Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us at FabCon Vienna from September 15-18, 2025, for the ultimate Fabric, Power BI, SQL, and AI community-led learning event. Save €200 with code FABCOMM. Get registered

Reply
0_0
Frequent Visitor

Using Solely DevOps as the deployment source, what is the best approach to automate deployment

yesterday

I'm attempting to automate the deployment from DevOps to Fabric, I've read 2 relatively similar scenarios: 1 of which claimed that the usage of PAT's is the best approach as of now since we are unable to call upon UpdateFromGit using a service principal and another approach which contradicted the first approach and claimed that usage with service principals was the ideal sitation.

 

There's 2 samples of code which I've made to push from DevOps to Fabric:

Service Principal Approach:

trigger: none

pool:
  vmImage: 'windows-latest'

variables:
- group: your-keyvault-variable-group-name

steps:
- task: PowerShell@2
  displayName: 'Update Power BI Workspace from Git'
  inputs:
    targetType: 'inline'
    script: |
      $clientId = "$(fabric-client-id)"
      $clientSecret = "$(fabric-client-secret)"
      $tenantId = "$(fabric-tenant-id)"
      $workspaceId = "$(fabric-workspace-id)"
      $organization = "$(System.TeamFoundationCollectionUri)"
      $project = "$(System.TeamProject)"
      $repoId = "$(Build.Repository.ID)"
      $branch = "refs/heads/main"

      Write-Host "Fetching latest commit hash from branch: $branch"

      $authHeader = @{
        Authorization = "Bearer $env:SYSTEM_ACCESSTOKEN"
      }

      $commitUri = "$organization$project/_apis/git/repositories/$repoId/refs?filter=$branch&api-version=7.0"
      $commitResponse = Invoke-RestMethod -Uri $commitUri -Headers $authHeader -Method Get
      $commitHash = $commitResponse.value[0].objectId

      Write-Host "Latest commit hash: $commitHash"

      $body = @{
        grant_type    = "client_credentials"
        client_id     = $clientId
        client_secret = $clientSecret
        scope         = "https://api.fabric.microsoft.com/.default"
      }

      $tokenResponse = Invoke-RestMethod -Method Post -Uri "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" -Body $body
      $accessToken = $tokenResponse.access_token

      $headers = @{
        Authorization = "Bearer $accessToken"
        "Content-Type" = "application/json"
      }

      $body = @{
        remoteCommitHash = $commitHash
        conflictResolution = @{
          conflictResolutionType = "Workspace"
          conflictResolutionPolicy = "PreferWorkspace"
        }
        options = @{
          allowOverrideItems = $true
        }
      }

      $jsonBody = $body | ConvertTo-Json -Compress -Depth 10

      $uri = "https://api.fabric.microsoft.com/v1/workspaces/$workspaceId/git/updateFromGit"
      Write-Host "Calling Fabric API: $uri"
      $response = Invoke-RestMethod -Uri $uri -Method Post -Headers $headers -Body $jsonBody

      Write-Host "Response: $($response | ConvertTo-Json -Depth 10)"
  env:
    SYSTEM_ACCESSTOKEN: $(System.AccessToken)

 

PAT Approach:

trigger: none

pool:
  vmImage: 'windows-latest'

variables:
- group: credentials

steps:
- task: PowerShell@2
  displayName: 'Update Power BI Workspace from Git'
  inputs:
    targetType: 'inline'
    script: |
      $commitHash = "$(Build.SourceVersion)"
      Write-Host "Using commit hash: $commitHash"

      $pat = "$(demo-dev-2025)"
      $headers = @{
        Authorization = "Bearer $pat"
        "Content-Type" = "application/json"
      }

      $body = @{
        remoteCommitHash = $commitHash
        conflictResolution = @{
          conflictResolutionType = "Workspace"
          conflictResolutionPolicy = "PreferWorkspace"
        }
        options = @{
          allowOverrideItems = $true
        }
      }

      $jsonBody = $body | ConvertTo-Json -Compress -Depth 10

      $uri = "https://api.fabric.microsoft.com/v1/workspaces/$(PBI_WORKSPACE_ID)/git/updateFromGit"
      Write-Host "Calling Fabric API: $uri"
      $response = Invoke-RestMethod -Uri $uri -Method Post -Headers $headers -Body $jsonBody

      Write-Host "Response: $($response | ConvertTo-Json -Depth 10)"

 

Any references in using whichever approach is greatly appreciated.

 

Thanks!

Labels:
Message 1 of 3
73 Views
2 REPLIES 2
v-menakakota
Community Support
Community Support

12 hours ago

Hi  @0_0 ,

Thanks for reaching out to the Microsoft fabric community forum. 

 

I would also take a moment to thank @yaronprigal   , for actively participating in the community forum and for the solutions you’ve been sharing in the community forum. Your contributions make a real difference

Yes, using a Service Principal (SPN) is the recommended and more secure approach for automating deployments in Fabric.

Just to add: as of now, SPN-based UpDateFromGit works well with GitHub, but support for Azure DevOps Git repos via SPN is still pending. So if you're using Azure DevOps, you'll need to rely on a Personal Access Token (PAT) for now until SPN support is officially rolled out.

Best Regards, 
Menaka.
Community Support Team  

Message 3 of 3
14 Views
0
yaronprigal
Microsoft Employee
Microsoft Employee

yesterday

Hi, 

 

Check this article: https://learn.microsoft.com/en-us/fabric/cicd/git-integration/git-automation?tabs=user%2CADO

The SPN is the valid approach.

There is a support for SPN in case your git provider is GitHub.

The support for ADO will be released in couple of weeks.

Message 2 of 3
42 Views

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

June FBC25 Carousel

Fabric Monthly Update - June 2025

Check out the June 2025 Fabric update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All