Protect your CI/CD pipeline with a build status policy on pull requests
Take a look at how you can configure a TeamCity project to publish the build status of a PR in an Azure DevOps Git repo
If you're reading this its likely that you have experienced a situation before with buggy code being commited causing the build or integration tests to fail. Read on to find out how you can take measures to stop that happening in the future*.
* Stop it from happening less often, not completely ๐
Prerequisites
Before you begin, you must ensure you have generated a personal access token from Azure DevOps.
โ You need to make sure the token has the following scopes:
Code (Status)
Code (Read & Write)
TeamCity Setup
Over in TeamCity, you will need to modify the build process to enable a couple of build features before it can start publishing the build status back to Azure DevOps.
๐ Configure the Commit Status Publisher build feature
The Commit Status Publisher build feature allows TeamCity to automatically send build statuses of your commits to an external system
Edit the configuration of your build process and add the Commit Status Publisher build feature.
Configure it as follows:
๐ก Test the connection at this point to make sure you've got the scopes setup correctly
โ Configure the Pull Requests build feature
The Pull Requests build feature lets you automatically load pull request information and run builds on pull request branches
Add the Pull Requests build feature and configure it as follows:
๐ก You could extend the config to target a specific source or target branch for the PR at this point if you only wanted to build PRs into main
for example
๐ Build it
Before you can configure the branch policy over in Azure DevOps, you need to make a successful build of a pull request in TeamCity.
Commit and push a valid change to a test branch and setup a PR for it over in Azure DevOps.
Back in your build configuration home in TeamCity, in the branch selector, you should see a new value for your pull request that looks something like pull/1/merge
:
๐ Select that branch and run a build.
Azure DevOps Setup
Once your build is complete in TeamCity, head back over to Azure DevOps and open up the list of branches in your repository. You're going to configure a policy on the main
branch to require a successful build.
๐ Configure the branch policy
On the main
branch, hit the 3-dot menu and choose "Branch policies":
By now, your successful build from TeamCity will have published its status back to Azure DevOps so you should be able to add a Status Checks policy and configure it as follows, selecting the status published by TeamCity/your build project:
Save that and go back to your pull request. You will now see, in the PR overview, a check for the successful build of your PR code:
What do you think?