Microsoft Azure Bicep In Continues Integration Pull Request

On previous posts we have been introduced, how to get started, use extension or migrate from ARM templates for azure bicep or how to use in Continuous Delivery/Continuous Deployment.

Azure Bicep in Continuous Integration Pipeline on Pull Request

On current one I will cover how to use bicep in our Continuous Integration Azure DevOps yaml pipeline. We start from setup branch policy/branch protection. We link out CI build and make this required for purpose to protect our main branches and not allow breaking code.

How to setup branch protection in

• Azure Devops
• GitHub Action

Validation task

We create additional task in out ci pipeline used also for branch protection.

- task: AzureCLI@2
  displayName: Bicep Validate
  inputs:
    azureSubscription: AzureServiceConnection
    scriptType: bash
    scriptLocation: inlineScript
    inlineScript: |
      az group create --name pr-validation-rg --location $(locationRG)
      az deployment group validate --resource-group pr-validation-rg --template-file '$(Pipeline.Workspace)--template-file '$(Pipeline.Workspace)/$/drop bicep/main.bicep' --parameters '$(Pipeline.Workspace)/$/drop bicep/main.$.parameters.json'

The task is very similar what we use in post with difference that instead using az deployment group create we will use az deployment group validate with is causing validation on bicep. In addition depending from out need if we use multiple environments for staging. We can use --resource-group parameter with can be dynamic/calculated or we can use dedicated resource group for validation purpose. The good way would we using dedicated RG for PR to not affect production resource manager, and use the same validation step on Continuous Delivery/Continuous Deployment with will validate our bicep against target deployment as prerequisite before any other action. One of example can be issues limitation or quotas on target Resource Group/Subscription.