Search code examples
azureazure-devopsazure-repos

How to ignore only 1 branch policy in Azure devops?

I am working on an Azure DevOps git project and I want to let the Pull requests that has satisfy some needs to ignore the [minimum 2 reviewers] policy, but keep every other policy. What would be the right way?

What I have tried so far:

  • I have implemented an API to check all those conditions, so this part was no problem

  • I thought of letting the same code approve the branch and giving the service user extra permissions, but my code fails with

    pullRequest.Status = PullRequestStatus.Completed;
pullRequest.CompletionOptions = new GitPullRequestCompletionOptions() { SquashMerge = true };
await gitClient.UpdatePullRequestAsync(pullRequest, pullRequest.Repository.Id, pullRequest.PullRequestId);

Parameter name: You can only update reviewers, descriptions, titles, merge status, and status.

  • So now I am down to bypassing all the branch policies and trying to complete the pull request by my service (Code) account, but here I can only bypass all policies when completing the pull request, which means that I have to find a way for my code to check all those branch pilicies by itself.

Is there a better to solve this problem?

Update

I see that the problem is not very clear, so I would try to explain it a bit more:

When we think of approval as a requirement, we always think of certain developer doing an action and therefore we need someone else to approve the action to make sure it is safe. However, there are cases that we can automate everything and wouldn't need any human interaction with the code. For example:

  • Imagine your foundation teams or a reliable thirdparty like Microsoft, releases a minor version of an SDK you are using. If you have good E2E, Integration and unit tests that you can trust, there is no reason to ask a person to check the code. The conditions would change to:
  • Code can compile
  • Tests are passing
  • Only CSproj files have changed and the pattern for change would not allow anything that is not a release (Version 1.1.1.1-Pull-Requestxxx is not acceptable)
Solution

  • It turns out they named their APIs strangely. I tried many things and in the end I did approve the PR with my code. There is 2 notes:

    1. From the API you might think that you can vote (approve, reject, etc) on behalf of everyone, but in reality, you can only reset the others vote (=0) but cannot approve on their behalf. You can only approve the PR for the user you have created the PAT for.

    2. They have named their APIs very strangely. You might think UpdatePullRequestReviewerAsync should let you update your vote, but! you have to use CreatePullRequestReviewerAsync instead! I spent hours trying to find out why it did not work, but eventually I dug the code and saw that the UpdatePullRequestReviewerAsync is calling the PATCH not the PUT. Changing that fixed the problem.

      public async Task ApprovePullRequest(Guid repositoryId, int pullRequestId)
{
    var gitClient = await GetClient<GitHttpClient>();
    var reviewerId = GetConnectionAuthorizedIdentity().ToString();
    var identityRefWithVote = new IdentityRefWithVote
    {
        Id = reviewerId,
        Vote = 10,
        HasDeclined = false
    };
    await gitClient.CreatePullRequestReviewerAsync(identityRefWithVote, Config.MainProject, repositoryId, pullRequestId, reviewerId);
}

    P.S: Microsoft! Why your SDK is so bad?! It doesn't need to be 1:1 with the API. You can have meaningful methods that only take what you actually expect people to give you. If you expect people to only vote for themselves, have a vote method and don't take all these non-sense parameters from the developers.