Setting Azure DevOps policies programatically
Azure devops has branch policies you probably want to set, but there is no way to set a default for new policies yet. As soon as you have a larger set of repositories, rolling out new policies becomes boring.
azure-cli is here to help.
First start a docker if you have not installed the tool locally:
docker run -it microsoft/azure-cli ✭
Login the tool
The output will redirect you to https://microsoft.com/devicelogin to log in and match the device code.
Now we need the devops extension to work with repos and policies, so first install the extension:
az extension add --name azure-devops
After that, all the extension commands will become available.
By setting the project and the organization as defaults, we don't have to repeat them:
az devops configure --defaults organization=https://dev.azure.com/your-base-url-name/ az devops configure --defaults project=my_project
We should be able to get a list of all the repositories in the project:
az repos list
each repository has an UUID which you need for most changes, so let's extract those:
az repos list --query .[name,id]
The query part of the above command is a JMESPath selecting two attributes (name and id).
For most things, we want to apply a command per
repository-id, so I choose to use
xargs for that. To get a list of only project ids without json formatting, we use:
az repos list --query .id --output tsv
You can write the list to a file, edit that file and then load. But because it's a good default, let's set a review comments have to be resolved policy on all projects for the master branch:
az repos list --query .id --output tsv |xargs -n1 az repos policy comment-required create --blocking true --branch master --enabled true --repository-id
If the policy is already set, you will get an error message saying
The update is rejected by policy., but as we just want a policy to be there in the first place we can safely ignore these errors.
We can do the same for requiring at least 1 reviewer to approve the PR:
az repos list --query .id --output tsv |xargs -n1 az repos policy approver-count create --blocking true --branch master --creator-vote-counts false --enabled true --minimum-approver-count 1 --reset-on-source-push false --allow-downvotes false --repository-id
Same trick. Make sure you always experiment on a single repository before applying it to all repositories, but you should be able to use the above code to apply a policy across all the repositories your project contains.
Other useful commands
Checking policies on a repository:
az repos policy list --repository-id repo-uuid --branch master --query .type
Getting a list of all repository ids, then check their policies for the master branch az repos list --query .id --output tsv > allrepos.txt cat allrepos.txt | xargs -n1 az repos policy list --branch master --query .type.displayName --repository-id
vimcommand in the alpine docker apk update apk add vim