Exercise - Publish a template spec

Completed

Your team has some security-hardened Bicep files that are compliant with your company's new governance model. One of the hardened Bicep files deploys a Linux-based Azure App Service app. In this exercise, you use a deployment pipeline to publish the Bicep file as a template spec.

During the process, you'll:

  • Add a lint stage to the pipeline.
  • Add a pipeline stage to publish the template spec.
  • Verify that the pipeline starts and finishes successfully.
  • Check the published template spec in Azure.

Add a lint stage to your pipeline

Your repository contains a draft of a pipeline definition that you can use as a starting point.

  1. In Visual Studio Code, expand the template-specs/linux-app-service folder in the root of the repository.

  2. Open the pipeline.yml file.

    Screenshot of Visual Studio Code that shows the location of the pipeline definition file.

  3. At the bottom of the file, replace # To be added with the following lint stage definition:

    stages:
    
    - stage: Lint
      jobs:
      - job: LintCode
        displayName: Lint code
        steps:
          - script: |
              az bicep build --file $(TemplateSpecFilePath)
            name: LintBicepCode
            displayName: Run Bicep linter
    

    Your repository has a bicepconfig.json file that configures the linter to emit errors instead of warnings. Any failures during the lint stage will cause the pipeline to fail.

    Tip

    YAML files are sensitive to indentation. Whether you type or paste this code, make sure your indentation is correct. Later in this exercise, you'll see the complete YAML pipeline definition so that you can verify that your file matches.

Add a publish stage to your pipeline

Now, you can add a second stage to publish the template spec to Azure.

  1. Add the following code at the end of the pipeline.yml file:

    - stage: Publish
      jobs:
      - job: Publish
        steps:
          - task: AzureCLI@2
            name: Publish
            displayName: Publish template spec
            inputs:
              azureSubscription: $(ServiceConnectionName)
              scriptType: 'bash'
              scriptLocation: 'inlineScript'
              inlineScript: |
                az ts create \
                  --resource-group $(AzureResourceGroupName) \
                  --name $(TemplateSpecName) \
                  --version $(Build.BuildNumber) \
                  --template-file $(TemplateSpecFilePath) \
                  --location $(AzureRegion) \
                  --yes
    

    This stage checks out the code from your repository and signs in to Azure using the service connection that you created. It then runs the az ts create command to publish the template spec to Azure.

    Tip

    To keep things simple, your pipeline uses the pipeline's build number as the template spec's version number. In the next unit, you'll learn about a more complex versioning scheme.

  2. Save your changes to the file.

Verify and commit your pipeline definition

  1. Verify that your pipeline.yml file looks like the following example:

    trigger:
      batch: true
      branches:
        include:
        - main
      paths:
        include:
        - 'template-specs/linux-app-service/**'
    
    variables:
    - name: ServiceConnectionName
      value: ToyReusable
    - name: AzureResourceGroupName
      value: ToyReusable
    - name: AzureRegion
      value: westus3
    - name: TemplateSpecName
      value: linux-app-service
    - name: TemplateSpecFilePath
      value: template-specs/linux-app-service/main.bicep
    
    pool:
      vmImage: ubuntu-latest
    
    stages:
    
    - stage: Lint
      jobs:
      - job: LintCode
        displayName: Lint code
        steps:
          - script: |
              az bicep build --file $(TemplateSpecFilePath)
            name: LintBicepCode
            displayName: Run Bicep linter
    
    - stage: Publish
      jobs:
      - job: Publish
        steps:
          - task: AzureCLI@2
            name: Publish
            displayName: Publish template spec
            inputs:
              azureSubscription: $(ServiceConnectionName)
              scriptType: 'bash'
              scriptLocation: 'inlineScript'
              inlineScript: |
                az ts create \
                  --resource-group $(AzureResourceGroupName) \
                  --name $(TemplateSpecName) \
                  --version $(Build.BuildNumber) \
                  --template-file $(TemplateSpecFilePath) \
                  --location $(AzureRegion) \
                  --yes
    

    If it doesn't, update it to match this example, and then save it.

  2. Commit and push your changes to your Git repository by running the following commands in the Visual Studio Code terminal:

    git add .
    git commit -m "Add lint and publish stages to Linux App Service template spec pipeline"
    git push
    

    Immediately after you push, Azure Pipelines starts a new pipeline run.

Monitor the pipeline

  1. In your browser, select Pipelines > Pipelines.

    Screenshot of Azure Pipelines that shows the Pipelines menu item.

  2. Select the active pipeline run.

  3. The pipeline run is displayed.

    Wait for the pipeline run to finish. When it does, the template spec is published to Azure.

    Screenshot of Azure Pipelines that shows a successful pipeline run and highlights the build number.

  4. Note the pipeline's build number, which includes today's date and a unique revision number. In the example screenshot, the build number is 20230407.1.

Review the template spec in Azure

You can also view the published template spec in the Azure portal.

  1. In your browser, go to the Azure portal.

  2. Go to the ToyReusable resource group, and select the linux-app-service template spec.

    Screenshot of the Azure portal that shows the resource group, with the template spec highlighted.

  3. Examine the details of the template spec.

    Screenshot of the Azure portal that shows the template spec details.

    Notice that the Latest version and Version number is the same as the pipeline's build number. Your pipeline uses the build number for the template spec's version number.