7. What is Azure Artifacts?
Azure Artifacts enables teams to share packages and manage dependencies.
# Supported Package Types:
- NuGet (.NET)
- npm (JavaScript)
- Maven/Gradle (Java)
- Python (pip)
- Universal Packages
# Example: Publish npm package
# .npmrc in project
registry=https://pkgs.dev.azure.com/org/project/_packaging/feed/npm/registry/
always-auth=true
# Authenticate
npm config set //pkgs.dev.azure.com/org/project/_packaging/feed/npm/registry/:_authToken $(System.AccessToken)
# Publish
npm publish
# In pipeline
- task: Npm@1
inputs:
command: 'publish'
workingDir: '$(System.DefaultWorkingDirectory)'
publishRegistry: 'useFeed'
publishFeed: 'project/feed'
Upstream Sources:
- Connect to public registries (npmjs, nuget.org)
- Cache packages locally
- Control which packages are allowed
8. What is Azure Test Plans?
Azure Test Plans provides tools for planned manual testing, exploratory testing, and stakeholder feedback.
Components:
-
Test Plans: Container for test suites
-
Test Suites: Group of test cases
-
Test Cases: Individual tests with steps
Test Plan Structure:
âââ Regression Test Plan
â âââ Suite: Login Tests
â â âââ TC001: Valid login
â â âââ TC002: Invalid password
â â âââ TC003: Locked account
â âââ Suite: Cart Tests
â â âââ ...
â âââ Suite: Checkout Tests
â âââ ...
# Run automated tests in pipeline
- task: VSTest@2
inputs:
testSelector: 'testAssemblies'
testAssemblyVer2: |
**\*test*.dll
!**\*TestAdapter.dll
searchFolder: '$(System.DefaultWorkingDirectory)'
runInParallel: true
codeCoverageEnabled: true
publishRunAttachments: true
9. How do you implement CI/CD in Azure DevOps?
# Complete CI/CD Pipeline
trigger:
branches:
include:
- main
paths:
exclude:
- docs/*
- README.md
variables:
buildConfiguration: 'Release'
dotnetVersion: '7.0.x'
stages:
# CI Stage
- stage: Build
displayName: 'Build and Test'
jobs:
- job: Build
pool:
vmImage: 'ubuntu-latest'
steps:
- task: UseDotNet@2
inputs:
version: $(dotnetVersion)
- task: DotNetCoreCLI@2
displayName: 'Restore'
inputs:
command: 'restore'
projects: '**/*.csproj'
- task: DotNetCoreCLI@2
displayName: 'Build'
inputs:
command: 'build'
arguments: '--configuration $(buildConfiguration)'
- task: DotNetCoreCLI@2
displayName: 'Test'
inputs:
command: 'test'
arguments: '--configuration $(buildConfiguration) --collect:"XPlat Code Coverage"'
- task: PublishCodeCoverageResults@1
inputs:
codeCoverageTool: 'Cobertura'
summaryFileLocation: '$(Agent.TempDirectory)/**/coverage.cobertura.xml'
- task: DotNetCoreCLI@2
displayName: 'Publish'
inputs:
command: 'publish'
arguments: '--configuration $(buildConfiguration) --output $(Build.ArtifactStagingDirectory)'
- publish: $(Build.ArtifactStagingDirectory)
artifact: drop
# CD Stages
- stage: DeployDev
displayName: 'Deploy to Dev'
dependsOn: Build
jobs:
- deployment: Deploy
environment: 'development'
strategy:
runOnce:
deploy:
steps:
- task: AzureWebApp@1
inputs:
azureSubscription: 'Azure-Connection'
appName: 'myapp-dev'
package: '$(Pipeline.Workspace)/drop/*.zip'
- stage: DeployProd
displayName: 'Deploy to Production'
dependsOn: DeployDev
condition: succeeded()
jobs:
- deployment: Deploy
environment: 'production'
strategy:
runOnce:
deploy:
steps:
- task: AzureWebApp@1
inputs:
azureSubscription: 'Azure-Connection'
appName: 'myapp-prod'
package: '$(Pipeline.Workspace)/drop/*.zip'
