Using PowerShell to make Azure Automation Graphical Runbooks – Part 1


Last week saw the release of the Azure Automation Graphical SDK for creating graphical Runbooks programmatically. On its own, it is a library, represented by a single file,  Orchestrator.GraphRunbook.Model.dll. It contains the .NET components required to allow creation of a graphical runbook object, serialize it, then save it to a .graphrunbook file, suitable for importing into Azure Automation.

The SDK is by default installed to C:\Program Files (x86)\Microsoft Azure Automation Graphical Authoring SDK.

The examples given in the documentation that accompanies the download from Microsoft’s web page for this are in C#. This series will show how these same graphical runbooks can be generated in PowerShell.


The next few articles walk through how we can make a runbook, using an existing graphical runbook generated in the Azure Portal, Get-DiceThrow, as a point of reference. It then shows how an identical one can be programmatically made using PowerShell and the SDK.

The Existing Runbook

In the screenshot below is the graphical runbook we mentioned, Get-DiceThrow.

0 - GraphRunbook Design

Get-DiceThrow accepts as input two integer parameters, simulating the roll of two dice. It then identifies if one is greater than the other, or if they are both of the same value. Then, based on that, a message is displayed, describing the result.

When we’re looking at designing a graphical runbook via the SDK, it’s a good idea to first take a look at the structure of our existing one to get an insight of what it’s composed of. This helps later when development of the script starts.

To do this, the classes and properties that represent what we can see in Get-DiceThrow will be described.

Runbook Elements


A runbook, or more specifically a graphical runbook, is repesented by an instance of the the GraphRunbook class. This describes the runbook in its entirety, and consists of the properties Activities, Links, and Parameters. This last one refers to the runbook’s input an output parmeters (see below).

1 - GraphRunbook

Runbook Input and Output Parameters

Input and output parameters are defined by creating an one or more instances of a Parameter class and setting the Paramters property of the Runbook class.


The attributes for the name of the parameter, the parameters type, and whether it is mandatory or not are represented in the Parameter class by the properties of Name, Type, and Optional.

2 - Input and Output

Name, Type, and Optional


Workflow script activities are represented by the WorkflowScriptActivity class. From the image below (anti-clockwise from Label) , the associated properties are Name, Description, CheckPointAfter, and Process.

3 - WorkFlow Script


Links between activities use the aptly named class, Link. Links can either have conditions attached to them (restricting the use of the activity at the end of the link to situations where the condition’s expression evaluates to true), or be simple unconditional ones.

The settings in the image below (top to bottom) are referred to by the properties LinkType, Description,and Condition. Condition is another class, which contains the properties ConditionMode, to specify if a condition should be applied, and Expression for the conditional expression.

6 - Link

The next article will focus on the activities themselves, and the classes which inherit from them. This is probably the part that most of the development time will be spent on, since there is a substantial amount of configuration required.

Thanks for reading,



PowerShell and GitLab CI – Part 5


During the last article in this series on the use of PowerShell with GitLab, we noticed some displays on the build console, and some results from our build that was a bit unusual.

Today, I’m going to look a bit further into how the build engine works, which will also explain some of these results we are seeing.

How GitLab CI Runner Works

It would be logical to think that the PowerShell code is run in the same location or a subdirectory of the folder where the service file is, similar to Jenkins, but after a bit of investigation, I found out this is not the case.

To look further into what was happening, let’s add a line to the script section of the YAML file, and put a Start-Sleep command in.Make it ten minutes, to give enough time to remote onto the GitLab CI Runner, and do a search for our .ps1 file stored in a subdirectory of the repository.

Use the content below for our build file.

  • Save the changes
  • Add the updated file
  • Commit the changes
  • Push the changes
  • Navigate to the build section
  • Click on the commit

The job is running, and because of the Start-Sleep command, will continue to do so for the next ten minutes.

