Azure DevOps - Automatic merge after deployment - azure-devops

We have a development branch that is fed from feature branches through pull requests. After merge a build occurs and the artifact created triggers the release pipeline with some deployments happening automatically and others happening after manual approval.
After the approval happens for production, and after successful deployment, we would like to merge the PR that was was merge to develop to our main branch. I was wondering if this could be achieved automatically from the pipeline.
Note that not all the PR are going to make its way to production and the latest may not be the one being deployed in production.

Assuming that you must complete the PR to trigger the CI build and release pipelines, you won't be able to re-use the existing PR to merge into another branch because PRs are specific to branches and once completed they can't be re-opened.
In theory, you could add logic to your release pipeline to create a new PR after successfully deploying into production but this is dangerous because PRs are based on branches and not individual commits. So if the develop branch changes while you're deploying into production the new PR would contain changes that haven't been deployed. If you have a small team and the number of PullRequests are low, this might not be a problem for you.
However, if you have a large team and dozens of pull-requests a day, you might benefit by adjusting your a gitflow branching strategy. In that model you would create a release branch and deploy that into other environments. Creating the pull request at the end of that pipeline flow makes total sense because you're deploying and merging a static branch.
For example, you could add a step in your release pipeline to create the PR using the Azure CLI:
$pr = az repos pr create `
--source-branch develop `
--target-branch main `
--title 'merge $(Build.BuildId) into main' |
Write-Host 'Created PR $($pr.pullRequestId)'
There's another question where they're doing something similar.
Alternatively, look at the "Github flow" model. They use a trunk-based branching strategy where the PR is king and changes in the PR ultimately go to production or they don't get merged. The GitHub team had a model where they concentrated on a single PR at a time with a flow that looked like:
Designate a PR as a candidate for production
Automation would lock the target branch and create a temporary merge of the PR and the target branch
Automation would build this branch and deploy it to various environments.
Upon successful build into the environment, the automation would unlock the target branch and complete the PR.
It's worth pointing out that Azure DevOps does support triggering Releases from Pull Requests, and each PR-triggered build is a temporary merge of the target branch, so you could create a release and deploy it into your environments with your approval gates. You could add automation to your release to approve the PR:
az repos pr set-vote --id $pr.pullRequestId --vote approve


How to limit associated work items in Azure DevOps YAML pipeline once PR is merged?

I've been migrating build/release pipelines in Azure DevOps to the unified YAML format. Everything works as expected apart from the work items which are associated with CI builds once a PR is merged to the master branch. Here is the workflow:
Developer raises PR to merge changes from feature branch into the master branch
The PR has a build policy which executes the YAML pipeline against a test environment
The PR is completed and the feature branch is merged into the master branch
The YAML pipeline has a CI trigger for deployments to higher environments
For step 2 the triggered build shows whichever work items are associated with the PR:
However, for Step 4 the triggered CI build lists all work items in the master branch rather than just those associated with the PR:
Is there a way to only associate the work items which are associated with the PR to the CI build which is triggered once the feature branch is merged into master?
I can reproduce this issue and I found a similar ticket, they have reported it, you could follow this ticket to get the latest news.
If the build status is queue or running, then we create a new build, the new build will contain before build link work item. This is why the step 4 the triggered CI build lists all work items in the master branch rather than just those associated with the PR.
If all builds are completed, then we complete the pull request to trigger the CI build, it will be associated with the expected work items.
When all the builds were completed, I merged the PR to trigger the CI build, it just contain the pull request link work item.
Test result

Devops Pull Request workflow validations

We are using Azure devops with the workflow for each task as:
Task branch to Release branch
Then Release branch to master
The reviewer will approve each pull request.
However, a user creating a PR can also create one from task branch directly to master.
Is there any way, by policies/validations that the system can prevent creation of the PR itself, which is from task to master.
Currently azure devops doesnot have the policies/validations to prevent creating a pr which is task to master.
However, there is workaround to prevent merging the PR which is task to master.
You can create a pipeline with a script task to check the source branch of the PR. See below:
$sourceBranch = "$(System.PullRequest.SourceBranch)"
if($sourceBranch -ne "refs/heads/release")
exit 1
For example add a powershell task with above script. The script will check if the PR source branch is release branch, and fail the pipeline if it is not.
Then you can add above pipeline to the branch policy of master branch. See below:
Then any PR which is not release to master will fail to be validated and cannot be completed. (But it still cannot prevent creating a PR from test to master)
You can also click here to submit a feature request(Click Suggest a feature and select Azure Devops. ) to Microsoft development team. Hopefully they will consider adding this feature in the future.
See below screenshot from my test pipeline.
If you only want a subset of users to manage the merge to master, you can setup branch security on the master branch that prevents contributing to pull requests that would target that branch.

