Skip to main content
Version: 4.5

What

This capability allows application teams to inject custom steps into the CI pipeline. You can use preBuildSteps and/or postBuildSteps, which determines if your custom steps run before or after the docker build.

Why

Application teams might need to run additional tasks before and/or after the build has completed. For example, pushing coverage results to an external tool, performing blackduck scans, etc..

How

  1. Create a steps template file (for example, 'blackduck-scan.yml'):

    steps:
      - task: secretBatchRetrievalConnector@1
        displayName: "Conjur Integration"
        inputs:
          ConjurService: "conjur-dnt"
          secretsyml: "./sdl_secrets.yml"

      - bash: |
          echo "Blackduck User: $BLACKDUCK_API_USER"
          echo "Blackduck Token: $BLACKDUCK_API_TOKEN"
          echo "Something User: $something_user"
          echo "Something Pass: $something_pass"
        displayName: Debug variables
        env:
          BLACKDUCK_API_USER: $(BLACKDUCK_API_USER)
          BLACKDUCK_API_TOKEN: $(BLACKDUCK_API_TOKEN)
          something_user: $(something_user)
          something_pass: $(something_pass)

  2. Optionally, create a variable group (for example, 'sdl_test') with some variables (for example, something_user and something_pass). Then, include that variable group in your azure-pipelines.yml:

    variables:
    - group: sdl_test

  3. Optionally, create a CyberArk/Conjur secrets file (for example, sdl_secrets.yml).

    BLACKDUCK_API_USER: !var prodvault/CloudOne_LOB/S-D-C-RNCHR-CNJR-jon/aiq_blackduck_token/username
    BLACKDUCK_API_TOKEN: !var prodvault/CloudOne_LOB/S-D-C-RNCHR-CNJR-jon/aiq_blackduck_token/password

  4. Update your azure-pipelines.yml to inject the steps using one of the options below.

    • Option 1: This might be useful if you want multiple pipelines to execute the same steps. You can use variables to make it dynamic to support multiple pipelines.

Option 1 - Locally store steps within pipeline repo

This might be useful if the steps are custom/unique to this particular pipeline and will not be used for any other pipeline.

  1. Store the steps template that you created earlier (for example, 'blackduck-scan.yml') within the same repo as your azure-pipelines.yml file (for example, ./steps/blackduck-scan.yml).

  2. Add the following to your extends.parameters section (example only):

    extends:
      parameters:
        build:
          postBuildSteps:
            - template: steps/blackduck-scan.yml@self

Option 2 - Centrally stored steps in another repo

This might be useful if you want multiple pipelines to execute the same steps. You can use variables to make it dynamic to support multiple pipelines.

  1. Store the steps template that you created earlier (for example, 'blackduck-scan.yml') in another repo (for example, 'blackduck').

  2. Add the following to your resources.repositories section (example only):

    resources:
      repositories:
      - { repository: blackduck, type: git, name: blackduck-template-test, ref: main }

  3. Add the following to your extends.parameters section (example only):

    extends:
      parameters:
        build:
          postBuildSteps:
            - template: steps/blackduck-scan.yml@blackduck