Azure DevOps Roll back after promoting build to production - azure-devops

We are using trunk based development and we have dev sandbox and production environments in Azure DevOps. We move build from dev to sandbox to production by promoting the builds. After moving build to production if there is an issue is there anything the pipeline i can define to trigger a rollback.
The only other option I can think of is get the last know commit number and trigger a build with that commit number. and let the pipeline take care of the rest. Is this correct is there a better way to do rollback in AzureDevops

Each release is a snapshot of the deployed artifact(s) and variables. The simplest "rollback" is simply to go to the Release Management history for the project, locate the previous release, and deploy it again to replace the newer release. Complications can arise if there are, for example, incompatible database changes.

Related

Automate multiple builds/ releases in Azure DevOps

We have dozens of code repositories in Azure DevOps, and we're working on a major release strategy.
We have a stable development branch called develop, where code has been tested and peer-reviewed, with features approved by QA. All of our service repositories have a similar structure.
We want to "click a button" and branch from develop across all our repositories to a release candidate branch, that QA can regression test as a complete system... basically a "snapshot" of what we expect is ready for release. We would then build from this code base, release to our QA environment from the corresponding builds, and when certified, deploy to production, then smoke test and merge the release candidate branch into master, then master back into develop.
It doesn't seem like there's an easy way to manage multiple builds or releases in Azure DevOps though. Atlassian's Bamboo supported this concept of "meta builds" but I don't see a way to do this in Azure DevOps. I can't seem to even create a build that is not implicitly linked to a single repository.
How can I automate this and get this workflow working in Azure DevOps?
You can use a Build Task from the Marketplace that queue a new build: the first two found are Trigger Build Task and Build Chain.
You defined an overarching build that queues the single ones and does any additional work.

Azure DevOps Release Pipelines: Letting release flow through multiple environments with manual triggers

I'm trying to configure Azure DevOps Release pipelines for our projects, and I have a pretty clear picture of what I want to achieve, but I'm only getting almost all the way there.
Here's what I'd like:
The build pipeline for each respective project outputs, as artifacts, all the things needed to deploy that version into any environment.
The release pipeline automatically deploys to the first environment ("dev" in our case) on each successful build, including PR builds.
For each successive environment, the release must have been deployed successfully to all previous environments. In other words, in order to deploy to the second environment ("st") it must have been deployed to the first one ("dev"), and in order to deploy to the third ("at") it must have been successfully deployed to all previous (both "dev" and "st"), etc.
All environments can have specific requirements on from what branches deployable artifacts must have been built; e.g. only artifacts built from master can be deployed to "at" and "prod".
Each successive deploy to any environment after the first one is triggered manually, by someone on a list of approvers. The list of approvers differs between environments.
The only way I've found to sort-of get all of the above working at the same time, is to automatically trigger the next environment after a successful deployment, and add a pre-deployment gate with a manual approval step. This works, except the manual approval doesn't trigger the deployment per se, but rather let an already triggered deployment start executing. This means that any release that's not approved for lifting into the next environment, is left hanging until manually dismissed.
I can avoid that by having a manual trigger instead of automatic, but then I can't enforce the flow from one environment to the next (it's e.g. possible to deploy to "prod" without waiting for successful deployments to the previous stages).
Is there any way to configure Azure DevOps Release Pipelines to do all of the things I've outlined above at once?
I think you are correct, you can only achieve that by setting automatic releases after successful release with approval gates. I dont see any other options with currect Azure DevOps capabilities.
Manual with approval gates doesnt check previous environments were successfully deployed to, unfortunately.
I hope this provides some clarity after the fact. Have you looked at YAML Pipelines In this you can specify the conditions on each stage
The stages can then have approvals on them as well.

Azure DevOps (VSTS) Pipeline (Release Definition) To Exclude Build Tag for Certain Stages (Environments)

We are trying to set up an Azure DevOps Pipeline (fka VSTS Release Definition) to accomplish the following flow:
The Production stage (environment) will be triggered if the artifact's build includes a special tag named "Production". This is easily done by adding a artifact filter like so:
The Dev/Test stages (environments) will be triggered if the artifact's build does NOT include the "Production" tag. We are unable to accomplish this since the Exclude filter doesn't allow excluding tags.
The reason we want to skip Dev/Test stages when it's time for us to deploy to Production is because there might be a long time gap between when a build has been validated in Dev/Test and when it's actually Production deployment time. We tag our good build with the "Production" tag and we allow our development to keep going in the master branch. Therefore, when it's time for Production deployment, we don't necessarily want to re-deploy that build to Dev/Test again since Dev/Test might be already several versions ahead.
We know we could also create a Release branch from master to accomplish this goal. However, we'd rather not create Release branches if we could skip Dev/Test deployments using build tags instead.
Please advise. Thanks!
You may be able to achieve the outcome you are looking for but in a different way.
When you create a new release for your pipeline you can change automated triggers to manual triggers.
If you want to skip non production environments so an old version isn't deployed to them, change the automated trigger to manual for those environments.

