Azure DevOps YAML Pipeline Approval using Multi-Stage

1
votes

I've recently tried converting our UI or Classic based Release pipeline over to a YAML based release pipeline.

We have three environments, initially a CD build will happily deploy to our Development environment.

From there we manually trigger a release (re: promotion) to Test, and then at some point, if we're all happy, manually promote to Production.

We know we can't mimic the manual promotion between releases stages as it's not currently supported, but from what I've read, we should be able to do the same thing by defining a security check for each environment where the manual promotion was requested.

The details for defining security checks are here: https://docs.microsoft.com/en-us/azure/devops/pipelines/process/approvals?view=azure-devops&tabs=check-pass

I've since added that same security check to both Test and Production, but the releases still happen automatically.

Is there a sample of where this kind of approval process is mapped into the new YAML multi-stage releases?

So far I've added a security group to the Test and Production environment, via the Approval and checks feature on the Environments tab.

Approvals and checks

1
azure-devopsazure-pipelines-release-pipeline
Can you share your YAML and your checks? - Shayki Abramczyk
@ShaykiAbramczyk It's done via the 'Approvals and Checks' function of the Environment, so it's not in the YAML itself... which is, as far as I can tell, what the link above is showing - Kieron

1 Answers

2
votes

Please check below YAML sample:

trigger:
- master

pool:
  vmImage: 'ubuntu-latest'

stages:

  - stage: build   
    jobs:
      - job: buildjob        
        steps:
          - checkout: none
      - deployment: DeployWeb
        pool:
          vmImage: 'Ubuntu-16.04'
        environment: 'Verify'

  - stage: deploy
    jobs:
      - deployment: DeployWeb
        displayName: deploy Web App
        pool:
          vmImage: 'Ubuntu-16.04'
        environment: 'Verify'
        strategy:
          # default deployment strategy, more coming...
          runOnce:
            deploy:
              steps:
              - script: echo my first deployment

In my scenario, I have one environment names Verify, and I added the Approvals and Checks for it.

To apply this Approvals and Checks into your multi-stage pipeline, you need make sure the corresponding environment has been targeted in YAML.

Another thing you need pay attention, is that until now, Environment can only be target in deployment job of YAML.

In another word, only the stage that configure the - deployment: job in it, can work with Environment. Also, will work with the environment that added the Approvals and Checks.