This repository contains an Azure DevOps pipeline that builds, tests, deploys, and optionally cleans up infrastructure using Bicep templates. The main goal is to provision a secure Windows VM in Azure.
trigger:
- none| Stage | Description |
|---|---|
| 🛠 Build | Placeholder for build steps |
| 🧪 Test | Placeholder for future tests |
| 🚀 Deploy | Deploys infrastructure using Bicep |
| 🧹 Cleanup | Deletes the resource group (optional) |
main.bicep– Infrastructure-as-Code definition- Azure DevOps pipeline YAML – defines the CI/CD logic
- Username (
adminUN) is defined as a pipeline variable - Password (
adminPASS) is securely fetched from Azure Key Vault - Secrets are not hardcoded and follow best practices
This stage:
- Fetches secrets from Azure Key Vault
- Creates the resource group (if it doesn’t exist)
- Deploys resources with
az deployment group create
az deployment group create \
--resource-group $(resourceGroupName) \
--template-file $(templateFile) \
--parameters adminUsername='$(adminUN)' adminPassword='$(adminPASS)'Your main.bicep provisions the following Azure resources:
- Virtual Network & Subnet
- Network Security Group (NSG)
- Network Interface with Public IP
- Windows Virtual Machine
Example Bicep Snippet
resource vm 'Microsoft.Compute/virtualMachines@2022-03-01' = {
name: vmName
location: location
properties: {
osProfile: {
computerName: vmName
adminUsername: adminUsername
adminPassword: adminPassword
}
...
}
}The final stage deletes the entire resource group to:
- Keep your Azure environment clean
- Prevent extra costs
- Ensure ephemeral infrastructure
az group delete --name $(resourceGroupName) --yes --no-waitAll resources are deployed in:
Location: West Europe (westeurope)
- Add automated testing after deployment
- Integrate with CI triggers (
push/pull_request) - Include monitoring/alerts after VM deployment
[Internet] ──> [Public IP] ──> [NIC] ──> [VM]
│
└─> [NSG - Allow RDP (3389)]