Use dynamic YAML in pipelines

Question

Use dynamic YAML in pipelines

Oliver 0

Good morning, in my setup I have 100 repositories that have each a purpose-specific YAML.

These make use of templated YAML pieces for reusability and to avoid code duplication.

I cannot make a global pipeline because the combinations explode and I have the idea of a pipeline full with if-else blocks.

But I don't want to maintain 100 entries in the Pipelines section, it is absurd. I could configure a Repositories-level Branch Validation Policy that run ONE only pipeline that executes whenever a Pull-Request is created for any of the 100 repositories.

My expectation would be to be able to pull the YAML of the corresponding repo that had the PR so I can trigger the specific build, but I cannot make that work.

I'm flexible to options, but for me it does not make sense to force me to maintain 100 pipelines (and any new required for my mew repositories).

How can I implement something in those lines?

Regards

Oliver 0 Reputation points

2026-04-20T13:05:45.85+00:00

Thanks for keep checking Siddhesh,

I do not want to checkout:self per se, it was your first proposal and I already answered that it's not possible as you confirm now.

The new proposal works but it's very unmaintainable. I have 100 repos and maintaining 100 build validations is very impractical.

I cannot understand why the system was designed with such a limitation. If, at least, there was a convention on the yaml naming and/or location so that they are automatically configured as pipelines... but not even that...

Best regards
Praveen Kumar Gudipudi 2,285 Reputation points Microsoft External Staff Moderator

2026-05-05T09:51:07.14+00:00
Hello Oliver,

Thanks for the clarification, and I completely understand your concern. When managing a large number of repositories, maintaining separate pipeline registrations and branch validation policies can feel unnecessarily heavy.

Unfortunately, the behavior you’re encountering is tied to how Azure DevOps YAML pipelines are architected. Pipeline definitions are compiled before execution and are strongly bound to a specific repository and YAML path that is registered in the Pipelines section. Because of this compile-time binding, the system cannot dynamically discover or load another repository’s YAML file as the pipeline definition during PR validation. Branch policies therefore require a pipeline that already exists and is explicitly configured.

At the moment, there is no built-in mechanism that automatically discovers YAML files across repositories and registers them as pipelines based on a naming convention or folder location. Pipeline creation and branch policy association remain explicit configuration steps by design.

For environments with many repositories, teams usually handle this operational overhead using automation rather than manual management. Two common approaches are:

Automate pipeline and policy creation Use the Azure DevOps REST API, scripts, or infrastructure tooling to automatically create pipelines and configure branch policies whenever a new repository is added. This way you still have one lightweight YAML per repo, but onboarding becomes a scripted process instead of manual setup.

Keep pipelines minimal and centralize logic Continue using the shared-template approach, where each repository only contains a very small YAML file (often just a few lines using extends:) while all real build logic resides in a central templates repository. This minimizes maintenance even though a pipeline entry still exists per repository.

While this design can feel restrictive, it is primarily intended to provide predictable pipeline compilation, security boundaries between repositories, and clear traceability of which pipeline definition is executed for a given repository and PR.

If avoiding manual configuration is the main concern, automation via the REST API or repository provisioning scripts is typically the most scalable approach when working with a large number of repositories.

2 answers

Your answer

Oliver 0 Reputation points

2026-04-20T13:05:45.85+00:00

Thanks for keep checking Siddhesh,

I do not want to checkout:self per se, it was your first proposal and I already answered that it's not possible as you confirm now.

The new proposal works but it's very unmaintainable. I have 100 repos and maintaining 100 build validations is very impractical.

I cannot understand why the system was designed with such a limitation. If, at least, there was a convention on the yaml naming and/or location so that they are automatically configured as pipelines... but not even that...

Best regards

Answer 1

Hi @Oliver

Thank you for reaching out to Microsoft Q&A.

Your expectation of having a single Branch Validation Policy that dynamically picks and runs the YAML pipeline defined in the repository where the Pull Request was created is logical, but unfortunately it does not work and is not supported due to Azure DevOps YAML pipeline design limitations. In Azure DevOps, branch policies require a statically defined pipeline, and the pipeline YAML must exist and be registered ahead of time in the Pipelines section. The pipeline compiler resolves the pipeline YAML and repository resources at compile time, which means it cannot dynamically load or substitute the pipeline definition from the PR source repository. As a result, Azure DevOps does not support scenarios where a branch policy pipeline dynamically executes the pipeline YAML from whichever repository triggered the PR, forcing many teams into maintaining multiple pipelines unless a workaround pattern is used.

