In the Web interface of VSTS it is possible to approve the deployment of a release and defer the moment that the deployment is actually done.
This option is however not documented for the REST API. Would it be possible to accomplish this through the REST API?
The way to do this is by setting a scheduled time/date on the Environment before the approval is given.
Get the environment ID by requesting the Release details with the following request:
**GET**
https://[account].vsrm.visualstudio.com/DefaultCollection/[project]/_apis/release/releases/[releaseId]?api-version=3.0-preview.2
In the response there is an array 'environments' which holds the target environments and their respective Ids (property 'id').
Next do a patch for the relevant environment, using the ID obtained before:
**PATCH**
https://[account].vsrm.visualstudio.com/DefaultCollection/[project]/_apis/release/releases/[releaseId]/environments/[environmentId]?api-version=3.0-preview.2
Headers:
Content-Type: application/json
Body:
{
"scheduledDeploymentTime": "2017-12-03T23:30:00Z"
}
Now do the approval, and in the web interface you will see that the deployment has been deferred to the date/time that was set with the above call.
Related
Overview: I try to trigger an Azure DevOps 2020 Pipeline (YAML) in the event that a WorkItem of a specific type is created. So my idea I had was to create a connection between "WorkItem" -> Service Hook of Type "Web Hook" -> Service Connection of Type "Incoming Webhook" -> resource:webhook triggers the Pipeline in YAML.
My problem now is, that I could create the serviceendpoint by GUI or by API, but the documentation and the created endpoint does not make sense for me. I am running my server on-premise and the endpoint I got looks like this:
{"count":1,"value":[{"data":{},"id":"1babbef7-1edb-4b01-bf18-b6e3c309caae","name":"TestIncomingWebhook","type":"incomingwebhook","url":"https://dev.azure.com", ...
The url does not make sense to me.
I can alter the url if I use the REST API to create the endpoint by using this format
POST https://{instance}/{collection}/{project}/_apis/serviceendpoint/endpoints
as described in Microsoft Azure API Documentation.
Questions:
Why is the url that the service connection gets pointed to https://dev.azure.com while I am running on-premise from a server on a totally different url? Would that be the url I have to POST to trigger the ServiceConnection?
What must be the correct URL-Format for my local Server? Where should I point that URL to?
How can I trigger the Service Connection from curl? Do I have to use GET with a lot of parameters or POST with a JSON payload?
I would appreciate if someone could help me out on this. Perhaps someone even got a full solution on how to trigger pipelines on workitem events. I searched a lot but could not find a solution, yet.
Thanks, Peter.
I created the WebHook and ServiceConnection from the GUI like this:
WebHook Configuration Screenshot
ServiceHook Configuration Screenshot
My real problem is, that I got no feedback what the correct ServiceHook URL is. I have no idea where to point my WebHook.
Addition:
The correct URL for accessing the Incoming Webhook Service Endpoint in Azure DevOps is https://{instance}/{Collection name}/_apis/public/distributedtask/webhooks/{Service Connection name}?api-version=6.0-preview
This should be related to your machine settings, you could share the detail steps here
Since you are using Azure DevOps Server 2020, the url format for your local Server should be https://{instance}. You could open Azure DevOps Server Administration Console to check it.
It will trigger the webhook via the event you selected.
You could refer to this ticket for more details.
In addition, you could try this Logic Apps then create flow to trigger build when specific type is created
Update1
Create Service connection Incoming WebHook, eg. Web Hooks name is HookTests and Service connection name is TestHook
Create Web Hooks and enter the URL https://{instance}/{Collection name}/_apis/public/distributedtask/webhooks/{Web Hook name eg. HookTests}?api-version=6.0-preview
Create YAML build and add service connection resources in the yaml pipeline see below:
resources:
webhooks:
- webhook: MyWebhookTrigger
connection: {Service connection name, eg.TestHook}
Above steps actually do below things:
New workitem is created-->automatically Trigger Azure pipeline.
