Pull Request Validation pipeline for branch policy in Azure DevOps

Author: Akhil M Anil || DevOps Engineer

A "PR" pipeline is just a pipeline that is triggered when a user creates a new pull request. It can be used for running tests, static analysis, linting, or other checks against the incoming branch as a way to ensure coding standards are met before merging the PR. Here we will see how we can impose branch policy in the PR validation pipeline and restrict the merging of codes to higher branches directly from lower branches.

Consider we have 4 main branches Master/main, SIT, Integration, and dev. If we have an approved branching strategy that restricts the merging of the codes to any other branches than the specified branches, for example, the codes from dev can only be merged to the Integration branch, and the testing and deploying to the test environment will happen from the Integration branch, and similarly, after successful testing in a test environment the codes can be merged to SIT branch and testing and deployment in a UAT environment will happen from SIT branch, and from SIT to master will be done.

Any deviation from this approved pattern needs to be identified and the merging of codes must be restricted. We never want the PR to be merged to the higher branches and then revert back once the build pipeline fails, instead, we always prefer a proactive approach of preventing the PR from merging if the build is failing.

This article covers creating a YAML-based PR build validation pipeline for branch policy and setting build policies in Azure DevOps to ensure all PRs are automatically validated using the pipeline and only build-validated PRs can be merged.

Here we are simply using a PowerShell task to check whether the pull request source branch and target branch are aligned with the defined branch policy.

System.PullRequest.SourceBranch is the branch that is being reviewed in a pull request.

Full code can be found in GitHub: Azure-DevOps/PR-validation.yml

Steps for creating a PR Validation pipeline for branch policy in Azure DevOps:

  • Create the PR Validation YAML pipeline in Azure DevOps.

    • Navigate to 'Pipelines' in Azure DevOps. Select 'Create Pipeline' or 'New Pipeline' to create a new pipeline.


    • Select the code repo.

    • Click on 'Existing Azure Pipelines YAML file' from the pipeline configuration page.

    • Select the YAML pipeline file path and click 'Continue'.

    • Save the pipeline and rename it to a more meaningful one.


  • Add build validation policy for each branch

    • Navigate to 'Branches' under 'Repos' in Azure DevOps. Click on the three dots against the branch and select 'Branch Policies' from the context menu.


    • In the branch policies settings page, Add a 'Build Validation' policy. Select the PR pipeline and click 'Save' to enable the build validation.


    • Build Validation policy is now in place and all PRs now will require this build validation to pass in order to merge the code.

  • Create PR and test 

    • Create a Pull Request from the dev branch to integration and the pipeline will get triggered automatically.



    • Create a Pull Request from the dev branch to the main and the pipeline will get triggered automatically.



Perfect! Azure DevOps Pull Request build validation pipeline has been set up for branch policy.

Connect me via:

LinkedIn: Akhil M Anil | LinkedIn




Comments

Post a Comment

Popular posts from this blog

Install Java silently using powershell in Azure Windows VM

Image
Written by Akhil M Anil . To install Java silently using PowerShell in Windows VM, follow the following steps: Downloading Java can be done in two ways:   Download your required Java version ( Java Downloads | Oracle ) to a folder in your Windows VM.     Use PowerShell to Download Java to a folder.  Follow the below steps for downloading Java through PowerShell : Initially copy the Download link for your required Java version, Java file name, and Location where you want to download Java in your VM to a notepad Open PowerShell  Run the following command in PowerShell $url = "<your-copied url>" $filename = "<file_name>" $dest = "<outputfile-location\$filename>" Invoke-WebRequest -Uri $url -OutFile $dest For Example:  $url = "https://download.oracle.com/java/18/latest/jdk-18_windows-x64_bin.exe" $filename = "jdk-18_windows-x64_bin.exe"  $dest = "C:\Users\akhilanil\Desktop\Java\$filename" Invoke-WebRequest -Uri
Read more

Configure an Azure DevOps self-hosted Windows agent in Docker

Image
Author: Akhil M Anil || DevOps Engineer An agent is computing infrastructure with installed agent software that runs job to perform a task/ a set of tasks. There are different types of agents available for the users such as: Microsoft Hosted Agents Self-hosted Agents Scale Set Agents Self-hosted Agents An agent that we set up and manage on our own to run jobs is a  self-hosted agent .  Self-hosted agents give us more control to install dependent software needed for our builds and deployments. Also, machine-level caches and configuration persist from run to run, which can boost speed. We  can install the agent on Linux, macOS, or Windows machines. We can also install an agent on a Docker container. This Article covers configuring an agent on a Docker container and use the agent to run job to perform tasks. Run a self-hosted agent in Docker We can set up a self-hosted agent in Azure Pipelines to run inside a Windows Server Core (for Windows hosts), or Ubuntu container (for Linux hosts)
Read more

List of Repositories - Authorize Rest API calls using Job Access Token

Image
  Author: Akhil M Anil || DevOps Engineer Getting the complete list of Repository names  in Azure DevOps Project using REST Api and Publishing as a CSV file. In the last blog I have talked about Authorizing REST API call using Job Access Tokens. If missed, please find that blog here:  Job Access Tokens . In this blog we will use Job Access Token to Authorize Rest API call and retrieve the list of repositories.  Full code can be found in GitHub:  Repository-List Steps: Push the developed pipeline code  (azure-pipelines-repos.yml) and python code  (repos.py) to Azure Repos. We are using  Repositories - List - REST API  to fetch the repository list using python. Job Authorization Scope for Job Access token. In order to access repositories using system access token, we need to change our default job authorization scope. In my last blog I have already mentioned about Job Authorization Scopes, feel free to take a look.  To set job authorization scope at the organization level for all projec
Read more