Skip to content

Commit

Permalink
apply comments
Browse files Browse the repository at this point in the history
  • Loading branch information
@arpitjasa-db
arpitjasa-db committed Mar 1, 2024
1 parent b486017 commit 1142de7
Show file tree
Hide file tree
Showing 12 changed files with 117 additions and 92 deletions.
6 changes: 3 additions & 3 deletions template/{{.input_root_dir}}/.azure/devops-pipelines/deploy-cicd.yml.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,12 +68,12 @@ jobs:
displayName: Initialize CI/CD Bundle
env:
DATABRICKS_HOST: {{template `databricks_staging_workspace_host` .}}
{{ if (eq .input_cloud `aws`) -}}
DATABRICKS_TOKEN: $(STAGING_WORKSPACE_TOKEN)
{{- else if (eq .input_cloud `azure`) -}}
{{ if (eq .input_cloud `azure`) -}}
ARM_TENANT_ID: $(STAGING_AZURE_SP_TENANT_ID)
ARM_CLIENT_ID: $(STAGING_AZURE_SP_APPLICATION_ID)
ARM_CLIENT_SECRET: $(STAGING_AZURE_SP_CLIENT_SECRET)
{{ else -}}
DATABRICKS_TOKEN: $(STAGING_WORKSPACE_TOKEN)
{{- end }}

# Create Branch and Commit CICD Bundle
Expand Down
36 changes: 18 additions & 18 deletions .../{{.input_root_dir}}/.azure/devops-pipelines/{{.input_project_name}}-bundle-cicd.yml.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,12 +58,12 @@ stages:
workingDirectory: $(workingDirectory)
displayName: 'Validate bundle for staging'
env:
{{ if (eq .input_cloud `aws`) -}}
DATABRICKS_TOKEN: $(STAGING_WORKSPACE_TOKEN)
{{- else if (eq .input_cloud `azure`) -}}
{{ if (eq .input_cloud `azure`) -}}
ARM_TENANT_ID: $(STAGING_AZURE_SP_TENANT_ID)
ARM_CLIENT_ID: $(STAGING_AZURE_SP_APPLICATION_ID)
ARM_CLIENT_SECRET: $(STAGING_AZURE_SP_CLIENT_SECRET)
{{ else -}}
DATABRICKS_TOKEN: $(STAGING_WORKSPACE_TOKEN)
{{- end }}


Expand Down Expand Up @@ -91,12 +91,12 @@ stages:
workingDirectory: $(workingDirectory)
displayName: 'Validate bundle for prod'
env:
{{ if (eq .input_cloud `aws`) -}}
DATABRICKS_TOKEN: $(PROD_WORKSPACE_TOKEN)
{{- else if (eq .input_cloud `azure`) -}}
{{ if (eq .input_cloud `azure`) -}}
ARM_TENANT_ID: $(PROD_AZURE_SP_TENANT_ID)
ARM_CLIENT_ID: $(PROD_AZURE_SP_APPLICATION_ID)
ARM_CLIENT_SECRET: $(PROD_AZURE_SP_CLIENT_SECRET)
{{ else -}}
DATABRICKS_TOKEN: $(PROD_WORKSPACE_TOKEN)
{{- end }}

# Run StagingBundleCD stage after successfully merging into the {{ .input_default_branch }} branch
Expand Down Expand Up @@ -136,12 +136,12 @@ stages:
workingDirectory: $(workingDirectory)
displayName: 'Validate bundle for staging'
env:
{{ if (eq .input_cloud `aws`) -}}
DATABRICKS_TOKEN: $(STAGING_WORKSPACE_TOKEN)
{{- else if (eq .input_cloud `azure`) -}}
{{ if (eq .input_cloud `azure`) -}}
ARM_TENANT_ID: $(STAGING_AZURE_SP_TENANT_ID)
ARM_CLIENT_ID: $(STAGING_AZURE_SP_APPLICATION_ID)
ARM_CLIENT_SECRET: $(STAGING_AZURE_SP_CLIENT_SECRET)
{{ else -}}
DATABRICKS_TOKEN: $(STAGING_WORKSPACE_TOKEN)
{{- end }}