10. What are Pipeline Triggers?
# 1. CI Trigger (continuous integration)
trigger:
branches:
include:
- main
- release/*
exclude:
- feature/experimental
paths:
include:
- src/*
exclude:
- docs/*
tags:
include:
- v*
# 2. PR Trigger (pull request validation)
pr:
branches:
include:
- main
paths:
include:
- src/*
# 3. Scheduled Trigger
schedules:
- cron: "0 0 * * *"
displayName: 'Daily midnight build'
branches:
include:
- main
always: true # Run even if no changes
# 4. Pipeline Trigger (triggered by another pipeline)
resources:
pipelines:
- pipeline: build-pipeline
source: 'Build-Pipeline'
trigger:
branches:
include:
- main
# 5. Manual Trigger (no automatic trigger)
trigger: none
pr: none
11. What are Pipeline Variables and Variable Groups?
# Pipeline Variables
variables:
# Inline variables
buildConfiguration: 'Release'
# Secret variables (mark as secret in UI)
# $(apiKey) - accessed but not printed
# Variable groups reference
- group: 'production-secrets'
# Template reference
- template: variables/common.yml
# Predefined variables
$(Build.BuildId)
$(Build.SourceBranch)
$(System.DefaultWorkingDirectory)
$(Pipeline.Workspace)
$(Agent.OS)
# Variable scopes
variables:
# Pipeline level
globalVar: 'pipeline-value'
stages:
- stage: Build
variables:
# Stage level
stageVar: 'stage-value'
jobs:
- job: BuildJob
variables:
# Job level
jobVar: 'job-value'
# Runtime variables
- script: echo "##vso[task.setvariable variable=myVar;isOutput=true]value"
name: setVar
# Use in another job
- script: echo $(setVar.myVar)
# Variable Groups (shared across pipelines)
# Created in Library section
# Can link to Azure Key Vault
variables:
- group: 'my-variable-group'
steps:
- script: echo $(secretFromKeyVault)
12. What are Pipeline Stages, Jobs, and Steps?
# Pipeline Hierarchy
Pipeline
âââ Stage 1 (Build)
â âââ Job 1 (Build-Windows)
â â âââ Step 1: Checkout
â â âââ Step 2: Build
â â âââ Step 3: Publish
â âââ Job 2 (Build-Linux)
â âââ ...
âââ Stage 2 (Test)
â âââ Job 1 (Run-Tests)
âââ Stage 3 (Deploy)
âââ Job 1 (Deploy-App)
# YAML Example
stages:
- stage: Build
displayName: 'Build Stage'
jobs:
- job: BuildWindows
displayName: 'Build on Windows'
pool:
vmImage: 'windows-latest'
steps:
- checkout: self
- script: echo Building on Windows
- job: BuildLinux
displayName: 'Build on Linux'
pool:
vmImage: 'ubuntu-latest'
steps:
- script: echo Building on Linux
- stage: Test
displayName: 'Test Stage'
dependsOn: Build
condition: succeeded()
jobs:
- job: IntegrationTests
steps:
- script: echo Running tests
# Job Dependencies
jobs:
- job: A
steps:
- script: echo A
- job: B
dependsOn: A
condition: succeeded()
- job: C
dependsOn:
- A
- B
condition: |
and(
succeeded('A'),
succeeded('B')
)
13. What are Service Connections?
Service Connections securely store credentials for connecting to external services.
Common Types:
- Azure Resource Manager (ARM)
- Docker Registry
- Kubernetes
- GitHub
- Generic (username/password, SSH)
# Use in pipeline
- task: AzureWebApp@1
inputs:
azureSubscription: 'My-Azure-Connection' # Service connection name
appName: 'myapp'
# Azure CLI with service connection
- task: AzureCLI@2
inputs:
azureSubscription: 'My-Azure-Connection'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
az webapp list
# Docker service connection
- task: Docker@2
inputs:
containerRegistry: 'My-Docker-Registry'
repository: 'myapp'
command: 'buildAndPush'
Dockerfile: '**/Dockerfile'
# Kubernetes service connection
- task: Kubernetes@1
inputs:
connectionType: 'Kubernetes Service Connection'
kubernetesServiceEndpoint: 'My-K8s-Connection'
command: 'apply'
arguments: '-f manifests/'
14. What are Pipeline Templates?
Templates allow reusing pipeline configurations across multiple pipelines.
