Interview Q&A

Review the concept and prepare a concise verbal explanation with a real project example.

Add SonarQube tasks to your build pipeline:

• task: SonarQubePrepare@5

inputs:

SonarQube: 'MySonarServiceConnection'

scannerMode: 'MSBuild'

projectKey: 'MyProject'

projectName: 'MyApp'

• script: dotnet build
• task: SonarQubeAnalyze@5
• task: SonarQubePublish@5

inputs:

pollingTimeoutSec: '300'

Review the concept and prepare a concise verbal explanation with a real project example.

Review the concept and prepare a concise verbal explanation with a real project example.

In your pipeline or locally, publish the .nupkg file using:

dotnet nuget push "MyLibrary.1.0.0.nupkg" --source "MyFeed"

• -api-key az

or use the Azure Pipelines task:

• task: NuGetCommand@2

inputs:

command: 'push'

Follow:

packagesToPush: '$(Build.ArtifactStagingDirectory)/*.nupkg'

publishVstsFeed: 'MyProject/MyFeed'

Review the concept and prepare a concise verbal explanation with a real project example.

dotnet restore

Review the concept and prepare a concise verbal explanation with a real project example.

Review the concept and prepare a concise verbal explanation with a real project example.

Review the concept and prepare a concise verbal explanation with a real project example.

Review the concept and prepare a concise verbal explanation with a real project example.

<<<<<<< HEAD

old code

=======

new code

>>>>>>> feature/login

Review the concept and prepare a concise verbal explanation with a real project example.

Review the concept and prepare a concise verbal explanation with a real project example.

Connection → Azure Resource Manager

Review the concept and prepare a concise verbal explanation with a real project example.

CommonLibrary in its .csproj.

Quality gates are automated checks that your code must pass before it can be deployed.

Typical gates:

• Code must pass all tests.
• Code coverage ≥ 80%.
• No critical SonarQube issues.
• Build must succeed.

Ways to enforce them:

• Branch policies: Block PRs until build and tests pass.
• SonarQube gate: Fail the pipeline if quality gate fails.
• Pipeline conditions: Only deploy if all checks succeed.

Example (YAML):

• task: SonarQubePublish@5

inputs:

pollingTimeoutSec: '300'

condition: succeeded()

Example scenario:

If SonarQube reports a “Failed Quality Gate” due to high code duplication, the deployment

to QA is blocked until issues are fixed.

5⃣ How do you perform automated smoke testing after deployment?

Smoke tests verify that your deployed app is running and key endpoints work — without

doing deep functional testing.

You can run these as post-deployment steps in your release pipeline.

Follow:

Example (PowerShell):

• task: PowerShell@2

inputs:

targetType: 'inline'

script: |

$response = Invoke-WebRequest

if ($response.StatusCode -ne 200) {

throw "Smoke test failed!"

Example scenario:

After deploying your API to QA, the pipeline runs a smoke test that checks:

• /health endpoint returns 200
• Database connection works

If it fails, the pipeline stops and alerts the team.

✅ Pro Tip:

Combine all testing and quality practices like this:

Review the concept and prepare a concise verbal explanation with a real project example.

Versioning is usually handled automatically in the build pipeline — so every build produces

a unique version number.

You can version packages using:

• Build ID, Git commit hash, or semantic versioning (e.g., 1.2.3).

Example (YAML):

variables:

versionMajor: 1

versionMinor: 0

versionPatch: $(Build.BuildId)

Follow:

steps:

• script: dotnet pack MyLibrary.csproj -c Release
• p:PackageVersion=$(versionMajor).$(versionMinor).$(versionPatch)

displayName: 'Create NuGet package'

Then publish it:

• task: NuGetCommand@2

inputs:

command: 'push'

packagesToPush: '**/*.nupkg'

publishVstsFeed: 'MyProject/MyFeed'

Example scenario:

Each time your CI pipeline runs, it generates a package version like 1.0.45 or 1.0.46 —

ensuring consistent versioning and avoiding overwriting old packages.

4⃣ How do you manage dependencies between multiple .NET projects

using Azure Artifacts?

When you have multiple .NET projects that depend on each other, Azure Artifacts acts as

your internal package registry.

Typical approach:

Review the concept and prepare a concise verbal explanation with a real project example.

Add your feed’s URL to NuGet.config:

<add key="MyFeed"

value="

ndex.json" />

Review the concept and prepare a concise verbal explanation with a real project example.

Review the concept and prepare a concise verbal explanation with a real project example.

