I created AzureDevOps pipeline for CodeQL scanner analysis. I am using Powershell sript in the YAML file. I need to pass the token stored in environmental variable UPLOAD_TOKEN.
It looks that passing output from one pipe to another does not work on Azure while the same script works successfully locally on Powershell.
The script in YAML file that does not work (authentication fails):
Write-Output $env:UPLOAD_TOKEN | codeql github upload-results --repository=xxxxx --sarif=$(Build.SourcesDirectory)\scan-results.sarif --ref=$(Build.SourceBranch) --commit=$(Build.SourceVersion) --github-auth-stdin
Result:
A fatal error occurred: Error uploading SARIF to 'https://api.github.com/repos/....' from 'D:\a\1\s\scan-results.sarif'. REASON: HTTP/1.1 404 Not Found
The same script run locally on Powershell is successful:
Write-Output $env:UPLOAD_TOKEN | codeql github upload-results --repository=xxxx --sarif=xxxx\scan-results.sarif --ref=refs/heads/main --commit=11111111 --github-auth-stdin
I also tried to pass token in the file instead of environmental variable using Get-Content token.txt | codeql github upload-results ...... but result is the same. Error 404.
I had a similar problem: locally everything worked fine, but during the pipeline the PowerShell task failed when the standard input was redirected.
What did the trick for me: using PowerShell Core. In the PowerShell@2 task, you can specify the use of pwsh (Micorsoft: PowerShell@2 task).
(I use a local agent and had to install PowerShell Core on that agent and restart the agent, then the pipeline worked as expected.)