In addition, we could also add task power shell and call REST API to trigger another pipeline.
I am to implement pre-deployment gates on my azure devops release.
I am using HTTP request gate to check each time if there is ongoing deployment.
The problem is, when deployment on one release finishes (stage 1 ), I want to prevent the deployment on next release in queue if there is (stage 2) to the pipeline that does not do deployment for example.
The end goal is, no matter how many releases in queue I have and no matter how many agents in my pool, I want to make sure that release start only if there is no other active release in deployment/other stages.
You can add a gate of Invoke REST API: GET to call below Deployments - List rest api and check if there are any releases in deployment. See below steps:
https://vsrm.dev.azure.com/{organization}/{project}/_apis/release/deployments?operationStatus=queued,queuedForAgent,phaseInProgress&api-version=6.1-preview.2
1, Add a Invoke Rest Api Gate
Go to Pre-deployment conditions --> Enable Gate-->Add a Invoke Rest Api Gate-->Click Manage to create a service connection. See below screenshot.
2, Create a service connection shown in above screenshot.
When you Click Manage in above screenshot. You will be forward to service connections page. Click new service connection and select Generic type of service connection:
The server Url: https://vsrm.dev.azure.com/{Org}/{Proj}
Password: Personal Access Token
3, Go back to the Invoke Rest Api Gate. Select the service connection just created: See below
Method: Get
URL suffix and parameters: /_apis/release/deployments?operationStatus=queued,queuedForAgent,phaseInProgress&api-version=6.1-preview.2
Success criteria: eq(root['value'][0], '')
Above Invoke rest api gate will call the deployments list rest api to filter these releases that are inProgress or queued of deployment using operationStatus filter(ie. operationStatus=queued,queuedForAgent,phaseInProgress). If the there is any deloyment is inProgress or queued the Success criteria: eq(root['value'][0], '') will failed.
If you using self-hosted agents and Environments. You can check the Exclusive lock on Environments and Agent pools.
I've written a script utilizing the Azure DevOps REST API to create a project in an Azure DevOps Organization. The script also creates git repositories, build pipelines, and artifact feeds. All of these are created correctly. But, I am having one issue. When I try to run a pipeline, I get the following message:
This pipeline needs permission to access a resource before this run can continue
A button is provided to grant this permission. BUT, I would like this just work immediately after running the script. Furthermore, the build pipeline may be triggered by an automated process with no manual involvement in the future. I can't find anything in the Azure Documentation for the REST API regarding this specifically. I've also granted all permissions to the GIT repos to the build service. But, I still get the error. Can anyone help me or point me in the right direction?
Thanks
You could use api Authorizedresources - Authorize Project Resources to authorize the resource:
PATCH https://dev.azure.com/{organization}/{project}/_apis/build/authorizedresources?api-version=6.0-preview.1
Body:
[{"authorized":true,"id":"$queueID","name":"$queueName","type":"queue"}]
There are a few things here:
The “Grant access permissions to all pipelines” setting is per pool per project. But this is toggled via the linked UI or set at creation
time in the project settings “add pool” UI.
Pools, at the Organization (or Collection) level, have two settings on them which can be seen in the “Add New Pool” dialog at the
Organization level. “Auto-provision this agent pool in all projects”
will go ahead and add the pool to all existing projects, as well as
when a new project is added in the future. “Grant access permission to
all pipelines” sets the default state of the per project level setting
above when adding this pool to projects.
The “Default” pool comes preset with “Auto-provision” set to true, and
“Grant access…” set to false. So when creating a new project, it will
have the “Default” pool available, and in the “Default” pool settings
UI for that project “Grant access…” will be set to false until a user
updates it.