Review the concept and prepare a concise verbal explanation with a real project example.

Review the concept and prepare a concise verbal explanation with a real project example.

Review the concept and prepare a concise verbal explanation with a real project example.

Review the concept and prepare a concise verbal explanation with a real project example.

Review the concept and prepare a concise verbal explanation with a real project example.

Review the concept and prepare a concise verbal explanation with a real project example.

Review the concept and prepare a concise verbal explanation with a real project example.

Review the concept and prepare a concise verbal explanation with a real project example.

In Azure DevOps, every pipeline run automatically generates detailed logs for each step

and task.

To view logs:

You can automate creating and destroying environments (like dev, test, or staging) using

pipeline logic and IaC tools.

✅ Example (Bicep – Create Environment):

• task: AzureCLI@2

inputs:

azureSubscription: 'MyServiceConnection'

scriptType: 'bash'

inlineScript: |

az group create --name MyRG --location eastus

az deployment group create --resource-group MyRG

• -template-file infra/main.bicep

✅ Example (Terraform – Teardown Environment):

• task: TerraformCLI@1

Follow:

inputs:

command: 'destroy'

workingDirectory: 'infra'

commandOptions: '-auto-approve'

environmentServiceName: 'MyServiceConnection'

Example scenario:

Each pull request automatically spins up a temporary Azure environment (App Service +

Database) for testing.

Once the PR is closed or merged, the pipeline runs a teardown job to delete the resources

— saving cost and keeping Azure clean.

✅ Pro Tip:

For professional IaC pipelines in Azure DevOps:

• Use Bicep for Azure-native infrastructure.
• Use Terraform for multi-cloud or complex setups.
• Always deploy with a service connection using least-privilege roles.
• Automate environment lifecycle (create → test → destroy).

Security & Compliance Advanced /

Real-world Scenarios

1⃣ How do you secure secrets, keys, and connection strings in Azure

Pipelines?

You should never hardcode secrets (like passwords, connection strings, or API keys) in

pipeline YAML files or scripts.

Instead, you store them securely using Azure DevOps Variable Groups or Azure Key

Vault integration.

Ways to secure secrets:

Follow:

• Use secret variables in pipelines:

→ In Azure DevOps → Pipelines → Variables → Mark variable as secret.

• Use Azure Key Vault to fetch secrets securely at runtime.
• Use pipeline permissions to control who can view or edit variables.

Example (YAML):

variables:

• group: 'ProdSecrets'

steps:

• script: echo "Connecting to DB..."

env:

ConnectionString: $(DB_Connection)

Example scenario:

You’re deploying an app that needs a SQL connection string.

You store that in Azure Key Vault and reference it securely in the pipeline — so it never

appears in logs or code.

2⃣ What is Azure Key Vault and how is it used with pipelines?

Azure Key Vault is a secure store for secrets, keys, and certificates.

Azure DevOps can connect to it to retrieve secrets dynamically during builds or

deployments.

Steps to use it:

Review the concept and prepare a concise verbal explanation with a real project example.

You can automate infrastructure deployment directly from Azure Pipelines using ARM

templates, Bicep files, or Terraform scripts.

Each option defines your infrastructure as code — meaning servers, networks, and

resources are described in files and deployed consistently through pipelines.

✅ Example (using Bicep in YAML):

trigger:

• main

pool:

vmImage: 'ubuntu-latest'

steps:

• task: AzureCLI@2

inputs:

azureSubscription: 'MyServiceConnection'

scriptType: 'bash'

scriptLocation: 'inlineScript'

inlineScript: |

az deployment group create \

• -resource-group MyRG \
• -template-file infrastructure/main.bicep \
• -parameters environment=dev appName=myapp

✅ Example (using Terraform):

• task: TerraformInstaller@1

inputs:

terraformVersion: '1.7.0'

Follow:

• task: TerraformCLI@1

inputs:

command: 'init'

workingDirectory: 'infra'

• task: TerraformCLI@1

inputs:

command: 'apply'

workingDirectory: 'infra'

commandOptions: '-auto-approve'

environmentServiceName: 'MyServiceConnection'

Example scenario:

A DevOps pipeline runs when a pull request is merged into main, automatically provisioning

an Azure App Service, Storage Account, and SQL Database using Bicep.

2⃣ What is the difference between ARM templates and Bicep?

Feature ARM Templates Bicep

Language JSON Domain-specific (simpler syntax)

Readability Complex, verbose Clean and concise

Reusability Harder (manual

nesting)

Supports modules easily

Tooling Native in Azure Compiles into ARM JSON

Learning curve Steep Easier for beginners

In short:

Bicep is the modern, simplified language for ARM templates.

