Azure DevOps

Integrate bricks CLI into Azure DevOps pipelines

Integrate bricks CLI into your Azure DevOps pipelines to publish blueprints, plan infrastructure changes on PRs, and deploy across collections with approval gates.

Setup

Create a Variable Group named bluebricks-credentials with a secret BRICKS_API_KEY (see Long-Lived Tokens)
Create Environments (bluebricks-dev, bluebricks-staging, bluebricks-production) with approval checks on staging and production

Install the CLI in any pipeline job:

- script: |
    /bin/bash -c "$(curl -fsSL https://brickscli.s3.eu-west-1.amazonaws.com/releases/latest/install.sh)"
  displayName: 'Install bricks CLI'

The CLI reads configuration from environment variables prefixed with BRICKS_. Set BRICKS_NON_INTERACTIVE and BRICKS_API_KEY at the pipeline level so every step picks them up automatically. Since BRICKS_API_KEY is a secret, it must also be mapped via env: on each step.

CI/CD Flags

See bricks install and bricks blueprint publish for full reference.

Flag / Env Var

Purpose

BRICKS_API_KEY

Authenticate without browser login

BRICKS_NON_INTERACTIVE

Suppress interactive prompts

--plan-only

Preview changes without applying

--yes

Auto-approve and apply

Deploy Pipeline

Plans on PRs, then deploys through dev (automatic), staging (approval), and production (approval). Uses ${{ each }} to loop over environments so the deploy logic is defined once:

YAML pr: triggers work only with GitHub and Bitbucket Cloud repositories. If your code is in Azure Repos Git, configure a branch policy for build validation instead to trigger plans on pull requests.

parameters:
  - name: environments
    type: object
    default:
      - name: dev
        file: environments/dev/deploy.yaml
        dependsOn: Plan
        condition: "and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))"
      - name: staging
        file: environments/staging/deploy.yaml
        dependsOn: Deploy_dev
        condition: succeeded()
      - name: production
        file: environments/production/deploy.yaml
        dependsOn: Deploy_staging
        condition: succeeded()

trigger:
  branches:
    include:
      - main
  paths:
    include:
      - environments/**

# PR triggers work with GitHub/Bitbucket repos.
# For Azure Repos Git, use branch policy build validation instead.
pr:
  branches:
    include:
      - main
  paths:
    include:
      - environments/**

variables:
  - group: bluebricks-credentials
  - name: BRICKS_NON_INTERACTIVE
    value: true

stages:
  - stage: Plan
    displayName: 'Plan deployments'
    jobs:
      - job: PlanAll
        pool:
          vmImage: 'ubuntu-latest'
        steps:
          - checkout: self
          - script: |
              /bin/bash -c "$(curl -fsSL https://brickscli.s3.eu-west-1.amazonaws.com/releases/latest/install.sh)"
            displayName: 'Install bricks CLI'
          - ${{ each env in parameters.environments }}:
            - script: |
                bricks install \
                  --file ${{ env.file }} \
                  --plan-only
              displayName: 'Plan ${{ env.name }}'
              env:
                BRICKS_API_KEY: $(BRICKS_API_KEY)

  - ${{ each env in parameters.environments }}:
    - stage: Deploy_${{ env.name }}
      displayName: 'Deploy to ${{ env.name }}'
      dependsOn: ${{ env.dependsOn }}
      condition: ${{ env.condition }}
      jobs:
        - deployment: Deploy_${{ env.name }}
          pool:
            vmImage: 'ubuntu-latest'
          environment: bluebricks-${{ env.name }}
          strategy:
            runOnce:
              deploy:
                steps:
                  - checkout: self
                  - script: |
                      /bin/bash -c "$(curl -fsSL https://brickscli.s3.eu-west-1.amazonaws.com/releases/latest/install.sh)"
                    displayName: 'Install bricks CLI'
                  - script: |
                      bricks install \
                        --file ${{ env.file }} \
                        --yes
                    displayName: 'Deploy ${{ env.name }}'
                    env:
                      BRICKS_API_KEY: $(BRICKS_API_KEY)

Publish Pipeline

Publishes blueprints to the registry when changes merge to main:

trigger:
  branches:
    include:
      - main
  paths:
    include:
      - blueprints/**

variables:
  - group: bluebricks-credentials
  - name: BRICKS_NON_INTERACTIVE
    value: true

stages:
  - stage: Publish
    displayName: 'Publish blueprints'
    condition: eq(variables['Build.SourceBranch'], 'refs/heads/main')
    jobs:
      - job: Publish
        pool:
          vmImage: 'ubuntu-latest'
        steps:
          - checkout: self

          - script: |
              /bin/bash -c "$(curl -fsSL https://brickscli.s3.eu-west-1.amazonaws.com/releases/latest/install.sh)"
            displayName: 'Install bricks CLI'

          - script: |
              bricks blueprint publish \
                --src blueprints/web-app
            displayName: 'Publish web-app blueprint'
            env:
              BRICKS_API_KEY: $(BRICKS_API_KEY)

Deployment Manifest

Each environment has a deploy.yaml:

apiVersion: bricks/v1
kind: Deployment

metadata:
  name: web-app-dev

spec:
  blueprint: web_app
  version: "0.3.0"
  collection: dev
  props:
    environment: "dev"
    instance_type: "t3.medium"
    min_replicas: 2
    max_replicas: 4

See Deployment Manifest File Format for the full reference. For blueprint definitions (bricks.yaml), see Creating Blueprints.

Repository Structure

.
├── azure-pipelines.yml               # Deploy pipeline
├── azure-pipelines-publish.yml       # Publish pipeline
├── environments/
│   ├── dev/deploy.yaml
│   ├── staging/deploy.yaml
│   └── production/deploy.yaml
├── blueprints/
│   └── web-app/bricks.yaml
└── README.md

Troubleshooting

Issue

Solution

authentication required

Verify BRICKS_API_KEY is set and linked to the pipeline

Pipeline hangs on publish

Bump the version in bricks.yaml before merging - the CLI prompts when a version already exists

INVALID_PACKAGE_NAME

Use underscores, not hyphens (e.g., aws_vpc not aws-vpc)

PreviousGitLab NextBackstage

Last updated 1 month ago

Was this helpful?