To modify the “Grant access…” setting seen in the Project Settings
Agent Pool UI linked above, you can use the API above, or go to
Project settings -- Agent Pools, and toggled the permission as the
screenshot below shows:
If you want to modify the Organization setting’s “Default” pool’s
default value for “Grant access…” when adding the pool to new
projects, you can do it with the following REST API:
PATCH https://dev.azure.com/{organization}/_apis/distributedtask/pools/{poolId}
Headers:
Accept: /;api-version=6.0-preview.1;excludeUrls=true
Content-Type: application/json
Body:
{“id”:“1”,“Properties”:{“System.AutoAuthorize”: “true”}}
Refer to case: https://developercommunity.visualstudio.com/content/problem/887182/new-pipeline-permissions-feature-causing-builds-to.html
Is there a way (via powershell, Azure DevOps' REST api, or via the UI) to pull a list of builds/releases run in the past X time on a specific Agent Pool? I haven't found any documentation to indicate a method yet.
Get a list of builds/releases for an agent pool?
There is no such out-of-the-box API at this moment, because the agent REST API is undocumented, see REST API Overview for Visual Studio Team Services and Team Foundation Server for more information.
However you could use tools such as Fiddler to track the the API, following below steps to get list of builds/releases for an agent pool with REST API:
Get Pool ID:
GET https://dev.azure.com/<YouOrganizationName>/_apis/distributedtask/pools/
Get Agent ID based on the pool ID:
GET https://dev.azure.com/<YouOrganizationName>/_apis/distributedtask/pools/5/agents/
Get the job requests the specific Build Agent:
GET https://dev.azure.com/<YouOrganizationName>/_apis/distributedtask/pools/5/jobrequests?agentId=4
Now, we could use scripts to list the those builds/releases info, like, "requestId", "result" and so on.
The helped ticket: Retrieving a list of agent requests from TFS REST API
Note:
These are undocumented so you should be vigilant while upgrading your
TFS if you are taking dependencies on these.
Hope this helps.
I'm implementing web extension for VSTS for specific release management. From that extension I need to start a new release for specific release definition. The prerequisite for creating the release is concrete set of used artifacts and their correct versions. And that's my pain.
There is a RESP API call (undocumented) which provides list of artifacts with set of versions for each of them and also with pre-selected default artifact version to be used by new release. Such API is called by VSTS itself when you open the dialog (or side panel) for new release creation. It is also defined in VSTS Release API (ReleaseManagement/Core/RestClient), the name of function is getArtifactVersions.
The underlying request look like https://{collectionName}.vsrm.visualstudio.com/{projectId}/_apis/Release/artifacts/versions?releaseDefinitionId={releaseDefinitionId}.
When I run the request directly in the browser, I'm getting the correct answer (list of artifact and their available versions). But when I run it from the web extension, I'm getting 401 error: TF400813: The user '7a6b0fe0-56fd-61f5-9a78-2e170802ac50' is not authorized to access this resource.
I'm quite sure that problem is located somewhere in the scopes set in the vss-extension.json manifest file. I have put there all possible scopes defined in the documentation, but still no success. The user identity from the error message is my identity and I have admin rights to our collection. When I run the request personally (using personal access token or just logging in the browser) the result is served correctly. But same user using generated Bearer token is then unauthorized. So from that behavior my guess is coming. Something is missing in the manifest scopes.
U put all scopes from documentation (the highest ones from each scope group) and still no success. Here is the list of them:
"vso.agentpools",
"vso.build_execute",
"vso.release_manage",
"vso.code_manage",
"vso.packaging_manage",
"vso.work_write",
"vso.agentpools_manage",
"vso.chat_manage",
"vso.dashboards_manage",
"vso.entitlements",
"vso.extension_manage",
"vso.extension.data_write",
"vso.gallery_manage",
"vso.identity",
"vso.notification_manage",
"vso.profile_write",
"vso.project_manage",
"vso.symbols_manage",
"vso.test_write"
Any idea, which scope I'm missing?
I reported an issue here: VSTS extension ReleaseManagement/Core/RestClient api 401 error, that you can follow.
You may send the http request with Personal Access Token to retrieve necessary data.
You also can get the release definition, then get each artifact version through corresponding REST API, such as Get a list of commits, Get a list of builds.