Code Pipeline with approvals in AzureDevOps
If like me you assumed that the functionality is missing, you are mistaken. The functionality can be included, it just does not match its counterpart within the UI — By Craig Godden-Payne@beardy.digital
Azure Dev Ops supports code pipelines as well as a UI pipeline builder. One thing that isn’t immediately clear is how to allow for gated approvals for the code pipeline, something which is obvious in UI mode.
If like me you assumed that the functionality is missing, you are mistaken. The functionality can be included, it just does not match its counterpart within the UI.
You are able to introduce approvals by using environments.
At a glance, Environments look to include functionality for working with virtual machines or kubenetes, but this is not the only function.
You are able to create an environment, which requires approvals or checks. Once a code pipeline runs with this environment, it will pause with an approval
Here is an example of a code pipeline, note the environment is set to development for an auto deploy, and developmentWithApproval for a gated build.
This example is a terraform pipeline, where someone from a devops team would want to manually approve any changes to infrastructure in AWS.
variables:
awsCredentials: 'aws-craig-godden-payne-credentials'
terraformVersion: '0.12.24'
stages:
- stage: InfrastructurePlan
jobs:
- deployment: Plan
displayName: Plan
environment: development
strategy:
runOnce:
deploy:
steps:
- checkout: self
displayName: Pull Git
persistCredentials: true
- task: TerraformInstaller@0
displayName: Install Terraform
inputs:
terraformVersion: '$(terraformVersion)'
- task: AWSShellScript@1
displayName: Terraform Plan
inputs:
awsCredentials: '$(awsCredentials)'
regionName: 'eu-west-2'
scriptType: 'inline'
inlineScript: |
terraform init
terraform plan- stage: InfrastructureApply
jobs:
- deployment: Apply
displayName: Apply
environment: developmentWithApproval
strategy:
runOnce:
deploy:
steps:
- checkout: self
displayName: Pull Git
persistCredentials: true
- task: TerraformInstaller@0
displayName: Install Terraform
inputs:
terraformVersion: '$(terraformVersion)'
- task: AWSShellScript@1
displayName: Apply Terraform
inputs:
awsCredentials: '$(awsCredentials)'
regionName: 'eu-west-2'
scriptType: 'inline'
inlineScript: |
terraform init
terraform apply
In the environments section of the project, create the environments development and developmentWithApproval
On developmentWithApproval, make sure to add a check, with an approval. This will gate the deployment, and require approval, preventing the auto deployment.
Now when the pipeline runs, it will wait at the appropriate stage, for approval.
Once the approver has approved the deploy, then the code deploy pipeline will continue as normal.
