Versions Compared

Version Old Version 2 New Version 3
Changes made by

John McKeever

John McKeever

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
minLevel1
maxLevel7
excludeGuides

Prerequisites

To automate the required steps in Azure DevOps, you will require…

...

If required, create an appropriate approvers group from the Azure Devops DevOps management console.

In order to use this group to automatically create an approval against an environment, we need information about the group we plan to use.

Code Block
az devops security group list --org <ORGANISATION_URL> --scope organization --query "graphGroups[?displayName=='<GROUP_NAME>'] | [0]"
{
  ...
  "originId": "58609a75-76af-4050-b989-741f6e6f155f<GROUP_ORIGIN_ID>",
  "principalName": "[mettleci]\\TestOrgGroup<GROUP_PRINCIPAL_NAME>",
  ...
}

We refer to these later as <GROUP_ORIGIN_ID> and <GROUP_PRINCIPAL_NAME>.

...

Info

Note: I have seen where the secret value variable is created but the value is n to not assigned. In . this case you will need to update the value manually in the Azure Devops DevOps administration console.

Create Environment

...

  • Encode the previously-created PAT as Base64 (note the colon “:” inside the single quotes, before the PAT. This is critical)

  • Code Block
    echo -n ':<PERSONAL_ACCESS_CODE>TOKEN>' | base64

  • Add the encoded value as part of the authorisation in the cURL header

  • Code Block
    curl POST \
-H 'Content-Type: application/json' \
-H 'Authorization: Basic <ENCODED_COLON_THEN_PAT>' \
'https://dev.azure.com/<ORGANISATION_NAME>/<PROJECT_NAME>/_apis/distributedtask/environments?api-version=5.0-preview.1' \
-d '{"description":"<ENVIRONMENT_DESCRIPTION>","name":"<ENVIRONMENT_NAME"}'

    Record the id field from the result. This is used below as <ENVIRONMENT_ID>.

  • If the environment requires approval, use <ENVIRONMENT_NAME>, <ENVIRONMENT_ID>, <GROUP_ORIGIN_ID> and <GROUP_PRINCIPAL_NAME> to fill out the information required for the body of the request.

    Code Block
    curl POST \
-H 'Content-Type: application/json' \
-H 'Authorization: Basic <ENCODED_COLON_THEN_PAT>' \
'https://dev.azure.com/<ORGANISATION_NAME>/<PROJECT_NAME>/_apis/pipelines/checks/configurations?api-version=7.1-preview.1' \
-d '{"type":{"id":"8C6F20A7-A545-4486-9777-F762FAFE0D4D","name":"Approval"},"settings":{"approvers":[{"displayName":"<GROUP_PRINCIPAL_NAME>","id":"<GROUP_ORIGIN_ID>"}],"executionOrder":1,"blockedApprovers":[],"minRequiredApprovers":0,"requesterCannotBeApprover":false},"resource":{"type":"environment","id":"<ENVIRONMENT_ID>","name":"<ENVIRONMENT_NAME"}}'

Info

Note: In the creation of an approval for an