Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] Support for setting "Make secrets available to builds of forks" pipeline property #836

Open
jfpanisset opened this issue Oct 16, 2019 · 2 comments
Open

[Feature Request] Support for setting "Make secrets available to builds of forks" pipeline property #836

jfpanisset opened this issue Oct 16, 2019 · 2 comments
Labels
Feature Feature Work required.
Projects
Azure DevOps CLI Extension

Comments

@jfpanisset
Copy link

When you use:

az pipelines create ... --repository-type github

to create a build pipeline, by default the following properties are set for the "Pull Request Validation" trigger, as per:

az pipelines build definition show --name my_pipeline_name

"triggers": [
{
"branchFilters": [],
"forks": {
"allowSecrets": false,
"enabled": true
},
...
"triggerType": "pullRequest"
}

There are cases where you might want to enable "allowSecrets" to be enabled, currently the only way to do this seems to be via the GUI, selecting the "Make secrets available to builds of forks" tick box.

Given that az pipelines create ... --repository-type github automatically creates the GitHub-specific "Continuous Integration" and "Pull Request Validation" triggers, it would be useful to have additional command line options to allow control of these options that are currently only exposed via the GUI, such as:

--override-yaml-ci true/false
--override-yaml-pr true/false
--build-prs-from-forks true/false
--fork-build-secrets-access true/false
--require-comment-all-pr
--require-comment-non-team-member-pr

Updating these properties from the GUI generates a PUT request to https://dev.azure.com/AZURE_DEVOPS_ORG/PROJECT_ID/_apis/build/definitions/15 so it might be possible to capture a JSON request, patch it and use:

az devops invoke --http-method put --area build ... --in-file magic.json

but the JSON request is rather complex (209 lines in my case), so it's not clear that this would be a safe / robust approach. That being said I would be happy to have a workaround until additional parameters can be added to az pipelines create
@jfpanisset jfpanisset added the Feature Feature Work required. label Oct 16, 2019
@ishitam8 ishitam8 removed their assignment Nov 15, 2019
@ishitam8
Copy link
Member

Hi @jfpanisset ,

Currently there is no plan to support the first two options, but we are planning to support rest of theb options:
--build-prs-from-forks true/false
--fork-build-secrets-access true/false
--require-comment-all-pr
--require-comment-non-team-member-pr

@geverghe @atbagga

@jfpanisset
Copy link
Author

That would be sufficient for my current needs, I'm mostly interested in secrets access from forks. Thank you very much!

@geverghe geverghe moved this from Backlog to Planned in Azure DevOps CLI Extension Apr 3, 2020
@gauravsaralMs gauravsaralMs moved this from Planned to Backlog in Azure DevOps CLI Extension Jul 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature Feature Work required.
Projects
Azure DevOps CLI Extension
  
Backlog
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jfpanisset @ishitam8