Part 5 - GitLab Job Running


  • Remote onto your build server (if it is not already the same system you are accessing GitLab from.
  • Go to the C:\Windows\Temp

There will be a folder name of the format Build_xxxxPart 5 - Temp Dir

  • Double click on the folder

Part 5 - Build Script Contents Dir

  • Within this folder is a script.ps1 file.
  • Open the file

Part 5 - The Script Code

The PowerShell code contained within the script: section of the YAML file is adjusted to make it suitable for returning the output we can see on the console window within a Gitlab job.

Looking at the code now, we can see that it has been changed significantly :

  • ErrorActionPreference has been set to ‘Stop‘.
  • Commands are in place to check to see if an error has occured, and if so to exit the script.  This will also result in the job being flagged as having failed.
  • Probably the most interesting of the changes is the frequent use of Echo command which mimics the command that follows it.

This explains several things to us :

  • How the console output is seen on the job screen
  • Some lines output appeared strange because variables were undefined at the stage when the Echo command ran

Because PowerShell returns all output from a function, it explains why were receive an array when the HappyHelloWorld function is called. It consists of the intented output, but also the Echo commands.

The use of a function in our build code now becomes a challenge or possibly could be perceived as something to be avoided, since we cannot guarantee the element in the array that will contain our desired output.  One way i’ve been able to get round this is to make the function return a PScustomobject, and make use of the -is operator outside of the function to obtain the value.

e.g. $functionOutput = $arrayReturned | Where {$PSItem -is [pscustomobject]}

However, I’ve found a better approach is to minimize the actual PowerShell commands that you use in the script, and instead create a Build folder within your repository which contains files with the actual commands that you wish to use for the build. These can be dotsourced to make them available from within the script, without the need for adding custom code to handle this.

There are many other aspects and configuration settings possible within GitLab, which lets you have powerful control over your build steps. Examples of this are defining the order of execution, ignoring errors, and setting the steps to be taken after each one.

It’s also worthwhile noting that these articles do not include the use of testing, which should be part of your chain of operations. If you are not already familiar with the use of Pester, I’d recommend taking a look at the documentation and examples on GitLab. Amongst others, Jakub Jareš has also written an excellent series of articles on its use, which you can find on

That’s it for this series of articles on the use of PowerShell and GitLab. Thanks for reading, and feel free to provide feedback.



PowerShell and GitLab CI – Part 4

Part 3 of this series on using PowerShell and GitLab CI gave us an initial insight into how to setup and run PowerShell code as part of a build script. During it, we were introduced to the YAML build file, .gitlab-ci.yml.

This article, and the following one will cover some of the gotchas I’ve encountered whilst getting to grips with this file, and how to get these working as you’d expect. Hopefully these will help save you some time setting these up.It will also touch on some oddities you might experience creating build scripts.


At this point, I’m going to continue to use the same project with the same job name, even though it will deviate from the original script we created earlier. This is to allow us to go through the situations I’ll mention slightly faster, and I’ll indicate for each example what the subject is about. Let’s begin!

Keep Things in Line

The YAML specification demands a bit extra attention to formatting of your build scripts. Keep your ‘-‘ and labels in line.


gitlab commit 1


gitlab commit 2

Don’t use the TAB character

Unless you are using an editor which automatically translate the use of the TAB key into spaces, your scripts will fail. Use normal spaces.


The script below, whilst appearing indentical to the one that succeeds, uses table characters for indentation.

gitlab commit 3


gitlab commit 4

Watch Out For ScriptBlocks

The formatting for the use of a scriptblock can sometimes be a bit confusing. The final brace that closes the scriptblock should not have a ‘-‘ prefixing it. Additionally, if there is only one line of code within the scriptblock, it is not neccessary to use this prefix (but see below)


gitlab commit 5


gitlab commit 6
And if we actually look a the build output, we will see the details.
You might be quite correctly thinking that something looks a bit unusual with the output. This will be covered shortly……..

gitlab commit 7

And a look at helloworld.txt to make sure it has worked correctly.
gitlab commit 8

You Must Use ‘-‘ For Any Code Within Braces If It Consists of More Than One Line

If you have any code that surrounds itself in braces, such as a scripblock, function, or reiteration action, it will execute successfully without using the ‘-‘ character if there is only one line. However, two or more lines of code will fail.



