Struct AdoPipeline 

pub struct AdoPipeline {
    pub trigger: Option<Value>,
    pub pr: Option<Value>,
    pub variables: Option<AdoVariables>,
    pub stages: Option<Vec<AdoStage>>,
    pub jobs: Option<Vec<AdoJob>>,
    pub steps: Option<Vec<AdoStep>>,
    pub pool: Option<Value>,
    pub workspace: Option<Value>,
    pub resources: Option<AdoResources>,
    pub extends: Option<Value>,
    pub parameters: Option<Vec<AdoParameter>>,
    pub permissions: Option<Value>,
}

Top-level ADO pipeline definition. ADO pipelines come in three shapes: (a) stages → jobs → steps (b) jobs → steps (no stages key) (c) steps only (no stages or jobs key)

Fields

trigger: Option<Value>

pr: Option<Value>

variables: Option<AdoVariables>

stages: Option<Vec<AdoStage>>

stages: is normally a sequence of stage objects, but real-world pipelines also use stages: ${{ parameters.stages }} (a template expression that resolves at runtime to a list). The custom deserializer accepts both shapes; non-sequence shapes resolve to None and the graph is marked Partial downstream.

jobs: Option<Vec<AdoJob>>

steps: Option<Vec<AdoStep>>

pool: Option<Value>

workspace: Option<Value>

Pipeline-level workspace: block. The only security-relevant field is clean: (outputs, resources, all, or true), which causes the agent to wipe the workspace between runs. Used to tag self-hosted Image nodes with META_WORKSPACE_CLEAN.

resources: Option<AdoResources>

resources: block — repository declarations, container declarations, pipeline declarations. We only consume repositories[] today. Pre-2019 ADO accepts a sequence form (resources: [- repo: self]) which has no repositories: key — the custom deserializer accepts both shapes and treats the sequence form as an empty resources block.

extends: Option<Value>

Top-level extends: directive — extends: { template: x@alias, ... }. Captured raw so we can scan for template: x@alias references that consume a resources.repositories[] entry.

parameters: Option<Vec<AdoParameter>>

Top-level parameters: declarations. Each entry has at minimum a name; type defaults to string when omitted. values: is an optional allowlist that constrains caller input. ADO accepts two shapes: the typed sequence form (- name: foo \n type: string \n default: bar) and the legacy untyped map form (parameters: { foo: bar, baz: '' }) used in older template fragments. The custom deserializer normalizes both.

permissions: Option<Value>

Pipeline-level permissions: block. Controls the scope of System.AccessToken for all jobs in the pipeline unless overridden at the job level. Parsed to detect explicit scope restriction (e.g. contents: none) so over_privileged_identity doesn’t fire on pipelines that have already locked down their token.

Trait Implementations

impl Debug for AdoPipeline

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for AdoPipeline

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.