VSTS Release Management: filter by branch on artifact source

I am using VSTS build to run a CI build. This build definition is the same for all my git branches (master, develop, features, etc).
I am now trying to implement a deployment pipeline using VSTS release management. I plan to have two distinct release definitions. One for feature branches and one for the more important branches like develop and master. The release definition for feature branches would be more lightweight.
I think this is pretty basic and usual. In fact, that's pretty much what is documented in Microsoft's typical use case for Release Management.
For both of these pipelines, I want to configure them to start automatically using the 'Continuous Deployment' trigger. When I select this trigger, I must select an artifact source.
Unfortunately, an artifact source takes all artifacts (regardless of the branch) coming from a given build definition (my CI build). Since I use the same CI build definition for all my branches, it looks like I can't configure my two release pipelines in 'Continuous Deployment' and still use the same build definition as an artifact source.
Anybody knows how to share the same build definition for multiple release definitions but only start a release for a specific branch? Anybody knows of a way to filter by branch when we define an artifact source?
Configure branch specific release deployment
Go to release management in VSTS
Go to the definition of the release
Go to tab triggers
Add Continuous Deployment trigger
Here you can select a specific branch (for branch)
Availability of feature
This feature is available in VSTS
In the TFS on-premise version it was supposed to be available in version Server 2017.1 but it is still not available in version 2018.1
Currently there is no way in VSTS Release Management to do conditional deployment based on branch.
An alternate would be to create separate BDs for different branches and then configure them as artifact sources for the RDs.
This will also give users a clarity about the artifact from its name itself.

Jenkins - Promoting a build to different environments

I was hoping for some guidance on the best way to promote a build through its environments.
We have 3 environments, DEV, STAGING, PROD.
The DEV Jenkins build is running in a continuous integration set-up, as code is checked in to subversion, Jenkins will run a new build (clean, compile, test, deploy).
The tricky bit is when it comes to STAGING and PROD.
The idea was to be able to manually promote a successful DEV build to STAGING.
STAGING build would check out the DEV's SVN Revision number, build, test, deploy to staging and finally create a branch in SVN.
Lastly the release manager could manually promote the STAGING build to PROD.
PROD build would check out the branch from the previous STAGING build, deploy to PROD and tag the branch as a release.
I have tried to use a combination of the Promotion Builds Plugin and the Paramterized Trigger Plugin but with no luck. The Subversion Revision number doesn't seem to get passed between DEV build to STAGING build.
Does anyone have any guidance on their process to promote a build through multiple environments?
Another approach is to make use of the Artifact storage Jenkins provides coupled with the Copy Artifact Plugin.
When a build is completed, you could instruct Jenkins to persist your application, either as a compressed zip/tar.gz or as an application bundle (jar/war)
Trigger a downstream job and use the Copy Artifact to retrieve the recorded artifact from the upstream job (or use parameterised builds)
Deploy/Unzip artifact as necessary - Build shell script/maven deploy?
Retest application using the same sources/binaries as was created in step 1
Repeat for PROD as necessary
This approach would allow you to fingerprint the artifacts, and thus Jenkins would link builds together in the UI, as well as allow more formal sign off.
In this scenario, why do you need to go back and label the branch in svn? We don't use svn, but w/ TFS, when Hudson/Jenkins gets the code, the changeset number it has retrieved is in the build log. So we know what code the build came from, and could get back to it at any time.
Then we promote the build from environment to environment using Hudson, the source control system doesn't need to know where the code is deployed.
If it's absolutely necessary to store the SVN Revision ID, then add a build step to your DEV job that copies it to a file. Something like this:
echo %SVN_REVISION%>revision.ini
or something like this:
echo MY_SVN_REVISION=%SVN_REVISION%>revision.ini
Then artifact revision.ini. When doing a STAGING build, use the Copy Artifact plugin (as mentioned by a previous user) to retrieve the revision.ini file specific to the build and load it into a variable. Then use that variable in a command line call to "svn" to build the tag.