It is probably best to start using ‘-‘ even with one single line within braces.

The script works, but the output on the screen is even stranger!
gitlab commit13

But the results are good….
gitlab commit14

Watch for error handling

Watch your syntax if you are wanting to use a Try..Catch block
Also, code within


gitlab commit18


gitlab commit19

So the script has successfully executed. Again, the output on the screen is a bit strange, but let’s check the helloworld.txt file out.

gitlab commit20

However, the file itself has not been created, despite the fact that we know this should raise a division by zero error, which should mean the catch scriptblock is executed.

Functions Behave Differently Than You Would Expect

This final part is the greatest challenge i’ve come across so far, and deserves a bit extra detail. It will also be covered further in the next article in this series.

Let’s modify the build script more. Here’s the PowerShell we’re going to use :

Here, we’ve modified our build script by adding a function which returns a string, and then output it to the same text file we’ve been using previously. If you want, you can verify the PowerShell code in the ISE, and also that the helloworld.txt file has been successfully created.

This would be put into our build script like this :

And it builds successfully
gitlab commit15

So let’s take a look at helloworld.txt
gitlab commit16

This is strange!!! There is other items there that shouldn’t be. In fact, only the last line of the file should be there.

Let’s do a bit of detective work and see if we can get more information about what’s being returned. A good starting place would be to see if we are getting a multiline string or an array returned.

So let’s take a look at helloworld.txt
gitlab commit17

This is real strange, an array is being returned. But we know that only a string is returned from the function. In the next article, we’ll dig deeper into what’s actually happening during the build process, which will shed some light on some of the strange things we’ve been noticing. Then we’ll also take a look at Lint, and how we can use it carry out checking of our YAML files.

PowerShell and GitLab CI – Part 3

In part 1, and part 2 of this series, we covered the installation and configuration of pre-requistites, setting up our GitLab account and initial settings, and finally getting our Windows Runner installed and operational.

Today’s, I’ll give an overview of how GitLab uses build configuration files, how it is constructed, and setup our project in preparation for getting our first build complete.

GitLab Build Conifiguration

Previously, I’d been using Jenkin’s for my CI system, and immediately noticed how build configuration is different. With GitLab CI, the build file itself, .gitlab-ci.yml, is actually part of the repository. No webhook setup is necessary.

We also now have capabilities, such as not only having a dedicated runner per project, but per branch of our project, which we can control and manage directly from our repo.

Create a Demo PowerShell Script

Let’s setup a really simple script which we want to pass through the CI Engine.

  • Log back into the GitLab environment
  • Open your project

git - part 4 - 1 - login to git

Now launch the PowerShell ISE, and make the following script:

Save the file as HelloWorld.ps1 into the root of your repository (C:\temp\helloworld in my case)

Commit and Push to GitLab

We’ve added content to the repository, so lets go ahead and push the changes to GitLab.

  • Start a Bash session
  • Set your current current directory to the root of your repository
  • Enter the commands below

git - part 4 - 3 - pushing our changes

Now return to GitLab, and select Commits to confirm the commit has occurred.


To the right of the commit, you will see a red ‘x’ mark. You might think that this is an options to delete the commit that has been made, but it’s something else entirely.

git - part 4 - gitlab commit screen

Click on the red cross. Looking further down the screen we see an error message.

Found errors in your .gitlab-ci.yml:
Undefined yaml error
.gitlab-ci.yml not found in this commit

git - part 5 - gitlab commit and build details screen

As mentioned, .gitlab-ci.yml is the build file that stored within the repository itself. The commit has been successfully placed into source control, but because we enabled CI for this project, GitLab has also expected the build file to exist.

A Quick bit About YAML and gitlab-ci.yml

We’re now at the stage where we are wanting to design our build configuration file for the helloworld project.

Build actions for GitLab projects are stored within a file, .gitlab-ci.yml, which is placed in the root of a repository. This file uses YAML format, and describes the build actions and criteria. Those of you familiar with AppVeyor may be aware of this format of file, and the requirements it has to be successfully parsed.

