DevOps 流水线

trigger: branches: include: [main, release/*] paths: exclude: [docs/**, '*.md'] variables: - group: my-variable-group - name: buildConfiguration value: Release pool: vmImage: ubuntu-latest stages: - stage: Build jobs: - job: BuildAndTest steps: [...] - stage: Deploy dependsOn: Build condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main')) jobs: [...]

jobs: - job: Build pool: vmImage: ubuntu-latest steps: - task: NodeTool@0 inputs: versionSpec: '20.x' - script: | npm ci npm run build npm test displayName: 'Install, build, test' - task: Docker@2 inputs: containerRegistry: myACRServiceConnection repository: myapp command: buildAndPush tags: | $(Build.BuildId) latest

variables: - name: APP_NAME value: myapp - group: prod-secrets # 包含 DB_PASSWORD 等敏感变量 # 内置变量： # $(Build.BuildId) - 唯一构建 ID # $(Build.SourceBranch) - refs/heads/main # $(System.TeamProject) - 项目名称

stages: - stage: DeployProd jobs: - deployment: DeployToAKS environment: 'production.default' strategy: runOnce: deploy: steps: - task: KubernetesManifest@0 inputs: action: deploy kubernetesServiceConnection: aks-prod manifests: k8s/*.yaml

# templates/build-steps.yml parameters: - name: nodeVersion type: string default: '20.x' steps: - task: NodeTool@0 inputs: versionSpec: ${{ parameters.nodeVersion }} - script: npm ci && npm run build # 在主流水线中引用 stages: - stage: Build jobs: - job: Build steps: - template: templates/build-steps.yml