Azure DevOps Pipelines

This page covers the specifics for the Azure DevOps (ADO) pipelines created by using the Starter Kit. Pipelines can be further customized based on requirements. Guidance provided is for the simplified GitHub Flow as documented in the branching flows. Documentation on the Release Flow pipelines will be made available in a future release.

Note

App Registration Setup is a pre-requisite.

Service connections for the Service Principals

Create ADO service connections for each of the previously created App Registrations. You will need to retrieve the credential for the Service Principal that Azure Devops will use for Authentication. This can be either a Client Secret, a X509 certificate, or a Federated Credential. For more information on these options, refer to the Application Credentials

Pipeline Templates

The provided Azure DevOps pipelines utilize the template functionality to create re-usable components that are shared between pipeline files. More details on Azure DevOps Pipelines Templates can be found in the Azure DevOps Documentation

GitHub Flow Pipeline

If utilizing the GitHub flow branching strategy, three pipeline files are created: - epac-dev-pipeline - epac-tenant-pipeline - epac-remediation-pipeline

epac-dev-pipeline

This represents the Develop Policy Resources in a Feature Branch flow as described in Branching Flows. In general, The EPAC-Dev pipeline is configured to run when any change is pushed to a feature/* branch. It runs across three (3) stages: Plan, Deploy & Tenant Plan.

epac-tenant-pipeline

This represents the Simplified GitHub Flow for Deployment as described in Branching Flows. In general, The epac-tenant-pipeline is configured to run when any change is pushed to main and runs across three (3) stages: Plan, Deploy Policy & Deploy Roles. The Deploy stages utilize Azure DevOps environments to configure approval gates

epac-remediation-pipeline

This pipeline runs on a schedule to automatically start remediation tasks for each environment.