You can read more about YAML on WikiPedia, and other sources.

As a newbie I struggled with this file, and it took me a whole day before I was able to get a successful build to occur (though it wasn’t helped by my build script being quite longer than our example). I’ll cover this file in a bit more detail, and the gotchas I’ve come across in a later blog. But for now, we’ll make a basic build file.

Building our gitlab-ci.yml file

Launch Notepad, and paste the following text into it:

Our configuration file consists of a label at the top, which identifies the name of the build, the script to be executed, and uses a tag of ‘Windows’ to identify the Runner to be used.

You might be wondering why I placed :

in the build script instead of directly into the PowerShell script. The reason for this is simply to demonstrate how we can actually use PowerShell within our build script, and not just call PowerShell scripts.

  • Save the file as .gitlab-ci.yml within the repository, and return to Bash.
  • Add, commmit, and push this file to GitLab.


Let’s take a look at the status of this build from GitLab. What’s particularly interesting here is that the actual command within the the script section of the build file is displayed. More about that later….


So our build has reported as being successfully, and if we take a look at C:\Windows\Temp on our build server, the file is there. Our first experience with GitLab CI is complete! 🙂


Coming Soon….

The next article in the series will cover some difficulties i’ve had getting to grips with GitLab CI, and how I was able to go from this :


To :


Thanks for reading. Comments, errors and any feedback always welcome.



PowerShell and GitLab CI – Part 2

Setting up a Windows GitLab Runner

Part 1 of this series on PowerShell and GitLab CI saw us setup our GIT client configuration, register and configure GitLab for our sample project, and then perform an initial clone of the project just created.

Todays blog covers the setup of a Gitlab Runner.

What is a GitLab Runner?

Quite simply, a GitLab Runner is an application which processes builds. On a Windows system, a GitLab Runner operates as a dedicated service.  Because it communicates with GitLab CI through an API, there is no requirement to have the Runner on the same server on which you have GitLab CI installed.  Runners can be setup on various operating systems, and additionally process multiple languages.

GitLab CI can use one or more Runners. This makes it not only handy when we are working in a heterogenuous environment, but also where we wish designated severs for our development, testing, acceptance, and production arenas.

Runners can be assigned per project, which gives us further flexibility. I find this very helpful, working in an environment with multiple untrusted forests. All I need to do is register a Runner in the respective forest, and then assign it to a project for that.


Before we download and install the Windows Runner software, we need to get an identifier from GitLab. This will be used to associate a runner with a project.

  • Log back into GitLab
  • Click {yourname} / helloworld
  • Click Runners on the left hand pane
  • Copy the registration token in section 3 of How to setup a new project specific runner into the clipboard.

git3 - part 1

git3 - part 2

Installing and Configuring the Runner

Now we’ll actually get the runner operational on our build server.

  • Move gitlab-ci-multi-runner-windowsd-amd64.exe to a suitable directory. Note that this will be the directory from which the service runs. As this is a demo, I am going to place it in the Temp folder of my C: drive.

git3 - part 3

  • Start PowerShell as an administrator
  • Use Set-Location to set the current directory to the location of the file mentioned above
  • Use the command below to launch the configuration utility

You’ll now be prompted for input some information

  • coordinator URL :
  • token : <paste the registration token you copied to the clipboard>
  • description : hellowworldrunner
  • tags : windows
  • executor : shell

Coordinator URL refers to the location that the runner looks to for communication with GitLabCI, Token the unique identifier that is used to identify your runner. Tags allow you to control when a job does or doesn’t build on a runner, and the executor refers to the type of script it will process.

  • If you are prompted for your current password, enter this as well.

git3 - part 4

  • Launch services
  • Find the service with the name of gitlab-runner

git3 - part 5

Note is the service is registered to run in the current context of your account.

Unless you have any specific need to keep the gitlab-runner service running in this context, carry out the following:

  • Stop the service
  • Change the Log On as: setting to the account you want it to run under. (In my case, I just set it to Local System Account.)
  • Start the service

git3 - part 6

That’s the Runner setup, and ready to be used, but first took a look at the location where the process runs from.

