We have a pre-deployment branch and a production branch, and would like to set security such that you can only create pull requests to the production from pre deployment and not from other branches.
How can i do this ?
Thanks
There are workaround to achieve this.
You should first create a build pipeline with a powershell task executing below script to check if the pull request source branch is the restricted branch.
$sourceBranch = "$(System.PullRequest.SourceBranch)"
if($sourceBranch -ne "refs/heads/pre-deployment")
{
exit 1
}
And then add this build pipeline to the build policy under Build validation in branch policies of your production branch. After setting above build policy, the new pull request will trigger the build pipeline and fail if the source branch is not pre-deployment
Another way to do this is creating a pull request status server. please refer to the example here for more information
Related
I have two CI pipelines in azure devops:
CI pipeline to train models
CI pipeline to score/predict/inference new data
Both of these pipelines are triggered when a PR is created on a specific branch. I have enabled "Tag Builds" on succeed with $build.BuildNumber format. I beleive if the builds are successful, they are given some tags.
I have a release pipeline, what I want to do is to check if the tag/buildNumber for 1st and 2nd CI pipelines are same or not. If not, the release pipeline should fail.
The problem is I cant find any tag information of the CI pipelines here is what I see after a build is succeeded.
I found out that. It is not possible to check if two or more tags are valid based on some logic in devops. So, we ended up using bash task and git commands to check if tags are valid (using regex).
I am using git service of azure devops.
I have my build pipeline setup with master branch using yml file.
And it runs & perform well.
Question is on Azure UI: Why does it show me the button 'Set up build' i already have my pipeline setup.
The reason is that the latest commit did not trigger my pipeline as we are excluding build trigger for README file changes.
(Build status links with commit id)
is there anyway to show the latest build status instead of this button.
Azure DevOps provides this quick way to set up yaml pipeline using this “Set up build” button when new repository is created. When you click this button to set up yaml pipeline and queue a new build, this button will show you the latest build's state( the build status is linked with commit-id), as below.
To your situation, as this ticket suggested, you could see the build status in the other place, such as Commits hub, Dashboad, build status badges and so on.
This happens if we commit some files which is part of exclusion in pipeline trigger, as in this particular commit there is no pipeline status is linked.
I'm trying to make a single build pipeline for 3 env (dev, qa, prod) but with ability to choose which one to build from.
The idea is to keep the pipeline on prod branch or another repo, and not having it in every env.
The issue now is that on a PR it will start the pipeline only on master(prod) branch as it shall contain the yml file.
Is there a way to get the PR target branch in order to add additional conditions for PR triggers?
how to get target branch from a pull request using azure devops api or other methods?
Agree with Yan Sklyarenko. Azure devops provides us with some predefined variables, like:
System.PullRequest.IsFork
System.PullRequest.PullRequestId
System.PullRequest.PullRequestNumber
System.PullRequest.SourceBranch
System.PullRequest.SourceRepositoryURI
System.PullRequest.TargetBranch
To get the target branch from a pull request, we could use the predefined variable System.PullRequest.TargetBranch.
So, we could use this predefined variable as condition:
condition: and(succeeded(), eq(variables['System.PullRequest.TargetBranch'], 'refs/heads/master'))
You can still have one build pipeline.
PR triggers are for github/bitbucket repositories. You can create branch policy which triggers your code etc.
The conditions you can have on each step/task:
conditions in Azure DevOps
for example:
- stage: B
condition: and(succeeded(), eq(variables['build.sourceBranch'], 'refs/heads/master'))
with that condition this stage will run, only when source branch is named "master"
Using azure data factory v2 with GIT / Azure DevOps integration:
If you for example create a trigger using Set-AzDataFactoryV2Trigger via powershell according to the documentation, the trigger is created directly in the adf_publish branch. This is an issue, as this will result in a mismatch between the master branch and adf_publish, meaning you'll not be able to publish going forward as this of course raises an error. How do I get the cmdlet to create the trigger in a new or specific branch, which I then can merge into master and publish the correct way?
I am trying to pass a variable to a pr trigger depending on what branch I want to create a pull request with. Is it possible to pass different variables when the pipeline runs automatically. Or do I have to manually trigger the pipeline with a new variable before running it?
My YAML snippet with the variables
According to the screenshot you shared in the question, seems the source of this YAML pipeline is one of your Azure Devops Repos.
But, according the doc YAML PR trigger:
YAML PR triggers are only supported in GitHub and Bitbucket Cloud.
For Azure Devops repos source, the YAML pipeline triggered by PR can only be achieved by Build policy. If you don't specify the build policy and just use pr in YAML, it will not work.
pass a variable to a pr trigger depending on what branch I want to
create a pull request with.
Why not directly to use the pre-defined variable which can let the YAML know what branch that the pull request created with:
System.PullRequest.SourceBranch : The branch that is being reviewed in a pull request.
System.PullRequest.TargetBranch: The branch that is the target of a pull request.