How to automatically 'git tag -a' after a pull request has completed on Azure Devops?

6
votes

How do we add custom annotated tags on master once the pull requests (PR) is complete, automatically?

More background:

  • Using azure-pipelines.yml
  • Branch policies on master to force PR to be used
  • We have a repository that holds Azure Devops Pipeline Templates ("devops templates repo")
  • Other repos have a root pipeline file that references the "devops template" repo
  • We use SEMVER for tagging our products, including the devops template repo
  • In root pipelines we wish to pin to a SEMVER release of the devops template repo
  • We currently tag manually with each of the following to point to the merge commit that occurred after the PR completed
    • "vMAJOR.MINOR.PATCH"
    • "vMAJOR.MINOR"
    • "vMAJOR"

Pin on MAJOR only example:

resources:
  repositories:
    - repository: templates
      type: git
      name: template_devops_pipelines
      ref: "refs/tags/v1"
1
azure-devopsazure-pipelinesazure-pipelines-yaml
You can consider using this rest api in pipeline to create git tags.LoLance
Sounds like we need a tagging pipeline then, because our PR merges don't complete until prod stage is completed.Adrian Torrie
If you have configured branch policy, you can create a pipeline(enable the CI) to call the rest api, it may meet your needs.LoLance

1 Answers

1
votes

A sample tagging pipeline that I use:

trigger:
  - main

variables:
  user.email: "[email protected]" 
  user.name: "DevOps"
  defaultBranch: "main"
  major: 1
  minor: 0
  patch: $[counter(variables['patch'], 2)]

name: $(major).$(minor).$(patch)

steps:
  - checkout: self
    persistCredentials: true
  - script: |
      git config user.email ${{variables['user.email']}}
      git config user.name ${{variables['user.name']}}
    displayName: 'configure git credentials'
  - script: | 
      git tag "$(Build.BuildNumber)"
      git push origin "$(Build.BuildNumber)"
    displayName: 'git tag'
    condition: eq(variables['Build.SourceBranchName'], variables['defaultBranch'])

You basically need three things:

  1. checkout with persistCredentials - so your pipeline can tag and push later
  2. configure git user.email and user.password
  3. tag & push

For the last step, you will need to assign "Contribute" permissions to pipeline build service account. Go to: Project Settings -> Repositiories -> {your repo} -> Security, find user {your organization} Build Service and set Contribute to Allow.