azure-devops

Azure DevOps Pipelines

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "azure-devops" with this command: npx skills add bagelhole/devops-security-agent-skills/bagelhole-devops-security-agent-skills-azure-devops

Azure DevOps Pipelines

Build, test, and deploy applications using Azure Pipelines with YAML or classic editor.

When to Use This Skill

Use this skill when:

  • Creating CI/CD pipelines in Azure DevOps

  • Configuring build and release stages

  • Managing Azure DevOps service connections

  • Deploying to Azure or other cloud platforms

  • Setting up multi-stage YAML pipelines

Prerequisites

  • Azure DevOps organization and project

  • Service connections for target environments

  • Basic YAML understanding

  • Azure subscription (for Azure deployments)

YAML Pipeline Structure

Create azure-pipelines.yml in repository root:

trigger: branches: include: - main - develop paths: include: - src/*

pool: vmImage: 'ubuntu-latest'

variables: buildConfiguration: 'Release' nodeVersion: '20.x'

stages:

  • stage: Build jobs:

    • job: BuildJob steps:
      • task: NodeTool@0 inputs: versionSpec: $(nodeVersion)
      • script: | npm ci npm run build displayName: 'Build application'
      • publish: $(Build.ArtifactStagingDirectory) artifact: drop

  • stage: Deploy dependsOn: Build condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main')) jobs:

    • deployment: DeployWeb environment: 'production' strategy: runOnce: deploy: steps: - script: echo Deploying to production

Triggers

Branch Triggers

trigger: branches: include: - main - release/* exclude: - feature/* tags: include: - v*

Pull Request Triggers

pr: branches: include: - main paths: include: - src/* exclude: - docs/*

Scheduled Triggers

schedules:

  • cron: '0 2 * * *' displayName: 'Nightly build' branches: include: - main always: true

Jobs and Stages

Parallel Jobs

stages:

  • stage: Test jobs:

    • job: UnitTests pool: vmImage: 'ubuntu-latest' steps:

      • script: npm run test:unit

    • job: IntegrationTests pool: vmImage: 'ubuntu-latest' steps:

      • script: npm run test:integration

Matrix Strategy

jobs:

  • job: Build strategy: matrix: linux: vmImage: 'ubuntu-latest' windows: vmImage: 'windows-latest' mac: vmImage: 'macos-latest' pool: vmImage: $(vmImage) steps:
    • script: npm test

Job Dependencies

stages:

  • stage: Build jobs:
    • job: A steps:
      • script: echo Job A
    • job: B dependsOn: A steps:
      • script: echo Job B

Variables and Parameters

Variable Groups

variables:

  • group: 'production-secrets'
  • name: buildConfiguration value: 'Release'

Runtime Parameters

parameters:

  • name: environment displayName: 'Environment' type: string default: 'dev' values:
    • dev
    • staging
    • prod

stages:

  • stage: Deploy variables: env: ${{ parameters.environment }} jobs:
    • job: Deploy steps:
      • script: echo "Deploying to $(env)"

Secret Variables

variables:

  • name: mySecret value: $(SECRET_FROM_PIPELINE) # Set in pipeline settings

steps:

  • script: | echo "Using secret" ./deploy.sh env: API_KEY: $(mySecret)

Templates

Job Template

templates/build-job.yml

parameters:

  • name: nodeVersion default: '20'

jobs:

  • job: Build steps:
    • task: NodeTool@0 inputs: versionSpec: ${{ parameters.nodeVersion }}
    • script: npm ci && npm run build

Using Templates

azure-pipelines.yml

stages:

  • stage: Build jobs:
    • template: templates/build-job.yml parameters: nodeVersion: '20'

Stage Template

templates/deploy-stage.yml

parameters:

  • name: environment type: string
  • name: serviceConnection type: string

stages:

  • stage: Deploy_${{ parameters.environment }} jobs:
    • deployment: Deploy environment: ${{ parameters.environment }} strategy: runOnce: deploy: steps: - task: AzureWebApp@1 inputs: azureSubscription: ${{ parameters.serviceConnection }} appName: 'myapp-${{ parameters.environment }}'

Deployments

Environment Deployments

stages:

  • stage: DeployStaging jobs:
    • deployment: DeployWeb environment: 'staging' strategy: runOnce: deploy: steps: - download: current artifact: drop - script: ./deploy.sh staging

Approval Gates

Configure in Azure DevOps UI:

  • Go to Environments

  • Select environment

  • Add approval check

  • Configure approvers

Rolling Deployment

jobs:

  • deployment: Deploy environment: 'production' strategy: rolling: maxParallel: 2 deploy: steps: - script: ./deploy.sh

Azure Service Tasks

Azure Web App Deployment

  • task: AzureWebApp@1 inputs: azureSubscription: 'my-azure-connection' appType: 'webAppLinux' appName: 'my-web-app' package: '$(Pipeline.Workspace)/drop/*.zip'

Azure Container Apps

  • task: AzureContainerApps@1 inputs: azureSubscription: 'my-azure-connection' containerAppName: 'my-container-app' resourceGroup: 'my-rg' imageToDeploy: 'myregistry.azurecr.io/myapp:$(Build.BuildId)'

Azure Kubernetes Service

  • task: KubernetesManifest@0 inputs: action: 'deploy' kubernetesServiceConnection: 'my-aks-connection' namespace: 'default' manifests: | $(Pipeline.Workspace)/manifests/deployment.yml $(Pipeline.Workspace)/manifests/service.yml containers: | myregistry.azurecr.io/myapp:$(Build.BuildId)

Docker Builds

  • task: Docker@2 inputs: containerRegistry: 'my-acr-connection' repository: 'myapp' command: 'buildAndPush' Dockerfile: '**/Dockerfile' tags: | $(Build.BuildId) latest

Self-Hosted Agents

Install Agent

Download agent

mkdir myagent && cd myagent curl -o vsts-agent.tar.gz https://vstsagentpackage.azureedge.net/agent/3.227.2/vsts-agent-linux-x64-3.227.2.tar.gz tar zxvf vsts-agent.tar.gz

Configure

./config.sh --url https://dev.azure.com/myorg --auth pat --token PAT_TOKEN --pool default

Run as service

sudo ./svc.sh install sudo ./svc.sh start

Use Self-Hosted Pool

pool: name: 'my-self-hosted-pool' demands: - docker - Agent.OS -equals Linux

Common Issues

Issue: Service Connection Fails

Problem: Cannot authenticate to Azure Solution: Verify service principal permissions, check connection in project settings

Issue: Artifact Not Found

Problem: Download artifact fails Solution: Ensure publish task ran successfully, check artifact name matches

Issue: Environment Not Found

Problem: Deployment to environment fails Solution: Create environment in Pipelines > Environments first

Best Practices

  • Use YAML pipelines over classic editor

  • Implement templates for reusable components

  • Use variable groups for shared configuration

  • Configure environment approvals for production

  • Use service connections with minimal permissions

  • Implement artifact versioning

  • Cache dependencies for faster builds

Related Skills

  • github-actions - GitHub CI/CD alternative

  • terraform-azure - Azure IaC

  • azure-aks - AKS deployments

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

sops-encryption

No summary provided by upstream source.

Repository SourceNeeds Review
-31
bagelhole
Security

linux-administration

No summary provided by upstream source.

Repository SourceNeeds Review
-29
bagelhole
Security

linux-hardening

No summary provided by upstream source.

Repository SourceNeeds Review
-26
bagelhole