# Deploy bundle to Staging workspace
Expand All @@ -150,12 +150,12 @@ stages:
workingDirectory: $(workingDirectory)
displayName: 'Deploy bundle to staging'
env:
{{ if (eq .input_cloud `aws`) -}}
DATABRICKS_TOKEN: $(STAGING_WORKSPACE_TOKEN)
{{- else if (eq .input_cloud `azure`) -}}
{{ if (eq .input_cloud `azure`) -}}
ARM_TENANT_ID: $(STAGING_AZURE_SP_TENANT_ID)
ARM_CLIENT_ID: $(STAGING_AZURE_SP_APPLICATION_ID)
ARM_CLIENT_SECRET: $(STAGING_AZURE_SP_CLIENT_SECRET)
{{ else -}}
DATABRICKS_TOKEN: $(STAGING_WORKSPACE_TOKEN)
{{- end }}

# Run prod bundle CD stage after successfully merging into the {{ .input_release_branch }} branch
Expand Down Expand Up @@ -195,12 +195,12 @@ stages:
workingDirectory: $(workingDirectory)
displayName: 'Validate bundle for prod'
env:
{{ if (eq .input_cloud `aws`) -}}
DATABRICKS_TOKEN: $(PROD_WORKSPACE_TOKEN)
{{- else if (eq .input_cloud `azure`) -}}
{{ if (eq .input_cloud `azure`) -}}
ARM_TENANT_ID: $(PROD_AZURE_SP_TENANT_ID)
ARM_CLIENT_ID: $(PROD_AZURE_SP_APPLICATION_ID)
ARM_CLIENT_SECRET: $(PROD_AZURE_SP_CLIENT_SECRET)
{{ else -}}
DATABRICKS_TOKEN: $(PROD_WORKSPACE_TOKEN)
{{- end }}

# Deploy bundle to prod workspace
Expand All @@ -209,10 +209,10 @@ stages:
workingDirectory: $(workingDirectory)
displayName: 'Deploy bundle to prod'
env:
{{ if (eq .input_cloud `aws`) -}}
DATABRICKS_TOKEN: $(PROD_WORKSPACE_TOKEN)
{{- else if (eq .input_cloud `azure`) -}}
{{ if (eq .input_cloud `azure`) -}}
ARM_TENANT_ID: $(PROD_AZURE_SP_TENANT_ID)
ARM_CLIENT_ID: $(PROD_AZURE_SP_APPLICATION_ID)
ARM_CLIENT_SECRET: $(PROD_AZURE_SP_CLIENT_SECRET)
{{ else -}}
DATABRICKS_TOKEN: $(PROD_WORKSPACE_TOKEN)
{{- end }}
24 changes: 12 additions & 12 deletions ...ate/{{.input_root_dir}}/.azure/devops-pipelines/{{.input_project_name}}-tests-ci.yml.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,12 +86,12 @@ jobs:
workingDirectory: $(workingDirectory)
displayName: Validate bundle for test deployment target in staging workspace
env:
{{ if (eq .input_cloud `aws`) -}}
DATABRICKS_TOKEN: $(STAGING_WORKSPACE_TOKEN)
{{- else if (eq .input_cloud `azure`) -}}
{{ if (eq .input_cloud `azure`) -}}
ARM_TENANT_ID: $(STAGING_AZURE_SP_TENANT_ID)
ARM_CLIENT_ID: $(STAGING_AZURE_SP_APPLICATION_ID)
ARM_CLIENT_SECRET: $(STAGING_AZURE_SP_CLIENT_SECRET)
{{ else -}}
DATABRICKS_TOKEN: $(STAGING_WORKSPACE_TOKEN)
{{- end }}

# Deploy bundle to staging workspace
Expand All @@ -100,12 +100,12 @@ jobs:
workingDirectory: $(workingDirectory)
displayName: Deploy bundle to test deployment target in staging workspace
env:
{{ if (eq .input_cloud `aws`) -}}
DATABRICKS_TOKEN: $(STAGING_WORKSPACE_TOKEN)
{{- else if (eq .input_cloud `azure`) -}}
{{ if (eq .input_cloud `azure`) -}}
ARM_TENANT_ID: $(STAGING_AZURE_SP_TENANT_ID)
ARM_CLIENT_ID: $(STAGING_AZURE_SP_APPLICATION_ID)
ARM_CLIENT_SECRET: $(STAGING_AZURE_SP_CLIENT_SECRET)
{{ else -}}
DATABRICKS_TOKEN: $(STAGING_WORKSPACE_TOKEN)
{{- end }}

