Getty Images

Follow these 3 Azure Pipelines best practices

IT teams can better streamline workflows, enhance security and improve the developer experience by understanding these Azure Pipelines best practices.

Mastering the dynamic capabilities of Azure DevOps and Azure Pipelines is a useful undertaking for modern software developers and IT professionals.

Azure Pipelines covers a range of potential use cases, such as release management and tracking project milestones. Teams who take the time to master Azure Pipelines can reduce the number of bad releases, manage sensitive information appropriately and enhance the development experience.

Let's look at some Azure Pipelines best practices and features to consider when configuring pipelines.

Review and approve -- before you deploy

Peer reviews and approvals are vital to ensuring the quality and security of a project as it goes through the development lifecycle. It's possible to have several pipelines inside a project. But teams should conduct peer review and approval before deploying a project to production. Problems emerge because of inappropriate oversight.

To enable the Azure Pipelines feature, follow these quick steps.

Step 1. Open a project in Azure DevOps and go to Project Settings > Repositories > Settings. Then, click the three dots to the right and select Approvals and checks.

Screenshot showing approvals and checks in Azure DevOps.
Select the appropriate approvals and checks for your project.

Step 2. Select approvers from the search box. Under Advanced, you likely want to deselect Allow approvers to approve their own runs. One exception is for nonproduction pipelines, so Dev and QA can run without every pipeline deployment needing approval.

Screenshot showing the option to allow approvers to approve their own runs.
Decide whether to uncheck the option to allow approvers to approve their own runs.

Step 3. Once you've selected the approvals, click Create. You now have an approval process for the pipeline.

When configuring the approvers for pipeline deployment, it makes sense to use a group rather than direct assignments -- groups are more secure. It's also beneficial to have at least two approvers, so one approver can step in if the other is unavailable. Unless you change the default setting, approvals expire after 30 days.

Use templates and IaC for pipeline deployment

One helpful best practice is using Azure templates that can be deployed via Azure Pipelines. Templates are infrastructure as code (IaC) that provide reusable and defined parameters for version control, security and compliance. They offer a smart way to deploy pipelines, especially in large environments, because users can deploy and redeploy code without configuration drift. Templates also enable teams to build tools that enforce consistency and business-approved ways of working.

Another strategy is using Azure Pipelines to create a snapshot, which provides a record of the project each day. While snapshots might seem excessive, they enforce design processes and prevent the need to grant people rights in the portal. Users can create templates and snapshots by defining steps, triggers and behaviors in a YAML pipeline configuration.

Secure Azure Pipelines the smart way

Finally, be sure to consider security. From a security perspective, it's not always ideal to use variables in pipelines. If anyone who can edit the pipeline can see passwords, security grows more vulnerable.

Azure provides a way to secure variables for passwords, user IDs and other sensitive information. One option is to declare a secret variable and map that to a variable for when the pipeline runs. It's not possible to get back the value recorded, so make sure you keep it somewhere secure.

Alternatively, you can use Azure Key Vault and map a Key Vault secret to the pipeline variables. This is how most large-scale deployments work, as rotating passwords becomes time-consuming.

Dig Deeper on Cloud provider platforms and tools