Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This quickstart shows you how to integrate Bicep files with Azure Pipelines for continuous integration and continuous deployment.
It provides a short introduction to the pipeline task you need for deploying a Bicep file.
Prerequisites
If you don't have an Azure subscription, create a free account before you begin.
You also need an Azure DevOps organization. If you don't have one, create one for free. If your team already has an Azure DevOps organization, make sure you're an administrator of the Azure DevOps project that you want to use.
You need to have configured a service connection to your Azure subscription. The tasks in the pipeline execute under the identity of the service principal. For steps to create the connection, see Create a DevOps project.
You need a Bicep file that defines the infrastructure for your project. This file is in a repository.
You need a '.bicepparam' file that defines the parameters that your Bicep file uses. This file is in a repository.
Create pipeline
From your Azure DevOps organization, select Pipelines and Create pipeline.
Specify where your code is stored. This quickstart uses Azure Repos Git repos.
Select the repository that has the code for your project.
Select Starter pipeline for the type of pipeline to create.
Deploy Bicep files
You can deploy a Bicep file by using the Bicep Deploy task, the Azure Resource Manager template deployment task, or an Azure CLI task. The Bicep Deploy task is the recommended option for new pipelines.
Use Bicep Deploy task
The Bicep Deploy task (BicepDeploy@0) is a first-party task that's purpose-built for Bicep. It deploys .bicep and .bicepparam files directly without precompiling them to JSON ARM templates, and it automatically downloads and caches the Bicep CLI. The task supports:
- Standard deployments at resource group, subscription, management group, and tenant scopes.
- Deployment stacks, including deny settings and actions on unmanaged resources, so you can manage a collection of resources as a single unit.
- What-if operations to preview changes before you apply them.
- Validation of Bicep templates before deployment.
- Output masking for sensitive outputs such as secrets and connection strings.
The task runs on an Azure Pipelines agent — the computing infrastructure with installed agent software that runs your pipeline jobs — and requires agent software version 2.144.0 or later. Microsoft-hosted agents are kept up to date automatically and always meet this requirement. If you run the task on a self-hosted agent, make sure the agent is on version 2.144.0 or later.
Deploy a Bicep file
Replace your starter pipeline with the following YAML. It uses the Bicep Deploy task to deploy a Bicep and
.bicepparamfile to an existing resource group.trigger: - main name: Deploy Bicep files parameters: - name: azureServiceConnection type: string default: '<your-connection-name>' variables: vmImageName: 'ubuntu-latest' subscriptionId: '<your-subscription-id>' resourceGroupName: 'exampleRG' templateFile: './main.bicep' parametersFile: './main.bicepparam' pool: vmImage: $(vmImageName) steps: - task: BicepDeploy@0 inputs: azureResourceManagerConnection: '${{ parameters.azureServiceConnection }}' type: 'deployment' operation: 'create' scope: 'resourceGroup' subscriptionId: '$(subscriptionId)' resourceGroupName: '$(resourceGroupName)' name: 'DeployPipelineTemplate' templateFile: '$(templateFile)' parametersFile: '$(parametersFile)'Update the values of
azureServiceConnection,subscriptionId, andresourceGroupName.Verify you have a valid
main.bicepfile in your repo.Verify you have a valid
main.bicepparamfile in your repo that contains ausingstatement.Verify the target resource group already exists. The Bicep Deploy task deploys resources into an existing resource group at the
resourceGroupscope; it doesn't create the resource group for you.Select Save. The build pipeline runs automatically. Go back to the summary for your build pipeline, and watch the status.
For the full list of task inputs, see the Bicep Deploy task reference.