{{ if (eq .input_include_feature_store `yes`) }}
Expand All @@ -115,12 +115,12 @@ jobs:
workingDirectory: $(workingDirectory)
displayName: Run Feature Engineering Workflow for test deployment target in Staging Workspace
env:
{{ if (eq .input_cloud `aws`) -}}
DATABRICKS_TOKEN: $(STAGING_WORKSPACE_TOKEN)
{{- else if (eq .input_cloud `azure`) -}}
{{ if (eq .input_cloud `azure`) -}}
ARM_TENANT_ID: $(STAGING_AZURE_SP_TENANT_ID)
ARM_CLIENT_ID: $(STAGING_AZURE_SP_APPLICATION_ID)
ARM_CLIENT_SECRET: $(STAGING_AZURE_SP_CLIENT_SECRET)
{{ else -}}
DATABRICKS_TOKEN: $(STAGING_WORKSPACE_TOKEN)
{{- end }}
{{ end }}

Expand All @@ -130,10 +130,10 @@ jobs:
workingDirectory: $(workingDirectory)
displayName: Run training workflow for test deployment target in staging workspace
env:
{{ if (eq .input_cloud `aws`) -}}
DATABRICKS_TOKEN: $(STAGING_WORKSPACE_TOKEN)
{{- else if (eq .input_cloud `azure`) -}}
{{ if (eq .input_cloud `azure`) -}}
ARM_TENANT_ID: $(STAGING_AZURE_SP_TENANT_ID)
ARM_CLIENT_ID: $(STAGING_AZURE_SP_APPLICATION_ID)
ARM_CLIENT_SECRET: $(STAGING_AZURE_SP_CLIENT_SECRET)
{{ else -}}
DATABRICKS_TOKEN: $(STAGING_WORKSPACE_TOKEN)
{{- end }}
6 changes: 3 additions & 3 deletions template/{{.input_root_dir}}/.github/workflows/deploy-cicd.yml.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,12 @@ on:

env:
DATABRICKS_HOST: {{template `databricks_staging_workspace_host` .}}
{{ if (eq .input_cloud `aws`) -}}
DATABRICKS_TOKEN: {{`${{ secrets.STAGING_WORKSPACE_TOKEN }}`}}
{{- else if (eq .input_cloud `azure`) -}}
{{ if (eq .input_cloud `azure`) -}}
ARM_TENANT_ID: {{`${{ secrets.STAGING_AZURE_SP_TENANT_ID }}`}}
ARM_CLIENT_ID: {{`${{ secrets.STAGING_AZURE_SP_APPLICATION_ID }}`}}
ARM_CLIENT_SECRET: {{`${{ secrets.STAGING_AZURE_SP_CLIENT_SECRET }}`}}
{{ else -}}
DATABRICKS_TOKEN: {{`${{ secrets.STAGING_WORKSPACE_TOKEN }}`}}
{{- end }}

jobs:
Expand Down
8 changes: 3 additions & 5 deletions .../{{.input_root_dir}}/.github/workflows/{{.input_project_name}}-bundle-cd-staging.yml.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,12 @@ defaults:
working-directory: ./{{template `project_name_alphanumeric_underscore` .}}

env:
{{ if (eq .input_cloud `aws`) -}}
DATABRICKS_TOKEN: {{`${{ secrets.STAGING_WORKSPACE_TOKEN }}`}}
{{- else if (eq .input_cloud `gcp`) -}}
DATABRICKS_TOKEN: {{`${{ secrets.STAGING_WORKSPACE_TOKEN }}`}}
{{- else if (eq .input_cloud `azure`) -}}
{{ if (eq .input_cloud `azure`) -}}
ARM_TENANT_ID: {{`${{ secrets.STAGING_AZURE_SP_TENANT_ID }}`}}
ARM_CLIENT_ID: {{`${{ secrets.STAGING_AZURE_SP_APPLICATION_ID }}`}}
ARM_CLIENT_SECRET: {{`${{ secrets.STAGING_AZURE_SP_CLIENT_SECRET }}`}}
{{ else -}}
DATABRICKS_TOKEN: $(STAGING_WORKSPACE_TOKEN)
{{- end }}