# templates/build-template.yml
parameters:
- name: buildConfiguration
type: string
default: 'Release'
- name: dotnetVersion
type: string
default: '7.0.x'
steps:
- task: UseDotNet@2
inputs:
version: [null]
- task: DotNetCoreCLI@2
inputs:
command: 'build'
arguments: '--configuration [null]'
# Main pipeline - azure-pipelines.yml
trigger:
- main
pool:
vmImage: 'ubuntu-latest'
stages:
- stage: Build
jobs:
- job: Build
steps:
- template: templates/build-template.yml
parameters:
buildConfiguration: 'Release'
dotnetVersion: '7.0.x'
# Job template
# templates/deploy-job.yml
parameters:
- name: environment
type: string
- name: appName
type: string
jobs:
- deployment: Deploy
environment: [null]
strategy:
runOnce:
deploy:
steps:
- task: AzureWebApp@1
inputs:
appName: [null]
# Use job template
stages:
- stage: Deploy
jobs:
- template: templates/deploy-job.yml
parameters:
environment: 'production'
appName: 'myapp-prod'
15. How do you implement multi-stage deployments?
# Multi-stage deployment with approvals
stages:
- stage: Build
jobs:
- job: Build
steps:
- script: dotnet publish -o $(Build.ArtifactStagingDirectory)
- publish: $(Build.ArtifactStagingDirectory)
artifact: app
- stage: DeployDev
displayName: 'Deploy to Development'
dependsOn: Build
jobs:
- deployment: DeployDev
environment: 'dev'
strategy:
runOnce:
deploy:
steps:
- download: current
artifact: app
- task: AzureWebApp@1
inputs:
appName: 'myapp-dev'
- stage: DeployStaging
displayName: 'Deploy to Staging'
dependsOn: DeployDev
jobs:
- deployment: DeployStaging
environment: 'staging' # Configure approval in environment
strategy:
runOnce:
deploy:
steps:
- download: current
artifact: app
- task: AzureWebApp@1
inputs:
appName: 'myapp-staging'
- stage: DeployProd
displayName: 'Deploy to Production'
dependsOn: DeployStaging
condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
jobs:
- deployment: DeployProd
environment: 'production' # Requires approval
strategy:
canary: # Canary deployment
increments: [10, 50]
deploy:
steps:
- task: AzureWebApp@1
inputs:
appName: 'myapp-prod'
deploymentSlotName: 'staging'
on:
success:
steps:
- task: AzureAppServiceManage@0
inputs:
Action: 'Swap Slots'
16. What are Environments in Azure Pipelines?
Environments represent deployment targets and provide approval gates, deployment history, and resource management.
# Environment Types:
1. Virtual Machines
2. Kubernetes (AKS, on-prem)
3. Azure Web Apps (via deployment)
# Environment Features:
âââ Approvals and Checks
â âââ Manual approvals
â âââ Business hours check
â âââ Invoke Azure Function
â âââ Query Azure Monitor
âââ Deployment History
âââ Resources (VMs, K8s, etc.)
âââ Security (permissions)
# Using environment in pipeline
jobs:
- deployment: Deploy
environment: 'production'
strategy:
runOnce:
deploy:
steps:
- script: echo Deploying
# Environment with Kubernetes resource
- deployment: Deploy
environment: 'production.my-namespace' # environment.namespace
strategy:
runOnce:
deploy:
steps:
- task: KubernetesManifest@0
inputs:
action: 'deploy'
manifests: 'manifests/*.yml'
# Deployment strategies
strategy:
runOnce: # Deploy to all targets at once
rolling: # Deploy in batches
maxParallel: 2
canary: # Gradual rollout
increments: [10, 20, 50, 100]
17. How do you secure Azure Pipelines?
# 1. Secure Variables
variables:
- name: apiKey
value: $(SECRET_API_KEY) # From variable group linked to Key Vault
# 2. Branch Policies
# - Require PR reviews
# - Build validation
# - Limit who can push
# 3. Protected Resources
# Configure approvals on:
# - Service connections
# - Environments
# - Variable groups
# 4. Agent Pool Security
pool:
name: 'Self-Hosted-Secure'
demands:
- agent.os -equals Windows_NT
# 5. Limit Job Authorization Scope
# Project Settings > Pipelines > Settings
# - Limit job authorization scope to current project
# - Limit job authorization scope to referenced repos
# 6. Pipeline Permissions
# Restrict who can:
# - Create/edit pipelines
# - Approve runs
# - Access resources
# 7. Secure Files
- task: DownloadSecureFile@1
name: myCert
inputs:
secureFile: 'certificate.pfx'
- script: |
echo Installing certificate from $(myCert.secureFilePath)
# 8. Runtime Parameters (prevent injection)
parameters:
- name: environment
type: string
values:
- dev
- staging
- prod # Only allowed values