Skip to content

targets.md

Latest commit

 

History

History
109 lines (81 loc) · 3.09 KB

targets.md

File metadata and controls

109 lines (81 loc) · 3.09 KB

Target Platforms

Part of the ado-aw documentation.

Target Platforms

The target field in the front matter determines the output format and execution environment for the compiled pipeline.

standalone (default)

Generates a self-contained Azure DevOps pipeline with:

  • Full 3-job pipeline: AgentDetectionSafeOutputs
  • AWF (Agentic Workflow Firewall) L7 domain whitelisting via Squid proxy + Docker
  • MCP Gateway (MCPG) for MCP routing with SafeOutputs HTTP backend
  • Setup/teardown job support
  • All safe output features (create-pull-request, create-work-item, etc.)

This is the recommended target for maximum flexibility and security controls.

1es

Generates a pipeline that extends the 1ES Unofficial Pipeline Template:

  • Uses templateContext.type: buildJob with Copilot CLI + AWF + MCPG (same execution model as standalone)
  • Integrates with 1ES SDL scanning and compliance tools
  • Full 3-job pipeline: Agent → Detection → SafeOutputs
  • Requires 1ES Pipeline Templates repository access

Example:

target: 1es

When using target: 1es, the pipeline will extend 1es/1ES.Unofficial.PipelineTemplate.yml@1ESPipelinesTemplates.

job

Generates a job-level ADO YAML template with jobs: at root. This is a reusable template that can be included in an existing pipeline — it does not generate a complete pipeline.

The output contains the same 3-job chain (Agent → Detection → SafeOutputs) as standalone, with:

  • Job names prefixed with the agent name for uniqueness (e.g., DailyReview_Agent)
  • No triggers, pipeline name, or resource declarations (the parent pipeline owns those)
  • Pool baked in from the front matter pool: field (vmImage or name; defaults to vmImage: ubuntu-22.04)

Example front matter:

target: job

Usage in a flat pipeline

jobs:
  - job: Build
    steps: ...
  - template: agents/review.lock.yml

Usage inside a user-defined stage

stages:
  - stage: Build
    jobs: ...
  - stage: AgenticReview
    dependsOn: Build
    jobs:
      - template: agents/review.lock.yml

Notes

  • Triggers (on:) are ignored with a warning (the parent pipeline controls triggers)
  • If the agent declares additional repositories via repos:, add them to the parent pipeline's resources: block (documented in the generated file header)

stage

Generates a stage-level ADO YAML template with stages: at root. This wraps the 3-job chain inside a stage block for direct inclusion in multi-stage pipelines.

Example front matter:

target: stage

Usage

stages:
  - stage: Build
    jobs: ...
  - template: agents/review.lock.yml
    dependsOn: Build
    condition: succeeded()

ADO natively supports dependsOn and condition at the template call site — no template parameters are needed for stage ordering.

Notes

  • Same 3-job chain, job-name prefixing, and pool handling as target: job
  • Triggers (on:) are ignored with a warning
  • If the agent declares additional repositories via repos:, add them to the parent pipeline's resources: block