Stage Templates

Microtec ERP pipelines are built from reusable YAML stage templates. Rather than repeating deployment logic in every orchestrator pipeline, shared templates are parameterized and composed. Templates live under Devops/azure/templates/.

---

Template Directory Structure

Devops/azure/templates/
├── stages/
│   ├── initialize.stage.yml            # Parse config, resolve environment
│   ├── build-docker.stage.yml          # Docker build + ACR push
│   ├── deploy-container.stage.yml      # Update CAE revisions
│   ├── docker-build-push.stage.yml     # Alternative Docker build+push stage
│   ├── docker-initialize.stage.yml     # Docker-specific initialization
│   ├── provision-infra.stage.yml       # Subscription-scoped Bicep deploy
│   ├── fast-deploy.stage.yml           # Fast path: image update, no infra
│   ├── approval.stage.yml              # Manual approval gate
│   ├── notify.stage.yml                # Teams/email notification
│   └── portainer-deploy.stage.yml      # Portainer-based deploy (on-prem)
├── jobs/
│   ├── detect-container-services.job.yml   # Detects changed services
│   └── detect-frontend-apps.job.yml        # Detects changed frontend apps
└── steps/
    ├── backend/                        # Backend-specific step templates
    ├── frontend/                       # Frontend step templates
    ├── common/                         # Shared steps (checkout, auth, etc.)
    ├── changelog/                      # Changelog generation steps
    ├── db-migration/                   # Database migration steps
    ├── docker/                         # Docker helper steps
    ├── file-seeders/                   # Seed file steps
    ├── notifications/                  # Notification steps
    ├── notify/                         # Notify step templates
    ├── scrum-automation/               # Scrum automation steps
    └── workitems/                      # Work item update steps

---

Stage: initialize.stage.yml

Reads services-config.json, resolves the target environment from the branch name or pipeline parameters, and sets pipeline-wide variables for use in subsequent stages.

Location: Devops/azure/templates/stages/initialize.stage.yml

Key outputs:

• ENVIRONMENT — resolved environment (dev, stage, preprod, uat, production)
• ACR_NAME — ACR login server (from environments array in config)
• Service list for the current deploy run

---

Stage: build-docker.stage.yml

Builds Docker images and pushes them to the environment's ACR. Uses change detection to build only services whose source files changed since the last successful build.

Location: Devops/azure/templates/stages/build-docker.stage.yml

parameters:
  - name: environment
    type: string
  - name: serviceToggles
    type: object     # Boolean flags per service
  - name: repositories
    type: object     # List of repo names to check out

Change Detection

The build stage uses detect-container-services.job.yml to identify which services have changed:

Job template: Devops/azure/templates/jobs/detect-container-services.job.yml

The detection script (scripts/detect/Detect-ContainerServicesDeployment.ps1) compares changed paths against each service's projectPath in services-config.json. When deployMode is force-all, detection is bypassed and all services are built.

---

Stage: provision-infra.stage.yml

Runs the full Bicep infrastructure deployment. Calls Build-BicepParams.ps1 first to generate parameters from services-config.json.

Location: Devops/azure/templates/stages/provision-infra.stage.yml

parameters:
  - name: environment
    type: string
  - name: whatIfOnly
    type: boolean
    default: false

The stage runs Build-BicepParams.ps1 (from scripts/infra/) to convert services-config.json into a Bicep parameters file, then deploys infrastructure/main.bicep at subscription scope.

---

Stage: deploy-container.stage.yml

Updates Container App revisions for all (or selected) services in a target environment.

Location: Devops/azure/templates/stages/deploy-container.stage.yml

parameters:
  - name: environment
    type: string
  - name: serviceToggles
    type: object      # Parsed from services-config.json
  - name: imageTag
    type: string

Each service is deployed via az containerapp update with the new image tag. Resource group names follow the mic-erp-be-{env}-apps-{profile}-rg naming convention.

---

Stage: fast-deploy.stage.yml

Streamlined deploy that skips Bicep provisioning. Directly calls az containerapp update for the selected services.

Location: Devops/azure/templates/stages/fast-deploy.stage.yml

Used exclusively by pipelines/container-backend/fast-deploy-pipeline.yml. Respects the same serviceToggles parameter pattern as the full deploy — select which services to update via boolean toggles.

---

Stage: approval.stage.yml

Implements a manual approval gate before the deploy stage. Skipped for the dev environment or when skipApproval: true is passed.

Location: Devops/azure/templates/stages/approval.stage.yml

parameters:
  - name: environment
    type: string
  - name: skipApproval
    type: boolean
    default: false

Approval gates are implemented as Azure DevOps Environments with branch protection policies. Each environment (dev, stage, preprod, uat, production) is configured in ADO:

Environment	Approvers	Timeout	Policy
dev	None (auto)	—	None
stage	Dev team (any 1)	4 hours	Branch: Stage
preprod	Lead Dev or QA Lead	8 hours	Branch: PreProd or preprod
uat	QA Lead (required)	24 hours	All CI checks pass
production	Release Manager + CTO	8 hours	Stage smoke tests green

In YAML, environments are referenced via the environment: key in a deployment job:

jobs:
  - deployment: DeployToStage
    environment: 'stage'   # Triggers approval gate configured in ADO
    strategy:
      runOnce:
        deploy:
          steps:
            - template: ../steps/backend/update-container-app.steps.yml
              parameters:
                environment: stage
                serviceToggles: ${{ parameters.serviceToggles }}
                imageTag: $(Build.BuildId)

See Approval Gates for the full approval policy details.

---

Stage: notify.stage.yml

Sends a Teams channel notification with the deployment summary (environment, services deployed, build ID, status).

Location: Devops/azure/templates/stages/notify.stage.yml

---

Job: detect-container-services.job.yml

Runs scripts/detect/Detect-ContainerServicesDeployment.ps1 to produce a list of services that need to be built and deployed in this run.

Location: Devops/azure/templates/jobs/detect-container-services.job.yml

Outputs feed directly into the build and deploy stages.

---

Template Parameter Conventions

All templates follow these conventions:

Convention	Rule
environment parameter	Always string, values: dev|stage|preprod|uat|production
serviceToggles parameter	Always object (boolean flag per service)
imageTag parameter	Always string, defaults to $(Build.BuildId)
Agent pool	Always MIC-EG-AGENT (self-hosted)
Resource group naming	Resolved from environment using mic-erp-be-{env}-apps-{profile}-rg formula

---

Related Documentation

• Orchestrators — How templates are composed into pipelines
• Services Config — The services object fed to templates
• Build Docker — Docker build template details
• Approval Gates — ADO environment approval configuration
• Provision Infra — provision-infra.stage.yml deep dive