// Creates Azure DevOps CI/CD pipelines from the template YAML files. This skill creates pipelines for agent creation, testing, and deployment automation using the ready-to-use pipeline definitions.
| name | pipeline-setup |
| description | Creates Azure DevOps CI/CD pipelines from the template YAML files. This skill creates pipelines for agent creation, testing, and deployment automation using the ready-to-use pipeline definitions. |
This skill handles creating Azure DevOps pipelines from the template YAML files in your repository.
Use this skill when you need to:
Before using this skill, ensure:
configuration-management skill first)repository-setup skill)service-connection-setup skill)environment-setup skill)This skill includes scripts/create-pipelines.ps1 which automates the entire pipeline setup process:
What it does automatically:
REPLACE_WITH_YOUR_PROJECTNAME placeholder with actual config.naming.projectName
REPLACE_WITH_YOUR_PROJECTNAME-dev-vars → myproject-dev-varsREPLACE_WITH_YOUR_PROJECTNAME-dev → myproject-devUsage:
cd .github/skills/pipeline-setup
./scripts/create-pipelines.ps1 -UseConfig
Why is this needed?
{projectName}-{env}-vars (e.g., myproject-dev-vars){projectName}-{env} (e.g., myproject-dev)The template application includes these pipeline YAML files:
| Pipeline | YAML Path | Purpose |
|---|---|---|
| Create Agent | .azure-pipelines/createagentpipeline.yml | Deploys AI agent to Azure AI Foundry |
| Agent Evaluation | .azure-pipelines/agenteval.yml | Runs agent evaluation tests |
| Red Team Testing | .azure-pipelines/redteam.yml | Runs security red team tests |
# Load configuration
. ./.github/skills/configuration-management/config-functions.ps1
$config = Get-StarterConfig
# Extract values
$org = $config.azureDevOps.organizationUrl
$project = $config.azureDevOps.projectName
$projectName = $config.naming.projectName
$repoName = "azure-ai-foundry-app" # Your repository name
# Verify repository exists
$repoExists = az repos show --repository $repoName --query "id" -o tsv
if (-not $repoExists) {
Write-Host "❌ Repository not found: $repoName"
Write-Host " Run the repository-setup skill first"
exit 1
}
Write-Host "✓ Configuration loaded"
Write-Host "✓ Repository found: $repoName"
Write-Host "✓ Project name from config: $projectName"
Important: The pipeline YAML files contain placeholders that need to be replaced with your actual project name.
The create-pipelines.ps1 script automatically:
REPLACE_WITH_YOUR_PROJECTNAME with $projectName from configExample replacements:
# Variable groups - Before
variables:
- group: 'REPLACE_WITH_YOUR_PROJECTNAME-dev-vars'
# Variable groups - After
variables:
- group: 'myproject-dev-vars' # Where myproject = config.naming.projectName
# Service connections - Before
- task: AzureCLI@2
inputs:
azureSubscription: 'REPLACE_WITH_YOUR_PROJECTNAME-dev'
# Service connections - After
- task: AzureCLI@2
inputs:
azureSubscription: 'myproject-dev' # Where myproject = config.naming.projectName
Manual alternative (if needed):
# Clone repository
git clone https://dev.azure.com/$org/$project/_git/$repoName
cd $repoName
# Replace placeholders in YAML files (both variable groups and service connections)
$yamlFiles = Get-ChildItem -Path ".azure-pipelines" -Filter "*.yml"
foreach ($file in $yamlFiles) {
(Get-Content $file.FullName) -replace "REPLACE_WITH_YOUR_PROJECTNAME", $projectName | Set-Content $file.FullName
}
# Commit and push
git add .azure-pipelines/*.yml
git commit -m "Update pipeline YAML files with projectName: $projectName"
git push origin main
Write-Host "`nCreating pipelines..."
# Define pipelines to create
$pipelines = @(
@{
name = "Azure AI Foundry - Create Agent"
path = ".azure-pipelines/createagentpipeline.yml"
description = "Deploys AI agent to Azure AI Foundry"
},
@{
name = "Azure AI Foundry - Agent Evaluation"
path = ".azure-pipelines/agenteval.yml"
description = "Runs agent evaluation tests"
},
@{
name = "Azure AI Foundry - Red Team"
path = ".azure-pipelines/redteam.yml"
description = "Runs security red team tests"
}
)
foreach ($pipeline in $pipelines) {
# Check if pipeline already exists
$existingPipeline = az pipelines list --query "[?name=='$($pipeline.name)'].id" --output tsv
if (-not $existingPipeline) {
Write-Host "Creating pipeline: $($pipeline.name)"
try {
$pipelineId = az pipelines create `
--name "$($pipeline.name)" `
--repository $repoName `
--repository-type tfsgit `
--branch main `
--yml-path "$($pipeline.path)" `
--skip-first-run `
--output json | ConvertFrom-Json | Select-Object -ExpandProperty id
Write-Host "✓ Pipeline created: $($pipeline.name) (ID: $pipelineId)"
Write-Host " Description: $($pipeline.description)"
Write-Host " YAML: $($pipeline.path)"
}
catch {
Write-Host "❌ Failed to create pipeline: $($pipeline.name)"
Write-Host " Error: $_"
Write-Host " Verify YAML path exists in repository: $($pipeline.path)"
}
} else {
Write-Host "✓ Pipeline already exists: $($pipeline.name) (ID: $existingPipeline)"
}
}
Write-Host "`n✅ Pipeline setup complete!"