It makes infrastructure code shorter and easier to read — but still deploys through the same

Azure Resource Manager (ARM) engine.

Example comparison:

Follow:

ARM Template (JSON):

"resources": [

"type": "Microsoft.Storage/storageAccounts",

"name": "[parameters('storageName')]",

"location": "[resourceGroup().location]",

"sku": { "name": "Standard_LRS" },

"kind": "StorageV2"

Bicep (same thing):

resource storageAccount

'Microsoft.Storage/storageAccounts@2022-09-01' = {

name: storageName

location: resourceGroup().location

sku: { name: 'Standard_LRS' }

kind: 'StorageV2'

Example scenario:

A cloud engineer switches from ARM to Bicep and cuts a 300-line template down to just 80

lines — making it much easier to maintain in Git.

3⃣ How do you use Azure Service Connections for IaC deployments?

An Azure Service Connection securely stores credentials that pipelines use to connect to

your Azure subscription.

It’s like giving your pipeline “keys” to deploy resources in Azure — without hardcoding

credentials.

How to create one:

Follow:

Review the concept and prepare a concise verbal explanation with a real project example.

Review the concept and prepare a concise verbal explanation with a real project example.

You enforce them with branch policies.

Azure DevOps lets you require:

• A minimum number of reviewers (e.g., 2).
• Approval from code owners.
• Successful builds before merge.

Follow:

• Linked work items or comments resolved.

Example:

When a developer submits a pull request to merge feature/login, the PR won’t

complete until:

• At least two reviewers approve it.
• The build pipeline passes.
• All comments are marked resolved.

This ensures code quality and consistency.

5⃣ How do you resolve merge conflicts in Azure Repos?

Merge conflicts happen when two people change the same part of a file.

How to resolve:

Pull the latest changes:

git fetch origin

git merge origin/main

Troubleshooting starts by identifying where and why the pipeline failed.

Steps:

Follow:

Add and commit:

git add .

git commit

git push

Review the concept and prepare a concise verbal explanation with a real project example.

You can use XML or JSON transformation tasks in your release pipeline to adjust settings

per environment.

Example (Classic):

• Add a File Transform or Replace Tokens task.
• Replace values like database connection strings or API URLs for QA, UAT, or

Production.

Example (YAML):

• task: FileTransform@2

inputs:

folderPath: '$(System.DefaultWorkingDirectory)/drop'

xmlTransformation: true

jsonTargetFiles: '**/appsettings*.json'

Example scenario:

In appsettings.Production.json, you might replace the connection string with your

production database credentials automatically during deployment.

6⃣ How do you handle deployment slots in Azure App Service?

Azure App Service supports deployment slots — like Staging and Production.

Best practice:

There are several ways:

Review the concept and prepare a concise verbal explanation with a real project example.

Review the concept and prepare a concise verbal explanation with a real project example.

You can deploy Infrastructure as Code (IaC) directly from your pipeline using ARM or

Bicep files.

Follow:

Example (YAML):

• task: AzureResourceManagerTemplateDeployment@3

inputs:

deploymentScope: 'Resource Group'

azureResourceManagerConnection: 'MyServiceConnection'

subscriptionId: 'xxxx-xxxx-xxxx'

action: 'Create Or Update Resource Group'

resourceGroupName: 'my-rg'

location: 'East US'

templateLocation: 'Linked artifact'

csmFile: 'infrastructure/main.bicep'

overrideParameters: '-appName myapp -sku S1'

Example scenario:

Before deploying your .NET app, your pipeline provisions a new App Service, SQL

Database, and Storage Account automatically.

9⃣ How can you use Azure CLI or PowerShell tasks in your release

pipeline?

You can run custom scripts using AzureCLI@2 or PowerShell@2 tasks to automate

advanced tasks.

Example (Azure CLI):

• task: AzureCLI@2

inputs:

azureSubscription: 'MyServiceConnection'

scriptType: 'bash'

scriptLocation: 'inlineScript'

inlineScript: |

az webapp restart --name my-webapp --resource-group my-rg

Example (PowerShell):

• task: PowerShell@2

Follow:

inputs:

targetType: 'inline'

script: |

Write-Host "Performing custom cleanup..."

Remove-Item -Path $(Build.ArtifactStagingDirectory)\temp

• Recurse -Force

Example scenario:

After deploying your app, you might use a PowerShell script to clear old log files or an Azure

CLI command to restart the web app.

