azure-devops

📁 bagelhole/devops-security-agent-skills 📅 9 days ago

总安装量

周安装量

#41260

全站排名

安装命令

npx skills add https://github.com/bagelhole/devops-security-agent-skills --skill azure-devops

Agent 安装分布

opencode 1

codex 1

claude-code 1

Skill 文档

Azure DevOps Pipelines

Build, test, and deploy applications using Azure Pipelines with YAML or classic editor.

When to Use This Skill

Use this skill when:

Creating CI/CD pipelines in Azure DevOps
Configuring build and release stages
Managing Azure DevOps service connections
Deploying to Azure or other cloud platforms
Setting up multi-stage YAML pipelines

Prerequisites

Azure DevOps organization and project
Service connections for target environments
Basic YAML understanding
Azure subscription (for Azure deployments)

YAML Pipeline Structure

Create azure-pipelines.yml in repository root:

trigger:
  branches:
    include:
      - main
      - develop
  paths:
    include:
      - src/*

pool:
  vmImage: 'ubuntu-latest'

variables:
  buildConfiguration: 'Release'
  nodeVersion: '20.x'

stages:
  - stage: Build
    jobs:
      - job: BuildJob
        steps:
          - task: NodeTool@0
            inputs:
              versionSpec: $(nodeVersion)
          - script: |
              npm ci
              npm run build
            displayName: 'Build application'
          - publish: $(Build.ArtifactStagingDirectory)
            artifact: drop

  - stage: Deploy
    dependsOn: Build
    condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
    jobs:
      - deployment: DeployWeb
        environment: 'production'
        strategy:
          runOnce:
            deploy:
              steps:
                - script: echo Deploying to production

Triggers

Branch Triggers

trigger:
  branches:
    include:
      - main
      - release/*
    exclude:
      - feature/*
  tags:
    include:
      - v*

Pull Request Triggers

pr:
  branches:
    include:
      - main
  paths:
    include:
      - src/*
    exclude:
      - docs/*

Scheduled Triggers

schedules:
  - cron: '0 2 * * *'
    displayName: 'Nightly build'
    branches:
      include:
        - main
    always: true

Jobs and Stages

Parallel Jobs

stages:
  - stage: Test
    jobs:
      - job: UnitTests
        pool:
          vmImage: 'ubuntu-latest'
        steps:
          - script: npm run test:unit
      
      - job: IntegrationTests
        pool:
          vmImage: 'ubuntu-latest'
        steps:
          - script: npm run test:integration

Matrix Strategy

jobs:
  - job: Build
    strategy:
      matrix:
        linux:
          vmImage: 'ubuntu-latest'
        windows:
          vmImage: 'windows-latest'
        mac:
          vmImage: 'macos-latest'
    pool:
      vmImage: $(vmImage)
    steps:
      - script: npm test

Job Dependencies

stages:
  - stage: Build
    jobs:
      - job: A
        steps:
          - script: echo Job A
      - job: B
        dependsOn: A
        steps:
          - script: echo Job B

Variables and Parameters

Variable Groups

variables:
  - group: 'production-secrets'
  - name: buildConfiguration
    value: 'Release'

Runtime Parameters

parameters:
  - name: environment
    displayName: 'Environment'
    type: string
    default: 'dev'
    values:
      - dev
      - staging
      - prod

stages:
  - stage: Deploy
    variables:
      env: ${{ parameters.environment }}
    jobs:
      - job: Deploy
        steps:
          - script: echo "Deploying to $(env)"

Secret Variables

variables:
  - name: mySecret
    value: $(SECRET_FROM_PIPELINE)  # Set in pipeline settings

steps:
  - script: |
      echo "Using secret"
      ./deploy.sh
    env:
      API_KEY: $(mySecret)

Templates

Job Template

# templates/build-job.yml
parameters:
  - name: nodeVersion
    default: '20'

jobs:
  - job: Build
    steps:
      - task: NodeTool@0
        inputs:
          versionSpec: ${{ parameters.nodeVersion }}
      - script: npm ci && npm run build

