A common pattern I have seen customers implementing in their DevOps strategy is to have two separate pipelines for Dev and QA-Prod. Their Dev pipeline is full CI/CD process, so each source control check-in triggers a build which then triggers their release pipeline. The Dev pipeline only has one stage named Dev and an entirely separate pipeline exists for QA/Production. The main reason I have heard for having two pipelines (versus just one), is that customers are worried a check-in to source control will mistakely be deployed to QA/Production. Also, customers with approvals in their pipelines do not want to "reject" all the Dev releases that have no change of making it past Dev. Here is how I deal with the issue.
- Code is checked into source control
- A build is automatically started and the code is compiled
- When the build completes (successfully) the release pipeline is started
- The new code is pushed to Development
- Once the code is verified, the new code is approved for a QA release
- Once the QA release is verified, the new code is approved for a Production release
If you have lots source control check-ins throughout the day, you get the above steps executing each and every time, but you really do not want to reject the code to prevent a release to QA for each check in. Your approval person will probably get pretty annoyed.
Customer will build two pipelines.
-
Dev: Steps 1 through 4 from above still apply, but there is no link to QA.
-
QA-Prod: Steps 5 and 6 are put in a different pipeline which needs to be kicked off. And even worse I have the QA/Prod piepline rebuild the code. You should only build your code once! Building for Dev and then building for QA-Prod introduces possible issues.
- Implement the Ideal pipeline
- In Step 5 add the following:
- Keep our normal approval process to QA
- Add a Gate
- The Gate will wait until the Build has a Build Tag applied (this is a tag on your build, not your source control)
- Once the Build tag is applied the release will continue
- The approval to QA is performed and everything works as normal
- Copy the Azure Function that is in this repository and deploy
- Click on the Pre-Deployment Conditions for QA
- Add your approvers
- Add a Function Gate
- In the Body enter:
{ "personalAcccessToken": "$(personalAcccessToken)", "organization" : "$(organization)", "project" : "$(build.projectname)", "buildId" : "$(build.buildid)", "requiredTag" : "$(requiredTag)" } - Create variables for personalAcccessToken, organization and requiredTag
- personalAcccessToken = you will need to generate a PAT token
- organization = this is part of your url
- requiredTag = this is the tag to test on your build (e.g. ApprovedForRelease)
- For the Success Criteria enter: eq(root['status'], 'successful')
- Under Evaluation Options select "On Successful Gates, ask for approvals" (we want the gates to execute first, before approvals).
- You should set how long you want this gate to re-try. This depends on how long you typically wait between a dev release and you push to QA.
- You also need to set the number of parallel deployments for the QA stage to Unlimited. This means we will have many release pipelines attempting to release to QA at the same time. So, once a build is tagged that release will move forward. You have to be aware that tagging a bunch of builds at the same time would trigger many releases to QA simultaneously.
