updatecli · olblak · Apr 24, 2026 · Apr 25, 2026 · Apr 26, 2026 · Apr 26, 2026
diff --git a/README.adoc b/README.adoc
@@ -11,23 +11,101 @@ link:https://img.shields.io/github/actions/workflow/status/updatecli/updatecli/g
 link:https://api.securityscorecards.dev/projects/github.com/updatecli/updatecli[image:https://api.securityscorecards.dev/projects/github.com/updatecli/updatecli/badge[OpenSSF Scorecard]]
 link:https://bestpractices.coreinfrastructure.org/projects/6731[image:https://bestpractices.coreinfrastructure.org/projects/6731/badge[OpenSSF Best Practices]]
 
-_"Automatically open a PR on your GitOps repository when a third party service publishes an update"_
+_"Automatically open a PR on your Git repository when a file update is needed"_
 
-Updatecli is a tool used to apply file update strategies. Designed to be used from everywhere, each application "run" detects if a value needs to be updated using a custom strategy then apply changes according to the strategy.
+Updatecli is a universal declarative update policy engine. Designed to be used from everywhere, each Updatecli "run" detects if a file needs to be updated using a tailored update policy then apply changes.
 
-You describe your update strategy in a file then you run updatecli to it.
+You describe your update strategy in a policy then you enforce it using Updatecli.
 
-Updatecli reads a yaml or a go template configuration file, then works into three stages
+Every Updatecli policy is a YAML (or Go template) file that runs through three stages:
 
-1. Sources: Based on a rule, updatecli fetches a value that will be injected in later stages such as latest application version.
-2. Conditions: Ensure that conditions are met based on the value retrieved during the source stage.
-3. Targets: Update and publish the target files based on a value retrieved from the source stage.
+1. *Sources* — Fetch the new value to apply (e.g. latest Docker image tag, newest Helm chart version, latest GitHub release).
+2. *Conditions* — Verify that all prerequisites are met before making any change (optional but recommended).
+3. *Targets* — Apply the change to the right file or service, and open a pull request if an SCM is configured.
+
+== What Can You Update?
+
+Updatecli ships with 30+ built-in integrations. Here are the most common scenarios:
+
+* 📄 *File formats* —
+  Update values in YAML, JSON, TOML, XML, HCL, CSV, Dockerfiles, and `.tool-versions` files,
+  or any text file with pattern matching.
+
+* 🐳 *Container images* —
+  Track Docker image tags and digests from Docker Hub or any OCI-compliant registry.
+
+* 📦 *Package registries* —
+  Helm charts (including OCI), npm, PyPI, Maven, Cargo (Rust crates), Go modules,
+  and Terraform providers/modules.
+
+* 🏷️ *Git & releases* —
+  GitHub/GitLab releases, Git tags and branches.
+
+* ☕ *Languages & runtimes* —
+  Jenkins LTS/weekly releases, Eclipse Temurin (JDK), Go language versions,
+  Bazel modules and registry.
+
+* ☁️ *Cloud* —
+  AWS AMIs.
+
+* 🔧 *Custom logic* —
+  Shell scripts and HTTP endpoints, for anything not covered above.
+
+Find the full list and documentation on link:https://www.updatecli.io/docs/prologue/introduction/[www.updatecli.io].
 
 == Feature
 
-* *Flexibility*: Easy to define tailored update strategies, you are just one yaml file from it.
-* *Portability*: Easy to add to your workflow whatever it is. Just one command to run.  Of course, it's easy to remove.
-* *Extensibility*: Easy to add new go packages to support more workflows.
+[cols="1,1,3,1", options="header"]
+|===
+| SCM Platform | Supported | Capabilities | Plugin
+
+| GitHub
+| ✅
+| Clone, branch, commit, push, Pull Requests, releases
+| `github`
+
+| GitLab
+| ✅
+| Clone, branch, commit, push, Merge Requests, releases
+| `gitlab`
+
+| Gitea
+| ✅
+| Clone, branch, commit, push, Pull Requests, releases
+| `gitea`
+
+| Forgejo
+| ✅
+| Compatible through Gitea API support
+| `gitea`
+
+| Bitbucket Cloud
+| ✅
+| Clone, branch, commit, push, Pull Requests
+| `bitbucket`
+
+| Bitbucket Server / Stash
+| ✅
+| Clone, branch, commit, push, Pull Requests
+| `stash`
+
+| Azure DevOps
+| ✅
+| Clone, branch, commit, push, Pull Requests
+| `azuredevops`
+
+| Generic Git Repository
+| ✅
+| Clone, branch, commit, push
+| `git`
+
+|===
+
+* *Declarative* — Define your update policy once in YAML; Updatecli handles detection and application.
+* *30+ integrations* — Docker, Helm, GitHub releases, npm, PyPI, Terraform, AWS AMIs, and more — out of the box.
+* *Any CI/CD* — Runs as a single binary. Drop it into GitHub Actions, Jenkins, GitLab CI, or any shell.
+* *Safe by default* — Use `--dry-run` to preview every change before it is applied.
+* *Extensible* — Add custom logic via shell scripts or HTTP, or contribute a new Go plugin.
 