Using Templates

# azure-pipelines.yml
stages:
  - stage: Build
    jobs:
      - template: templates/build-job.yml
        parameters:
          nodeVersion: '20'

Stage Template

# templates/deploy-stage.yml
parameters:
  - name: environment
    type: string
  - name: serviceConnection
    type: string

stages:
  - stage: Deploy_${{ parameters.environment }}
    jobs:
      - deployment: Deploy
        environment: ${{ parameters.environment }}
        strategy:
          runOnce:
            deploy:
              steps:
                - task: AzureWebApp@1
                  inputs:
                    azureSubscription: ${{ parameters.serviceConnection }}
                    appName: 'myapp-${{ parameters.environment }}'

Deployments

Environment Deployments

stages:
  - stage: DeployStaging
    jobs:
      - deployment: DeployWeb
        environment: 'staging'
        strategy:
          runOnce:
            deploy:
              steps:
                - download: current
                  artifact: drop
                - script: ./deploy.sh staging

Approval Gates

Configure in Azure DevOps UI:

Go to Environments
Select environment
Add approval check
Configure approvers

Rolling Deployment

jobs:
  - deployment: Deploy
    environment: 'production'
    strategy:
      rolling:
        maxParallel: 2
        deploy:
          steps:
            - script: ./deploy.sh

Azure Service Tasks

Azure Web App Deployment

- task: AzureWebApp@1
  inputs:
    azureSubscription: 'my-azure-connection'
    appType: 'webAppLinux'
    appName: 'my-web-app'
    package: '$(Pipeline.Workspace)/drop/*.zip'

Azure Container Apps

- task: AzureContainerApps@1
  inputs:
    azureSubscription: 'my-azure-connection'
    containerAppName: 'my-container-app'
    resourceGroup: 'my-rg'
    imageToDeploy: 'myregistry.azurecr.io/myapp:$(Build.BuildId)'

Azure Kubernetes Service

- task: KubernetesManifest@0
  inputs:
    action: 'deploy'
    kubernetesServiceConnection: 'my-aks-connection'
    namespace: 'default'
    manifests: |
      $(Pipeline.Workspace)/manifests/deployment.yml
      $(Pipeline.Workspace)/manifests/service.yml
    containers: |
      myregistry.azurecr.io/myapp:$(Build.BuildId)

Docker Builds

- task: Docker@2
  inputs:
    containerRegistry: 'my-acr-connection'
    repository: 'myapp'
    command: 'buildAndPush'
    Dockerfile: '**/Dockerfile'
    tags: |
      $(Build.BuildId)
      latest

Self-Hosted Agents

Install Agent

# Download agent
mkdir myagent && cd myagent
curl -o vsts-agent.tar.gz https://vstsagentpackage.azureedge.net/agent/3.227.2/vsts-agent-linux-x64-3.227.2.tar.gz
tar zxvf vsts-agent.tar.gz

# Configure
./config.sh --url https://dev.azure.com/myorg --auth pat --token PAT_TOKEN --pool default

# Run as service
sudo ./svc.sh install
sudo ./svc.sh start

Use Self-Hosted Pool

pool:
  name: 'my-self-hosted-pool'
  demands:
    - docker
    - Agent.OS -equals Linux

Common Issues

Issue: Service Connection Fails

Problem: Cannot authenticate to Azure Solution: Verify service principal permissions, check connection in project settings

Issue: Artifact Not Found

Problem: Download artifact fails Solution: Ensure publish task ran successfully, check artifact name matches

Issue: Environment Not Found

Problem: Deployment to environment fails Solution: Create environment in Pipelines > Environments first

Best Practices

Use YAML pipelines over classic editor
Implement templates for reusable components
Use variable groups for shared configuration
Configure environment approvals for production
Use service connections with minimal permissions
Implement artifact versioning
Cache dependencies for faster builds

Related Skills

github-actions – GitHub CI/CD alternative
terraform-azure – Azure IaC
azure-aks – AKS deployments

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台