In TFS 2017 Update 1 (On-Prem) there is a release definition with a manual intervention step in between. The manual intervention notification is set for a group where an user User1 is not part of. User1 has Builder and Project Admin rights; And is also part of the TFS team.
During the manual intervention of a release User1 is able to resume or reject the release. But we don't want this to happen.
I could not find the rights in TFS Microsoft online documentation for being able to do this.
What rights are needed to resume or reject a release after a manual intervention step?
P.S. In TFS 2018 RC2 too I noticed the same scenario.
When the Manual Intervention task is activated during a deployment, it
sets the deployment state to IN PROGRESS and displays a message
bar containing a link that opens the Manual Intervention dialog
containing the instructions. After carrying out the manual steps, the
administrator or user can choose to resume the deployment, or reject
it.
Users with Manage deployment permission on the environment can
resume or reject the manual intervention.
If you don't want the User1 be able to resume or reject the release. You could deny the Manage deployment permission for that specific user. More detail info about it please refer: The Manual Intervention task
Related
In TFS / VSTS administrators can approve release deployment even though they are not specified as approvers. They can use the Override option to approve the release.
I'm trying to determine whether we can report on this type of activity. I anticipate we will be asked (eg. by our audit / security people) to identify releases which were not approved by the usual approvers.
I've checked the deployment and approval history using the Rest API and the releases are all marked as Approved. It doesn't seem to distinguish between normal approvals and ones where an override was used.
We are currently using TFS 2017.1 but I suspect the question also applies to later versions and VSTS.
[ Update ]
This is the standard dialog showing the normal approver view ...
Normal Approval
This is what a TFS Admin (not in the approver group) gets ...
Override approval
Clicking on override shows the normal dialog and approval follows. This is normal TFS behaviour and I just want to report on when the override feature is used.
For the override of a release approval, it’s actually for another user approval the deployment on behalf of specified approval.
And there are multiple options you can identify whether a release approval is overridden.
Option 1: Check in the release log
You can check the release log -> click the approval icon -> then you can find who approval the deployment.
Option 2: Check by REST API
Or you can use Get Release REST API:
GET https://{account}.vsrm.visualstudio.com/Git2/_apis/release/releases/{releaseId}?api-version=4.1-preview.6
Then you can get the detail information under preDeployApprovals. If the user in approver different from the user in approvedBy, then the approval is overridden.
Can I create an internal group in testflight. We have 2 different builds of our app that we want to test and the app isn't ready yet to be reviewed by Apple for external testing. For example: the login does nothing, you need a separate piece of hardware to test it, etc...
Normally you have an "iTunes Connect Users" group with the people register on you iTunes account like developers, admins and so on.
You also have an "External Testers" group with a possibility to add 2.000 emails to the people outside of the iTunes account.
You just need to create another group (you'll find a button with this text "NEW GROUP") and add the people to test that features and each time you upload a new build you add the group by clicking on the build that you want to test your app.
I hope this answer helps you.
I'm using Microsoft Visual Studio Team Foundation Server
Version 14.102.25423.0
As part of our company's continues integration deployment,
I want to implement the following:
I have created a release definition with two environments configured under it (QA & Production).
I want to receive an email when all the tasks in the QA environment are completed successfully.
In that email there should be a button that once pressed, the Production tasks will start.
I would love to hear any ideas how do I implement this.
All I've found so far are build alerts and not release alerts.
Thanks,
Much appreciated.
Add a requirement for an approval prior to production deployment and ensure that the "Send Email Notification" option is enabled. You'll get an email with a link to provide the approval, which will trigger the production release.
You can do this pretty simply in TFS.
In your release process, select Edit
Select Triggers
Find your Production environment in the Environment triggers section and select the Edit pencil.
Select Approvals
You can then set Pre-deployment and Post-Deployment approvers.
In the Options section, select the Send an email notification to the approver option
This will send an email on pre-approval if that is what you selected.
We are using gerrit for our project. We have a jenkins job to run compile and test, then it give a verification score.
After I push a patch set, the jenkins job starts to run and reviewers start to review code. But the job may failed while the reviewers are doing code review. So is it possible that a jenkins job verification process before code review.
In other word, reviewers receive code review notification only after verification is passed
If it's not enough just to ask the reviewers to hold their reviews until the patch set is verified, and you really need to hide a code review until it has ben successfully built by Jenkins, you can make use of Drafts:
configure Jenkins to kick off a build when a Draft is published
publish your code review as a Draft
add Jenkins as a Reviewer when you push so it can see the draft being published
when the build succeeds, publish your draft for the reviewers to see
When using the Jenkins Promoted Builds plugin, why do I see a "Force promotion" option? It sometimes appears either instead of or in addition to the expected "Approve" button.
The "Force Promotion" button seems to appear when you are not an "official" approver for a manual approval step or some other promotion condition has not yet been met - and you have the "Promotion" permission associated with your Jenkins role.
In addition, for at least some roles providers (like Cloudbees RBAC), the promotion plugin doesn't appear to recognize group names for manual approvers. For this case you will have to put in the full email address of the approvers - then they get the actual "approve" button.
Force Promotion button appears when you have global or job-local credentials, in particular the "Promote" credential. Please note when you click Force Promotion, it then becomes Re-Execute Promotion. The functionality remains the same. It will not be shown if user is not logged in.
The Approve button is different, and appears only to approved promoters, as specified in the job configuration's promotion configuration. If no list of approvers is provided, it will be shown to everyone. It will be shown even if no user is logged in. It is worth noting that the "approve" action cannot be re-executed (unless with Force Promotion)