Breadcrumbs

Azure DevOps Pipelines for Customer Projects

Important: Starting with pfxpackage v3.41+, you must include options: --user 0 in the pipeline step that uses the pricefx/pfxpackage image. Add it under that step's configuration; otherwise, logs will not be printed in Azure DevOps.

This guide is intended for partners and customers who want to use their own Azure DevOps as their Git repository and CI/CD tool instead of GitLab.

Prerequisites

  • Create a user account pfx.deploy in the target partitions (QA, PROD). Assign General Admin privileges in each partition where you plan to deploy. Set a password and keep it safe; you will set it later in the PFX_PASS variable in Azure.

The password must be at least 14 characters long, have at least 1 digit, and have at least 1 capital letter.

  • pom.xml must be present in the project root folder. If not, generate it in Studio by right-clicking the project and navigating to Pricefx > Create 'pom.xml'.

  • Ensure you have sufficient permissions in Azure to manage the repository settings.

Step-by-step tutorial in Azure DevOps

  1. Generate the pipeline file in Studio. Right-click the project and navigate to Pricefx > CI Deployment > Create azure-pipelines.yml. Map each source branch to its target environment (cluster URL and partition are derived from the mapping). Commit and push the generated file to your Azure DevOps Git repository.

  2. Create the pipeline in Azure DevOps. Go to Pipelines > New pipeline, select your repository provider, pick your repository, choose Existing Azure Pipelines YAML file, and point to /azure-pipelines.yml. Save. See https://learn.microsoft.com/en-us/azure/devops/pipelines/create-first-pipeline.

  3. Add pipeline variables. In your Azure DevOps project, open the pipeline's Variables tab (see https://learn.microsoft.com/en-us/azure/devops/pipelines/process/variables) and add:

    1. PFX_USER — set to pfx.deploy.

    2. PFX_PASS — set to the deployment user's password. Select Keep this value secret.

You're all set. From now on:

  • Any push runs Verify (Maven unit tests) and Analyze (pfxprobe code analysis).

  • A push to a mapped branch additionally runs Deploy (pfxpackage tool) to the target partition.

Optional: Configure a Build Validation branch policy for the qa and main branches. This will trigger Verify and Analyze over pull requests in Azure Repos. See: https://learn.microsoft.com/en-us/azure/devops/repos/git/branch-policies

Optional: Install the SARIF SAST Scans Tab extension (org-level, one-time) to visualize the code analysis report in the UI. The generated azure-pipelines.yml publishes codeclimate.sarif.json under the CodeAnalysisLogs artifact, which the extension reads to render a Scans tab on each build summary — per-rule grouping, file/line drilldown, severity filters, and a new-vs-fixed diff against the previous run.

See also: https://learn.microsoft.com/en-us/azure/devops/pipelines/customize-pipeline