I'm attempting to automate the deployment from DevOps to Fabric, I've read 2 relatively similar scenarios: 1 of which claimed that the usage of PAT's is the best approach as of now since we are unable to call upon UpdateFromGit using a service principal and another approach which contradicted the first approach and claimed that usage with service principals was the ideal sitation.
There's 2 samples of code which I've made to push from DevOps to Fabric:
Service Principal Approach:
trigger: none
pool:
vmImage: 'windows-latest'
variables:
- group: your-keyvault-variable-group-name
steps:
- task: PowerShell@2
displayName: 'Update Power BI Workspace from Git'
inputs:
targetType: 'inline'
script: |
$clientId = "$(fabric-client-id)"
$clientSecret = "$(fabric-client-secret)"
$tenantId = "$(fabric-tenant-id)"
$workspaceId = "$(fabric-workspace-id)"
$organization = "$(System.TeamFoundationCollectionUri)"
$project = "$(System.TeamProject)"
$repoId = "$(Build.Repository.ID)"
$branch = "refs/heads/main"
Write-Host "Fetching latest commit hash from branch: $branch"
$authHeader = @{
Authorization = "Bearer $env:SYSTEM_ACCESSTOKEN"
}
$commitUri = "$organization$project/_apis/git/repositories/$repoId/refs?filter=$branch&api-version=7.0"
$commitResponse = Invoke-RestMethod -Uri $commitUri -Headers $authHeader -Method Get
$commitHash = $commitResponse.value[0].objectId
Write-Host "Latest commit hash: $commitHash"
$body = @{
grant_type = "client_credentials"
client_id = $clientId
client_secret = $clientSecret
scope = "https://api.fabric.microsoft.com/.default"
}
$tokenResponse = Invoke-RestMethod -Method Post -Uri "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" -Body $body
$accessToken = $tokenResponse.access_token
$headers = @{
Authorization = "Bearer $accessToken"
"Content-Type" = "application/json"
}
$body = @{
remoteCommitHash = $commitHash
conflictResolution = @{
conflictResolutionType = "Workspace"
conflictResolutionPolicy = "PreferWorkspace"
}
options = @{
allowOverrideItems = $true
}
}
$jsonBody = $body | ConvertTo-Json -Compress -Depth 10
$uri = "https://api.fabric.microsoft.com/v1/workspaces/$workspaceId/git/updateFromGit"
Write-Host "Calling Fabric API: $uri"
$response = Invoke-RestMethod -Uri $uri -Method Post -Headers $headers -Body $jsonBody
Write-Host "Response: $($response | ConvertTo-Json -Depth 10)"
env:
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
PAT Approach:
trigger: none
pool:
vmImage: 'windows-latest'
variables:
- group: credentials
steps:
- task: PowerShell@2
displayName: 'Update Power BI Workspace from Git'
inputs:
targetType: 'inline'
script: |
$commitHash = "$(Build.SourceVersion)"
Write-Host "Using commit hash: $commitHash"
$pat = "$(demo-dev-2025)"
$headers = @{
Authorization = "Bearer $pat"
"Content-Type" = "application/json"
}
$body = @{
remoteCommitHash = $commitHash
conflictResolution = @{
conflictResolutionType = "Workspace"
conflictResolutionPolicy = "PreferWorkspace"
}
options = @{
allowOverrideItems = $true
}
}
$jsonBody = $body | ConvertTo-Json -Compress -Depth 10
$uri = "https://api.fabric.microsoft.com/v1/workspaces/$(PBI_WORKSPACE_ID)/git/updateFromGit"
Write-Host "Calling Fabric API: $uri"
$response = Invoke-RestMethod -Uri $uri -Method Post -Headers $headers -Body $jsonBody
Write-Host "Response: $($response | ConvertTo-Json -Depth 10)"
Any references in using whichever approach is greatly appreciated.
Thanks!
