Events
17 Mar, 9 pm - 21 Mar, 10 am
Join the meetup series to build scalable AI solutions based on real-world use cases with fellow developers and experts.
Register nowThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019
A resource is anything used by a pipeline that lives outside the pipeline.
Resources offer the following benefits:
Share resources across pipelines by configuring them within the pipelines UI. Then, reference those resources in a task. You can also access some shared resources with the resources
YAML pipeline syntax.
Examples of sharing resources with the pipelines UI include secure files, variable groups, and service connections. With the resources
syntax, examples include accessing pipelines themselves, repositories, and packages.
How a resource gets used in a pipeline depends on the type of pipeline and type of resource.
For YAML pipelines:
group
syntax.resources
syntax.For example, to use variable groups in a pipeline, add your variables at Pipelines > Library. Then, you can reference the variable group in your YAML pipeline with the variables
syntax.
variables:
- group: my-variable-group
To call a second pipeline from your pipeline with the resources
syntax, reference pipelines
.
resources:
pipelines:
- pipeline: SmartHotel-resource # identifier for the resource (used in pipeline resource variables)
source: SmartHotel-CI # name of the pipeline that produces an artifact
You can enhance your pipeline's security with resources by identifying how the resource gets consumed, and how to prevent unauthorized access.
For YAML pipelines only, set resources as protected or open. When a resource is protected, you can apply approvals and checks to limit access to specific users and YAML pipelines. Protected resources include service connections, agent pools, environments, repositories, variable groups, and secure files.
Resource | How is it consumed? | How do you prevent an unintended pipeline from using this? |
---|---|---|
service connections | Consumed by tasks in a YAML file that use the service connection as an input. | Protected with checks and pipeline permissions. Checks and pipeline permissions are controlled by service connection users. A resource owner can control which pipelines can access a service connection. You can also use pipeline permissions to restrict access to particular YAML pipelines and all classic pipelines. |
secret variables in variable groups | A special syntax exists for using variable groups in a pipeline or in a job. A variable group gets added like a service connection. | Protected with checks and pipeline permissions. Checks and pipeline permissions are controlled by variable group users. A resource owner can control which pipelines can access a variable group. You can also use pipeline permissions to restrict access to particular YAML pipelines and all classic pipelines. |
secure files | Secure files are consumed by tasks (example: Download Secure File task). | Protected with checks and pipeline permissions. Checks and pipeline permissions are controlled by secure files users. A resource owner can control which pipelines can access secure files. You can also use pipeline permissions to restrict access to particular YAML pipelines and all classic pipelines. |
agent pools | There's a special syntax to use an agent pool to run a job. | Protected with checks and pipeline permissions. Checks and pipeline permissions are controlled by agent pool users. A resource owner can control which pipelines can access an agent pool. You can also use pipeline permissions to restrict access to particular YAML pipelines and all classic pipelines. |
environments | There's a special syntax to use an environment in a YAML. | Protected with checks and pipeline permissions that are controlled by environment users. You can also use pipeline permissions to restrict access to a particular environment. |
repositories | A script can clone a repository if the job access token has access to the repo. | Protected with checks and pipeline permissions controlled by repository contributors. A repository owner can restrict ownership. |
artifacts, work items, pipelines | Pipeline artifacts are resources, but Azure Artifacts aren't. A script can download artifacts if the job access token has access to the feed. A pipeline artifact can be declared as a resource in the resources section – primarily for the intent of triggering the pipeline when a new artifact is available, or to consume that artifact in the pipeline. | Artifacts and work items have their own permissions controls. Checks and pipeline permissions for feeds aren't supported. |
containers, packages, webhooks | These live outside the Azure DevOps ecosystem and access is controlled with service connections. There's a special syntax for using all three types in YAML pipelines. | Protected with checks and pipeline permissions controlled by service connection users. |
Environments support the following resource types:
Events
17 Mar, 9 pm - 21 Mar, 10 am
Join the meetup series to build scalable AI solutions based on real-world use cases with fellow developers and experts.
Register nowTraining
Module
Configure secure access to pipeline resources - Training
Configure secure access to pipeline resources.
Certification
Microsoft Certified: Azure Database Administrator Associate - Certifications
Administer an SQL Server database infrastructure for cloud, on-premises and hybrid relational databases using the Microsoft PaaS relational database offerings.
Documentation
Asset library - Azure Pipelines
Understand the Azure Pipelines asset library for secure files and variable groups.
Resources in YAML pipelines - Azure Pipelines
Learn about defining and consuming YAML resources that you can use anywhere in your pipelines jobs, or to trigger jobs and automation.
resources.pipelines.pipeline definition
A pipeline resource.