Best way to for Adding approval stage before deploy stage

Question

I am using below pipeline having build and deploy stage, i want deploy stage should run after build passed only and then after build pass it should go for approval before deploy stage. Please suggest how it can be done

below is the pipeline where it contains build and deploy stages:

trigger:
- none

variables:
  imageName: 'aksimage'
  dockerfilePath: 'Dockerfile'
  buildContext: '.'
  acrLoginServer:: 'acrnnn.azurecr.io'
  dockerRegistryServiceConnection: 'april28acr'

parameters:
- name: testtag
  displayName: 'Tag to Build and Deploy'
  type: string
  default: 'latest'

pool:
  vmImage: 'ubuntu-latest'

stages:
- stage: Build
  displayName: Build and Push Docker Image
  jobs:
  - job: BuildJob
    steps:
    - checkout: self

    - task: Docker@2
      displayName: 'Build and Push Docker Image to ACR'
      inputs:
        containerRegistry: '$(dockerRegistryServiceConnection)' # <- not hardcoded 'scn'
        repository: '$(imageName)'    # just aksimage
        command: 'buildAndPush'
        Dockerfile: '$(dockerfilePath)'
        buildContext: '$(buildContext)'
        tags: |
          ${{ parameters.testtag }}  



    - task: PublishPipelineArtifact@1
      displayName: 'Publish deployment.yaml as Artifact'
      inputs:
        targetPath: '$(Build.SourcesDirectory)/deployment.yaml'
        artifactName: 'deployment-files'

# ========================
# 🚀 DEPLOY STAGE
# ========================
- stage: Deploy
  displayName: Deploy to AKS
  dependsOn: Build
  condition: succeeded()
  jobs:
  - job: DeployJob
    displayName: Deploy Using Updated Deployment.yaml
    steps:
    - checkout: self

    - task: DownloadPipelineArtifact@2
      displayName: 'Download Deployment Artifact'
      inputs:
        artifactName: 'deployment-files'
        targetPath: '$(Build.SourcesDirectory)/deployment'

    - task: Bash@3
      name: ShowImageBeforeDeploy
      displayName: 'Show Image Before Tag Replace'
      inputs:
        targetType: 'inline'
        script: |
          set -e
          echo "✅ Image before replacement:"
          grep "image:" $(Build.SourcesDirectory)/deployment.yaml

    - task: Bash@3
      name: ReplaceTag
      displayName: 'Replace Image Tag'
      inputs:
        targetType: 'inline'
        script: |
          set -e
          echo "🔧 Replacing __IMAGETAG__ with '${{ parameters.testtag }}'..."
          sed "s|__IMAGETAG__|${{ parameters.testtag }}|g" $(Build.SourcesDirectory)/deployment.yaml > $(Build.SourcesDirectory)/updated-deployment.yaml

    - task: Bash@3
      name: ShowImageAfterDeploy
      displayName: 'Show Image After Tag Replace'
      inputs:
        targetType: 'inline'
        script: |
          set -e
          echo "✅ Image after replacement:"
          grep "image:" $(Build.SourcesDirectory)/updated-deployment.yaml

    - task: Kubernetes@1
      displayName: 'Deploy to AKS Cluster'
      inputs:
        connectionType: 'Kubernetes Service Connection'
        kubernetesServiceEndpoint: 'april28aks'
        namespace: 'default'
        command: 'apply'
        useConfigurationFile: true
        configuration: '$(Build.SourcesDirectory)/updated-deployment.yaml'
        secretType: 'dockerRegistry'
        containerRegistryType: 'Azure Container Registry'

Answer 1

You need to do the following:

Create an environment in Azure DevOps

Add approval checks to that environment

Modify your YAML pipeline to use that environment

• Change the job type in the Deploy stage from job to deployment
• Add the environment property pointing to your environment with approvals
• You can also add a deployment strategy using runOnce to organize your deployment tasks

See: https://learn.microsoft.com/en-us/azure/devops/pipelines/process/approvals?view=azure-devops&tabs=check-pass

You can mark it 'Accept Answer' and 'Upvote' if this helped you

Regards,

Abiola