Hey great - and yeah it’s wonderful right? Always have the latest binary available and never do a pull request that doesn’t build. Glad it worked for you. (I also have to chmod +x my scripts but git should keep that status once you do it in the repo - or maybe you have to add them chmodded)
I added Artifacts handling and publishing now - works great.
Thank you!
2 Likes
Wow, thanks for this tutorial @baconpaul !
I almost have it running for https://github.com/mhetrick/hetrickcv. It’s failing when running scripts/release-notes.sh:
[command]/bin/bash --noprofile --norc /home/vsts/work/_temp/c816734f-bc72-42fa-9671-018677c637f0.sh
/home/vsts/work/_temp/c816734f-bc72-42fa-9671-018677c637f0.sh: line 1: scripts/release-notes.sh: Permission denied
##[error]Bash exited with code '126'.
I saw @stoermelder mention using chmod to modify the file permissions, but doing so on my local machine doesn’t mark the file as modified for git. Any ideas?
Yeah if you don’t check it in 755 it has the wrong perms. Right before that script runs in the azure pipeline just chmod it (so like put the chmod command in azurepipelines.yml)
Chmod u+x scripts/release notes.sh
Or if you want explicitly source it so
. Scripts/releasenote.sh
On my phone sorry for the autocorrect boogers but you get the idea. Just chmod it in the azure pipeline right before it runs.
Good luck and glad it works for you!!
Edit; I found this https://medium.com/@akash1233/change-file-permissions-when-working-with-git-repos-on-windows-ea22e34d5cee which shows you how to change permissions in the repo from windows. That should work but I haven’t tried it
1 Like
Yes!!! That worked. I changed the permissions via git.
Thanks again for sharing the knowledge with us. I’ve been wanting to learn this CI stuff for Unfiltered Audio since we spend so much time wrangling builds.
Great!
Azure Pipelines has started failing to build for me on Linux, and I’m pretty sure I haven’t changed anything. Here’s the error:
g++ -std=c++11 -Wsuggest-override -fPIC -I/home/vsts/work/_temp/Rack-SDK/include -I/home/vsts/work/_temp/Rack-SDK/dep/include -MMD -MP -g -O3 -march=nocona -funsafe-math-optimizations -Wall -Wextra -Wno-unused-parameter -DARCH_LIN -c -o build/src/Follower.cpp.o src/Follower.cpp
In file included from /home/vsts/work/_temp/Rack-SDK/include/window.hpp:8:0,
from /home/vsts/work/_temp/Rack-SDK/include/rack.hpp:11,
from src/EntrianRack.hpp:6,
from src/Follower.cpp:16:
/home/vsts/work/_temp/Rack-SDK/dep/include/GL/glew.h:1205:24: fatal error: GL/glu.h: No such file or directory
The internet tells me I need to install libglu-dev or similar, but I didn’t need to do that previously, and I’m not sure it’s even possible in an Azure Pipeline. I’m using imageName: 'ubuntu-16.04'.
Is anyone else seeing this? Any workarounds? (Paging @baconpaul…)
Same error here…
I haven’t run my rack pipeline in a while - I’ve been heads down in surge proper - but we do a set of apt-gets in our pipeline. I would recommend an apt-get install libglu-dev or what not as a first attempt to fix this.
Here’s the point in our surge synth release pipeline where we do our apt gets.
3 Likes
Thanks, adding sudo apt-get install libglu-dev fixed it!
2 Likes
Thanks, Paul!
(Now I feel foolish for not just trying it - I just assumed that sudo wouldn’t be a thing in an Azure pipeline.)
1 Like
I encountered an issue with implementing the pipeline. It seems there’s a bug in azure where the Personnal Access Token isn’t recognized as such, which prevent uploading the release.
Error: Invalid GitHub service connection scheme: Token. Only OAuth and GitHub personal access token connections are allowed.
If anyone encounter this issue, I followed the workaround there : https://ljvmiranda921.github.io/notebook/2019/12/28/workaround-azure-github-pat/
And it worked !
Thanks again to @baconpaul for providing the guidelines and the script 
2 Likes
Just set it up for myself, thanks for documenting this! I’m using a azure-pipelines.yml adapted from the one @qno uses.
I ran into it too! I solved it instead by going, in azure, to Settings > Service Connections, and adding a new github service connection with the appropriate authorizations.
1 Like
Yeah, tried this at first but didn’t work for me. You’re lucky, took me a few days to get it working !
I see Microsoft are discontinuing the MacOS 10.13 VM - have any Pipeline users here moved to the next version, and did it cause you any problems?
“On March 23, 2020, Azure Pipelines will remove Windows Server 2012 R2 with Visual Studio 2015(
vs2015-win2012r2), macOS High Sierra 10.13 (macOS-10.13), and Windows Server Core 1803 (win1803) from our hosted pools.”
I just checked by updating the images on a azure definition to:
- imageName: macOS-latest
- imageName: windows-latest
- imageName: ubuntu-latest
It still works for me.
I’m not sure if macOS plugin will work correct, because afaik the macOS minimum deployment target version 10.7 support is deprecated or even removed in macOS-10.14 contained XCode. Minimum supported version is now 10.9. It is set in Rack Makefile to -mmacosx-version-min=10.7 but Azure build logs show no complaints about this. Maybe this switch is useless for compiling a shared library in macOS.
I moved most of our pipelines to 10.14 (although haven’t built surge-rack in a while) and it seems everything works just fine. But I also build for 10.9 or 10.11 as my target in most cases.
1 Like
Hey, so, yesterday, after getting a PR to my repo, I was a little bit concerned to see that it triggered an Azure build that reported all steps were successful - including upload. While an incredibly unlikely attack vector, it’d remain one if people were able to push arbitrary code in binaries I distribute for beta testing.
So I ran a test: made a burner Github account, sent a PR, saw that Azure ran every step… but didn’t actually upload any new file to my releases. So that means the configuration we’re all kinda copying from each other has no issue on this front.
For reference, here’s mine:
I thought it was worth mentioning, since I don’t understand Pipelines well, and have no clue where the magic lies that protects me from this issue.
2 Likes
Well that’s quite different from where it started! But I don’t see anything in that pipeline that stops a publish on pr. We conditionalize on branch in the original rack one (but that is still has some vulnerabilities) and in surge proper use azure secrets and stuff to protect. At a minimum I would put some condition on the publish (like: not a PR) in that pipeline.
This https://github.com/AriaSalvatrice/AriaVCVModules/pull/58 should do the trick! 
But your logs from PR CI build also says
References service endpoint. PRs from repository forks are not allowed to access secrets in the pipeline. For more information see https://go.microsoft.com/fwlink/?linkid=862029
So repo external PR’s don’t seem to be able to upload at all. Just your own PR’s.
1 Like