Leverage environments in Azure Devops

Leverage environments in Azure Devops

I have recently been working a lot with Azure Devops and setting up pipelines for a customer of mine. When doing this we decided to utilize the environments feature in Azure Devops which is a pretty neat tool. Whilst researching this I have recorded some insights which I will share with you here. Some are more like "duh, ya think?" insights but I hope some of it will be useful.

First off, some words on why we use different environments.

Why do you need different environments

It is common practice to perform changes in a development or test environment before making changes in production. If anything goes wrong you can quickly identify these mistakes and you can amend them before changing the environment that you rely upon to make money if you for example host a web e-shop.

  • What is a development environment

Development environments are commonly used by, well you guessed it - the developers. They can make quick uncontrolled changes and tests and be very creative without the risk of damaging the end-user experience.

  • What is a test environment

Test environment or user acceptance test environments aim at the endusers and the stakeholders of the product. They will test different things and use the end product in a different way compared to a developer. They may use features or have a way of working that is very different from what the developers intended and it is important to discover these types of behaviours so that the developers can make changes if need be.

There is no golden standard for how environments are used

Some companies and corporations may use these environments or less. Some will even have more environments such as pre-prod and demo environments. It is really no golden standard and it is up to the company to decide and what type of strategy they use.

You can set up more than one environment in Azure DevOps which you link your pipelines to. It is common that we have several steps that execute in our pipelines such as linting, validation of code and actual deployment of features.

Leverage the environments with Azure Devops and setup dependencies to secure your deployment workflow. For example it can be very useful to have the whole deployment stop if validation checks do not pass in development or test, you would in this case not want to proceed with the production environment.

Isolate your environments

When setting up your environments in Azure Devops it is recommended to isolate them from one another. Use different service connections for Dev, Test and Prod. Ensure permissions do not overlap so that your development can't write changes on the production database.

This follows the same practice recommended when separating environments in Microsoft Azure. You should at a minimum have different resource groups for Dev and Prod but I would advice always to have different subscriptions for the different environments. So if you have a web e-shop landing zone for example I would use three different subscriptions for dev, test and the production environment.

How to create environments in Azure Devops

Pre-requisites for this step is that you have an Azure Devops organization and a project created. Should you need help with this: READ

Assuming you have this setup:

  • In the left pane select Pipelines -> Environments
  • Select New Environment
  • Give it a name and click Create

Well done. We now have a new environment called qa which we can leverage. I have two pipelines in my environment which I will need to grant access for:

I can now use this environment when I run those pipelines. I will create a service connection specific to the QA environment and ensure it only has the permissions it require.

How to do that and using workload identity federation is something that will be covered in an upcoming post. Thank you for reading!

References

Understand environments - Training
Learn about the environments that you typically deploy your resources to. Also, learn about Azure Pipeline environments and how to use them.

About me

About me
If you have landed on my page you will have already understood my passion for tech, but obviously there is more to life than that. Here I will try and outline a few of my other hobbies. Strength training I am a person who loves to move around and challenge