Azure DevOps Pipelines
DOCUMENT CATEGORY: Reference SCOPE: Azure DevOps CI/CD pipeline configurations PURPOSE: Document Azure DevOps pipelines for Azure Local deployments MASTER REFERENCE: Azure DevOps Documentation
Status: Active
Overview
Azure DevOps Pipelines configuration for Azure Local deployments. This is a sample equivalent of the primary GitLab CI/CD pipeline, adapted for Azure Pipelines with service connections, environment approvals, and the Terraform task extension.
Pipeline
File: pipelines/azure-devops/azure-local-deploy.yml
Stages
| Stage | Agent Pool | Approval | Description |
|---|---|---|---|
Validate | ubuntu-latest | None | Terraform validate + Ansible lint |
Plan | ubuntu-latest | None | Terraform plan with artifact |
DeployFoundation | ubuntu-latest | production environment | Terraform apply |
ConfigureOnPrem | AzureLocal-SelfHosted | production environment | Ansible site.yml |
ConfigureOperations | AzureLocal-SelfHosted | production environment | Monitoring + management playbooks |
Triggers
trigger:
branches:
include: [main]
paths:
include: ['src/terraform/**', 'src/ansible/**', 'config/variables/**']
Setup
1. Service Connection
Create an Azure Resource Manager service connection named AzureLocal-ServiceConnection:
- Project Settings → Service connections → New → Azure Resource Manager
- Select "Service principal (automatic)" or use an existing SPN
- Name:
AzureLocal-ServiceConnection - Scope: Target subscription
2. Variable Group
Create a variable group named azurelocal-secrets:
- Pipelines → Library → + Variable group
- Name:
azurelocal-secrets - Add variables:
| Variable | Secret | Description |
|---|---|---|
ARM_CLIENT_ID | No | Service Principal ID |
ARM_CLIENT_SECRET | Yes | Service Principal Secret |
ARM_TENANT_ID | No | Tenant ID |
ARM_SUBSCRIPTION_ID | No | Subscription ID |
TF_BACKEND_RG | No | Terraform state resource group |
TF_BACKEND_SA | No | Terraform state storage account |
3. Environment
Create a production environment with approval checks:
- Pipelines → Environments → New environment →
production - Add approval check with required reviewers
4. Self-Hosted Agent Pool
Create an agent pool named AzureLocal-SelfHosted:
- Organization Settings → Agent pools → Add pool
- Pool type: Self-hosted, Name:
AzureLocal-SelfHosted - Register an agent with on-premises network access
5. Terraform Extension
Install the Terraform extension from the marketplace:
- Organization Settings → Extensions → Browse marketplace
- Search "Terraform" → Install "Terraform by Microsoft DevLabs"
Key Features
- Service Connections: Azure auth via ARM service connection (no secrets in pipeline)
- Terraform Task v4: Native Terraform task with backend auto-configuration
- Environment Approvals: Deployment gates between stages
- Variable Groups: Centralized secret management
- Deployment Strategy:
runOncestrategy for controlled rollouts
Repository
Source: azurelocal-toolkit/pipelines/azure-devops/
Navigation
| Previous | Up | Next |
|---|---|---|
| GitHub Actions | Part 2: CI/CD Pipelines | Part 3: Automation Guides |