jobs:
Expand Down
27 changes: 10 additions & 17 deletions template/{{.input_root_dir}}/.github/workflows/{{.input_project_name}}-bundle-ci.yml.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,19 +14,16 @@ defaults:
working-directory: ./{{template `project_name_alphanumeric_underscore` .}}/

env:
{{ if (eq .input_cloud `aws`) -}}
STAGING_WORKSPACE_TOKEN: {{`${{ secrets.STAGING_WORKSPACE_TOKEN }}`}}
PROD_WORKSPACE_TOKEN: {{`${{ secrets.PROD_WORKSPACE_TOKEN }}`}}
{{- else if (eq .input_cloud `gcp`) -}}
STAGING_WORKSPACE_TOKEN: {{`${{ secrets.STAGING_WORKSPACE_TOKEN }}`}}
PROD_WORKSPACE_TOKEN: {{`${{ secrets.PROD_WORKSPACE_TOKEN }}`}}
{{- else if (eq .input_cloud `azure`) -}}
{{ if (eq .input_cloud `azure`) -}}
STAGING_ARM_TENANT_ID: {{`${{ secrets.STAGING_AZURE_SP_TENANT_ID }}`}}
STAGING_ARM_CLIENT_ID: {{`${{ secrets.STAGING_AZURE_SP_APPLICATION_ID }}`}}
STAGING_ARM_CLIENT_SECRET: {{`${{ secrets.STAGING_AZURE_SP_CLIENT_SECRET }}`}}
PROD_ARM_TENANT_ID: {{`${{ secrets.PROD_AZURE_SP_TENANT_ID }}`}}
PROD_ARM_CLIENT_ID: {{`${{ secrets.PROD_AZURE_SP_APPLICATION_ID }}`}}
PROD_ARM_CLIENT_SECRET: {{`${{ secrets.PROD_AZURE_SP_CLIENT_SECRET }}`}}
{{ else -}}
STAGING_WORKSPACE_TOKEN: {{`${{ secrets.STAGING_WORKSPACE_TOKEN }}`}}
PROD_WORKSPACE_TOKEN: {{`${{ secrets.PROD_WORKSPACE_TOKEN }}`}}
{{- end }}

jobs:
Expand All @@ -41,14 +38,12 @@ jobs:
- name: Validate Bundle For Staging
id: validate
env:
{{ if (eq .input_cloud `aws`) -}}
DATABRICKS_TOKEN: {{`${{ env.STAGING_WORKSPACE_TOKEN }}`}}
{{- else if (eq .input_cloud `gcp`) -}}
DATABRICKS_TOKEN: {{`${{ env.STAGING_WORKSPACE_TOKEN }}`}}
{{- else if (eq .input_cloud `azure`) -}}
{{ if (eq .input_cloud `azure`) -}}
ARM_TENANT_ID: {{`${{ env.STAGING_ARM_TENANT_ID }}`}}
ARM_CLIENT_ID: {{`${{ env.STAGING_ARM_CLIENT_ID }}`}}
ARM_CLIENT_SECRET: {{`${{ env.STAGING_ARM_CLIENT_SECRET }}`}}
{{ else -}}
DATABRICKS_TOKEN: {{`${{ env.STAGING_WORKSPACE_TOKEN }}`}}
{{- end }}
run: |
databricks bundle validate -t {{ .input_staging_catalog_name }} > ../validate_output.txt
Expand Down Expand Up @@ -87,14 +82,12 @@ jobs:
- name: Validate Bundle For Prod
id: validate
env:
{{ if (eq .input_cloud `aws`) -}}
DATABRICKS_TOKEN: {{`${{ env.PROD_WORKSPACE_TOKEN }}`}}
{{- else if (eq .input_cloud `gcp`) -}}
DATABRICKS_TOKEN: {{`${{ env.PROD_WORKSPACE_TOKEN }}`}}
{{- else if (eq .input_cloud `azure`) -}}
{{ if (eq .input_cloud `azure`) -}}
ARM_TENANT_ID: {{`${{ env.PROD_ARM_TENANT_ID }}`}}
ARM_CLIENT_ID: {{`${{ env.PROD_ARM_CLIENT_ID }}`}}
ARM_CLIENT_SECRET: {{`${{ env.PROD_ARM_CLIENT_SECRET }}`}}
{{ else -}}
DATABRICKS_TOKEN: {{`${{ env.PROD_WORKSPACE_TOKEN }}`}}
{{- end }}
run: |
databricks bundle validate -t {{ .input_prod_catalog_name }} > ../validate_output.txt
Expand Down
8 changes: 3 additions & 5 deletions template/{{.input_root_dir}}/.github/workflows/{{.input_project_name}}-run-tests.yml.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,12 @@ defaults:
working-directory: ./{{template `project_name_alphanumeric_underscore` .}}/

