I needed to create a CI/CD pipeline in Azure Devops that would perform a build, then deploy to a QA environment. After the QA engineer had time to do some manual testing, I wanted them to approve it and have a manager sign off with his final approval. Finally it would deploy to production.
This seems like it would be a pretty common goal and given that yaml based pipelines are the newer way of doing things and Azure web apps are very commonly used, I thought it wouldn’t take me too long to find a solution. After several hours of looking I think I have it.
The solution was to create an environment for the production environment and reference it in the yaml. You don’t normally need to do this when deploying to an Azure web app, but you do need to if you want to setup a manual approval.
Create the environment
First, create the environment. Leave the resource radio set to ‘none’.
After that click the three vertical dots on the upper right next to the ‘add resource’ button and choose ‘Approvals and checks’
Select the approvers
Click the + (Add) button on the upper right and there you can put in your approvers. I selected the QA engineer and the manager. Then I clicked on advanced below that and made sure that the ‘Minimum number of approvals required’ was set to ALL.
This way both QA and the manager would need to approve the release candidate.
Update the YAML
Update the production deployment stage by supplying an environment in the deployment job as follows. The task that performs the actual deployment AzureRmWebAppDeployment@4 doesn’t need that. We are adding this environment for the sole purpose of the manual validation requirement.
- stage: Prod
dependsOn: QA
condition: and(succeeded('QA'), succeeded())
displayName: 'Prod Deploy'
jobs:
- deployment: ProdDeployment
environment: WebAppProd
strategy:
runOnce:
deploy:
steps:
- task: DownloadBuildArtifacts@1
inputs:
buildType: 'current'
downloadType: 'single'
artifactName: 'AzureTestProject'
downloadPath: '$(System.ArtifactsDirectory)'
- task: AzureRmWebAppDeployment@4
displayName: 'Deploy to Azure Web App Service'
inputs:
ConnectionType: 'AzureRM'
azureSubscription: 'MyAzureSubscription'
appType: 'webApp'
WebAppName: 'Devopstesting-prod'
packageForLinux: '$(System.ArtifactsDirectory)/AzureTestProject/MyCode.AzureTestProject'Before this, I was thinking that it would be nice if you could put a stage in the yaml that would handle the manual validation. You can do this but you would have to put the ManualValidation@0 task within an agent job and specify the agent pool which seems like overkill so I opted for the prior solution.