Set branch policies in Azure DevOps

  • 14 minutes

Azure Repos, but also GitHub, allows you to set policies on branches. It allows you to set preconditions before a user can merge into that specific branch. You can require that a build of the code (that needs to be merged) succeeds before the merge on the branch is completed. You can also require merging using pull requests. A pull request is a task that is assigned to one or more users that first need to review the incoming code. They can comment on that code, approve, or reject the code. You can even configure a pull request that all reviewers must approve. A branch policy can only be enabled on remote branches; not on your local branches.

To set a branch policy, you select Branches in the Repos section of your project. You get a list of all the available remote branches. When you hover over a branch, you see three dots appearing at the end of that selected line. You can select those three dots to get a menu where you can select Branch policies.

Screenshot of branches window with branch policies feature.

On the Branch policies page, you have four sections:

  • Protect this branch

  • Build validation

  • Require approval from other services

  • Automatically include code reviewers

In the Protect this branch section, you can enable the usage of pull request. You can require that a number of reviewers need to approve using pull requests. When you enable the usage of reviewers, you can specify the minimum number of reviewers, but also allow requestors to approve their own changes. Another interesting setting is reset code reviewer votes when there are new changes. If a reviewer comments on code, and the developer modifies this code, all approve votes from other reviewers are reset. Therefore, all reviewers need to vote again.

You can also require that work items be linked on a pull request, and all comments are resolved. In this section, you can also set which merge types are available. You can decide if rebase or squash is allowed. You can decide if you can use basic merging.

Screenshot of the branch policies for main window.

In the Build validation section, you can add a build pipeline to your branch. You can configure that this build must succeed before the process of merging continues. With the Path filter option, you can specify that a build must only be started when there are changes on specific paths or files.

Screenshot of the Add build policy window.

With the Require approval from additional services option, you can check for a status coming from an external service. You can use Azure DevOps service hooks to have an external service post information into a pull request. You can use the branch policy to check that information on a specific status, and allow merging based on that status.

Another option within the branch policies is that you can automatically include reviewers. On a pull request, you need to select which users are valid code reviewers. Instead of always needing to select the same code reviewers all over, you can define code reviewers in this section. They're added to each pull request for this branch. Therefore, you need to configure less when creating a pull request. You can even specify that the code reviewers are only added when you changed code in a specific folder.

Screenshot of the Automatically include reviewers window.

If a branch policy is configured, then you need to use pull requests to merge your code. There's no possibility to merge directly on the branch. Also, you can't add new commits to this branch directly.