env:
{{ if (eq .input_cloud `aws`) -}}
DATABRICKS_TOKEN: {{`${{ secrets.STAGING_WORKSPACE_TOKEN }}`}}
{{- else if (eq .input_cloud `gcp`) -}}
DATABRICKS_TOKEN: {{`${{ secrets.STAGING_WORKSPACE_TOKEN }}`}}
{{- else if (eq .input_cloud `azure`) -}}
{{ if (eq .input_cloud `azure`) -}}
ARM_TENANT_ID: {{`${{ secrets.STAGING_AZURE_SP_TENANT_ID }}`}}
ARM_CLIENT_ID: {{`${{ secrets.STAGING_AZURE_SP_APPLICATION_ID }}`}}
ARM_CLIENT_SECRET: {{`${{ secrets.STAGING_AZURE_SP_CLIENT_SECRET }}`}}
{{ else -}}
DATABRICKS_TOKEN: {{`${{ secrets.STAGING_WORKSPACE_TOKEN }}`}}
{{- end }}

concurrency: {{template `project_name_alphanumeric_underscore` .}}-{{ if (eq .input_include_feature_store `yes`) }}feature-{{end}}training-integration-test-staging
Expand Down
38 changes: 18 additions & 20 deletions template/{{.input_root_dir}}/docs/mlops-setup.md.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ for details.

For your convenience, we also have Terraform modules that can be used to [create](https://registry.terraform.io/modules/databricks/mlops-azure-project-with-sp-creation/databricks/latest) or [link](https://registry.terraform.io/modules/databricks/mlops-azure-project-with-sp-linking/databricks/latest) service principals.

{{ else if ((eq .input_cloud `aws`) or (eq .input_cloud `gcp`)) }}
{{ else }}
To authenticate and manage ML resources created by CI/CD,
[service principals]({{ template `generate_doc_link` (map (pair "cloud" .input_cloud) (pair "path" "administration-guide/users-groups/service-principals.html")) }})
for the project should be created and added to both staging and prod workspaces. Follow
Expand All @@ -78,7 +78,7 @@ for details.

{{ if eq .input_cloud `aws` }}
For your convenience, we also have a [Terraform module](https://registry.terraform.io/modules/databricks/mlops-aws-project/databricks/latest) that can set up your service principals.

{{ end }}
{{ end }}

#### Configure Service Principal (SP) permissions
Expand Down Expand Up @@ -107,21 +107,7 @@ i.e. for each environment


#### Set secrets for CI/CD
{{ if and (eq .input_cicd_platform `github_actions`) ((eq .input_cloud `aws`) or (eq .input_cloud `gcp`)) }}
After creating the service principals and adding them to the respective staging and prod workspaces, follow
[Manage access tokens for a service principal]({{ template `generate_doc_link` (map (pair "cloud" .input_cloud) (pair "path" "administration-guide/users-groups/service-principals.html#manage-access-tokens-for-a-service-principal")) }})
to get service principal tokens for staging and prod workspace and follow [Encrypted secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets)
to add the secrets to GitHub:
- `STAGING_WORKSPACE_TOKEN` : service principal token for staging workspace
- `PROD_WORKSPACE_TOKEN` : service principal token for prod workspace
- `WORKFLOW_TOKEN` : [Github token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic) with workflow permissions. This secret is needed for the Deploy CI/CD Workflow.

