Exercise - Publish a template spec
Your team has some security-hardened Bicep files that are compliant with your company's new governance model. One of the hardened Bicep files deploys a Linux-based Azure App Service app. In this exercise, you use a deployment pipeline to publish the Bicep file as a template spec.
During the process, you'll:
- Add a lint stage to the pipeline.
- Add a pipeline stage to publish the template spec.
- Verify that the pipeline starts and finishes successfully.
- Check the published template spec in Azure.
Add a lint stage to your pipeline
Your repository contains a draft of a pipeline definition that you can use as a starting point.
In Visual Studio Code, expand the template-specs/linux-app-service folder in the root of the repository.
Open the pipeline.yml file.
At the bottom of the file, replace
# To be added
with the following lint stage definition:stages: - stage: Lint jobs: - job: LintCode displayName: Lint code steps: - script: | az bicep build --file $(TemplateSpecFilePath) name: LintBicepCode displayName: Run Bicep linter
Your repository has a bicepconfig.json file that configures the linter to emit errors instead of warnings. Any failures during the lint stage will cause the pipeline to fail.
Tip
YAML files are sensitive to indentation. Whether you type or paste this code, make sure your indentation is correct. Later in this exercise, you'll see the complete YAML pipeline definition so that you can verify that your file matches.
Add a publish stage to your pipeline
Now, you can add a second stage to publish the template spec to Azure.
Add the following code at the end of the pipeline.yml file:
- stage: Publish jobs: - job: Publish steps: - task: AzureCLI@2 name: Publish displayName: Publish template spec inputs: azureSubscription: $(ServiceConnectionName) scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | az ts create \ --resource-group $(AzureResourceGroupName) \ --name $(TemplateSpecName) \ --version $(Build.BuildNumber) \ --template-file $(TemplateSpecFilePath) \ --location $(AzureRegion) \ --yes
This stage checks out the code from your repository and signs in to Azure using the service connection that you created. It then runs the
az ts create
command to publish the template spec to Azure.Tip
To keep things simple, your pipeline uses the pipeline's build number as the template spec's version number. In the next unit, you'll learn about a more complex versioning scheme.
Save your changes to the file.
Verify and commit your pipeline definition
Verify that your pipeline.yml file looks like the following example:
trigger: batch: true branches: include: - main paths: include: - 'template-specs/linux-app-service/**' variables: - name: ServiceConnectionName value: ToyReusable - name: AzureResourceGroupName value: ToyReusable - name: AzureRegion value: westus3 - name: TemplateSpecName value: linux-app-service - name: TemplateSpecFilePath value: template-specs/linux-app-service/main.bicep pool: vmImage: ubuntu-latest stages: - stage: Lint jobs: - job: LintCode displayName: Lint code steps: - script: | az bicep build --file $(TemplateSpecFilePath) name: LintBicepCode displayName: Run Bicep linter - stage: Publish jobs: - job: Publish steps: - task: AzureCLI@2 name: Publish displayName: Publish template spec inputs: azureSubscription: $(ServiceConnectionName) scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | az ts create \ --resource-group $(AzureResourceGroupName) \ --name $(TemplateSpecName) \ --version $(Build.BuildNumber) \ --template-file $(TemplateSpecFilePath) \ --location $(AzureRegion) \ --yes
If it doesn't, update it to match this example, and then save it.
Commit and push your changes to your Git repository by running the following commands in the Visual Studio Code terminal:
git add . git commit -m "Add lint and publish stages to Linux App Service template spec pipeline" git push
Immediately after you push, Azure Pipelines starts a new pipeline run.
Monitor the pipeline
In your browser, select Pipelines > Pipelines.
Select the active pipeline run.
The pipeline run is displayed.
Wait for the pipeline run to finish. When it does, the template spec is published to Azure.
Note the pipeline's build number, which includes today's date and a unique revision number. In the example screenshot, the build number is 20230407.1.
Review the template spec in Azure
You can also view the published template spec in the Azure portal.
In your browser, go to the Azure portal.
Go to the ToyReusable resource group, and select the linux-app-service template spec.
Examine the details of the template spec.
Notice that the Latest version and Version number is the same as the pipeline's build number. Your pipeline uses the build number for the template spec's version number.