 == Why
 
@@ -213,10 +291,11 @@ More information available at link:https://github.com/updatecli/updatecli/blob/m
 * link:https://www.updatecli.io/docs/prologue/introduction/[DOCUMENTATION]
 * link:https://github.com/updatecli/updatecli/blob/main/LICENSE[LICENSE]
 
-== Thanks to all the contributors ❤️
+== Thanks to you
+=== Contributors ❤️
 
 link:https://github.com/updatecli/updatecli/graphs/contributors"[image:https://contrib.rocks/image?repo=updatecli/updatecli[]]
 
-== Thanks to the sponsors ❤️
+=== Sponsors ❤️
 
 link:https://www.prefect.io/[image:https://avatars.githubusercontent.com/u/41086007?v=4[alt=PrefectHQ,height=200, width=200]]
diff --git a/e2e/updatecli.d/success.d/azuredevops/scm.yaml b/e2e/updatecli.d/success.d/azuredevops/scm.yaml
@@ -0,0 +1,44 @@
+name: Test Azure DevOps scm
+pipelineid: azuredevops/scm
+
+scms:
+  azuredevops:
+    kind: azuredevops
+    spec:
+      organization: updatecli
+      project: "updatecli-test"
+      repository: "updatecli-test"
+      branch: main
+
+sources:
+  license:
+    name: Retrieve license file content
+    kind: file
+    scmid: azuredevops
+    spec:
+      file: LICENSE
+
+conditions:
+  license:
+    name: Retrieve license file content
+    kind: file
+    sourceid: license
+    scmid: azuredevops
+    spec:
+      file: LICENSE
+
+targets:
+  license:
+    name: Update license title
+    kind: file
+    disablesourceinput: true
+    scmid: azuredevops
+    spec:
+      file: LICENSE
+      content: "# Title"
+      line: 1
+
+actions:
+  default:
+    kind: azuredevops/pullrequest
+    scmid: azuredevops
diff --git a/e2e/updatecli.d/success.d/azuredevopssearch/scm.yaml b/e2e/updatecli.d/success.d/azuredevopssearch/scm.yaml
@@ -0,0 +1,28 @@
+name: Test Azure Devops scm
+pipelineid: azuredevops/scm
+
+scms:
+  azuredevops:
+    kind: azuredevopssearch
+    spec:
+      organization: updatecli
+      #project: "^updatecli-test$"
+      #repository: "^updatecli-test$"
+      branch: "^main$"
+
+targets:
+  readme:
+    name: Test update
+    kind: yaml
+    disablesourceinput: true
+    scmid: azuredevops
+    spec:
+      file: .github/workflows/updatecli.yaml
+      key: "$.permissions.contents"
+      value: read
+
+actions:
+  default:
+    title: Change readme title
+    kind: azuredevops/pullrequest
+    scmid: azuredevops
diff --git a/go.mod b/go.mod
@@ -56,6 +56,7 @@ require (
 	github.com/invopop/jsonschema v0.14.0
 	github.com/jferrl/go-githubauth v1.6.0
 	github.com/joho/godotenv v1.5.1
+	github.com/microsoft/azure-devops-go-api/azuredevops/v7 v7.1.0
 	github.com/minamijoyo/hcledit v0.2.17
 	github.com/minamijoyo/tfupdate v0.8.0
 	github.com/muesli/mango-cobra v1.3.0
@@ -277,7 +278,7 @@ require (
 	github.com/google/btree v1.1.3 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/google/uuid v1.6.0 // indirect
+	github.com/google/uuid v1.6.0
 	github.com/googleapis/enterprise-certificate-proxy v0.3.11 // indirect
 	github.com/googleapis/gax-go/v2 v2.17.0 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect

diff --git a/go.sum b/go.sum
@@ -440,6 +440,7 @@ github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0=
 github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
+github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -575,6 +576,8 @@ github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZ
 github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
 github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/microsoft/azure-devops-go-api/azuredevops/v7 v7.1.0 h1:mmJCWLe63QvybxhW1iBmQWEaCKdc4SKgALfTNZ+OphU=
+github.com/microsoft/azure-devops-go-api/azuredevops/v7 v7.1.0/go.mod h1:mDunUZ1IUJdJIRHvFb+LPBUtxe3AYB5MI6BMXNg8194=
 github.com/miekg/dns v1.1.57 h1:Jzi7ApEIzwEPLHWRcafCN9LZSBbqQpxjt/wpgvg7wcM=
 github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk=
 github.com/minamijoyo/hcledit v0.2.17 h1:5FFiUu8BtJeldqb8OhZ4fKoGZuH3oiW30AM0dHuUIPQ=

diff --git a/pkg/core/engine/configuration.go b/pkg/core/engine/configuration.go
@@ -15,6 +15,8 @@ import (
 	"github.com/updatecli/updatecli/pkg/core/pipeline/scm"
 	"github.com/updatecli/updatecli/pkg/core/reports"
 	"github.com/updatecli/updatecli/pkg/core/result"
+	"github.com/updatecli/updatecli/pkg/plugins/scms/azuredevops"
+	"github.com/updatecli/updatecli/pkg/plugins/scms/azuredevopssearch"
 	"github.com/updatecli/updatecli/pkg/plugins/scms/github"
 	"github.com/updatecli/updatecli/pkg/plugins/scms/githubsearch"
 	"github.com/updatecli/updatecli/pkg/plugins/scms/gitlab"
@@ -174,6 +176,44 @@ func (e *Engine) LoadConfigurations() error {
 							logrus.Debugf("githubsearch scm %q added new pipeline configuration for repository %s/%s", scmID, spec.Owner, spec.Repository)
 						}
 
+					case azuredevopssearch.Kind:
+
+						logrus.Debugf("Processing azuredevopssearch scm %q for potential multiple repository discovery", scmID)
+
+						ctx := context.Background()
+						azdoSearchScms, err := azuredevopssearch.New(scmConfig.Spec)
+						if err != nil {
+							return fmt.Errorf("unable to instantiate azuredevopssearch scm %q: %w", scmID, err)
+						}
+						discoveredAzureDevOpsSCms, err := azdoSearchScms.ScmsGenerator(ctx)
+						if err != nil {
+							return fmt.Errorf("unable to generate scm specs for azuredevopssearch scm %q: %w", scmID, err)
+						}
+
+						if len(discoveredAzureDevOpsSCms) == 0 {
+							return fmt.Errorf("no scm discovered for azuredevopssearch scm %q", scmID)
+						}
+
+						scmConfig.Kind = azuredevops.Kind
+						scmConfig.Spec = discoveredAzureDevOpsSCms[0]
+
+						loadedConfigurations[i].Spec.SCMs[scmID] = scmConfig
+
+						for _, spec := range discoveredAzureDevOpsSCms[1:] {
+							newPipeline := loadedConfiguration
+
+							newPipeline.Spec.SCMs = make(map[string]scm.Config, len(loadedConfiguration.Spec.SCMs))
+							maps.Copy(newPipeline.Spec.SCMs, loadedConfiguration.Spec.SCMs)
+
+							newSCM := newPipeline.Spec.SCMs[scmID]
+							newSCM.Kind = azuredevops.Kind
+							newSCM.Spec = spec
+
+							newPipeline.Spec.SCMs[scmID] = newSCM
+
+							loadedConfigurations = append(loadedConfigurations, newPipeline)
+						}
+
 					case gitlabsearch.Kind:
 
 						logrus.Debugf("Processing gitlabsearch scm %q for potential multiple repository discovery", scmID)

