DEV Community


Automation of AzureDevops Workflow with Tomtit

melezhik profile image Alexey Melezhik ・5 min read

tomtit logo

One of my primary tasks is to maintain and develop builds using VSTS / Azure. Those builds are mainly for creation of infrastructure through Azure resources. In this post I am going to show how Tomtit makes my workflow easier letting me manage all my tasks through command line interface.

Project repository

My typical VSTS build repository holds azure-pipelines.yml which describes "pipeline" build logic (*).

For me it just means, that the build logic is defined in azure-pipelines.yml file and I only make corrections in other project related files, commit those changes, push them back and initiate new build.

So, first of all I need to clone repository which I am working on:

git clone $vsts-build-repo

(*) You can read more about this at AzureDevops Pipelines at the Microsoft documentation pages.

Managing VSTS builds

Recently Microsoft launched handy command line interface to interact with Azure Devops, it is called vsts cli, in my case, just because I am actively using Tomtit to manage my workflows, I've created a Sparrow plugin to wrap vsts cli and adding some extra logic to the existing vsts cli tool.

So, my typical workflow when working with VSTS builds consists of two tasks:

  • run a build
  • see a build status

Let's go ahead and see how this automated through the Tomtit.

Tomtit Ado profile

First of all I need to install ado profile, that comes with Tomtit runner, this profile contains all necessary scripts we will need when working with AzureDevops.

tom --profile ado

install ado@az-account-set ...
install ado@az-kv-show ...
install ado@az-resources ...
install ado@build ...
install ado@list ...

So far we are interested in those two ones:

  • ado@build
  • ado@list

If we take a look at the content of scripts will see stubs that are easily customized for our needs:

tom --cat --lines build:

[scenario build]

[1] task-run "run build", "vsts-build", %(
[2]   definition => 'change me'
[3] );

We just need to change line number two to set up VSTS build definition name to run the build against:

tom --edit build:

task-run "run build", "vsts-build", %(
  definition => 'Build01'

All ado@build scripts does is running vsts build against current git branch, you've clone repository.

The next script ado@build does need to be customized, it lists last N builds for the VSTS project where we have cloned the repository from.

tom --cat list:

[scenario list]
task-run "list builds", "vsts-build", %(
  action => "list"

Now all my workflow boils down to those typical operations:

  • Edit files

  • Commit my changes

  • Push my changes

  • Run vsts build

  • Tail last N builds to see the build status

Again as I am using Tomtit as workflow management it supplies me with nice helpers to easy git related operations:

tom --profile git

install git@commit ...
install git@git-summary ...
install git@pull ...
install git@push ...
install git@set-git ...
install git@status ...

Now we are ready to everything with minimal efforts:

  • Edit files => nano azure-pipelines.yml

  • Commit changes => tom commit

  • Push changes => tom push

  • Run build => tom build

  • List build status => tom status

Other essential part of my workflow is testing created Azure resources.

Checking Azure Resources

Typical every VSTS build creates specific Azure resources, it proves to be very important to check these resources.

It all boils down to 3 typical tasks:

  • Set current azure account. Because I can work in different subscriptions and sometimes need to change account.

  • List resources for given resource group

  • Show key vault secrets

All these tasks are covered by existing ado@ scripts:

  • ado@az-account-set - to set az cli current account

  • ado@az-resources - to list resources

  • ado@az-kv-show - to print out key vault secrets

Of course, some scripts require customization:

Set account

tom --cat --lines az-account-set:

[scenario az-account-set]
[1] #!perl6
[3] task-run "set az account", "azure-account-set", %(
[4]   subscription => "change me"
[5] );

We will change line number 4, to pass subscription id from configuration file:

tom --edit az-account-set:


task-run "set az cli account to {config<subscription><name>}", "azure-account-set", %(
  subscription => config<subscription><id>

Now let's create default configuration:

tom --env-edit default:

  subscription => %(
    id => "265a768e-8c76-44d3-sa7b-03a19b756678",
    name => "DevSubscription"
  group => "Grp01",
  keyvault => "KVTest"  

Whenever we need to switch between subscriptions we just need to create a new environment and switch to it:

tom --env-edit production
tom --env-set production

By default we gonna use default environment.

Now let's customize ado@az-resources script:

tom --cat --lines az-resources:

[1] #!perl6
[3] task-run "resources list", "azure-resource-list", %(
[4]   group     => "changeme",
[5]   pattern  => "changeme"
[6] );

We change lines number 4 to pass resource group parameter through configuration file, and line number 5 to add additional resources filter:

tom --edit az-resources:


task-run "{config<group>} resources", "azure-resource-list", %(
   group     => config<group>,
   pattern   => "abc"

We do pretty much the same with ado@az-kv-show scripts, it proves to be very handy as quite often I need to see key vault secrets every time as switched between different subscriptions/projects:

tom --cat --lines az-kv-show

[scenario az-kv-show]
[1] #!perl6
[3] task-run "keyvault secret", "azure-kv-show", %(
[4]   kv      => 'changme', # key vault name
[5]   secret  => 'changme'  # key vault secret
[6] );

We're changing lines number 4 and 5 to set actual key vault name an a list of secrets:

tom --edit az-kv-show:


task-run "keyvault secret", "azure-kv-show", %(
  kv      config<keyvault> , # key vault name
  secret  => ( "client_id", "client_secret", "db_login", "db_password") 

Now we are all set up to manage everything through Tomtit:

  • tom az-account-set => to set az cli account
  • tom az-resources => to list resources
  • tom az-kv-show => to print out secrets

Those commands save me a lot of time and makes new project bootstrap super fast and easy. Every time I start working with my new build/repository I do the same:

  • tom --profile git => to install git helpets
  • tom --profile ado => to install AzureDevops helpers
  • tom --edit => to customize helpes
  • tom --env-edit / --env-set => to create/set environments/configurations


At the end of the day workflow management with Tomtit is dead easy and fun! it minimize repetitious steps and creates disputable harness for your projects.

Thank you for reading.

Discussion (0)

Editor guide