The simplest way to deploy a database is by using a data-tier package or DACPAC. DACPACs allow you to package and deploy schema changes and data. You can create a DACPAC using the SQL Database Project in Visual Studio.
The Azure SQL Database deployment task is the primary mechanism to deploy a database to Azure. This task, as with other built-in Azure tasks, requires an Azure service connection as an input. The Azure service connection stores the credentials to connect from Azure Pipelines to Azure.
The easiest way to get started with this task is to be signed in as a user that owns both the Azure DevOps organization and the Azure subscription.
In this case, you won't have to manually create the service connection. Otherwise, to learn how to create an Azure service connection, see Create an Azure service connection.
- task: SqlAzureDacpacDeployment@1
displayName: Execute Azure SQL : DacpacTask
inputs:
azureSubscription: '<Azure service connection>'
ServerName: '<Database server name>'
DatabaseName: '<Database name>'
SqlUsername: '<SQL user name>'
SqlPassword: '<SQL user password>'
DacpacFile: '<Location of Dacpac file in $(Build.SourcesDirectory) after compilation>'
When setting up a build pipeline, use the .NET desktop template. This template automatically adds the tasks to build the project and publish artifacts, including the DACPAC.
For Classic release pipelines, select Start with an empty pipeline, link the artifacts from your build pipeline, and then add the Azure SQL Database Deployment task.
SQL scripts
Alternatively, you can use SQL scripts instead of DACPAC to deploy your database. Below is a simple SQL script that creates an empty database:
USE [main]
GO
IF NOT EXISTS (SELECT name FROM main.sys.databases WHERE name = N'DatabaseExample')
CREATE DATABASE [DatabaseExample]
GO
To run SQL scripts from your pipeline, you'll need to add and remove firewall rules in Azure. Without these rules, the Azure Pipelines agent cannot communicate with Azure SQL Database.
Set Azure firewall rules
The following PowerShell script creates firewall rules. Save it as SetAzureFirewallRule.ps1 and add it to your repository:
For Classic pipelines, ensure that both the SQL script for deploying the database and the Azure PowerShell scripts for configuring firewall rules are included as part of the build artifact.
For Classic release pipelines, select Start with an empty pipeline, link the artifacts from your build pipeline, and then add the following tasks:
Use the Azure PowerShell task to add a firewall rule in Azure, allowing the Azure Pipelines agent to connect to the Azure SQL Database. The script requires one argument - the name of the SQL server you created.
Use the PowerShell task to invoke SQLCMD and execute your scripts. Use the following inline script:
Use another Azure PowerShell task to remove the firewall rule in Azure.
Deploy database conditionally
You can choose to deploy only specific builds to your Azure database, giving you more control over which changes are applied based on criteria like the source branch or build status.
To do this in YAML, you can use one of these techniques:
Isolate the deployment steps into a separate job and apply a condition to that job.
Add a condition directly to the step.
The example below shows how to deploy only builds from the main branch using conditions:
- task: SqlAzureDacpacDeployment@1
condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
inputs:
azureSubscription: '<Azure service connection>'
ServerName: '<Database server name>'
DatabaseName: '<Database name>'
SqlUsername: '<SQL user name>'
SqlPassword: '<SQL user password>'
DacpacFile: '<Location of Dacpac file in $(Build.SourcesDirectory) after compilation>'
With Classic release pipelines, you can implement various checks and conditions to control when and which deployments are triggered. Here are some strategies you can use:
Use branch filters to set up your continuous deployment triggers to trigger a release whenever a new build from a specific branch becomes available.
Use pre-deployment approvals to designate approvers who can either approve or reject deployment to a specific stage.
Define a set of gates to ensure that the release pipeline meets specific criteria before deployment without requiring user intervention.
Note
In some scenarios, you might need to allowlist IP address ranges for a specific region. These ranges are updated weekly and can be downloaded as a JSON file. See networking Microsoft-hosted agents for more details.
More SQL actions
The SQL Azure Dacpac Deployment task might not cover all the SQL server actions you need to perform. In such cases, you can use PowerShell or command-line scripts to execute the required commands.
This section covers common use cases for invoking the SqlPackage.exe tool. Before running this tool, make sure you're using a self-hosted agent with the tool installed.
Note
If you execute SQLPackage from the folder where it is installed, you must prefix the path with & and wrap it in double-quotes.
Basic Syntax
<Path of SQLPackage.exe> <Arguments to SQLPackage.exe>
You can use any of the following SQL scripts based on the action you wish to perform:
Incrementally updates a database schema to match the schema of a source .dacpac file. If the database doesn’t exist on the server, the publish operation will create it. Otherwise, an existing database will be updated.
Administer an SQL Server database infrastructure for cloud, on-premises and hybrid relational databases using the Microsoft PaaS relational database offerings.
