Skip to content

AI Assistance for Pipelines and Dockerfiles

Use this guide together with the AI in Software Development guideline and the DevOps & CI/CD overview.

When AI is useful

Approved AI coding assistants can help with:

  • Drafting GitHub Actions or Azure DevOps YAML
  • Drafting Dockerfiles and container build steps
  • Refactoring repeated pipeline steps into reusable workflows or templates
  • Explaining existing CI/CD definitions before you change them
  • Generating starter test or release jobs from an existing local build command

AI output is always a draft. The engineer remains responsible for correctness, security, and maintainability.

Information to give the AI first

Before asking an AI assistant to generate pipeline YAML or Dockerfiles, provide the core delivery context explicitly. Ideally, this information should already be documented in CONTRIBUTING.md or similar repository documents such as build, release, deployment, or architecture notes, so both humans and AI assistants work from the same reviewed instructions.

Provide:

  • Repository type and primary language or runtime
  • Target artifact type: package, container, desktop installer, static web bundle, etc.
  • Existing local build, test, and package commands
  • Target environments and approval expectations
  • Required registries, feeds, or artifact stores
  • Secret-management constraints and identity model
  • Whether infrastructure changes are handled in the same repo or a separate IaC repo
  • Required quality gates such as tests, code scanning, or signing

Prompt skeleton

Use a prompt similar to this and adapt the placeholders:

Generate a low-complexity CI/CD workflow for a <repo type> repository.
Use <GitHub Actions/Azure DevOps YAML>.
The pipeline must call existing repo commands and must not invent large inline scripts.
Artifacts: <artifact types>. Environments: <env list>. Approval model: <approval model>.
Secrets must come from <secret source>. Infrastructure changes are handled by <IaC approach>.
Return workflow YAML, a short explanation, and a review checklist.

Review checklist for AI-generated CI/CD assets

  • No secrets, tokens, tenant IDs, or credentials are embedded in YAML or Dockerfiles.
  • The workflow uses real repository commands and paths rather than invented scripts.
  • Artifact naming, versioning, and publish locations match the team convention.
  • Production deployment behavior matches the required approval model.
  • Permissions are minimal for the workflow or job.
  • Dockerfiles use an approved base image strategy and expose only the required runtime behavior.
  • The result is simple enough to maintain without returning to the AI every time.

What AI should not decide on its own

  • Production approval bypasses
  • Secret names or storage locations unless you already defined them
  • New infrastructure resources without review against the Infrastructure as Code Guidelines
  • Release versioning rules that conflict with your product or package policy
  • Unsupported external services, third-party actions, or container registries

Good pattern for AI-assisted authoring

  1. Ask the AI for a draft.
  2. Compare the draft with DHI guidelines and repository conventions.
  3. Replace placeholders and simplify any over-engineered steps.
  4. Run the workflow in the smallest safe scope.
  5. Keep only the reviewed result in the repository.