Write-Host "`n=== Verifying Pipeline Configuration ==="
# List all pipelines
$allPipelines = az pipelines list --output json | ConvertFrom-Json
Write-Host "`nCreated Pipelines:"
foreach ($p in $allPipelines) {
Write-Host " - $($p.name)"
Write-Host " ID: $($p.id)"
Write-Host " Path: $($p.path)"
Write-Host " Repository: $($p.repository.name)"
}
Write-Host "`nPipeline URLs:"
foreach ($p in $allPipelines) {
Write-Host " - $($p.name): $org/$project/_build?definitionId=$($p.id)"
}
By default, pipelines are created with --skip-first-run to prevent automatic execution.
To enable CI triggers (automatic runs on code push):
# Option 1: Update YAML file to enable triggers
# Edit .azure-pipelines/createagentpipeline.yml:
# trigger:
# branches:
# include:
# - main
# paths:
# include:
# - src/agents/*
# Option 2: Enable via Azure DevOps UI
Write-Host "`nTo enable CI triggers:"
Write-Host "1. Go to: $org/$project/_build"
Write-Host "2. Select pipeline > Edit"
Write-Host "3. Click 'Triggers' tab"
Write-Host "4. Enable 'Continuous integration'"
Write-Host "5. Configure branch filters and path filters"
Write-Host "`n=== Running First Pipeline (Optional) ==="
# Get the Create Agent pipeline ID
$createAgentPipeline = az pipelines list --query "[?name=='Azure AI Foundry - Create Agent'].id" --output tsv
if ($createAgentPipeline) {
Write-Host "To run the Create Agent pipeline:"
Write-Host "1. Manual run via CLI:"
Write-Host " az pipelines run --id $createAgentPipeline"
Write-Host ""
Write-Host "2. Manual run via UI:"
Write-Host " $org/$project/_build?definitionId=$createAgentPipeline"
Write-Host " Click 'Run pipeline' button"
Write-Host ""
Write-Host "3. Automatic run on code push (if CI triggers enabled)"
} else {
Write-Host "⚠️ Create Agent pipeline not found"
}
Understanding the pipeline YAML structure helps with customization:
# Basic structure of template pipelines
trigger:
branches:
include:
- main
paths:
include:
- src/agents/*
variables:
- group: REPLACE_WITH_YOUR_PROJECTNAME-dev-vars # References variable group: {projectName}-dev-vars
stages:
- stage: Dev
jobs:
- deployment: DeployAgent
environment: dev # References environment
pool:
vmImage: 'ubuntu-latest'
strategy:
runOnce:
deploy:
steps:
- task: AzureCLI@2
inputs:
azureSubscription: 'azure-foundry-dev' # References service connection
Error: Could not find file at path .azure-pipelines/createagentpipeline.yml
Solution: Verify the YAML file exists in your repository:
# Check files in repository
az repos list-branches --repository $repoName
# Or check locally
Set-Location "C:\Repos\ado\azure-ai-foundry-app"
Test-Path ".azure-pipelines/createagentpipeline.yml"
# If missing, ensure template code was pushed correctly (repository-setup skill)
Error: The pipeline is not valid. Could not find service connection 'azure-foundry-dev'
Solution: Verify service connections exist and are authorized:
# List service connections
az devops service-endpoint list --query "[].name" --output tsv
# Authorize service connection for all pipelines
$scId = az devops service-endpoint list --query "[?name=='azure-foundry-dev'].id" --output tsv
az devops service-endpoint update --id $scId --enable-for-all true
Error: The pipeline is not valid. Could not find variable group '{projectName}-dev-vars'
Solution: Verify variable groups exist and are authorized:
# List variable groups
az pipelines variable-group list --query "[].name" --output tsv
# Authorize variable group (use your actual projectName from config)
$vgName = "$projectName-dev-vars" # Replace with your config.naming.projectName
$vgId = az pipelines variable-group list --query "[?name=='$vgName'].id" --output tsv
az pipelines variable-group update --id $vgId --authorize true
Error: The pipeline is not valid. Could not find environment 'dev'
Solution: Verify environments exist:
# List environments
az pipelines environment list --query "[].name" --output tsv
# Create if missing (use environment-setup skill)
Error: TF401027: You need the Git 'Create Repository' permission
Solution: Verify you have necessary permissions:
Error: --repository-type must be github or tfsgit
Solution: Ensure you specify --repository-type tfsgit for Azure DevOps repositories:
az pipelines create `
--repository-type tfsgit ` # Use tfsgit for Azure Repos
...
--skip-first-run to prevent immediate executionRecommended order for first runs:
This skill works together with:
Orchestrates complete Azure AI Foundry deployment to Azure DevOps. Coordinates repository-setup, service-connection-setup, environment-setup, pipeline-setup, and deployment-validation skills. Use when deploying the complete Azure AI Foundry starter template end-to-end.
Cleans up Azure DevOps resources (repositories, service connections, variable groups, pipelines) and resets configuration files. Use when you need to remove Azure DevOps artifacts after testing or to prepare for a fresh deployment of the Azure AI Foundry Starter template.
Safely deletes all Azure resources created by the Azure AI Foundry starter template including resource groups, AI Services, AI Foundry Projects, Service Principal, federated credentials, and RBAC assignments. Use when tearing down environments or starting fresh.
Validates the complete Azure AI Foundry deployment by checking repositories, service connections, variable groups, environments, pipelines, and optionally running the first agent deployment. This skill provides comprehensive verification of the deployment setup.
Creates Azure DevOps variable groups and environments for dev, test, and production. This skill configures environment-specific variables and approval gates required for CI/CD pipelines.
Manages federated credentials for Azure DevOps service connections using Workload Identity Federation. Retrieves actual issuer/subject from service connections and creates/updates federated credentials on Service Principals.