This week we are going to demonstrate how to setup manual approvals to our multi-stage YAML pipelines. This is achieved through the use of “environments” in Azure Pipelines.
Setting up Azure DevOps
We can add/create environments in two ways. The first is from the environments menu item in the Azure “Pipelines” menu. The second is from the YAML itself – the YAML will create an environment when deployed if it doesn’t already exist. We saw this first hand when a wry, missing “(“, in our YAML caused us to make a $Dev environment on our first deployment.
After an environment has been created, we can edit it’s name, description, security, and approvals, and checks. Let’s click on the approvals and add one to Dev.
In the Add check section, we will select “Approvals”. Note that the “evaluate artifact”, often known as “checks”, only work on artifact container images and aren’t relevant for this project.
We specify who is required to approve the environment. Since most of the time it’s just Sam, we let him approve his own runs, and check the “Allow approvers to approve their own runs”. This is critical for smaller teams, who don’t want to be waiting for one particular approver.
Setting up the YAML
Let’s dive into the YAML changes required to setup a manual approval.
- We need to use a “deployment” job (in red), instead of the regular “job”
- We need to specify the “environment” (in green)
- We need to specify a deployment strategy (in blue). In all of our examples here we are going to use “runOnce”, which fits most small-medium deployments perfectly. If you have a really large deployment, check out the other “rolling” and “canary” strategies. The YAML below is a very simple example, our full deployment YAML can be viewed in our public repo.
We run a pipeline, and when it reaches the dev stage, it stops for approval.
When we click on the “Review” button, we can add comments, and approve or reject the deployment.
Today we’ve shown how to setup manual approvals with a multi-stage YAML pipelines. In general, these manual approvals should be used sparingly, as we don’t want to create too many waiting states in our workflow.
- Environments: https://docs.microsoft.com/en-us/azure/devops/pipelines/process/environments?view=azure-devops
- Approvals and checks: https://docs.microsoft.com/en-us/azure/devops/pipelines/process/approvals?view=azure-devops&tabs=check-pass
- Artifact policy checks: https://docs.microsoft.com/en-us/azure/devops/pipelines/process/artifact-policy?view=azure-devops
- Deployment Jobs: https://docs.microsoft.com/en-us/azure/devops/pipelines/process/deployment-jobs?view=azure-devops