My GitHub repo shows how to set up an Azure DevOps Continuous Deployment (CD) pipeline for deploying an Azure Automation account & associated Runbooks.

Deployment
- Clone the repo & upload into your own Azure DevOps instance.
- Modify the
/ado/env
&/infra/env
files to match your Azure & Azure DevOps environment. - Select the
Pipelines
blade in Azure DevOps and click onNew pipeline
- Select where your have stored your source code, select
Existing Azure Pipelines YAML file
, select the Branch (likelymain
) and set the Path to/ado/deploy-automation.yml
. Save
the pipeline.- In the upper right-hand corner of the screen, select the
User Settings
button and selectPersonal Access Tokens
. This PAT will be used by the Azure Automation account to pull the runbooks from source control. - Click
New Token
, give it a name that reminds you what it will be for (example:AzureAutomation
). Set the Expiration. Add the following scopes (click on theCustom defined
radio button to see them all).- Code – Read
- Identity – Read
- Project and Team – Read
- Service Connections – Read, query, & manage
- User Profile – Read
- Work Items – Read
- Copy the PAT to Notepad.
- Navigate back to the pipeline and click on
Edit
. - Click
Variables
and thenNew variable
. - Name the variable
AdoPat
, paste in the PAT string you copied earlier & check theKeep this value secret
checkbox. ClickOk
to save. - Click
Run pipeline
to execute. You may need toauthorize
the pipeline to use the service connection. This initial run will create all of the required Azure resources & set up the sync, but it will fail the first time becuase you need to grant the Managed Identity that the Automation Account usesContributor
access to the Resource Group so it can createRunbook
resources (https://docs.microsoft.com/en-us/azure/automation/source-control-integration#prerequisites). - In the Azure portal, navigate to your Resource Group. Click on the
Access control
blade. Click onAdd->Add Role assignment
.- Select the
Contributor
role. ClickNext
. - Select the
Managed identity
radio button. ClickSelect members
. - Select the managed identity that was created in your resource groups. Click `Select.
- Click
Review + assign
.
- Select the
- Run the pipeline again to see the sync occur.
You can now see the Azure Automation Source Control link & Runbook sync job complete in the Azure portal.

