Azure DevOps - What is it?

Suite of development tools for entire software development life cycle (planning, developing, testing, delivering, and monitoring applications).

Azure DevOps offers five main standalone services:#

Azure Boards:

• Provides Agile tools like Kanban and Scrum to plan and track work, code defects, issues, features, epics, and tasks.
• Allows organizing and prioritizing tasks, assigning work, tracking progress through different stages, and enabling easy collaboration with comments and attachments.

Azure Repos:

• Offers Git repositories or Team Foundation Version Control (TFVC) for source control of code.
• Acts as a central storage for code, facilitates collaborative environments, tracks changes with commit history, allows for branching strategies, and supports pull requests for reviewing updates before merging.

Azure Pipelines:

• CI/CD service that builds, tests, and deploys code to any platform.
• Supports multi-stage pipelines structured with stages, jobs, and steps, which can be scripts or tasks.
• It also handles triggers, variables, and agent pools.
• YAML-based pipelines are the recommended approach for version control and other benefits.

Azure Test Plans:

• Provides tools for manual, exploratory, and continuous testing of applications.
• Enables planning tests, executing them, tracking and managing bugs, organizing test cases into test suites and plans, and analyzing results through reports and dashboards.
• Stakeholders can also provide feedback using a browser-based extension.

Azure Artifacts:

• Package management solution that allows teams to share packages (like Maven, npm, NuGet) from public and private sources and integrate package sharing into pipelines.
• It serves as a central repository for storing and consuming artifacts, maintaining history, and ensuring auditability.

Azure DevOps Deployment#

Can be deployed in 2 ways:

Azure DevOps Services (Cloud):

• This is the cloud offering, hosted and managed by Microsoft.
• Quick setup, maintenance-free operations, easy collaboration, elastic scale, and solid security.
• Authentication uses Microsoft account credentials or Microsoft Entra ID.

Azure DevOps Server (On-premises):

• This is the on-premises offering, managed by organization and built on a SQL Server backend.
• Organizations choose this option when they need their data to remain within their network.
• It uses Windows Authentication and Windows Server Active Directory for user management.

Key concepts and best practices#

YAML Pipeline Structure:

• A typical YAML pipeline starts with a trigger, followed by stages.
• Each stage can have multiple jobs, and each job consists of multiple steps (which are either scripts or tasks).

Deployment Strategies: Common strategies include Blue-Green, Rolling Update, Canary, A/B Deployment, and Recreate.

• Blue-Green Deployment:
  • Involves running two identical environments (blue for current production, green for new version).
  • Traffic is swapped via a load balancer or DNS once the new version is tested, providing zero downtime and instant rollback capability.
• Rolling Update:
  • Updates applications instance by instance, maintaining capacity by potentially adding a “surge” instance during upgrades.
  • It’s slower but saves cost compared to blue-green.

Agents:

• Microsoft-hosted Agents:
  • Part of a shared pool, managed by Microsoft.
  • They are pre-packaged with common tools but are temporary for each job.
• Self-hosted Agents:
  • Managed by the organization, providing more control over CPU, memory, storage, custom software installations, and network/security requirements.
  • They are ideal for production workloads or specific build needs.

Secret Management: Never upload secrets directly to repositories. Recommended methods include:

• Using Azure Key Vault and linking secrets as pipeline variables.
• Using runtime variables and tokenizing files for replacement during execution.
• Utilizing third-party secret management services like HashiCorp Vault.
• Service connections are the preferred and most secure way to communicate with Azure services, offering granular permissions.

Infrastructure as Code (IaC):

• Automates the provisioning, updating, and destruction of infrastructure.
• Tools like Terraform use configuration files (.tf files) and rely on a .tfstate file to track the deployed infrastructure’s state.
• The .tfstate file is critical and should be stored securely in a remote backend (e.g., Azure Storage Account with versioning enabled).

Branching Strategies:

• Various strategies exist, such as Feature Branch, Trunk-based deployment, Git Flow, and GitHub Flow.
• Feature branching is common, where changes are made in separate branches and then merged to the main branch via pull requests.

Branch Policies:

• Enhance security by enforcing rules on branches, such as requiring a minimum number of reviewers for pull requests, checking for linked work items, and preventing self-approval.

DevSecOps & Advanced Security: Integrating security practices throughout the SDLC. Azure DevOps offers features like:

• Dependency Scanning: Scans for vulnerabilities in project dependencies.
• Secret Scanning: Detects exposed secrets in repositories and can be configured to block pushes containing secrets.
• Code Scanning: Analyzes code for potential security threats.
• General best practices include disabling public projects and restricting external guest access unless critical.

Troubleshooting: When pipelines fail, you can enable debug logs (system.debug variable), check diagnostic logs (e.g., from Kudu console for Azure Web Apps), and document issues using the STAR format (Situation, Task, Action, Result).