Deploy a deployment stack
To manage your resources as a deployment stack instead of a standard deployment, set type to deploymentStack and provide the deployment stack inputs. The following step creates or updates a deployment stack, deletes resources that are removed from the template, and blocks out-of-band writes and deletes to managed resources:
steps:
- task: BicepDeploy@0
inputs:
azureResourceManagerConnection: '${{ parameters.azureServiceConnection }}'
type: 'deploymentStack'
operation: 'create'
name: 'production-stack'
scope: 'resourceGroup'
subscriptionId: '$(subscriptionId)'
resourceGroupName: '$(resourceGroupName)'
templateFile: '$(templateFile)'
parametersFile: '$(parametersFile)'
actionOnUnmanageResources: 'delete'
denySettingsMode: 'denyWriteAndDelete'
To preview the changes a deployment stack makes before you apply them, set operation to whatIf. For more information about the what-if operation, see Preview changes with what-if.
Use Azure Resource Manager template deployment task
Note
As of Azure Resource Manager template deployment task version 3.235.0, usage of '.bicepparam' files is supported.
Note
The AzureResourceManagerTemplateDeployment@3 task requires both Bicep and .bicepparam files to be provided when using .bicepparam. The Bicep file can reference all supported locations for module references. The .bicepparam file must reference the local Bicep file in the using statement.
Replace your starter pipeline with the following YAML. It uses the Azure Resource Manager template deployment task to create a resource group and deploy a Bicep and
.bicepparamfile.trigger: - main name: Deploy Bicep files parameters: - name: azureServiceConnection type: string default: '<your-connection-name>' variables: vmImageName: 'ubuntu-latest' resourceGroupName: 'exampleRG' location: '<your-resource-group-location>' templateFile: './main.bicep' csmParametersFile: './main.bicepparam' pool: vmImage: $(vmImageName) steps: - task: AzureResourceManagerTemplateDeployment@3 inputs: deploymentScope: 'Resource Group' action: 'Create Or Update Resource Group' resourceGroupName: '$(resourceGroupName)' location: '$(location)' templateLocation: 'Linked artifact' csmFile: '$(templateFile)' csmParametersFile: '$(csmParametersFile)' overrideParameters: '-storageAccountType Standard_LRS' deploymentMode: 'Incremental' deploymentName: 'DeployPipelineTemplate' connectedServiceName: '${{ parameters.azureServiceConnection }}'Update the values of
azureServiceConnectionandlocation.Verify you have a valid
main.bicepfile in your repo.Verify you have a valid
main.bicepparamfile in your repo that contains ausingstatement.Select Save. The build pipeline runs automatically. Go back to the summary for your build pipeline, and watch the status.
Use Azure CLI task
Note
The az deployment group create command requires only a bicepparam. file. The using statement in the .bicepparam file can target any supported location to reference the Bicep file. A Bicep file is only required in your repository when using from a local disk path with the Azure CLI.
Note
When you use a .bicepparam file with the az deployment group create command, you can't override parameters.
Replace your starter pipeline with the following YAML. It creates a resource group and deploys a
.bicepparamfile by using an Azure CLI task:trigger: - main name: Deploy Bicep files parameters: azureServiceConnection: '<your-connection-name>' variables: vmImageName: 'ubuntu-latest' resourceGroupName: 'exampleRG' location: '<your-resource-group-location>' bicepParamFile: './main.bicepparam' pool: vmImage: $(vmImageName) steps: - task: AzureCLI@2 inputs: azureSubscription: '${{ parameters.azureServiceConnection }}' scriptType: bash scriptLocation: inlineScript useGlobalConfig: false inlineScript: | az --version az group create --name $(resourceGroupName) --location $(location) az deployment group create ` --resource-group $(resourceGroupName) ` --parameters $(bicepParamFile) ` --name DeployPipelineTemplateFor the descriptions of the task inputs, see Azure CLI v2 task. When using the task on air-gapped cloud, you must set the
useGlobalConfigproperty of the task totrue. The default value isfalse.Update the values of
azureServiceConnectionandlocation.Verify you have a valid
main.bicepparamfile in your repo that contains ausingstatement.Select Save. The build pipeline runs automatically. Go back to the summary for your build pipeline, and watch the status.
Clean up resources
When the Azure resources are no longer needed, use the Azure CLI or Azure PowerShell to delete the quickstart resource group.
az group delete --name exampleRG