azureazure-devops

Azure Devops Powershell task force it to not create ps1 file

When my Azure Devops YML task is executed, it tries to create it's own ps1 file under _temp even though i provided filePath to my ps1 file.

My company's cyber sec. is not OK to whitelist entire _temp folder to allow random ps1 files which Azure Devops is creating.

I checked documentation, there is no mention of such _temp thing.

Is there any way to force Azure devops so it will execute PS1 file directory instead of creating its own PS1 file.

steps:
- task: PowerShell@2
  inputs:
    targetType: 'filePath'
    filePath: D:\Apps\myagent\Script\sendEmail.ps1
Solution

  • You can run your own .ps1 script directly without generating a temporary file. I tested this approach in my test environment without creating .ps1 files in the _temp folder. This method allows you to maintain full control, especially for tasks like sending emails using PowerShell.

    I tested this on my self-hosted linux agent the below is the working workaround that doesn't create any .ps1 files in the _temp folder.

    I used CmdLine@2 to call pwsh -file myscript.ps1:

    trigger:
- main

pool:
name: self-hosted 

jobs:
- job: send_email_job
displayName: Run email script from file
steps:
- task: CmdLine@2
displayName: "Run PowerShell script on Linux agent"
inputs:
script: |
pwsh -ExecutionPolicy Bypass -File ~/scripts/sendEmail.ps1

    Replace ~/scripts/sendEmail.ps1 with the path to your script file on the agent.

    If you already have your agent got setuped you can directly run the pipeline by using the CmDLine@2 meathod.

    The script i used for test purpose:

    Write-Host "=== Starting Email Script ==="

# === Config ===
$smtpServer = "smtp.gmail.com"
$smtpPort = 587
$smtpUser = "xyz@gmail.com"
$smtpPassword = "sbyb uovz xpka gxki"  # Use an App Password, not your main password
$to = "xxxx@xxx.com"
$subject = "Test Email from Azure DevOps Linux Agent"
$body = "Hello! This is a test email sent from a Linux self-hosted agent using PowerShell."

# === Send Email ===
try {
    $securePassword = ConvertTo-SecureString $smtpPassword -AsPlainText -Force
    $credential = New-Object System.Management.Automation.PSCredential($smtpUser, $securePassword)

    Send-MailMessage -From $smtpUser -To $to -Subject $subject -Body $body -SmtpServer $smtpServer -Port $smtpPort -UseSsl -Credential $credential

    Write-Host "Email sent successfully."
} catch {
    Write-Error "Failed to send email: $_"
}

    Make sure the powershell 7 (pwsh) is installed on the agent

    Then run YAML pipeline the script using CmdLine@2.

    Output: enter image description here

    enter image description here The script runs from your custom path, for me it (~/scripts/sendEmail.ps1) nothing gets created in $(Agent.TempDirectory) like *.ps1, you can check the folder it remains clean /home/youruser/azdo-agent/_work/_temp.