target definition
Tasks run in an execution context, which is either the agent host or a container.
Definitions that reference this definition: steps.task, steps.script, steps.powershell, steps.pwsh, steps.bash, steps.checkout, steps.download, steps.downloadBuild, steps.getPackage, steps.publish, steps.reviewApp
Implementations
| Implementation | Description |
|---|---|
| target: string | Environment in which to run this step or task. |
| target: container, commands, settableVariables | Configure step target with environment, and allowed list of commands and variables. |
| Implementation | Description |
|---|---|
| target: string | Environment in which to run this step or task. |
| target: container, commands | Configure step target with environment and allowed list of commands. |
Remarks
An individual step may override its context by specifying a target, and optionally configure a container, commands, and settable variables.
target: string
Specify a step target by name.
target: string # Environment in which to run this step or task.
target string.
Available options are the word host to target the agent host plus any containers defined in the pipeline.
target: container, commands, settableVariables
Configure step target using a container name, commands, and settable variables.
target:
container: string # Container to target (or 'host' for host machine).
commands: any | restricted # Set of allowed logging commands ('any' or 'restricted').
settableVariables: none | [ string ] # Restrictions on which variables that can be set.
Properties
container string.
Container to target (or 'host' for host machine).
commands string.
Set of allowed logging commands ('any' or 'restricted'). any | restricted.
settableVariables target.settableVariables.
Restrictions on which variables that can be set.
target: container, commands
Configure step target with environment and allowed list of commands.
target:
container: string # Container to target (or 'host' for host machine).
commands: any | restricted # Set of allowed logging commands ('any' or 'restricted').
Properties
container string.
Container to target (or 'host' for host machine).
commands string.
Set of allowed logging commands ('any' or 'restricted'). any | restricted.
Remarks
You don't need to configure all of these properties when configuring a step target. If not specified, the default value for container is host, the default value of commands is any, and the default value for settableVariables allows all variables to be set by a step.
Step targeting and command isolation
Azure Pipelines supports running jobs either in containers or on the agent host. Previously, an entire job was set to one of those two targets. Now, individual steps (tasks or scripts) can run on the target you choose. Steps may also target other containers, so a pipeline could run each step in a specialized, purpose-built container.
Note
This feature is in public preview. If you have any feedback or questions about this feature, let us know in the Developer Community.
Containers can act as isolation boundaries, preventing code from making unexpected changes on the host machine. The way steps communicate with and access services from the agent is not affected by isolating steps in a container. Therefore, we're also introducing a command restriction mode which you can use with step targets. Setting commands to restricted will restrict the services a step can request from the agent. It will no longer be able to attach logs, upload artifacts, and certain other operations.
Examples
The following example shows running steps on the host in a job container, and in another container.
resources:
containers:
- container: python
image: python:3.8
- container: node
image: node:13.2
jobs:
- job: example
container: python
steps:
- script: echo Running in the job container
- script: echo Running on the host
target: host
- script: echo Running in another container, in restricted commands mode
target:
container: node
commands: restricted