diff --git a/pkg/core/pipeline/action/main.go b/pkg/core/pipeline/action/main.go
@@ -12,10 +12,12 @@ import (
 	"github.com/updatecli/updatecli/pkg/core/jsonschema"
 	"github.com/updatecli/updatecli/pkg/core/pipeline/scm"
 	"github.com/updatecli/updatecli/pkg/core/reports"
+	azuredevops "github.com/updatecli/updatecli/pkg/plugins/resources/azuredevops/pullrequest"
 	bitbucket "github.com/updatecli/updatecli/pkg/plugins/resources/bitbucket/pullrequest"
 	gitea "github.com/updatecli/updatecli/pkg/plugins/resources/gitea/pullrequest"
 	gitlab "github.com/updatecli/updatecli/pkg/plugins/resources/gitlab/mergerequest"
 	stash "github.com/updatecli/updatecli/pkg/plugins/resources/stash/pullrequest"
+	azuredevopsscm "github.com/updatecli/updatecli/pkg/plugins/scms/azuredevops"
 	bitbucketscm "github.com/updatecli/updatecli/pkg/plugins/scms/bitbucket"
 	giteascm "github.com/updatecli/updatecli/pkg/plugins/scms/gitea"
 	"github.com/updatecli/updatecli/pkg/plugins/scms/github"
@@ -24,11 +26,12 @@ import (
 )
 
 const (
-	gitlabIdentifier    = "gitlab"
-	githubIdentifier    = "github"
-	giteaIdentifier     = "gitea"
-	stashIdentifier     = "stash"
-	bitbucketIdentifier = "bitbucket"
+	azuredevopsIdentifier = "azuredevops"
+	gitlabIdentifier      = "gitlab"
+	githubIdentifier      = "github"
+	giteaIdentifier       = "gitea"
+	stashIdentifier       = "stash"
+	bitbucketIdentifier   = "bitbucket"
 )
 
 // ErrWrongConfig is returned when an action has missing mandatory attributes.
@@ -148,6 +151,25 @@ func (a *Action) Update() error {
 func (a *Action) generateActionHandler() error {
 	// Don't forget to update the JSONSchema() method when adding/updating/removing a case
 	switch a.Config.Kind {
+	case "azuredevops/pullrequest":
+		if a.Scm.Config.Kind != azuredevopsIdentifier {
+			return fmt.Errorf("scm of kind %q is not compatible with action of kind %q",
+				a.Scm.Config.Kind,
+				a.Config.Kind)
+		}
+
+		ge, ok := a.Scm.Handler.(*azuredevopsscm.AzureDevOps)
+		if !ok {
+			return fmt.Errorf("scm is not of kind 'azuredevops'")
+		}
+
+		g, err := azuredevops.New(a.Config.Spec, ge)
+		if err != nil {
+			return err
+		}
+
+		a.Handler = &g
+
 	case "bitbucket/pullrequest", bitbucketIdentifier:
 		if a.Scm.Config.Kind != bitbucketIdentifier {
 			return fmt.Errorf("scm of kind %q is not compatible with action of kind %q",
@@ -267,11 +289,12 @@ func (Config) JSONSchema() *jschema.Schema {
 	type configAlias Config
 
 	anyOfSpec := map[string]interface{}{
-		"github/pullrequest":    &github.ActionSpec{},
-		"gitea/pullrequest":     &gitea.Spec{},
-		"stash/pullrequest":     &stash.Spec{},
-		"gitlab/mergerequest":   &gitlab.Spec{},
-		"bitbucket/pullrequest": &bitbucket.Spec{},
+		"azuredevops/pullrequest": &azuredevops.Spec{},
+		"github/pullrequest":      &github.ActionSpec{},
+		"gitea/pullrequest":       &gitea.Spec{},
+		"stash/pullrequest":       &stash.Spec{},
+		"gitlab/mergerequest":     &gitlab.Spec{},
+		"bitbucket/pullrequest":   &bitbucket.Spec{},
 	}
 
 	return jsonschema.AppendOneOfToJsonSchema(configAlias{}, anyOfSpec)

diff --git a/pkg/core/pipeline/action/main_test.go b/pkg/core/pipeline/action/main_test.go
@@ -75,6 +75,17 @@ func Test_Validate(t *testing.T) {
 				ScmID: "default",
 			},
 		},
+		{
+			name: "Passing case with 'azuredevops/pullrequest'",
+			config: Config{
+				Kind:  "azuredevops/pullrequest",
+				ScmID: "default",
+			},
+			wantConfig: Config{
+				Kind:  "azuredevops/pullrequest",
+				ScmID: "default",
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {