I've recently taken over a Bicep repository and I'm looking for some solid best practices for setting up an Azure Bicep pipeline for integration and deployment. I've noticed there's not much high-quality information available out there. Has anyone had experience with this?
So far, I've discovered that Bicep has built-in linting and build capabilities, but I find the 'what-if' feature for previewing changes to be unreliable. I also appreciate the SonarQube scan support I found; it's been pretty helpful. What additional tools or practices can I implement to boost my confidence in deploying this code error-free?
I'm also curious about the procedural side of a Bicep pipeline that ensures quality. What sorts of manual steps should we be prepared to handle, like subscription setup? Are there any specific Bicep flags or features that can lead to smoother deployments or provide more detail during the deployment process?
5 Answers
Honestly, I think Bicep has its issues. Hoping to see some significant changes or something better emerge soon.
Unit testing in Bicep is still in an experimental phase, but it’s worth looking into as Microsoft may continue to improve it. The current 'what-if' feature is definitely more polished than it used to be though!
They mentioned during a community call last year that it was just an intern project, so don’t get your hopes too high on updates.
Haha, true! Thanks for the heads-up!
Have you thought about building to a test environment? You could set up a dedicated branch to handle infrastructure builds and then tear it down as part of the CI/CD process. Before merging PRs, perform basic checks for syntax and security. Once everything passes, you can deploy to the live environment confidently.
I totally get the theory; implementing it effectively with Bicep, unlike Terraform, seems trickier. Good examples are still hard to come by!
That sounds sensible! I usually prefer having a dev environment to validate infrastructure, then push to test for acceptance testing. It’s also great for tackling performance needs.
We run a nightly pipeline that recreates everything in our environment, including databases and infrastructure. This way, you ensure your disaster recovery (DR) plan is effective. The 'what-if' feature is useful for previewing changes like which resources might be modified or deployed. I also suggest using the complete mode so you don’t miss anything important, such as permissions or blob containers—those things matter for a solid DR strategy.
Checkov is a great tool to help with security and configuration checks. It can complement your efforts for building a reliable Bicep pipeline!
I feel ya on that one!