✅ Pro Tip:

A solid Release Pipeline usually includes:

• Staged deployments (Dev → QA → Prod)
• Environment-specific configs
• Pre-deployment approvals
• Slot-based zero-downtime deployment
• Rollback and infrastructure provisioning

Testing & Quality

1⃣ How do you integrate unit tests, integration tests, or UI tests in Azure

Pipelines?

You can run all types of automated tests (unit, integration, UI) inside your build or release

pipelines using tasks like DotNetCoreCLI@2, Visual Studio Test@2, or custom

scripts.

Example (Unit Tests):

• task: DotNetCoreCLI@2

inputs:

Follow:

command: 'test'

projects: '**/*UnitTests.csproj'

publishTestResults: true

Example (Integration Tests):

• Typically run after the app is deployed to a test environment.
• You can use a task like:
• script: dotnet test

./Tests/IntegrationTests/IntegrationTests.csproj

Example (UI Tests):

• Tools like Selenium or Playwright can be integrated as post-deployment steps in

your pipeline:

• script: npx playwright test

Real-life scenario:

After building a .NET API, the pipeline runs unit tests.

Then, in a release pipeline, once the app is deployed to the “QA” environment, Selenium

tests verify that the login screen works.

2⃣ What is code coverage, and how do you view it in Azure DevOps?

Code coverage measures how much of your code is executed during tests — it helps you

see which parts of your application aren’t tested.

Example (for .NET):

• script: dotnet test --collect:"XPlat Code Coverage"

This generates a coverage report (coverage.cobertura.xml), which Azure DevOps can

display in the Test Results → Code Coverage tab.

Follow:

Example scenario:

Your pipeline might show that 82% of your code is covered by tests.

You can then aim to increase that by adding more unit tests for uncovered modules.

3⃣ How do you use SonarQube or other tools for static code analysis?

SonarQube checks your code for bugs, code smells, and security vulnerabilities.

Integration steps:

Review the concept and prepare a concise verbal explanation with a real project example.

Review the concept and prepare a concise verbal explanation with a real project example.

Each build or release agent runs under a specific identity that needs permissions to

deploy or access resources.

Best practices:

• Use Managed Identity for self-hosted agents (so no credentials are stored).
• Use Service Principals for hosted agents with least privilege roles (e.g., Contributor

on a resource group).

• Use Azure RBAC to control access to resources.
• Rotate service principal secrets regularly.

Example scenario:

Your build agent deploys a web app to Azure.

Instead of storing a username/password, you use a Managed Identity with “Contributor”

access to the resource group — this way, no secrets are needed and access is fully

auditable.

Follow:

4⃣ How do you ensure compliance and audit trails in Azure DevOps?

Azure DevOps provides several tools for traceability, governance, and auditing.

Ways to ensure compliance:

• Auditing → Tracks every user action (build edit, approval, code change).
• Branch Policies → Enforce code reviews, build validation, and work item linking.
• Approvals & Gates → Ensure managers approve production releases.
• Work Item Linking → Every commit and deployment ties back to a tracked work

item.

• Security Groups & Permissions → Control access by least privilege.

Example scenario:

In a financial organization, every production deployment must be approved by a release

manager.

Azure DevOps enforces that no code can be merged to main without linked work items and

passing builds — creating a full audit trail for compliance reviews.

🚀 Advanced / Real-World Scenarios

5⃣ How would you handle blue-green or canary deployments in Azure

DevOps?

Both strategies reduce downtime and risk during production deployments.

• Blue-Green Deployment:

Maintain two identical environments (Blue = live, Green = standby).

Deploy to Green → test → switch traffic → make Green live.

• Canary Deployment:

Gradually release new versions to a small user subset first, then increase rollout.

Follow:

Implementation (Azure DevOps + Azure App Service):

• Use deployment slots (staging and production).
• Deploy to staging slot first.
• Run smoke tests.
• Swap slots when verified.

Example (YAML):

• task: AzureAppServiceManage@0

inputs:

azureSubscription: 'MyServiceConnection'

Action: 'Swap Slots'

WebAppName: 'myapp-prod'

SourceSlot: 'staging'

TargetSlot: 'production'

Scenario:

You deploy a new API to the staging slot, run tests, and only swap to production after

validation — ensuring zero downtime.

6⃣ How would you implement a multi-stage YAML pipeline for .NET apps?

Multi-stage YAML pipelines allow you to define the entire CI/CD process (build, test, deploy)

in a single file.

Example:

stages:

• stage: Build

jobs:

• job: BuildApp

steps:

• script: dotnet build --configuration Release

Follow:

• stage: Test

dependsOn: Build

jobs:

• job: RunTests

steps:

• script: dotnet test
• stage: Deploy

dependsOn: Test

jobs:

• deployment: DeployToDev

environment: dev

strategy:

runOnce:

deploy:

steps:

• task: AzureWebApp@1

inputs:

azureSubscription: 'MyServiceConnection'

appName: 'myapp-dev'

Scenario:

After every push to main, the pipeline automatically builds, tests, and deploys to a dev slot

— ready for QA approval.

7⃣ How do you integrate Azure DevOps with GitHub, Jira, or Slack?

Azure DevOps offers built-in and third-party integrations for collaboration and tracking.

• GitHub → Link commits and pull requests to Azure Boards.
• Jira → Connect issues to commits or deployments using service hooks.
• Slack / Teams → Get real-time pipeline notifications.

Example (Slack Integration):

Follow:

• Go to Project Settings → Service Hooks → Slack.
• Configure notifications for “Build completed” or “Release failed.”

Scenario:

When a pipeline fails, your team’s Slack channel gets an instant message:

❌ Build failed for main (Build ID #1203) — Click to view logs.

8⃣ How do you manage multiple environments (dev, test, prod) efficiently

in CI/CD?

Use multi-stage pipelines with separate environments, each having its own approvals,

variables, and configuration.

Best practices:

• Use variable groups per environment (Dev, Test, Prod).
• Use deployment stages with approvals.
• Manage configurations using appsettings.{env}.json or transform files.
• Use release gates for quality checks before production.

Example (YAML snippet):

variables:

• group: 'DevSettings'

stages:

• stage: DeployToDev

jobs:

• deployment: DevDeploy

environment: dev

strategy:

runOnce:

deploy:

Follow:

steps:

• task: AzureWebApp@1

Scenario:

When code is merged, it auto-deploys to Dev.

After QA approval, it moves to Test → Prod with approvals and gates in between.

9⃣ How do you optimize build and release times for large .NET solutions?

Optimizing pipelines saves time and cost — especially for large solutions.

Tips:

Use pipeline caching for NuGet packages:

• task: Cache@2

inputs:

key: 'nuget | "$(Agent.OS)" | packages.lock.json'

path: '~/.nuget/packages'

• Build only changed projects using path filters.
• Use parallel jobs for independent tests.
• Use incremental builds or artifact reuse between stages.

Scenario:

By caching NuGet packages and running tests in parallel, a 20-minute build drops to under

8 minutes.

🔟 How do you migrate existing CI/CD pipelines from Jenkins or

TeamCity to Azure DevOps?

Migration usually involves:

Follow:

Azure DevOps includes built-in Analytics and Reporting tools to help track performance,

quality, and productivity.

Follow:

Common reports:

• Pipeline Analytics: Success/failure trends, duration, frequency of builds.
• Test Analytics: Test pass rate, flaky tests, average test duration.
• Work Item Reports: Burndown charts, velocity, bug trends.
• Deployment Frequency: How often code is shipped to each environment.

Example scenario:

You might create a dashboard showing:

• “Build success rate over the last 30 days.”
• “Average build time.”
• “Top 10 failed pipelines.”

This helps identify slow or unstable pipelines early.

Advanced:

You can connect Azure DevOps Analytics to Power BI for custom reports (like “number of

deployments per team per sprint”).

4⃣ How can you integrate Application Insights for monitoring

post-deployment?

Application Insights (App Insights) is an Azure service that helps monitor your

application’s health and usage after deployment — it collects metrics, logs, traces, and user

data.

Integration steps:

Add the Application Insights SDK to your .NET or web project:

dotnet add package Microsoft.ApplicationInsights.AspNetCore

Common tasks:

• UseDotNet@2 → Installs .NET SDK.
• NuGetCommand@2 → Restores NuGet packages.

Follow:

• DotNetCoreCLI@2 → Builds, tests, and publishes your app.
• PublishBuildArtifacts@1 → Stores your compiled output.

Example:

A .NET Core pipeline may use:

• task: DotNetCoreCLI@2

inputs:

command: 'build'

6⃣ How do you restore NuGet packages in a build pipeline?

Use either:

• script: dotnet restore

• task: NuGetCommand@2

inputs:

command: 'restore'

This pulls dependencies from NuGet.org or an internal feed.

Example:

If your project uses private packages, you can add a NuGet service connection or Azure

Artifacts feed to authenticate.

7⃣ How do you run unit tests and publish test results in a pipeline?

You use the DotNetCoreCLI@2 task with test command and publish results.

Example (YAML):

Follow:

• task: DotNetCoreCLI@2

inputs:

command: 'test'

projects: '**/*Tests.csproj'

publishTestResults: true

Azure Pipelines will then display test results (passed, failed, duration) in the build summary.

8⃣ What is the purpose of the dotnet build, dotnet test, and dotnet

publish commands in pipelines?

• dotnet build → Compiles your code and checks for errors.
• dotnet test → Runs all your unit tests.
• dotnet publish → Packages your app for deployment (e.g., to Azure Web App).

Example:

In a pipeline:

• script: dotnet build
• script: dotnet test
• script: dotnet publish -c Release -o

$(Build.ArtifactStagingDirectory)

The final publish step outputs deployable files like .dll or .zip.

9⃣ How do you create and publish build artifacts?

Artifacts are the build outputs you want to use later (for deployment or testing).

Example (YAML):

Follow:

• task: PublishBuildArtifacts@1

inputs:

PathtoPublish: '$(Build.ArtifactStagingDirectory)'

ArtifactName: 'drop'

This publishes your compiled files to Azure DevOps, where the Release pipeline can pick

them up.

🔟 What are pipeline variables and variable groups?

Pipeline variables: Key-value pairs you define in the pipeline or YAML.

variables:

buildConfig: 'Release'

• Variable groups: Collections of variables shared across pipelines (e.g., API keys,

environment names).

Example:

If multiple pipelines need the same database connection string, store it in a variable group

called ProdSettings.

11⃣ What are pipeline templates and how are they used?

Templates let you reuse pipeline steps across projects — great for standardization.

Example:

You can create a reusable file:

📄 .azure-pipelines/build-template.yml

steps:

• script: dotnet restore
• script: dotnet build

Follow:

Then in your main pipeline:

extends:

template: .azure-pipelines/build-template.yml

This keeps your YAML DRY (Don’t Repeat Yourself) and consistent.

12⃣ How do you handle secrets in pipelines (Azure Key Vault integration)?

You never store passwords directly in YAML — instead, use Azure Key Vault or variable

groups linked to Key Vault.

Example:

• Create a Key Vault in Azure.
• Add secrets like SqlPassword.
• In pipeline, add Key Vault as a variable group.

YAML:

variables:

• group: MyKeyVaultVariables

Secrets are pulled securely during build and never exposed in logs.

13⃣ How do you implement pipeline caching for NuGet packages or

intermediate files?

Caching helps speed up builds by reusing downloaded packages or build outputs.

Example (YAML):

• task: Cache@2

inputs:

Follow:

key: 'nuget | "$(Agent.OS)" | packages.lock.json'

path: ~/.nuget/packages

restoreKeys: |

nuget | "$(Agent.OS)"

This caches your NuGet packages, so they don’t have to be re-downloaded every build —

often cutting build time in half.

✅ Pro Tip:

A well-designed .NET CI pipeline in Azure DevOps usually includes:

• Code checkout
• dotnet restore
• dotnet build
• dotnet test
• Artifact publishing
• Optional: static code analysis, SonarQube, or code coverage tools

Release Pipelines (CD)

1⃣ What is a release pipeline and how does it differ from a build pipeline?

A build pipeline (CI) compiles, tests, and packages your code — it produces artifacts.

A release pipeline (CD) takes those artifacts and deploys them to different environments

like Dev, QA, or Production.

Example:

• Build Pipeline: Compiles your .NET app and outputs a .zip file.

Follow:

• Release Pipeline: Takes that .zip and deploys it to Azure App Service.

So, the build pipeline = create, and release pipeline = deliver.

2⃣ What are deployment stages and environments in Azure DevOps?

A stage represents a step in your release process — like Dev, QA, UAT, or Production.

An environment is the actual target (Azure Web App, VM, Kubernetes cluster, etc.) where

your app is deployed.

Example:

A release pipeline might have:

• Stage 1 – Dev: Deploy automatically for testing.
• Stage 2 – QA: Deploy after QA team approval.
• Stage 3 – Prod: Deploy after manager approval.

Each stage can target a different Azure App Service or resource group.

3⃣ How do you configure approvals and gates for releases?

Approvals and gates ensure deployments happen safely — with the right people’s

permission or automated checks.

Approvals:

• Manual approvals before a stage starts or after it finishes.
• You can assign specific approvers (e.g., QA lead for QA, Manager for Prod).

Gates:

• Automated checks before deployment continues — like monitoring alerts, querying

Azure Monitor, or checking work item states.

Follow:

Example:

Before deploying to Production:

• Require approval from a “Release Manager”.
• Add a gate to check if the app’s error rate in Application Insights is below 2%.

4⃣ How do you deploy a .NET web app to Azure App Service using Azure

Pipelines?

You can deploy using the Azure Web App Deploy task.

Example (YAML):

• task: AzureWebApp@1

inputs:

azureSubscription: 'MyServiceConnection'

appName: 'my-dotnet-webapp'

package: '$(Pipeline.Workspace)/drop/**/*.zip'

Steps:

Feature Git TFVC

Type Distributed Centralized

History Full copy on each developer’s

machine

Stored on server

Branching Lightweight and fast Heavier and slower

Offline work Possible Needs connection

Common

use

Modern DevOps projects Legacy TFS

projects

Example:

In Git, you can commit locally even offline on a flight — with TFVC, you’d need server

access.

Git is now the default in Azure DevOps for flexibility and collaboration.

7⃣ How do you manage large binary files in Git (e.g., Git LFS)?

Follow:

Git isn’t great with big files (like images, videos, or large DLLs).

To handle them, we use Git LFS (Large File Storage).

How it works:

• Stores only pointers in Git.
• The actual binary files are stored elsewhere.

Setup example:

git lfs install

git lfs track "*.psd"

git add .gitattributes

git commit -m "Track PSD files with LFS"

Example:

A game development team using Unity stores large texture and model files with Git LFS to

keep their repo fast and clean.

8⃣ What are build validation policies?

A build validation policy ensures that every pull request triggers a build pipeline before

merging.

It prevents broken code from entering main.

Setup:

• In branch policies → “Add build policy.”
• Link it to your CI pipeline.
• Choose “Required” to block merges if the build fails.

Example:

When a developer creates a PR for feature/api-endpoint, Azure Pipelines

automatically runs unit tests and builds the app. If tests fail, the PR cannot be merged.

Follow:

This keeps your main branch always stable and deployable.

✅ Pro Tip:

Combine branch policies, code reviews, and build validations — this forms a strong

gatekeeping system that maintains code quality across teams.

Build Pipelines (Azure Pipelines – CI)

1⃣ What is a build pipeline in Azure DevOps?

A build pipeline in Azure DevOps automates how your code is compiled, tested, and

packaged whenever you make changes.

It’s part of Continuous Integration (CI) — where every code check-in triggers an automatic

build to ensure nothing is broken.

Example:

When a developer pushes code to main, Azure Pipelines automatically compiles your .NET

app, runs unit tests, and generates a build artifact (like a .zip or .dll) ready for

deployment.

2⃣ Explain the difference between YAML and Classic pipelines.

Feature YAML Pipeline Classic Pipeline

Defined in .yaml file in repo Azure DevOps GUI (drag & drop)

Version-controlled ✅ Yes ❌ No

Flexibility Very high Limited

Recommended

for

DevOps teams,

automation

Beginners or legacy setups

Follow:

Example:

In YAML, your pipeline might start like:

trigger:

• main

pool:

vmImage: 'windows-latest'

steps:

• script: dotnet build

You can review and version this with your code.

Classic pipelines are easier for newcomers but harder to maintain across branches.

3⃣ How do you trigger a build automatically after code check-in?

Add a trigger section in your YAML file, or use the GUI option “Enable continuous

integration.”

Example (YAML):

trigger:

branches:

include:

• main
• develop

Every push to main or develop automatically triggers a build.

You can also trigger manually or from a pull request.

4⃣ How do you set up a pipeline for a .NET or .NET Core application?

Follow:

VM.

Review the concept and prepare a concise verbal explanation with a real project example.

A project in Azure DevOps is like a container for everything related to a specific application

or product.

It can include:

• Code repositories
• Work items (stories, bugs)
• Pipelines (build/release)
• Test cases
• Artifacts

Example:

You might have a project named “ShoppingCartApp” that includes its code repo, CI/CD

pipeline, and all user stories related to that app.

6⃣ How do you organize repositories and teams in Azure DevOps for large

applications?

For large systems, you can:

• Use multiple repositories (one per microservice or component).
• Create teams inside the project to manage different modules.
• Use Areas and Iterations in Boards to track team-specific work.

Follow:

Example:

An e-commerce platform might have separate repos for PaymentService,

CatalogService, and OrderService. Each has its own team and pipelines but shares

the same Azure DevOps project for visibility.

7⃣ What are service connections in Azure DevOps?

A service connection is a secure link between Azure DevOps and external systems (like

Azure, AWS, GitHub, or Docker Hub).

Example:

If your pipeline needs to deploy code to Azure App Service, you create an Azure Resource

Manager service connection. It stores credentials securely so the pipeline can deploy

automatically.

8⃣ What is the difference between an organization, project, and repository

in Azure DevOps?

• Organization: The top-level container (like a company or department).
• Project: A workspace for a specific product or app.
• Repository: Where your source code lives.

Example:

Organization: ContosoTech

→ Project: MobileApp

→ Repository: ContosoApp-Frontend

9⃣ How do you manage permissions and access control in Azure

DevOps?

Follow:

You manage access using security groups and permissions at different levels

(Organization, Project, Repo, or Pipeline).

Example:

Developers may have Contribute rights on code, testers may have Edit Test Cases, and

managers may have View Only access to dashboards.

You can even integrate with Azure AD to sync user roles automatically.

🔟 How does Azure DevOps integrate with Active Directory or Azure

AD?

Azure DevOps integrates directly with Azure Active Directory for user authentication and

access control.

• You can use your company credentials to log in.
• Groups and roles from Azure AD can be mapped to DevOps permissions.
• SSO (Single Sign-On) makes it easier for teams to manage access securely.

Example:

When a new developer joins your company, you add them to the “Developers” group in

Azure AD — they automatically get access to the right projects in Azure DevOps.

Source Control (Azure Repos / Git)

1⃣ How do you create and manage branches in Azure Repos?

In Azure Repos, you create branches to work on features or fixes without disturbing the

main codebase.

You can create branches in multiple ways:

• From the Azure DevOps portal (Repos → Branches → New Branch).

Follow:

Using Git commands:

git checkout -b feature/add-login

git push origin feature/add-login

Managing branches means keeping them clean — deleting old ones after merges, naming

them properly (like feature/, bugfix/, release/), and ensuring they stay up to date

with main or develop.

Example:

When adding a “Dark Mode” feature, you create a branch called feature/dark-mode,

work there, and merge it back after review.

2⃣ What branching strategies have you used (e.g., Git Flow, trunk-based)?

There’s no one-size-fits-all strategy — it depends on team size and release frequency.

Common ones:

• Git Flow:

Uses main, develop, and feature branches. Ideal for structured release cycles.

Example: A large enterprise team doing monthly releases.

• Trunk-Based Development:

Everyone commits to main frequently with short-lived branches. Faster delivery.

Example: A DevOps team deploying multiple times a day.

• Feature Branching:

Simple approach — create a new branch per feature, merge when ready.

Example:

In my last project, we used Git Flow — developers worked off develop, created

feature/* branches, and merged through pull requests.

3⃣ How do you set up branch policies in Azure Repos?

Follow:

Branch policies ensure quality and control before merging code.

Steps:

Zero-downtime means your API stays live while deploying new versions.

Ways to achieve it:

• Use Azure App Service Deployment Slots (swap after warm-up).
• Use Blue-Green or Rolling Deployment strategy.
• Run health checks before swapping traffic.

Example:

• task: AzureAppServiceManage@0

inputs:

Action: 'Swap Slots'

WebAppName: 'myapi-prod'

SourceSlot: 'staging'

TargetSlot: 'production'

Follow:

Scenario:

You deploy the new API version to the staging slot.

Once tests confirm it’s healthy, you swap slots — users never see downtime, and rollback is

instant if something goes wrong.

✅ Pro Tip (for interviews):

If asked about real-world Azure DevOps experience, tie your answers to process +

reliability:

“We used multi-stage YAML pipelines with Azure Key Vault integration for secret

management, Bicep for infrastructure, and App Insights for monitoring —

ensuring secure, automated, and zero-downtime releases.”

Follow:

Azure Artifacts is a service in Azure DevOps that lets you store, share, and manage

packages like NuGet, npm, Maven, or Python packages — all in one secure place.

It’s basically your private package feed, just like NuGet.org, but private to your

organization.

Example:

Imagine your company has multiple .NET teams.

Each team builds shared libraries (like logging, authentication, or email helpers).

Instead of everyone copying DLLs, they publish them to Azure Artifacts — and others

can easily consume them as NuGet packages.

2⃣ How do you host and consume NuGet packages in Azure DevOps?

You can host and consume packages in Azure Artifacts with just a few steps.

🏗 To host (publish) a package: