DevOps 多阶段流水线只需一次批准
Require just One Approval for Devops Multistage Pipeline
我有一个多阶段 YAML 管道:
Build Solution
|
▼
Terraform DEV \
| |
▼ |
Deploy Function App | DEV Environment (No Approval Required)
| |
▼ |
Provision API Mgmt /
|
▼
Terraform TEST \
| |
▼ |
Deploy Function App | TEST Environment (Approval Required)
| |
▼ |
Provision API Mgmt /
我配置了两个环境(DEV 和 TEST),在 TEST 环境上配置了批准,Terraform TEST 阶段配置了部署作业以使用TEST 环境。这意味着当管道到达 Terraform TEST 阶段时,将向 TEST 环境的批准者发送一封电子邮件并等待。
当该阶段获得批准后,构建将继续。
Deploy Function App 阶段还有一个针对管道那部分环境的部署作业。我的问题是,当它到达 TEST 环境的 Deploy Function App 时,它再次请求批准部署到 TEST 环境。
我的问题是:这是固定的行为吗?即,每当对环境进行部署并获得批准时,是否需要新的批准?或者有没有办法改变它,使管道只需要一次批准即可部署(根据需要多次)到特定环境?
这是设计使然。如果将更改回滚到以前的管道 运行,那么在这种情况下,最佳做法是在将代码重新部署到环境之前获得批准。至于你有 3 个阶段并且每个阶段都需要 approval this is by design:
的场景
A stage can consist of many jobs, and each job can consume several resources. Before the execution of a stage can begin, all checks on all the resources used in that stage must be satisfied. Azure Pipelines pauses the execution of a pipeline prior to each stage, and waits for all pending checks to be completed. Checks are re-evaluation based on the retry interval specified in each check. If all checks are not successful till the timeout specified, then that stage is not executed. If any of the checks terminally fails (for example, if you reject an approval on one of the resources), then that stage is not executed.
在您给定的场景中,我可以建议将 Terraform、函数应用程序和 APIM 部署放在同一阶段吗?这些 jobs could also be templatized 中的每一个都可以在您的其他环境中重用它们。这将消除用户错误地批准这些的可能性(除非您概述了 dependsOn)或 Terraform Apply 是唯一发布的可能性。
我有一个多阶段 YAML 管道:
Build Solution
|
▼
Terraform DEV \
| |
▼ |
Deploy Function App | DEV Environment (No Approval Required)
| |
▼ |
Provision API Mgmt /
|
▼
Terraform TEST \
| |
▼ |
Deploy Function App | TEST Environment (Approval Required)
| |
▼ |
Provision API Mgmt /
我配置了两个环境(DEV 和 TEST),在 TEST 环境上配置了批准,Terraform TEST 阶段配置了部署作业以使用TEST 环境。这意味着当管道到达 Terraform TEST 阶段时,将向 TEST 环境的批准者发送一封电子邮件并等待。
当该阶段获得批准后,构建将继续。
Deploy Function App 阶段还有一个针对管道那部分环境的部署作业。我的问题是,当它到达 TEST 环境的 Deploy Function App 时,它再次请求批准部署到 TEST 环境。
我的问题是:这是固定的行为吗?即,每当对环境进行部署并获得批准时,是否需要新的批准?或者有没有办法改变它,使管道只需要一次批准即可部署(根据需要多次)到特定环境?
这是设计使然。如果将更改回滚到以前的管道 运行,那么在这种情况下,最佳做法是在将代码重新部署到环境之前获得批准。至于你有 3 个阶段并且每个阶段都需要 approval this is by design:
的场景A stage can consist of many jobs, and each job can consume several resources. Before the execution of a stage can begin, all checks on all the resources used in that stage must be satisfied. Azure Pipelines pauses the execution of a pipeline prior to each stage, and waits for all pending checks to be completed. Checks are re-evaluation based on the retry interval specified in each check. If all checks are not successful till the timeout specified, then that stage is not executed. If any of the checks terminally fails (for example, if you reject an approval on one of the resources), then that stage is not executed.
在您给定的场景中,我可以建议将 Terraform、函数应用程序和 APIM 部署放在同一阶段吗?这些 jobs could also be templatized 中的每一个都可以在您的其他环境中重用它们。这将消除用户错误地批准这些的可能性(除非您概述了 dependsOn)或 Terraform Apply 是唯一发布的可能性。