I have a customization which requires certain automation steps to be configure. Is there any option to add automation step into my customization build so that I do not have to configure it manually on client system?
Related
We have an Azure Function and an Azure DevOps Pipeline, the pipeline builds and published the code of the function's repo automatically. We want to escape discrepancies caused by, potentially, people manually publishing a version of the code, from within their Visual Studio, that is not in source control.
How can we ensure that?
Is there a way to disable manual publishing and only allow the Azure DevOps Pipeline to publish code to the function?
I am referring to a person using the "Publish" option in Visual Studio. Is there a way to forbid the Azure function from accepting such a publish?
To stop manual changes to the build, yaml files and pipeline would be to restric access to the build section of the pipeline for all the users.
This way no one will be able to change the pipeline but the admin user will still have access to the pipeline.
To set the permission we have to go to manage security which is under the pipeline tag.
Then we can select the permission for the users.
Here each tag represents a permission. Since we want to stop manual deployment we would set Edit build pipeline and Edit quality pipeline to deny.
These permissions can be set for individuals as well as security group.
Reference:
permissions in devops.
is there any way, I can make below tasks mandatory so that a user cannot disable it under Build Pipeline(CI) in Azure DevOps
If you are the owner of the organization, you can manage it through the settings.
Navigate to Your Project -> Pipeline -> Manage Security and probably you need to restrict the user from editing the pipeline
There are various policies available which you can play around.
You can develop a Pipeline decorator extension and then install it to your organization. Pipeline decorators let you add steps to the beginning and end of every pipeline job.
To view more details, you can see "Use a decorator to inject steps into a pipeline".
Normally, only the Organization Owner or Project Collection Administrators can add or delete the extensions on the organization. So, other users are not able to remove the decorators from the pipelines.
I have a simple executable, that I have build and unittested in a build pipeline.
now I want to install it on some test machines and run some tests on the app, before releasing it to production. (eventually I hope to automate the tests with specflow, but that is the next step)
So basically I have an helloworld.exe build, that I want to be installed from a pipeline to at test agent computer.
I think clickonce is the optimal option, but am unsure how to set it up on azure devops. (we use a server on premises)
Msbuild has Publish target to build and publish the ClickOnce application. It will generate the setup.exe you want. Please check document: Create and build a basic ClickOnce application with MSBuild. In release pipeline you can use msbuild task or Visual Studio Task with Publish target(/t:Publish as argument).
Then you'll get one app.publish folder where the files you want exist there:
This folder can be used for your further deployment.
Here is a ticket you can refer to .
In addition, azure devops Marketplace provides some extension: ClickOnce Packager, ClickOnceMore DevOps Pipeline Task.
How to automate IIS web applications using Jenkins with Team foundations server source code management tools.
I am planning to automate IIS applications can you please provide me any documents which is really helpful.
If my understanding is correct, you want to queue Jenkins build automatically when there is a change in IIS web applications which hosted in TFS. You can check the steps below:
In Jenkins, add a new project, and in Source Code Management, select TFVC or Git (it depends on which version control type you use in TFS). Details you can refer to the link below:
https://github.com/jenkinsci/tfs-plugin/blob/master/README.md#job-configuration
In TFS/VSTS, add a new Service Hook, and select Jenkins and choose Code checked in or Code pushed event (it depends on which version control type you use in TFS).
With these two configurations, when there is a new check-in or push to the IIS web application, the Jenkins build will be triggered automatically. Here is a useful blog for your reference:
http://www.donovanbrown.com/post/Setting-up-CICD-with-the-TFS-Plugin-for-Jenkins
I am using VSTS and a private build agent and I want to make sure that I am not opening my organization to attack. The build and deployment pipeline allow Powershell scripts to execute on premise. To protect against hackers I have done the following
Limited the access of the service account that runs the VSTS Build agent
Limited who can invoke a Build or deployment
Avoided executing scripts as part of the build that are in git
We have linked our internal Active directory to VSTS, which means we have a single sign on from within our organization.
My question is what else can I do to secure my Build and release pipelines? Are there tools or scripts that can be used to monitor the build scripts and there use?
You can set permissions with two aspects to make your build/release and the private agent secure:
Set permissions for build/release definitions
Click … button for build/release definitions -> Security -> set detail permissions for groups or users -> Save changes.
Set permissions for agent
You can also set different roles for groups and users for Agent queues and Agent pools.
More details, you can refer the document Set build and release permissions.