Not Monitored
Tag not monitored by Microsoft.
35,882 questions
Build Validation Pipeline Causes Branch to be Locked Down
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 48%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDV%3C/text%3E%3C/svg%3E)
Dewey Vozel
0
Reputation points
I have a simple Azure DevOps Pipeline
trigger:
- dev
- features/*
pool:
vmImage: 'windows-latest'
variables:
solution: '**/*.sln'
buildPlatform: 'Any CPU'
buildConfiguration: 'Release'
steps:
- task: NuGetToolInstaller@1
- task: NuGetCommand@2
inputs:
command: 'restore'
restoreSolution: '**/*.sln'
feedsToUse: 'select'
vstsFeed: 'devops-nuget-guid'
That is set up as the build validation pipeline for the dev branch and any "features" branches
The problem is that when a developer first pushes a branch and the pipeline runs, it sets the branch security to prevent them from being allowed to push any further commits to the branch (this did not occur prior to having the build validation pipeline enabled and goes away by disabling it). This causes issues when there are changes that need to be made from a code review (or even when working on a larger story over a couple of days and wanting to save work to the repo). I'm able to go in after the branch is created and manually change branch security to allow the developer to push up further changes, but that's a pain. It's not possible to set branch security (that I found in the UI) on "features" and have that apply to any branch created under there (i.e. features/123-dv-BranchDescription). Below is the git workflow / error:
$ git push
Enumerating objects: 19, done.
Counting objects: 100% (19/19), done.
Delta compression using up to 20 threads
Compressing objects: 100% (13/13), done.
Writing objects: 100% (13/13), 8.16 KiB | 522.00 KiB/s, done.
Total 13 (delta 6), reused 0 (delta 0), pack-reused 0
remote: Analyzing objects... (13/13) (602 ms)
remote: Storing packfile... done (88 ms)
remote: Storing index... done (58 ms)
To ssh.dev.azure.com:v3/Company/Project/Repo
! [remote rejected] features/123-dv-BranchDescription -> features/123-dv-BranchDescription (TF402455: Pushes to this branch are not permitted; you must use a pull request to update this branch.)
error: failed to push some refs to 'ssh.dev.azure.com:v3/Company/Project/Repo'
How can I either:
- Stop the build validation pipeline from altering branch security to lock out developers
- Set branch security automatically on features branches to allow developers to push
- Something else? I just need it to work and open to any suggestions
I asked this question on stack overflow but don't believe I've received a valid answer, so I'm asking here as well.