Ross Gamble's Blog

Protect your CI/CD pipeline with a build status policy on pull requests

Take a look at how you can configure a TeamCity project to publish the build status of a PR in an Azure DevOps Git repo

Ross Gamble's photo
Ross Gamble
ยท

3 min read

Protect your CI/CD pipeline with a build status policy on pull requests

Table of contents

If you're reading this its likely that you have experienced a situation before with buggy code being commited causing the build or integration tests to fail. Read on to find out how you can take measures to stop that happening in the future*.

* Stop it from happening less often, not completely ๐Ÿ˜‚

Prerequisites

Before you begin, you must ensure you have generated a personal access token from Azure DevOps.

โš  You need to make sure the token has the following scopes:

  • Code (Status)
  • Code (Read & Write)

TeamCity Setup

Over in TeamCity, you will need to modify the build process to enable a couple of build features before it can start publishing the build status back to Azure DevOps.

๐Ÿ›  Configure the Commit Status Publisher build feature

The Commit Status Publisher build feature allows TeamCity to automatically send build statuses of your commits to an external system

Edit the configuration of your build process and add the Commit Status Publisher build feature.

Configure it as follows:

commit-status-publisher-config.png

๐Ÿ’ก Test the connection at this point to make sure you've got the scopes setup correctly

โš’ Configure the Pull Requests build feature

The Pull Requests build feature lets you automatically load pull request information and run builds on pull request branches

Add the Pull Requests build feature and configure it as follows:

pull-requests-config.png

๐Ÿ’ก You could extend the config to target a specific source or target branch for the PR at this point if you only wanted to build PRs into main for example

๐Ÿ— Build it

Before you can configure the branch policy over in Azure DevOps, you need to make a successful build of a pull request in TeamCity.

Commit and push a valid change to a test branch and setup a PR for it over in Azure DevOps.

Back in your build configuration home in TeamCity, in the branch selector, you should see a new value for your pull request that looks something like pull/1/merge:

tc-build-pr.png

๐Ÿ›  Select that branch and run a build.

Azure DevOps Setup

Once your build is complete in TeamCity, head back over to Azure DevOps and open up the list of branches in your repository. You're going to configure a policy on the main branch to require a successful build.

๐Ÿ”’ Configure the branch policy

On the main branch, hit the 3-dot menu and choose "Branch policies":

branch-policies-menu.png

By now, your successful build from TeamCity will have published its status back to Azure DevOps so you should be able to add a Status Checks policy and configure it as follows, selecting the status published by TeamCity/your build project:

status-checks-policy-config.png

Save that and go back to your pull request. You will now see, in the PR overview, a check for the successful build of your PR code:

pr-build-status-check.png

What do you think?

ci-cdDevopsGit
ย