User Profile
ryanlalchand
Copper Contributor
Joined 10 months ago
User Widgets
Recent Discussions
Re: Allow commit on protected branch by pipline
bitbonk This is a cross-post to my answer on a similar question on Stack Overflow, just in case. First, you must allow your Build Service User the correct permissions: - Bypass policies when completing pull requests: Allow - Bypass policies when pushing: Allow - Contribute: Allow - Force push (rewrite history, delete branches and tags): Allow Microsoft documentation for the checkout step accessing the system token The `clean: true` config option for the checkout step is crucial if you are creating a git tag or doing anything that might persist. "Certain kinds of changes to the local repository aren't automatically cleaned up by the build pipeline" This is the only approach that worked for me out of all of the answers provided in 2024. (YAML below is for a very basic custom script for incrementing semantic versioning based on merged PRs containing Conventional Commit messages). ``` trigger: - main pool: vmImage: "ubuntu-latest" jobs: - job: PreMergeValidation displayName: "Pre-Merge Validation" condition: and(succeeded(), eq(variables['Build.Reason'], 'PullRequest')) steps: - task: PowerShell@2 inputs: targetType: "inline" script: | if ($env:SYSTEM_PULLREQUEST_PULLREQUESTID) { # PR Validation context $url = "$($env:SYSTEM_TEAMFOUNDATIONCOLLECTIONURI)$env:SYSTEM_TEAMPROJECTID/_apis/git/repositories/$($env:BUILD_REPOSITORY_ID)/pullRequests/$($env:SYSTEM_PULLREQUEST_PULLREQUESTID)?api-version=7.0" $headers = @{ Authorization = "Bearer $($env:SYSTEM_ACCESSTOKEN)" } $pullRequestInfo = Invoke-RestMethod -Uri $url -Method 'GET' -ContentType 'application/json' -Headers $headers # Write-Host "Pull Request Info: $($pullRequestInfo | ConvertTo-Json -Depth 100)" $title = $pullRequestInfo.title Write-Host "PR Title: $title" # Regular expression for conventional commits $regex = "^(feat|fix|docs|style|refactor|perf|test|chore|build|ci|revert|BREAKING CHANGE)(\(.+\))?!?: .+" if ($title -notmatch $regex) { Write-Error "PR title does not follow Conventional Commit guidelines. Please ensure the title starts with one of the allowed types (e.g., feat, fix) followed by an optional scope and a colon." exit 1 } else { Write-Host "PR title follows Conventional Commits format" } } env: SYSTEM_ACCESSTOKEN: $(System.AccessToken) displayName: "Validate PR Title against Conventional Commits" - job: PostMergeActions displayName: "Post-Merge Actions" condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main')) steps: - checkout: self persistCredentials: true #Important - Persist creds to run further git command clean: true #Important - Certain kinds of changes to the local repository aren't automatically cleaned up by the build pipeline - task: PowerShell@2 inputs: targetType: "inline" script: | git config --global user.email "email address removed for privacy reasons" git config --global user.name "ADO pipeline" # Fetch the latest changes git fetch --all # Ensure the branch exists and switch to it git checkout main # Read and increment the version number $versionFilePath = "version.txt" $version = Get-Content $versionFilePath $versionParts = $version -split '\.' $major = [int]$versionParts[0] $minor = [int]$versionParts[1] $patch = [int]$versionParts[2] $commitMessage = git log -1 --pretty=%B Write-Host "Latest commit message: $commitMessage" if ($commitMessage -match "(?i)^Merged PR \d+: BREAKING CHANGE") { $major++ $minor = 0 $patch = 0 } elseif ($commitMessage -match "(?i)^Merged PR \d+: feat") { $minor++ $patch = 0 } else { $patch++ } # Update the version number $newVersion = "$major.$minor.$patch" Set-Content -Path $versionFilePath -Value $newVersion Write-Host "Bumping version to $newVersion" # Commit and tag the new version git add $versionFilePath git commit -m "chore(release): bump version to $newVersion [skip ci]" # git tag -a "v$newVersion" -m "Release $newVersion" # Push changes and tags git push --follow-tags displayName: "Validate Commit Message and Bump Version" ```392Views0likes0Comments
Recent Blog Articles
No content to show