Azure Pipelines - Sprint 163 Update

Features

Use pipeline decorators to inject steps automatically in a deployment job

You can now add pipeline decorators to deployment jobs. You can have any custom step (e.g. vulnerability scanner) auto-injected to every life cycle hook execution of every deployment job. Since pipeline decorators can be applied to all pipelines in an organization, this can be leveraged as part of enforcing safe deployment practices.

In addition, deployment jobs can be run as a container job along with services side-car if defined.

Allow repository references to other Azure Repos organizations

Previously, when you referenced repositories in a YAML pipeline, all Azure Repos repositories had to be in the same organization as the pipeline. Now, you can point to repositories in other organizations using a service connection. For example:

resources:
  repositories:
  - repository: otherrepo
    name: ProjectName/RepoName
    endpoint: MyServiceConnection
steps:
- checkout: self
- checkout: otherrepo

MyServiceConnection points to another Azure DevOps organization and has credentials which can access the repository in another project. Both repos, self and otherrepo, will end up checked out.

Important

MyServiceConnection must be an Azure Repos / Team Foundation Server service connection, see the picture below.

MyServiceConnection must be an Azure Repos/Team Foundation Server service connection.

Step targeting and command isolation

Azure Pipelines supports running jobs either in containers or on the agent host. Previously, an entire job was set to one of those two targets. Now, individual steps (tasks or scripts) can run on the target you choose. Steps may also target other containers, so a pipeline could run each step in a specialized, purpose-built container.

Note

This feature is in public preview. If you have any feedback or questions about this feature, let us know in the Developer Community.

Containers can act as isolation boundaries, preventing code from making unexpected changes on the host machine. The way steps communicate with and access services from the agent is not affected by isolating steps in a container. Therefore, we're also introducing a command restriction mode which you can use with step targets. Turning this on will restrict the services a step can request from the agent. It will no longer be able to attach logs, upload artifacts, and certain other operations.

Here's a comprehensive example, showing running steps on the host in a job container, and in another container:

resources:
  containers:
  - container: python
    image: python:3.8
  - container: node
    image: node:13.2

jobs:
- job: example
  container: python

  steps:
  - script: echo Running in the job container

  - script: echo Running on the host
    target: host

  - script: echo Running in another container, in restricted commands mode
    target:
      container: node
      commands: restricted

Builds and releases auditing

We're happy to let you know that Release and Pipeline events are now available in the audit logs. These events can be accessed from Organization Settings -> Auditing.

The following events are available now:

  • Agent pool - create, delete, adding an agent (private agents) and removing and agent
  • Service Connection - execution, create, delete, and update
  • Variable Group - create, delete and update
  • Release - deleted, approval completed and definition update
  • RM stage completed
  • Deployment job completed

Enhancements to evaluate artifacts checks policy in pipelines

We've enhanced the evaluate artifact check to make it easier to add policies from a list of out of the box policy definitions. The policy definition will be generated automatically and added to the check configuration which can be updated if needed.

Enhancement to evaluate artifacts checks policy in pipelines.

Policy definition generated automatically and added to check configuration.

Next steps

Note

These features will roll out over the next two to three weeks.

Head over to Azure DevOps and take a look.

How to provide feedback

We would love to hear what you think about these features. Use the help menu to report a problem or provide a suggestion.

Make a suggestion

You can also get advice and your questions answered by the community on Stack Overflow.

Thanks,

Roopesh Nair