Exercise - Publish a template spec

  • 4 minutes

Your team has some security-hardened Bicep files that are compliant with your company's new governance model. One of the hardened Bicep files deploys a Linux-based Azure App Service app. In this exercise, you use a deployment pipeline to publish the Bicep file as a template spec.

During the process, you'll:

  • Add a lint stage to the pipeline.
  • Add a pipeline stage to publish the template spec.
  • Verify that the pipeline starts and finishes successfully.
  • Check the published template spec in Azure.

Add a lint stage to your pipeline

Your repository contains a draft of a pipeline definition that you can use as a starting point.

  1. In Visual Studio Code, expand the template-specs/linux-app-service folder in the root of the repository.

  2. Open the pipeline.yml file.

    Screenshot of Visual Studio Code that shows the location of the pipeline definition file.

  3. At the bottom of the file, replace # To be added with the following lint stage definition:

    stages:

- stage: Lint
  jobs:
  - job: LintCode
    displayName: Lint code
    steps:
      - script: |
          az bicep build --file $(TemplateSpecFilePath)
        name: LintBicepCode
        displayName: Run Bicep linter

    Your repository has a bicepconfig.json file that configures the linter to emit errors instead of warnings. Any failures during the lint stage will cause the pipeline to fail.

    Tip

    YAML files are sensitive to indentation. Whether you type or paste this code, make sure your indentation is correct. Later in this exercise, you'll see the complete YAML pipeline definition so that you can verify that your file matches.

Add a publish stage to your pipeline

Now, you can add a second stage to publish the template spec to Azure.

  1. Add the following code at the end of the pipeline.yml file:

    - stage: Publish
  jobs:
  - job: Publish
    steps:
      - task: AzureCLI@2
        name: Publish
        displayName: Publish template spec
        inputs:
          azureSubscription: $(ServiceConnectionName)
          scriptType: 'bash'
          scriptLocation: 'inlineScript'
          inlineScript: |
            az ts create \
              --resource-group $(AzureResourceGroupName) \
              --name $(TemplateSpecName) \
              --version $(Build.BuildNumber) \
              --template-file $(TemplateSpecFilePath) \
              --location $(AzureRegion) \
              --yes

    This stage checks out the code from your repository and signs in to Azure using the service connection that you created. It then runs the az ts create command to publish the template spec to Azure.

    Tip

    To keep things simple, your pipeline uses the pipeline's build number as the template spec's version number. In the next unit, you'll learn about a more complex versioning scheme.

  2. Save your changes to the file.

Verify and commit your pipeline definition

  1. Verify that your pipeline.yml file looks like the following example:

    trigger:
  batch: true
  branches:
    include:
    - main
  paths:
    include:
    - 'template-specs/linux-app-service/**'

variables:
- name: ServiceConnectionName
  value: ToyReusable
- name: AzureResourceGroupName
  value: ToyReusable
- name: AzureRegion
  value: westus3
- name: TemplateSpecName
  value: linux-app-service
- name: TemplateSpecFilePath
  value: template-specs/linux-app-service/main.bicep

pool:
  vmImage: ubuntu-latest

stages:

- stage: Lint
  jobs:
  - job: LintCode
    displayName: Lint code
    steps:
      - script: |
          az bicep build --file $(TemplateSpecFilePath)
        name: LintBicepCode
        displayName: Run Bicep linter

- stage: Publish
  jobs:
  - job: Publish
    steps:
      - task: AzureCLI@2
        name: Publish
        displayName: Publish template spec
        inputs:
          azureSubscription: $(ServiceConnectionName)
          scriptType: 'bash'
          scriptLocation: 'inlineScript'
          inlineScript: |
            az ts create \
              --resource-group $(AzureResourceGroupName) \
              --name $(TemplateSpecName) \
              --version $(Build.BuildNumber) \
              --template-file $(TemplateSpecFilePath) \
              --location $(AzureRegion) \
              --yes

    If it doesn't, update it to match this example, and then save it.

  2. Commit and push your changes to your Git repository by running the following commands in the Visual Studio Code terminal:

    git add .
git commit -m "Add lint and publish stages to Linux App Service template spec pipeline"
git push

    Immediately after you push, Azure Pipelines starts a new pipeline run.

Monitor the pipeline

  1. In your browser, select Pipelines > Pipelines.

    Screenshot of Azure Pipelines that shows the Pipelines menu item.

  2. Select the active pipeline run.

  3. The pipeline run is displayed.

    Wait for the pipeline run to finish. When it does, the template spec is published to Azure.

    Screenshot of Azure Pipelines that shows a successful pipeline run and highlights the build number.

  4. Note the pipeline's build number, which includes today's date and a unique revision number. In the example screenshot, the build number is 20230407.1.

Review the template spec in Azure

You can also view the published template spec in the Azure portal.

  1. In your browser, go to the Azure portal.

  2. Go to the ToyReusable resource group, and select the linux-app-service template spec.

    Screenshot of the Azure portal that shows the resource group, with the template spec highlighted.

  3. Examine the details of the template spec.

    Screenshot of the Azure portal that shows the template spec details.

    Notice that the Latest version and Version number is the same as the pipeline's build number. Your pipeline uses the build number for the template spec's version number.