Power Platform: connect an Azure DevOps Pipeline

Why?

In the previous post Power Platform: setting up an Azure DevOps Pipeline » Knowhere365, I have setup a Starter Pipeline in Azure DevOps. Now we will connect the Azure DevOps Pipeline to the Power Platform yet.

What?

In this post, I am going to connect the Azure DevOps Pipeline to the Power Platform using a best practice approach.

How?

I found all the information below scattered over a lot of blog posts. Sometimes it was very confusing for me, because I had no experience with Azure DevOps Pipelines at all. So before I deep dive in to the invidual steps let me explain high over what we will do:

First we create an AAD App with a secret, so we have an object we can use to connect
Second we add an Application User linking the AAD App to our Power Platform DEV Environment
Third we create a Service Connection in our Azure DevOps Project so it can connect to the DEV Environment

1) I will register an Azure Active Directory Application and name it InSparkDemo-PowerPlatform-ALMapp. We will use it to have one specific point of entry to Power Platform Environment(s) for this specific purpose. We can register an AAD App by visiting the portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps link:

Don’t forget to give the AAD App a nice logo (just because we can 😍). Also take special notice of the Essentials about the AAD App in its Overview section:

I will need to give this AAD App the right permissions in the API permissions section. Using the Microsoft API called Dynamics CRM, it can access the Dataverse (previously known as Common Data Service) environments within our tenant:

I don’t think that Admin Consent is needed for this example. There may be scenario’s where this may be required so keep this in mind. The last thing our AAD App needs, is a Client Secret so it can be used by other applications (like our Azure DevOps Pipeline). Select the Certificates & secrets section of the AAD App and create one:

Save this secret in a very dark place where you will be able to find it, but nobody else can do harm with it 🔐.

2) Now I will add an Application User to my Power Platform Environment. We need an Application User that will link to the AAD App so the app can access this specific environment. We can do this in the Settings part of our Environment when using the Power Platform Admin Center (admin.powerplatform.microsoft.com/environments):

It may take some time to sync from AAD to the Power Platform Environment if you are unlucky. Eventually when adding an Application User you should be able to find the AAD App we just created:

Be sure to give the Application User the System Administrator Security Role. Now our Environment can be accessed by our AAD App:

Notice that the App ID of this Application User is exactly the same as the Application ID of the AAD App 🤓.

3) Now we have all the information we need to create a connection that can be used by our Pipeline. In our preparations (see Power Platform: Solutions and Azure DevOps Pipelines » Knowhere365) we already have installed the Microsoft Power Platform Build Tools for Azure DevOps – Power Platform | Microsoft Docs using the Marketplace. These build tools will give us a nice wizard experience when we go to Project Settings in our Azure DevOps Project and select the Service Connections section:

We easily create a Service Connection in our Azure DevOps Project using the right information from the previous steps:

4) Finally we create a simple Publish Customizations Pipeline first. Keep the first test very simple to check if the Pipeline will connect to the Power Platform Environment. I will share a simple example .yml Pipeline that will publish all customizations in an environment below. Just like you would push the button in the Maker Portal of the Power Platform Environment to make sure all customizations are applied:

trigger: none
pool:
  vmImage: windows-latest

steps:
# Prepare #
  - checkout: self
    persistCredentials: true
  - task: PowerPlatformToolInstaller@0 #Always Install this when using PowerPlatformBuiltTools on machine
    displayName: Prepare - Install PP Tool
    inputs:
      DefaultVersion: true

# Solutions logic #
  - task: PowerPlatformPublishCustomizations@0 # Publish Environment Customizations
    displayName: Solutions - Publish customizations
    inputs:
      authenticationType: 'PowerPlatformSPN'
      PowerPlatformSPN: 'insbadev01connection'

Be sure to keep the line indents very accurate in .yml files. Looking at my Job Run it seems we have successfully connected the Pipeline to the Power Platform Environment:

Stay tuned because next time we will extend this Pipeline to actually export a Power Platform Solution and save it in our Git Repo 💪👍.

2 thoughts on “Power Platform: connect an Azure DevOps Pipeline

Leave a comment