Skip to content

Azure DevOps

This page provides a complete azure-pipelines.yml for deploying Unified Data Platform Deployment with Azure DevOps, along with the variable group and environment setup it requires. The pipeline covers validate, staging, and production stages with approval gates.


1. Pipeline definition

The pipeline runs the following stages:

Stage Environment Trigger condition Approval
Validate (none) Every PR and push None
DeployDev dev Merge to main, after Validate None
DeployStaging staging After DeployDev succeeds None
DeployProd production After DeployStaging succeeds Required approvers

Create azure-pipelines.yml in your repo root:

trigger:
  branches:
    include:
      - main
  paths:
    include:
      - udp.yml
      - notebooks/*
      - sql/*
      - agent/*

pool:
  vmImage: 'ubuntu-latest'

variables:
  - group: udp-credentials

stages:
  # ──────────────────────────────────────────
  # Validate (runs on every PR and push)
  # ──────────────────────────────────────────
  - stage: Validate
    displayName: 'Validate Deployment'
    jobs:
      - job: Validate
        steps:
          - task: UseDotNet@2
            inputs:
              packageType: 'sdk'
              version: '9.x'

          - script: dotnet tool install --global udp-cicd
            displayName: 'Install udp-cicd'

          - script: udp-cicd validate
            displayName: 'Validate udp.yml'

          - script: udp-cicd plan --target dev
            displayName: 'Plan dev deployment'
            env:
              AZURE_TENANT_ID: $(AZURE_TENANT_ID)
              AZURE_CLIENT_ID: $(AZURE_CLIENT_ID)
              AZURE_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)

  # ──────────────────────────────────────────
  # Deploy to Dev (auto on merge to main)
  # ──────────────────────────────────────────
  - stage: DeployDev
    displayName: 'Deploy to Dev'
    dependsOn: Validate
    condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
    jobs:
      - deployment: DeployDev
        environment: 'dev'
        strategy:
          runOnce:
            deploy:
              steps:
                - checkout: self

                - task: UseDotNet@2
                  inputs:
                    packageType: 'sdk'
                    version: '9.x'

                - script: dotnet tool install --global udp-cicd
                  displayName: 'Install udp-cicd'

                - script: udp-cicd deploy --target dev -y
                  displayName: 'Deploy to dev'
                  env:
                    AZURE_TENANT_ID: $(AZURE_TENANT_ID)
                    AZURE_CLIENT_ID: $(AZURE_CLIENT_ID)
                    AZURE_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)

                - script: udp-cicd status --target dev
                  displayName: 'Check status'
                  env:
                    AZURE_TENANT_ID: $(AZURE_TENANT_ID)
                    AZURE_CLIENT_ID: $(AZURE_CLIENT_ID)
                    AZURE_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)

  # ──────────────────────────────────────────
  # Deploy to Staging (with quality gate)
  # ──────────────────────────────────────────
  - stage: DeployStaging
    displayName: 'Deploy to Staging'
    dependsOn: DeployDev
    jobs:
      - deployment: DeployStaging
        environment: 'staging'
        strategy:
          runOnce:
            deploy:
              steps:
                - checkout: self

                - task: UseDotNet@2
                  inputs:
                    packageType: 'sdk'
                    version: '9.x'

                - script: dotnet tool install --global udp-cicd
                  displayName: 'Install udp-cicd'

                - script: udp-cicd deploy --target staging -y
                  displayName: 'Deploy to staging'
                  env:
                    AZURE_TENANT_ID: $(AZURE_TENANT_ID)
                    AZURE_CLIENT_ID: $(AZURE_CLIENT_ID)
                    AZURE_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)

  # ──────────────────────────────────────────
  # Deploy to Prod (manual approval)
  # ──────────────────────────────────────────
  - stage: DeployProd
    displayName: 'Deploy to Production'
    dependsOn: DeployStaging
    jobs:
      - deployment: DeployProd
        environment: 'production'  # Configure approval in ADO Environments
        strategy:
          runOnce:
            deploy:
              steps:
                - checkout: self

                - task: UseDotNet@2
                  inputs:
                    packageType: 'sdk'
                    version: '9.x'

                - script: dotnet tool install --global udp-cicd
                  displayName: 'Install udp-cicd'

                - script: udp-cicd deploy --target prod -y
                  displayName: 'Deploy to production'
                  env:
                    AZURE_TENANT_ID: $(AZURE_TENANT_ID)
                    AZURE_CLIENT_ID: $(AZURE_CLIENT_ID)
                    AZURE_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)

                - script: udp-cicd status --target prod
                  displayName: 'Verify deployment'
                  env:
                    AZURE_TENANT_ID: $(AZURE_TENANT_ID)
                    AZURE_CLIENT_ID: $(AZURE_CLIENT_ID)
                    AZURE_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)

2. Setup

2.1 Create a variable group

Go to Pipelines > Library and create a variable group named udp-credentials:

Variable Value Secret?
AZURE_TENANT_ID Your Entra tenant GUID No
AZURE_CLIENT_ID Service principal app ID No
AZURE_CLIENT_SECRET Service principal secret Yes

The pipeline references this group in its variables block. See Service Principal Setup for creating the service principal.

2.2 Create environments

Go to Pipelines > Environments and create:

Environment Approvals
dev None
staging None
production Required approvers

2.3 Create the pipeline

Go to Pipelines > New Pipeline, select your repo, choose "Existing Azure Pipelines YAML file", and select azure-pipelines.yml.