Azure DevOps: how to trigger a release upon pull request being completed?

I have a repo which has two branches:
develop (repo's default branch)
Code within the develop branch is known to be releasable as an "alpha" version, while code within master is known to be production ready.
Currently, the develop branch's policies requires that a CI build must successfully complete for the PR to merge. That build will create NuGet package artifacts with a prerelease tag (alpha-####).
A release pipeline is responsible for taking these packages and publishing them to an internal NuGet feed.
What I'm trying to achieve is to have the release pipeline triggered automatically when the PR is completed, not whenever the CI build succeeds.
I expected the "pull request trigger" to do just that, but much to my surprise the trigger won't acknowledge the PR's status and have the release pipeline start as soon as the CI build is completed.
This means that if the PR gets rejected for whatever reason, a NuGet may still be deployed to my feed!
What am I doing wrong here? How come the pull request trigger doesn't work any differently than the continuous deployment trigger? What's it's purpose then? :/
The continuous deployment trigger means, if you specify certain types of artifacts in a release pipeline, you can enable continuous deployment. This instructs Azure Pipeline to create new releases automatically when it detects new artifacts are available.
The Pull request trigger means, once a pull request release is configured, anytime a pull request is raised for the protected branch, a release is triggered automatically, deployed to the specified environments.
So these two triggers are different and more detailed information you can refer to here.
And if you still want to deploy your Nuget after a PR completed, I recommend you to create a new build pipeline and enable the Continuous integration for it. Then set this build pipeline as the Release pipeline Artifact.
Because when a PR completed, it will create a new commit to the target branch and this new commit will trigger the build pipeline, and the build pipeline will trigger the release pipeline to deploy the Nuget as your expected.
Not sure if anyone's still looking for a solution to this over a year after the fact, but I was so I wrote an Azure Function app to receive pull request close webhooks from DevOps and translate those events into new releases.
You can find it here on my github:
Feel free to fork it to fit whatever your individual needs are.

Git branching strategies for CI/CD on Azure Devops 2019

I am setting a CI/CD pipeline on Azure devops.
This one gets executed when a Build for the master branch is completed.
I was asked to set the stages of the image above, which description is the next one:
Development, QA and Production : Publish the build artifacts on a server (each one).
Testing: Execute some automated test with katalon studio.
My problem is that, when I create a Development branch this pipeline cannot be executed for the build, because the pipeline is just executed when I commit to the master branch, then I create another CI/CD pipeline for Development branch, remove Development stage from Master CI/CD pipeline and incorporate it in this new pipeline.
My question is... is that correct ? , what´s the best estrategy for git branching when you have this kind of pipelines?
My problem is that, when I create a Development branch this pipeline
cannot be executed for the build, because the pipeline is just
executed when I commit to the master branch, then I create another
CI/CD pipeline for Development branch
For this issue, you don't need to do that. You only need to add the Development branch to the Branch filters of Continuous Integration in build Triggers.
Then add the Development branch to the Build branch filters of the Continuous deployment trigger.
After this setting, when you commit to development branch, build and release pipeline will also be triggered.

How to create a test environment with IBM Bluemix Delivery Pipeline?

Using the Delivery Pipeline service, I'd like to deploy my artifacts to staging/QA environments where QA/Product team members can test features/defect fixes before those changes get merged into Production branch.
How would I spin up these temporary testing environments when pull requests are created?
There is currently no way to build off of pull requests. One option would be to have a separate branch that people can merge code into. You can then have a build stage which builds that branch and a deploy stage to deploy to your staging/qa environment. You can then have another stage will does the merge into the production branch. (Note, this stage should only be triggered manually.)