Automated CI/CD pipeline trigger system that bridges GitHub and Azure DevOps for infrastructure deployments.
This Azure Function receives GitHub webhook events and automatically triggers an Azure DevOps pipeline to deploy Terraform infrastructure configurations. It provides a secure, serverless solution for GitOps-style infrastructure automation.
- Secure Webhook Validation: HMAC-SHA256 signature verification for all incoming webhooks
- Azure Key Vault Integration: Secrets managed securely using Managed Identity
- Automated Pipeline Triggers: Seamless integration with Azure DevOps REST API
- Self-Hosted Agent Support: Docker-based agent configuration included
- Infrastructure as Code: Terraform deployment automation
- Azure subscription with Function App
- Azure Key Vault with webhook secret stored
- Azure DevOps organization with pipeline configured
- GitHub repository with webhook configured
- Self-hosted Azure DevOps agent (optional, see
/scripts)
Configure these in your Azure Function App settings:
AZDO_ORG_URL=https://dev.azure.com/your-org
AZDO_PROJECT_NAME=your-project
AZDO_PIPELINE_ID=your-pipeline-id
AZDO_PAT=your-personal-access-token
KEYVAULT_NAME=your-keyvault-name
WEBHOOK_SECRET_NAME=github-webhook-secretusing portal or bash
- Go to your GitHub repository → Settings → Webhooks
- Payload URL:
https://<functionapp-name>.azurewebsites.net/api/Githubwebhook - Content type:
application/json - Secret: the webhook secret (must match Key Vault secret)
- Events: Push events
Configuration files are located in /scripts:
cd scripts
docker build -t azdo-agent .
docker run -d azdo-agent- Developer pushes code to GitHub main branch
- GitHub sends webhook POST request with HMAC signature
- Azure Function validates signature using secret from Key Vault
- If valid, function triggers Azure DevOps pipeline via REST API
- Self-hosted agent executes Terraform deployment
- Infrastructure changes are applied to Azure
M