Edit

Quickstart: Integrate Bicep with Azure Pipelines

This quickstart shows you how to integrate Bicep files with Azure Pipelines for continuous integration and continuous deployment.

It provides a short introduction to the pipeline task you need for deploying a Bicep file.

Prerequisites

If you don't have an Azure subscription, create a free account before you begin.

You also need an Azure DevOps organization. If you don't have one, create one for free. If your team already has an Azure DevOps organization, make sure you're an administrator of the Azure DevOps project that you want to use.

You need to have configured a service connection to your Azure subscription. The tasks in the pipeline execute under the identity of the service principal. For steps to create the connection, see Create a DevOps project.

You need a Bicep file that defines the infrastructure for your project. This file is in a repository.

You need a '.bicepparam' file that defines the parameters that your Bicep file uses. This file is in a repository.

Create pipeline

  1. From your Azure DevOps organization, select Pipelines and Create pipeline.

    Screenshot of creating new pipeline.

  2. Specify where your code is stored. This quickstart uses Azure Repos Git repos.

    Screenshot of selecting code source.

  3. Select the repository that has the code for your project.

    Screenshot of selecting repository.

  4. Select Starter pipeline for the type of pipeline to create.

    Screenshot of selecting pipeline.

Deploy Bicep files

You can deploy a Bicep file by using the Bicep Deploy task, the Azure Resource Manager template deployment task, or an Azure CLI task. The Bicep Deploy task is the recommended option for new pipelines.

Use Bicep Deploy task

The Bicep Deploy task (BicepDeploy@0) is a first-party task that's purpose-built for Bicep. It deploys .bicep and .bicepparam files directly without precompiling them to JSON ARM templates, and it automatically downloads and caches the Bicep CLI. The task supports:

  • Standard deployments at resource group, subscription, management group, and tenant scopes.
  • Deployment stacks, including deny settings and actions on unmanaged resources, so you can manage a collection of resources as a single unit.
  • What-if operations to preview changes before you apply them.
  • Validation of Bicep templates before deployment.
  • Output masking for sensitive outputs such as secrets and connection strings.

The task runs on an Azure Pipelines agent — the computing infrastructure with installed agent software that runs your pipeline jobs — and requires agent software version 2.144.0 or later. Microsoft-hosted agents are kept up to date automatically and always meet this requirement. If you run the task on a self-hosted agent, make sure the agent is on version 2.144.0 or later.

Deploy a Bicep file

  1. Replace your starter pipeline with the following YAML. It uses the Bicep Deploy task to deploy a Bicep and .bicepparam file to an existing resource group.

    trigger:
    - main
    
    name: Deploy Bicep files
    
    parameters:
    - name: azureServiceConnection
      type: string
      default: '<your-connection-name>'
    
    variables:
      vmImageName: 'ubuntu-latest'
      subscriptionId: '<your-subscription-id>'
      resourceGroupName: 'exampleRG'
      templateFile: './main.bicep'
      parametersFile: './main.bicepparam'
    
    pool:
      vmImage: $(vmImageName)
    
    steps:
    - task: BicepDeploy@0
      inputs:
        azureResourceManagerConnection: '${{ parameters.azureServiceConnection }}'
        type: 'deployment'
        operation: 'create'
        scope: 'resourceGroup'
        subscriptionId: '$(subscriptionId)'
        resourceGroupName: '$(resourceGroupName)'
        name: 'DeployPipelineTemplate'
        templateFile: '$(templateFile)'
        parametersFile: '$(parametersFile)'
    
  2. Update the values of azureServiceConnection, subscriptionId, and resourceGroupName.

  3. Verify you have a valid main.bicep file in your repo.

  4. Verify you have a valid main.bicepparam file in your repo that contains a using statement.

  5. Verify the target resource group already exists. The Bicep Deploy task deploys resources into an existing resource group at the resourceGroup scope; it doesn't create the resource group for you.

  6. Select Save. The build pipeline runs automatically. Go back to the summary for your build pipeline, and watch the status.

For the full list of task inputs, see the Bicep Deploy task reference.

Deploy a deployment stack

To manage your resources as a deployment stack instead of a standard deployment, set type to deploymentStack and provide the deployment stack inputs. The following step creates or updates a deployment stack, deletes resources that are removed from the template, and blocks out-of-band writes and deletes to managed resources:

steps:
- task: BicepDeploy@0
  inputs:
    azureResourceManagerConnection: '${{ parameters.azureServiceConnection }}'
    type: 'deploymentStack'
    operation: 'create'
    name: 'production-stack'
    scope: 'resourceGroup'
    subscriptionId: '$(subscriptionId)'
    resourceGroupName: '$(resourceGroupName)'
    templateFile: '$(templateFile)'
    parametersFile: '$(parametersFile)'
    actionOnUnmanageResources: 'delete'
    denySettingsMode: 'denyWriteAndDelete'

To preview the changes a deployment stack makes before you apply them, set operation to whatIf. For more information about the what-if operation, see Preview changes with what-if.

Use Azure Resource Manager template deployment task

Note

As of Azure Resource Manager template deployment task version 3.235.0, usage of '.bicepparam' files is supported.

Note

The AzureResourceManagerTemplateDeployment@3 task requires both Bicep and .bicepparam files to be provided when using .bicepparam. The Bicep file can reference all supported locations for module references. The .bicepparam file must reference the local Bicep file in the using statement.

  1. Replace your starter pipeline with the following YAML. It uses the Azure Resource Manager template deployment task to create a resource group and deploy a Bicep and .bicepparam file.

    trigger:
    - main
    
    name: Deploy Bicep files
    
    parameters:
    - name: azureServiceConnection
      type: string
      default: '<your-connection-name>'
    
    variables:
      vmImageName: 'ubuntu-latest'
      resourceGroupName: 'exampleRG'
      location: '<your-resource-group-location>'
      templateFile: './main.bicep'
      csmParametersFile: './main.bicepparam'
    
    pool:
      vmImage: $(vmImageName)
    
    steps:
    - task: AzureResourceManagerTemplateDeployment@3
      inputs:
        deploymentScope: 'Resource Group'
        action: 'Create Or Update Resource Group'
        resourceGroupName: '$(resourceGroupName)'
        location: '$(location)'
        templateLocation: 'Linked artifact'
        csmFile: '$(templateFile)'
        csmParametersFile: '$(csmParametersFile)'
        overrideParameters: '-storageAccountType Standard_LRS'
        deploymentMode: 'Incremental'
        deploymentName: 'DeployPipelineTemplate'
        connectedServiceName: '${{ parameters.azureServiceConnection }}'
    
  2. Update the values of azureServiceConnection and location.

  3. Verify you have a valid main.bicep file in your repo.

  4. Verify you have a valid main.bicepparam file in your repo that contains a using statement.

  5. Select Save. The build pipeline runs automatically. Go back to the summary for your build pipeline, and watch the status.

Use Azure CLI task

Note

The az deployment group create command requires only a bicepparam. file. The using statement in the .bicepparam file can target any supported location to reference the Bicep file. A Bicep file is only required in your repository when using from a local disk path with the Azure CLI.

Note

When you use a .bicepparam file with the az deployment group create command, you can't override parameters.

  1. Replace your starter pipeline with the following YAML. It creates a resource group and deploys a .bicepparam file by using an Azure CLI task:

    trigger:
    - main
    
    name: Deploy Bicep files
    
    parameters:
      azureServiceConnection: '<your-connection-name>'
    
    variables:
      vmImageName: 'ubuntu-latest'
      resourceGroupName: 'exampleRG'
      location: '<your-resource-group-location>'
      bicepParamFile: './main.bicepparam'
    
    pool:
      vmImage: $(vmImageName)
    
    steps:
    - task: AzureCLI@2
      inputs:
        azureSubscription: '${{ parameters.azureServiceConnection }}'
        scriptType: bash
        scriptLocation: inlineScript
        useGlobalConfig: false
        inlineScript: |
          az --version
          az group create --name $(resourceGroupName) --location $(location)
          az deployment group create `
            --resource-group $(resourceGroupName) `
            --parameters $(bicepParamFile) `
            --name DeployPipelineTemplate
    

    For the descriptions of the task inputs, see Azure CLI v2 task. When using the task on air-gapped cloud, you must set the useGlobalConfig property of the task to true. The default value is false.

  2. Update the values of azureServiceConnection and location.

  3. Verify you have a valid main.bicepparam file in your repo that contains a using statement.

  4. Select Save. The build pipeline runs automatically. Go back to the summary for your build pipeline, and watch the status.

Clean up resources

When the Azure resources are no longer needed, use the Azure CLI or Azure PowerShell to delete the quickstart resource group.

az group delete --name exampleRG

Next steps