Azure DevOps Search

kind: azuredevopssearch

Description

The Azure DevOps Search SCM plugin allows you to interact with multiple Azure DevOps repositories at once — either by fetching files or by pushing updates to them. Repositories are discovered dynamically using regex patterns for project name, repository name, and branch name.

condition

When used in a condition, the SCM block typically fetches files or metadata from the matching repositories.

target

When used in a target, the SCM block pushes changes to all matching repositories.

By default, the Azure DevOps Search SCM uses a working branch workflow: it creates a temporary branch, commits the changes, and opens a pull request targeting the branch defined in the configuration for each matching repository.

Parameters

NameTypeDescriptionRequired

Authentication

Updatecli supports Personal Access Token (PAT) authentication for interacting with Azure DevOps. You can authenticate using environment variables or directly in your manifest.

1. Personal Access Token via Environment Variables

Set the following environment variables to enable PAT authentication:

  • UPDATECLI_AZURE_DEVOPS_TOKEN: Your Azure DevOps Personal Access Token

  • UPDATECLI_AZURE_DEVOPS_USERNAME: Your Azure DevOps username

Example:

export UPDATECLI_AZURE_DEVOPS_TOKEN="your-pat-token"
export UPDATECLI_AZURE_DEVOPS_USERNAME="your-username"
Note

When these variables are set, Updatecli will use them for all Azure DevOps operations.

2. Personal Access Token via Manifest

You can specify your Personal Access Token directly in your Updatecli manifest under the spec.token and spec.username fields:

scms:
  default:
    kind: azuredevops
    spec:
      organization: myorg
      project: myproject
      repository: myrepo
      token: "{{ requiredEnv `UPDATECLI_AZURE_DEVOPS_TOKEN` }}"
      username: "{{ requiredEnv `UPDATECLI_AZURE_DEVOPS_USERNAME` }}"
Warning

For security reasons, it is recommended to use environment variables or secret management tools (like SOPS) instead of hardcoding tokens in your manifest.

Precedence and Fallback

Updatecli will use the first valid authentication method it finds, in the following order:

  1. Personal Access Token via environment variables

  2. Personal Access Token via manifest

If no valid authentication is found, Updatecli will fail with an error.

Further Reading

Tip: For best security and maintainability, prefer using environment variables for authentication, and avoid hardcoding secrets in your manifests.

CommitMessage

Updatecli uses conventional commits as describe on www.conventionnalcommits.org.
The goal is to add human and machine readable meaning to commit messages

By default, Updatecli generates a commit message using the default type "chore" and split long title message into the body like:

Author: olblak <updatecli@updatecli.io>
Date:   Tue May 4 15:41:44 2021 +0200

    chore: Update key "dependencies[0].version" from file "charts/jenkins/r...

    ... equirements.yaml"

    Made with ❤️️  by updatecli

Example

This pipeline automatically updates the Golang version across multiple Azure DevOps repositories within the myorg organization. Using the azuredevopssearch SCM, it discovers all repositories within projects and branches matching the configured regex patterns, and opens pull requests that update the Golang version in the build workflows accordingly. All changes are squashed into one commit per repository.

# updatecli.yaml
name: "Updatecli Golang - Azure DevOps Multi-Repo"
pipelineid: "golang/version"

scms:
  default:
    kind: azuredevopssearch
    spec:
      organization: myorg
      project: "^myproject$"
      repository: "^.*$"
      branch: "^main$"
      token: '{{ requiredEnv "UPDATECLI_AZURE_DEVOPS_TOKEN" }}'
      username: '{{ requiredEnv "UPDATECLI_AZURE_DEVOPS_USERNAME" }}'
      user: updatecli
      email: updatecli@example.com
      commitmessage:
        squash: true
        type: chore
        scope: deps
        title: "update Golang version"

actions:
  default:
    kind: azuredevops/pullrequest
    scmid: default
    spec:
      title: "deps(golang): Bump Golang version"

sources:
  golang:
    name: Get the latest Golang version
    kind: golang
    spec:
      versionfilter:
        kind: semver
        pattern: "1.24.x"

targets:
  github-action:
    name: 'deps(github-action): Bump Golang version to {{ source "golang" }}'
    kind: yaml
    scmid: default
    spec:
      engine: yamlpath
      files:
        - ".github/workflows/*"
      key: '$.jobs.build.steps[?(@.uses =~ /^actions\/setup-go/)].with.go-version'
      searchpattern: true
Last modified on May 13, 2026
Edit this page on GitHub
← Azure DevOps Pull Request
Bitbucket Cloud →