Skip to content

az deployment in bicep fails since version 2.68 release #30654

Description

@Benoit-Gaumard

Describe the bug

Since the 2.68 release, all my GitHub Actions pipelines are failling

AZ_VER=2.68.0
sudo apt-get update && sudo apt-get install -y azure-cli=${AZ_VER}-1~${AZ_DIST}

I don't know if it is related to Azure/cli@v2 action or az cli 2.68 release itself

More infos below ...

Related command

The last job (Bicep Validate) failed every time:

 # Step 2: Install Azure CLI
  - name: Install Azure CLI
    run: |
      sudo apt-get update
      sudo apt-get install apt-transport-https ca-certificates curl gnupg lsb-release libicu-dev -y
      mkdir -p /etc/apt/keyrings
      curl -sL https://packages.microsoft.com/keys/microsoft.asc |
        gpg --dearmor |
            sudo tee /etc/apt/keyrings/microsoft.gpg > /dev/null
      SUITE=$(lsb_release -cs)
      echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/azure-cli/ $SUITE main" |
          sudo tee /etc/apt/sources.list.d/microsoft.list
      cat << EOF | sudo tee /etc/apt/preferences.d/99-microsoft
      Package: *
      Pin: origin https://packages.microsoft.com/repos/azure-cli
      Pin-Priority: 1
      Package: azure-cli
      Pin: origin https://packages.microsoft.com/repos/azure-cli
      Pin-Priority: 500
      EOF
      AZ_DIST=$(lsb_release -cs)
      AZ_VER=2.68.0          
      sudo apt-get update && sudo apt-get install -y azure-cli=${AZ_VER}-1~${AZ_DIST}

  # Step 3: Install Bicep CLI
  - name: Install Bicep
    run: |
      az bicep install
      az bicep upgrade  # Ensure latest version
  # Authenticate to Azure CLI using OIDC (managed identity Federated credentials)
  - name: Authenticate to Azure
    uses: azure/login@v1
    with:
      client-id: ${{ secrets.AZURE_CLIENT_ID }}
      subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
      tenant-id: ${{ secrets.AZURE_TENANT_ID }}

  # Validate whether a template is valid at subscription scope
  - name: Bicep Validate - Group
    if: inputs.scope == 'group'
    uses: Azure/cli@v2
    with:
      inlineScript: |
        export DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1
        az deployment group validate \
          --template-file ${{ inputs.template-path }} \
          --parameters '${{ inputs.parameter }}' \
          --resource-group ${{ inputs.resource-group }}

Errors

Here is the GitHub Actions run output:

Run Azure/cli@v2
with:
inlineScript: export DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1
az deployment sub validate
--template-file bicep/00-main.bicep
--parameters '{}'
--location 'northeurope'

azcliversion: agentazcliversion

Error: Please enter a valid azure cli version.
See available versions: https://github.com/Azure/azure-cli/releases.
Error: Error: Please enter a valid azure cli version.
See available versions: https://github.com/Azure/azure-cli/releases.
Warning: Error: EISDIR: illegal operation on a directory, unlink '/home/runner/_work/_temp'
cleaning up container...
Warning: Error response from daemon: No such container: MICROSOFT_AZURE_CLI_1736852898359_CONTAINER

Issue script & Debug output

It works if replacing version to the oldest version: 2.67

AZ_VER=2.67.0
sudo apt-get update && sudo apt-get install -y azure-cli=${AZ_VER}-1~${AZ_DIST}

Expected behavior

Bicep Validate Job

Run Azure/cli@v2
with:
inlineScript: export DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1
az deployment sub validate
--template-file bicep/00-main.bicep
--parameters '{}'
--location 'northeurope'

azcliversion: agentazcliversion

Starting script execution via docker image mcr.microsoft.com/azure-cli:2.67.0
az script ran successfully.
cleaning up container...
MICROSOFT_AZURE_CLI_1736856936920_CONTAINER

Environment Summary

az cli 2.68

Additional context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    Auto-AssignAuto assign by botAuto-ResolveAuto resolve by botAzure Deploymentsaz deployment/bicep/stack/deployment-scripts/ts/group exportService AttentionThis issue is responsible by Azure service team.act-codegen-extensibility-squadbugThis issue requires a change to an existing behavior in the product in order to be resolved.customer-reportedIssues that are reported by GitHub users external to the Azure organization.

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions