Moderne website OpenRewrite Go to app →

Configure an agent with Azure DevOps Services

In order to view recipe results and commit changes from a recipe back to Azure DevOps Services, you'll need to register a Microsoft Entra ID OAuth app and configure the Moderne agent with the appropriate variables.

Azure DevOps Services supports two OAuth 2.0 models: Microsoft Entra ID OAuth and the legacy Azure DevOps OAuth 2.0 models. The Moderne platform only supports the Microsoft Entra ID OAuth model.

Azure DevOps Services Configuration

Step 1: Create a Microsoft Entra ID OAuth App registration

  1. Natigate to https://portal.azure.com

  2. Under Azure services, click on Microsoft Entra ID

  3. Click on App registrations

  4. Click on New registration

  5. In the Register an application form:

    1. Enter "Moderne client OAuth app" or similar in the Name field

    2. Select Single Tenant under Supported account types

    3. In the Redirect URI section, enter a Web platform entry with the URL https://your-domain.moderne.io

  6. Click Register

  7. In the app's Overview page click Add a certificate or secret

  8. Click New client sercret

  9. In the Add a client secret form:

    1. Enter "Moderne client OAuth app client secret" or similar in the Description field

    2. Optionally set a non-default secret expiration in the Expires field

    3. Click Add

  10. Under Manage, click on API permissions

    1. Add Azure DevOps permissions for vso.code_manage and vso.graph

Agent configuration

Step 2: Configure the Moderne Agent

The following table contains all of the variables/arguments you need to add to your Moderne agent run command in order for it to work with your Azure DevOps Services instance. Please note that these variables/arguments must be combined with ones found in other steps in the Configuring the Moderne agent guide.

Values for client ID, client secret and tenant ID can be found in the Overview page for your OAuth app's registration:

You can configure multiple Azure DevOps OAuth apps by including multiple entries, each with a different {index}.

Variables:

  • MODERNE_AGENT_AZUREDEVOPS_{index}_OAUTH_CLIENTIDThe client ID of the registered OAuth app.

  • MODERNE_AGENT_AZUREDEVOPS_{index}_OAUTH_CLIENTSECRETThe client secret of the registered OAuth app.

  • MODERNE_AGENT_AZUREDEVOPS_{index}_OAUTH_TENANTIDThe Azure tenant ID of the registered OAuth app.

  • MODERNE_AGENT_AZUREDEVOPS_{index}_SKIPSSL(Optional) Specifies whether or not to skip SSL validation for HTTP connections to this Azure DevOps instance. This must be set to true if you use a self-signed SSL/TLS certificate. Defaults to false.

  • MODERNE_AGENT_AZUREDEVOPS_{index}_SSH_PRIVATEKEY(Optional) The SSH private key used to establish a SSH connection with Azure DevOps.

  • MODERNE_AGENT_AZUREDEVOPS_{index}_SSH_PASSPHRASE(Required if the SSH private key is specified and encrypted with a passphrase) The passphrase used to encrypt the SSH private key.

  • MODERNE_AGENT_AZUREDEVOPS_{index}_SSH_SSHFILENAME(Required if the SSH private key is specified) The file name of the private key, which the agent will store locally.

  • MODERNE_AGENT_AZUREDEVOPS_{index}_SSH_USER(Required if the SSH private key is specified) The username used for SSH communication with Azure DevOps.

Example:

docker run \
# ... Existing variables
-e MODERNE_AGENT_AZUREDEVOPS_0_OAUTH_CLIENTID=4affd674-286d-423f-b643-7ffe4dec0f53 \
-e MODERNE_AGENT_AZUREDEVOPS_0_OAUTH_CLIENTSECRET=yourClientSecret \
-e MODERNE_AGENT_AZUREDEVOPS_0_OAUTH_TENANTID=488bc312-9fdc-43d2-a647-7a7b28066cc4 \
# ... Additional variables
PreviousConfiguring the Moderne agentNextConfigure an agent with Bitbucket Data Center access

Last updated