Example end-to-end Governance Model from CI/CD to Azure Resource Manager. Use this project to deploy example AAD, ARM and Azure DevOps resources to learn about e2e RBAC.
MIT License
189
stars
93
forks
source link
Refactor: separate pipelines per environment into single deployment pipeline #52
Previously we had separate dev.yaml and production.yaml pipelines. In part because I was paranoid about what code was going where and tried to get security via code, e.g. this vars/global.yaml.
apply security guardrails in form of Approval on the credentials (service connection or variable group)
using single pipeline allows for linear CI --> Dev --> Production staging visualization that many customers want.
Instead of looking for which branch triggered the deployment, we can recognize from the circles, which environment was deployed. Note: in the current YAML, main and production are separate triggers. So you will never get all 3 stages (e.g. circles) green in a single pipeline run.
Purpose
Previously we had separate
dev.yaml
andproduction.yaml
pipelines. In part because I was paranoid about what code was going where and tried to get security via code, e.g. thisvars/global.yaml
.Actually this is convoluted. Instead, we will
CI --> Dev --> Production
staging visualization that many customers want.Instead of looking for which branch triggered the deployment, we can recognize from the circles, which environment was deployed. Note: in the current YAML,
main
andproduction
are separate triggers. So you will never get all 3 stages (e.g. circles) green in a single pipeline run.