There are a ton of DevOps best practices regarding people, process and tooling. Blog posts, books, videos, etc. DevOps is all about a transformative journey. It's not just about CI/CD.
Even so, over the weekend I pulled together a list of some best practices for Azure DevOps pipelines and GitHub repos. Some are links to overview info, and some links contain hands on walkthroughs.
You might notice there's a bit of a Kubernetes flavor sprinkled around. That's because I've been spending some time coming up to speed on the subject. There's a lot to learn in that space. Anyway, here's what I have so far:
- Branching - Release flow branching strategy: https://docs.microsoft.com/en-us/azure/devops/learn/devops-at-microsoft/release-flow
- Create branch policies: https://help.github.com/en/github/administering-a-repository/configuring-protected-branches
- From Azure DevOps, build GitHub repositories and run pull request build: https://docs.microsoft.com/en-us/azure/devops/pipelines/repos/github?view=azure-devops&tabs=yaml
- Review code with pull requests: https://docs.microsoft.com/en-us/azure/devops/repos/git/pull-requests?view=azure-devops
- More about pull requests: https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests
- Walkthrough - Integrate ARM templates with Azure Pipelines: https://docs.microsoft.com/en-us/azure/azure-resource-manager/vs-resource-groups-project-devops-pipelines
- Visual Studio Test task https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/test/vstest?view=azure-devops
- Run Selenium tests in Azure pipelines: https://docs.microsoft.com/en-us/azure/devops/pipelines/test/continuous-test-selenium?view=azure-devops Microsoft Learn module: run quality tests in you build pipeline https://docs.microsoft.com/en-us/learn/modules/run-quality-tests-build-pipeline/
- Kubernetes deployment strategies: https://azure.microsoft.com/en-in/overview/kubernetes-deployment-strategy/
- Build and deploy to AKS with Azure yaml pipeline and GitHub repo
- Canary releases in Azure DevOps and AKS / blue-green deployments
- End-to-end ACR/AKS walkthrough (It's a bit intense): https://docs.microsoft.com/en-us/azure/devops/pipelines/ecosystems/kubernetes/canary-demo?view=azure-devops
- Overview and concepts: https://docs.microsoft.com/en-us/azure/devops/migrate/security-validation-cicd-pipeline?view=azure-devops
- Checkmarx - Installing and configuring CxSAST Azure DevOps plugin: https://checkmarx.atlassian.net/wiki/spaces/KC/pages/1011155072/Installing+and+Configuring+the+CxSAST+Azure+DevOps+MS-VSTS+Plugin+v8.8.0
- Microsoft Learn module - Scan code for vulnerability in Azure Pipelines: https://docs.microsoft.com/en-us/learn/modules/scan-for-vulnerabilities/
- Microsoft security code analysis extension: https://secdevtools.azurewebsites.net/