When to use deployment jobs vs. normal jobs in Azure Pipelines for Bicep deployments?

Melvin Tran 40 Reputation points
2024-09-26T14:37:01.7233333+00:00

As a data engineer working on infrastructure-as-code using Bicep, I'm trying to understand the best practices for structuring my Azure Pipeline. I have separate environments for DEV and PRD, and I'm not sure when to use a deployment job versus a normal job.

For DEV, I don't need detailed deployment history, but for PRD, I might (I can't understand the differences between the history of a pipeline run and an environment run, you can still view the history right?). For instance, I have read: https://learn.microsoft.com/en-us/azure/devops/pipelines/process/deployment-jobs?view=azure-devops and understandably for PRD I would want my peers to approve the deployment, then I would opt for the special deployment job right.

Can someone explain the key considerations for choosing between these job types, especially in the context of Bicep deployments? Are there specific advantages to using deployment jobs for different environment that I should be aware of?

And how about using a deployment job for DEV or even UAT, does that make sense?

Some sample code for visualization of what I would do currently, but is this the way to go:

trigger:
  - main
variables:
  - name: devResourceGroup
    value: 'rg-dev-001'
  - name: prdResourceGroup
    value: 'rg-prd-001'
stages:
- stage: DeployDev
  jobs:
  - job: DeployToDev
    pool:
      vmImage: 'ubuntu-latest'
    steps:
    - task: AzureCLI@2
      inputs:
        azureSubscription: 'Dev-ServiceConnection'
        scriptType: 'bash'
        scriptLocation: 'inlineScript'
        inlineScript: |
          az deployment group create --resource-group $(devResourceGroup) --template-file main.bicep
- stage: DeployPrd
  jobs:
  - deployment: DeployToPrd
    pool:
      vmImage: 'ubuntu-latest'
    environment: 'Production'
    strategy:
      runOnce:
        deploy:
          steps:
          - task: AzureCLI@2
            inputs:
              azureSubscription: 'Prd-ServiceConnection'
              scriptType: 'bash'
              scriptLocation: 'inlineScript'
              inlineScript: |
                az deployment group create --resource-group $(prdResourceGroup) --template-file main.bicep
Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,982 questions
Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
10,688 questions
{count} votes

Accepted answer
  1. Iheanacho Chukwu 1,000 Reputation points
    2024-09-27T02:16:48.3866667+00:00

    Hello Melvin Tran,

    Thank you for posting this in Microsoft Q&A.

    Deployment jobs come with many benefits in Azure pipeline deployments. In Bicep deployments particularly, we look at its better environment targeting (especially where each environment has unique service connections), deployment tracking, lifecycle hooks, and approval mechanisms. These are critical for infrastructure as code workflows, where precision and control are important.

    It is idea to implement manual approval in higher environments (UAT and PRD) like you noted. However, you can as well keep your Dev environment with an open access (without manual deployment) while still using a deployment job. This keep things fairly uniform.

    Thanks,

    Iheanacho

    Please remember to "Accept Answer" if answer helped you. This will help us as well as others in the community who might be researching similar questions.

    3 people found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.