From 736b892cf675d1362c19f6a963a3ca2032a209b7 Mon Sep 17 00:00:00 2001
From: Heath Stewart <heaths@microsoft.com>
Date: Tue, 27 May 2025 15:10:13 -0700
Subject: [PATCH] Make sure we print env vars for JSON ARM templates

Fixes #10734
---
 .../TestResources/TestResources-Helpers.ps1   | 43 ++++++++++---------
 1 file changed, 22 insertions(+), 21 deletions(-)

diff --git a/eng/common/TestResources/TestResources-Helpers.ps1 b/eng/common/TestResources/TestResources-Helpers.ps1
index cbe047ebc5f1..ce16b7767907 100644
--- a/eng/common/TestResources/TestResources-Helpers.ps1
+++ b/eng/common/TestResources/TestResources-Helpers.ps1
@@ -264,9 +264,10 @@ function SetDeploymentOutputs(
 ) {
     $deploymentEnvironmentVariables = $environmentVariables.Clone()
     $deploymentOutputs = BuildDeploymentOutputs $serviceName $azContext $deployment $deploymentEnvironmentVariables
+    $isBicep = $templateFile.originalFilePath -and $templateFile.originalFilePath.EndsWith(".bicep")
 
-    if ($OutFile) {
-        if ($IsWindows -and $Language -eq 'dotnet') {
+    # Azure SDK for .NET on Windows uses DPAPI-encrypted, JSON-encoded environment variables.
+    if ($OutFile -and $IsWindows -and $Language -eq 'dotnet') {
             $outputFile = "$($templateFile.originalFilePath).env"
 
             $environmentText = $deploymentOutputs | ConvertTo-Json;
@@ -276,29 +277,29 @@ function SetDeploymentOutputs(
             Set-Content $outputFile -Value $protectedBytes -AsByteStream -Force
 
             Write-Host "Test environment settings`n$environmentText`nstored into encrypted $outputFile"
+    }
+    # Any Bicep template in a repo that has opted into .env files.
+    elseif ($OutFile -and $isBicep) {
+        $bicepTemplateFile = $templateFile.originalFilePath
+
+        # Make sure the file would not write secrets to .env file.
+        if (!(LintBicepFile $bicepTemplateFile)) {
+            Write-Error "$bicepTemplateFile may write secrets. No file written."
         }
-        elseif ($templateFile.originalFilePath -and $templateFile.originalFilePath.EndsWith(".bicep")) {
-            $bicepTemplateFile = $templateFile.originalFilePath
+        $outputFile = $bicepTemplateFile | Split-Path | Join-Path -ChildPath '.env'
 
-            # Make sure the file would not write secrets to .env file.
-            if (!(LintBicepFile $bicepTemplateFile)) {
-                Write-Error "$bicepTemplateFile may write secrets. No file written."
+        # Make sure the file would be ignored.
+        git check-ignore -- "$outputFile" > $null
+        if ($?) {
+            $environmentText = foreach ($kv in $deploymentOutputs.GetEnumerator()) {
+                "$($kv.Key)=`"$($kv.Value)`""
             }
-            $outputFile = $bicepTemplateFile | Split-Path | Join-Path -ChildPath '.env'
 
-            # Make sure the file would be ignored.
-            git check-ignore -- "$outputFile" > $null
-            if ($?) {
-                $environmentText = foreach ($kv in $deploymentOutputs.GetEnumerator()) {
-                    "$($kv.Key)=`"$($kv.Value)`""
-                }
-
-                Set-Content $outputFile -Value $environmentText -Force
-                Write-Host "Test environment settings`n$environmentText`nstored in $outputFile"
-            }
-            else {
-                Write-Error "$outputFile is not ignored by .gitignore. No file written."
-            }
+            Set-Content $outputFile -Value $environmentText -Force
+            Write-Host "Test environment settings`n$environmentText`nstored in $outputFile"
+        }
+        else {
+            Write-Error "$outputFile is not ignored by .gitignore. No file written."
         }
     }
     else {