Next, be sure to update the [Workflow Permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token) section under Repo Settings > Actions > General:
- Allow `Read and write permissions`,
- Allow workflows to be able to open pull requests (PRs).
{{ end }}

{{ if and (eq .input_cicd_platform `github_actions`) (eq .input_cloud `azure`) }}
{{ if eq .input_cloud `azure` }}
After creating the service principals and adding them to the respective staging and prod workspaces, refer to
[Manage access tokens for a service principal]({{ template `generate_doc_link` (map (pair "cloud" .input_cloud) (pair "path" "administration-guide/users-groups/service-principals#--manage-access-tokens-for-a-service-principal")) }})
and [Get Azure AD tokens for service principals]({{ template `generate_doc_link` (map (pair "cloud" .input_cloud) (pair "path" "dev-tools/api/latest/aad/service-prin-aad-token")) }})
Expand All @@ -135,7 +121,19 @@ to add the following secrets to GitHub:
- `STAGING_AZURE_SP_CLIENT_SECRET`
- `WORKFLOW_TOKEN` : [Github token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic) with workflow permissions. This secret is needed for the Deploy CI/CD Workflow.
Be sure to update the [Workflow Permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token) section under Repo Settings > Actions > General to allow `Read and write permissions`.
{{ end }}
{{ else }}
After creating the service principals and adding them to the respective staging and prod workspaces, follow
[Manage access tokens for a service principal]({{ template `generate_doc_link` (map (pair "cloud" .input_cloud) (pair "path" "administration-guide/users-groups/service-principals.html#manage-access-tokens-for-a-service-principal")) }})
to get service principal tokens for staging and prod workspace and follow [Encrypted secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets)
to add the secrets to GitHub:
- `STAGING_WORKSPACE_TOKEN` : service principal token for staging workspace
- `PROD_WORKSPACE_TOKEN` : service principal token for prod workspace
- `WORKFLOW_TOKEN` : [Github token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic) with workflow permissions. This secret is needed for the Deploy CI/CD Workflow.

Next, be sure to update the [Workflow Permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token) section under Repo Settings > Actions > General:
- Allow `Read and write permissions`,
- Allow workflows to be able to open pull requests (PRs).
{{ end }}

### Setting up CI/CD workflows
After setting up authentication for CI/CD, you can now set up CI/CD workflows. We provide a [Deploy CICD workflow](../.github/workflows/deploy-cicd.yml) that can be used to generate the other CICD workflows mentioned below for projects.
Expand Down Expand Up @@ -262,9 +260,9 @@ The ultimate aim of the service connection approach is to use two separate servi
> Note that you will have to update this code snippet with the respective service connection names, depending on which Databricks workspace you are deploying resources to.

1. Create separate Azure Pipelines under your Azure DevOps project using the ‘Existing Azure Pipelines YAML file’ option. Create one pipeline for each script. See [here](https://docs.microsoft.com/en-us/azure/devops/pipelines/create-first-pipeline) for more details on creating Azure Pipelines.
6. Define [build validation branch policies](https://learn.microsoft.com/en-us/azure/devops/repos/git/branch-policies?view=azure-devops&tabs=browser#build-validation) for the `{{ .input_default_branch }}` branch using the Azure build pipelines created in step 1. This is required so that any PR changes to the `{{ .input_default_branch }}` must build successfully before PRs can complete.
1. Define [build validation branch policies](https://learn.microsoft.com/en-us/azure/devops/repos/git/branch-policies?view=azure-devops&tabs=browser#build-validation) for the `{{ .input_default_branch }}` branch using the Azure build pipelines created in step 1. This is required so that any PR changes to the `{{ .input_default_branch }}` must build successfully before PRs can complete.
In the case of a monorepo, where there are multiple projects under a single repository, set a [path filter](https://learn.microsoft.com/en-us/azure/devops/repos/git/branch-policies?view=azure-devops&tabs=browser#path-filters) on the build validation policies, such that devops pipelines are only triggered when there are changes to the respective projects (e.g. the path filter would be `/project1/*` to trigger a devops pipeline when changes are made to _only_ files under the `project1` folder).
{{ end }}
{{ end }}

### Setting up CI/CD workflows
After setting up authentication for CI/CD, you can now set up CI/CD workflows. We provide a [Deploy CICD workflow](../.azure/devops-pipelines/deploy-cicd.yml) that can be used to generate the other CICD workflows mentioned below for projects.
Expand Down
Loading

0 comments on commit 1142de7

Please sign in to comment.