we are using Azure DevOps as our ALM system. When a user story or bug fix is resolved, it shows in a public query - like a stack - where our QA team members subsequentially pull tickets independently for verification. As this is part of a pull request review, a PR can not be merged unless QA finished testing. So we aim for fast response times and parallelization of testing to minimise the potential of merge conflicts. Often times, we find that multiple work items are self-assigned to the same people, while other team members do not have work items assigned, increasing the potential response times for our devs (unless people change assignments) and leading to a rather subsequential then parallel verification of work items
So we are looking for a way in Azure Dev Ops that allows us to make sure that members of a certain user group can only be assigned one work item of certain work item type and state at the time. We looked into Custom Rules in detail but failed to get anything like this out of it. I'm thankful for any ideas and hints on how this can be accomplished (extensions also welcome)
There is no such rule or policy in Azure DevOps.
And it won't prevent someone from working on it anyway to be honest... I assume testing multiple changes in a single go isn't an option? It would simplefy things tremendously...
Related
I'm wondering what is the best practice in strengthening and enforcing good security on a circleci pipeline. I'd like to ensure that no one should be able to deploy to prod without having their PR approved by another user in the organization.
Circleci offers one functionality which is contexts. These can be used to ensure that only people within a security group are allowed to run certain jobs and therefore access certain env variables. That works mostly fine, except we would like anyone to be able to deploy prod changes given that their changes have been approved by someone else in a PR.
We've setup so merges to master can only be done by approving the PR, but now we're faced with two options:
Only people with access to the context can merge the change (not what we want, it slows us down too much)
We remove contexts (insecure, anyone with access to the repo could change the CI job to print the credentials and steal them). We could give every user with push access also access to the contexts, but then it becomes equally insecure.
What is the best way to tackle this? Are there other best practices for securing the pipelines?
This is part public awareness and part actual question for better workarounds.
Overall, we have recently discovered (the hard way) that emailing via an Azure Action Group is unreliable and occasionally fails. Basically, sometimes their IPs get blacklisted for various reasons (very common). They have nothing in place to alert those relying on an email notification that it failed, even though they have all the information they need to do so (they showed me a screenshot showing the SMTP failure due to the IP blacklisting from their log). The Azure portal will still show "fired". And, so, it just fails silently in the background with no indication to the user it was never sent. According to one of the technical Azure reps we have discussed this with:
The way of identifying a failure is to evaluate any kind of rejection message received from the target server but those are not guaranteed and not generated in all scenarios. Take into account that email actions are provided free of charge and performing post-send operations to try and verify delivery would consume additional computing that would make providing this notification mechanism free of charge less desirable
I know that many rely on these for production notifications of various scenarios. You should not rely on this going forward, or at least have a backup in place (e.g. SMS, web-hook, etc).
I would like to know if anyone has experienced this as well and, if so, what is the better, more reliable method to use.
Thanks in advance!
In my current company, we are sometimes approving our own pull requests for the sake of bugfixing. If it's a small bug, or someone has breakdown service, they are required to be able to fix things quickly.
Because some people abuse this functionality to approve their own 'features', I wish to remove the ability to do this, except if the there are only 'bug' workitems linked to the PR.
As far as I have seen, I can only check some marks regarding the policy of the masterbranch.
Can I create a policy to enable people to approve their own pull requests, if no work-items other than bug items are linked to it?
That's not supported in Azure Pipelines - it's either allowed or not based on your branch policies. Everything that follows is opinion, so take it with a grain of salt - I'm not convinced that such a feature would solve your problem.
You said that you currently allow developers to approve their changes because, if there's an urgent bug they need to be able to move quickly. That's understandable. Also, developers can "game the system" by PR'ing features.
If you were to restrict branch policy to allow developers to merge PR's only if bugs are attached, what prevents the developer from putting new feature functionality into bug fixes?
In other words, your PR policies work by convention, and that convention can be broken. Your proposed solution is another convention that can be broken.
For my work I've been assigned multiple Azure DevOps projects that I have been asked to create dashboards for. My boss is interested in a dashboard for each individual project (at that project level) and one master dashboard that consolidates all the information across projects. I've looked at the main Microsoft support link for this (https://learn.microsoft.com/en-us/azure/devops/project/work-across-projects-faqs?view=azure-devops), as well as numerous other resources, and I am still having several issues. I'm trying to work around the following constraints:
We don't want to create another project and use the "Query Across Projects" feature, as we are trying to utilize the hierarchical structure of Azure DevOps projects.
We'd like to avoid OData Queries / PowerBI, as I've run into numerous issues with them. Specifically, the data I get from the query is in a very ugly format (almost entirely hashed strings and other unclean data).
I'm open to any and all suggestions and would really appreciate pointers to other resources - I've had a hard time finding people who are looking to do similar tasks or who are having similar problems, so any help is much obliged.
I did some work on it, I guess we have a dashboard very much coupled with project.
Program level dashboard as in project management. But there is concept of Portfolio management, check if that helps: https://learn.microsoft.com/en-us/azure/devops/boards/plans/portfolio-management?view=azure-devops
How can I create a dashboard across multiple Azure DevOps Projects?
Starting from November 12 2020, MS announce a public preview for Delivery Plans 2.0, which provide a first-class roadmap and timeline solution natively in Azure Boards. The initial preview will include these features:
Bringing Delivery Plans into the core product, rather than requiring
an extension to be installed.
Enabling work items to span iteration boundaries.
Enabling drag and drop borders to show when a work item starts and
ends.
Enabling stakeholders to view plans.
Use Delivery Plans to ensure your teams are aligned with your organizational goals. You can view multiple backlogs and multiple teams across your whole account. You can interact with the plan with simple drag-and-drop operations to update or modify the schedule, opening cards, expanding and collapsing teams, and more.
You could check the document Review team Delivery Plans for some more details.
Is there a way to create a review in Swarm to files without changing them?
My Use Case:
I was asked to review an exist module in the project. I want to make an online review using Swarm and add comments.
Update
From Swarm Documentation:
Post-commit model
The post-commit model can be used if your team's development processes preclude the use of shelving. Code must be committed to the Perforce service before code review can begin, which reduces the opportunity to fix problems before, for example, a continuous integration system notices problems. However, code reviews can be started for any existing code regardless of how long it has been committed.
I think that documentation is talking about having the CL committed first and later review it. I'm talking about an exist code that was developed over period of time and with multiple CLs that need a complete review.