- version=7.2-preview.2”)
Update the data of target variable group
updated_target_json=$(echo “$target_json_data” | jq –argjson input “$modified_json_payload” ‘.variables |= (. + $input)’)
curl -X PUT “${url}/${target_group_id}?api-version=7.2-preview.2” -u “:${PAT}” -H “Content-Type: application/json” -d “${updated_target_json}
Using these mentioned steps above you can easily update your variable group data in azure.