Refer below points to resolve this issue or use this workaround:

Use a single PR validation pipeline that always runs in the context of the PR repository

Create one central PR validation pipeline and configure it as a Branch Validation Policy for all repositories. This pipeline must always check out self, which automatically resolves to the repository where the PR originates.

trigger: none
 
pr:
  branches:
    include:
      - "*"
steps:
- checkout: self
- template: /.azuredevops/pr-validation.yml

Store repo-specific logic as templates inside each repository

Instead of dynamic pipelines, move variability into repo-local templates. Each repository defines its own PR logic in a known location, for example:

/.azuredevops/pr-validation.yml

Each repository controls its own build, test, scan, or validation steps:

steps:
- script: echo "Running PR validation for this repository"
- template: templates/build.yml
- template: templates/test.yml

Enforce a convention instead of managing 100 pipelines

Adopt a simple convention that every repository must contain a PR validation template at a fixed path. With this approach:

You maintain only one pipeline
You apply only one branch policy
Onboarding a new repo requires no pipeline creation, only adding the template file

This is the most scalable and maintainable design and aligns with how Azure DevOps YAML pipelines are intended to be used at enterprise scale.

Oliver 0 Reputation points

2026-04-14T13:13:28.4633333+00:00

Thanks for your answer Siddhesh,

I tried that but checkout: self clones the repository where the pipeline's yaml is, instead of the repository of the pull-request.

Regards

Answer 2

Azure DevOps does not support a single YAML pipeline that dynamically reads and runs arbitrary YAML files from 100 different repositories at PR time. Each YAML pipeline is bound to a specific repository and YAML path, and templates from other repositories are only used at compile time, not as independent pipelines.

Key constraints from the platform:

Templates from other repositories are not separate pipelines
- Repository resources can be declared and templates referenced across repos:
```
     resources:
       repositories:
         - repository: templates
           type: git
           name: MyProject/BuildTemplates
     
     jobs:
     - template: common.yml@templates
```
- Only template files are used; once expanded, the final pipeline runs as if defined entirely in the source repo. Scripts or logic cannot be executed as if they were separate pipelines from those other repos.
- Repositories are resolved once at pipeline start; there is no mechanism to dynamically “switch” to another repo’s YAML as the pipeline definition at runtime.
Triggers and branch policies are repo‑scoped
- For multi‑repo checkout, each repository resource can have its own triggers, but the pipeline definition still lives in a single repo:
```
     resources:
       repositories:
       - repository: A
         type: git
         name: MyProject/A
         ref: main
         trigger:
         - main
     
       - repository: B
         type: git
         name: MyProject/B
         ref: release
         trigger:
         - main
         - release
```
- PR validation is configured per repository via branch policies. To validate PRs in each of 100 repos, each repo needs a build validation policy pointing to a pipeline.

Given these constraints, the desired model of “one pipeline that discovers and runs each repo’s own YAML” cannot be implemented natively.

Practical options within the platform model:

Single shared template, many minimal pipelines

Create one core template repo with the actual build logic (jobs, steps) in templates. Example:

     # Core template repo: BuildTemplates/common.yml
     parameters:
     - name: vmImage
       type: string
       default: 'ubuntu-22.04'
     
     jobs:
     - job: Build
       pool:
         vmImage: ${{ parameters.vmImage }}
       steps:
       - script: npm install
       - script: npm test

In each of the 100 repos, define a tiny azure-pipelines.yml that only references the shared template and passes repo‑specific parameters:

     resources:
       repositories:
         - repository: templates
           type: git
           name: Contoso/BuildTemplates
     
     pr:
     - main
     - feature/*
     
     jobs:
     - template: common.yml@templates
       parameters:
         vmImage: 'ubuntu-22.04'

Each repo then has its own pipeline (and PR build policy), but maintenance is centralized in the template repo. Changes to build logic are made once in the template.

Multi‑repo pipeline with branch policies (still not fully dynamic)
- A single pipeline can check out multiple repositories and run generic validation logic, but it cannot interpret each repo’s own YAML as a pipeline. It can only run scripted logic (e.g., build/test commands) against each checked‑out repo.
- To trigger on PRs in other repos, declare them as repository resources and configure branch policies in those repos so that PRs trigger the shared pipeline.
Security and secrets via templates
- For shared logic that uses secrets, store scripts/templates in a secure repo and reference them as templates, passing secrets via variable groups or Key Vault, as recommended for secure template usage.

Within the documented capabilities, the closest to the requested behavior is: one shared template repo + 100 minimal YAML pipelines (one per repo) that all reference the shared templates and are wired via PR branch policies. The platform does not provide a way to avoid having per‑repo pipeline definitions if each repo must have its own PR validation.

References:

Share via

Use dynamic YAML in pipelines

2 answers

Your answer