Phase 01: CI/CD Setup
DOCUMENT CATEGORY: Phase Overview SCOPE: Source control project creation and CI/CD configuration PURPOSE: Establish deployment source control project with proper settings and environments
Status: Active Applies To: All Azure Local deployments Last Updated: 2026-03-19
Phase Purpose
Create the deployment source control project, configure project settings for secure deployments, create deployment environments, and configure environment-specific variables. This phase establishes the CI/CD foundation for infrastructure automation.
Prerequisites
Before starting this phase:
- Azure CLI installed and authenticated to target tenant
- Source control platform access with project/repo creation permissions
- Deployment information (organization name, tenant ID, subscription IDs)
- Access to Azure Local source control templates
Steps Overview
| Step | Title | Description |
|---|---|---|
| 1 | Bootstrap | Create CI/CD service principal and configure Azure access |
| 2 | Create Source Control Project | Create deployment repository with proper naming |
| 3 | Configure Project Settings | Set branch protection, merge/PR approvals, security settings |
| 4 | Create Environments | Create deployment environments for each target |
| 5 | Configure Environment Variables | Set environment-specific variables for deployments |
| 6 | Deploy Runners | Deploy self-hosted CI/CD runners to Azure |
Key Deliverables
| Deliverable | Description |
|---|---|
| Source Control Project | Deployment project/repository created from Azure Local template |
| Project Naming | Follows your organization's repository naming convention |
| Branch Protection | Main branch protected with PR/merge request requirements |
| Code Review | Configured approval rules for code review |
| Security Settings | Push rules, security scanning enabled |
| Environments | Deployment environments for each target (prod, dev, staging) |
| Variables | Environment-specific CI/CD variables configured |
| CI/CD Runners | Self-hosted runners deployed and registered in target Azure subscription |
Project Naming Convention
Use a consistent naming convention for deployment repositories. Example:
| Component | Format | Example |
|---|---|---|
| Organization Name | lowercase, hyphens | iic |
| Workload | infrastructure type | azurelocal |
| Full Name | <org>-azurelocal | iic-azurelocal |
Deployment Environments
Standard environments created for each deployment:
| Environment | Description | Use Case |
|---|---|---|
azr-prod-us | Production US region | Primary production deployments |
azr-dev-us | Development US region | Development/testing |
azr-prod-eu | Production EU region | European deployments (if applicable) |
azr-staging | Staging environment | Pre-production validation |
Project Settings Checklist
Branch Protection
- Main branch protected
- Force push disabled
- Deletion disabled
- Pull/merge requests required
Code Review
- Approvals required before merge
- All discussions must be resolved
- CI pipelines must succeed before merge
Security
- Push rules / branch policies configured
- Secret detection enabled
- SAST scanning enabled
- Dependency scanning enabled
Validation Checklist
- Source control project created with correct naming
- Project placed in correct organization/group
- Branch protection rules applied
- Code review approvals configured
- Security settings enabled
- Environments created
- Environment variables configured
- CI/CD runners deployed and registered
- Runners appear online in source control platform
- Test pipeline runs successfully
Next Steps
After completing Part 1, proceed to Part 2: Azure Foundation to establish the Azure cloud infrastructure including landing zones, networking, and security resources.