You should see a file there new called config.toml. This file contains the configuration settings that the Runner uses. It’s plain text, so you can open it in Notepad. It details the number of concurrent runners, the url of the gitlab cim, the token we used earlier for registration, name of the runnier, and other configuration data.

Now return to GitLab, and the Runners section we were just on, and press F5 to refresh the screen.

The helloworld runner should now be registered for this project!

git3 - part 7

In part 3 of this series, we’ll create our first GitLab CI build file, which will run a basic PowerShell script.

PowerShell and GitLab CI – Part 1

GitLab 8 adds built in CI as an option, making a single instance of GitLab not only for use as a version control system, but also a continuous integration solution. GitLab is available for both use over the internet, and also locally hosted. These posts will cover the use of the internet service.

The next few posts will detail how I set this up for use with PowerShell, tested it, and some of the gotchas I came across. Todays one will cover the pre-requisites I needed to setup, and initial configuration for a new project.

Git Client

Naturally, in order to perform our GIT operations we’ll need some type of client installed. Some options available are :

NB At the point of writing this articule Posh-Git is included in the Github Desktop client, which may give you the best of both worlds.

My choice of client at the moment is Git for Windows and using the Bash CLI. I’ve still to take a proper look at Posh-Git, but it’s in the pipeline….

SSH Keys

Using the Bash console, you can create a set of SSH keys, which are going to be used later. Starting a Bash session with Git for Windows can be done by right clicking within any Explorer window, and selecting Git Bash Here

Opening a Bash session

Opening a Bash session

With the session open, type the following :

Creating the SSH keys

Creating the SSH keys

This creates a public and private key. If you accept the defaults, a folder called .ssh will be created in the root of your user profile. Within this, you will find two files, and id_rsa. The first of these will be used later when we are creating a test repository.

Register with GitLab

  • Browse to
  • Follow the on-screen instructions to register
  • Open the .pub public key file created earlier, and copy it into the clipboard
  • Login to Gitlab

Step 3 - Initial Login After Registering

  • Click Profile Settings
  • Click SSH Keys.
  • Click ADD SSH KEY
  • Paste your public key into the Key box
  • In the Name box enter a descriptive name of your choice
  • Click ADD KEY.

Step 4 - Adding SSH Keys

  • Click Back to dashboard

Creating the Project

On this screen, we can import existing projects from other sources, such as GitHub, but for now, we’ll create a new one.

  • Click + NEW PROJECT
  • Enter HelloWorld into the Project path box
  • If you wish, enter text describing the project in the Description box

Step 5 - Create New Project

This will then take us to the project page of HelloWorld. If you further scroll down the page, commands for us to setup our repository locally are detailed.

Step 6 - Project Page

Now startup a BASH session, and change to a directory where you want to create this sample repository. Use the commands provided in the above, from  Create a new repository.

The first time that you perform the GIT CLONE command, you will be prompted if you trust the authenticity of the host, Enter Yes. This information will then be recorded in a known_hosts file, which is placed within the .ssh folder referred to previously.

Once complete, close your BASH session.

Step 7 - Creating the repository

With the project created, and the repository locally cloned, we’ll go into the projects settings and enable the CI options.

  • Click Settings
  • Click Services

Step 8 - Configure Gitlab CI

  • Click Gitlab CI
  • Check Active
  • Click SAVE

When you do this, a green circle will appear next to GitLab CI on the right. New options will also appear on the left side, including Runners, CI Web Hooks, CI Settings, CI Services, and CI Events.

Step 9 - Enable Gitlab CI

  • Click CI Services
  • Click Mail

The Mail option is used to send an email when a build process has completed. Mail is enabled by default, but only for builds that do not succeed. I find it handy to have this enabled for all builds. If you wish to do this.

  • Select the Notify check box
  • Click to clear the Notify check box.
  • Click SAVE.

Step 10 - Enable Mail

That’s it for day 1. In the next article in this series we’ll deploy and configure a Windows Runner, and take a look at the options available.