Release and pipelines events available in the audit logs - Sprint 163 Update

In the Sprint 163 Update of Azure DevOps, we've added release and pipelines events to the audit logs. In addition, you can now use service connections to reference repositories in another organization in a YAML pipeline.

Check out the Features list below for more.

Features

General:

Azure Pipelines:

Note

Installing .NET 4.6.2 or higher is required for VSTest task to work properly on build agents.

General

Get compact and organized notifications in the Microsoft Teams app from Azure Boards, Azure Pipelines, and Azure Repos

Previously, you had to manually keep track of notifications received in your Microsoft Teams channel. Often, notifications from different pipelines, work items or pull requests are posted in the channel simultaneously making it difficult to organize them and resulting in vertical growth of a channel.

We're excited to announce threaded notifications in the Microsoft Teams app for Azure Boards, Azure Pipelines and Azure Repos. Now, all notifications related to a pipeline, work item or pull request will be threaded together to better organize notifications and provide a compact view of timeline and latest status.

Note

You won't need to make any changes to start using this feature.

Here all notifications related to a the pull request are threaded together in the Azure Repos app for Microsoft Teams.

Badge

Badge

Delete bulk subscriptions created in a Microsoft Teams or Slack channel

Currently, you can create bulk subscriptions in the Azure Pipelines and Azure Repos app for Microsoft Teams and Slack. Now, you can quickly delete all the subscriptions created for individual pipelines or repositories in a channel. You can use the unsubscribe all command to delete all subscriptions in a channel for a given project. For more details, see the documentation here.

To delete all the subscriptions in a channel for a given project in the Azure Pipelines app for Microsoft Teams use the following command.

@azure pipelines unsubscribe all https://dev.azure.com/myorg/myproject

Azure Pipelines

Use pipeline decorators to inject steps automatically in a deployment job

You can now add pipeline decorators to deployment jobs. You can have any custom step (e.g. vulnerability scanner) auto-injected to every life cycle hook execution of every deployment job. Since pipeline decorators can be applied to all pipelines in an organization, this can be leveraged as part of enforcing safe deployment practices.

In addition, deployment jobs can be run as a container job along with services side-car if defined.

Allow repository references to other Azure Repos organizations

Previously, when you referenced repositories in a YAML pipeline, all Azure Repos repositories had to be in the same organization as the pipeline. Now, you can point to repositories in other organizations using a service connection. For example:

resources:
  repositories:
  - repository: otherrepo
    name: ProjectName/RepoName
    endpoint: MyServiceConnection
steps:
- checkout: self
- checkout: otherrepo

MyServiceConnection points to another Azure DevOps organization and has credentials which can access the repository in another project. Both repos, self and otherrepo, will end up checked out.

Important

MyServiceConnection must be an Azure Repos / Team Foundation Server service connection, see the picture below.

Badge

Step targeting and command isolation

Azure Pipelines supports running jobs either in containers or on the agent host. Previously, an entire job was set to one of those two targets. Now, individual steps (tasks or scripts) can run on the target you choose. Steps may also target other containers, so a pipeline could run each step in a specialized, purpose-built container.

Note

This feature is in public preview. If you have any feedback or questions about this feature, let us know in the Developer Community.

Containers can act as isolation boundaries, preventing code from making unexpected changes on the host machine. The way steps communicate with and access services from the agent is not affected by isolating steps in a container. Therefore, we're also introducing a command restriction mode which you can use with step targets. Turning this on will restrict the services a step can request from the agent. It will no longer be able to attach logs, upload artifacts, and certain other operations.

Here's a comprehensive example, showing running steps on the host in a job container, and in another container:

resources:
  containers:
  - container: python
    image: python:3.8
  - container: node
    image: node:13.2

jobs:
- job: example
  container: python

  steps:
  - script: echo Running in the job container

  - script: echo Running on the host
    target: host

  - script: echo Running in another container, in restricted commands mode
    target:
      container: node
      commands: restricted

Builds and releases auditing

We're happy to let you know that Release and Pipeline events are now available in the audit logs. These events can be accessed from Organization Settings -> Auditing.

The following events are available now:

  • Agent pool - create, delete, adding an agent (private agents) and removing and agent
  • Service Connection - execution, create, delete, and update
  • Variable Group - create, delete and update
  • Release - deleted, approval completed and definition update
  • RM stage completed
  • Deployment job completed

Enhancements to evaluate artifacts checks policy in pipelines

We've enhanced the evaluate artifact check to make it easier to add policies from a list of out of the box policy definitions. The policy definition will be generated automatically and added to the check configuration which can be updated if needed.

Badge

Badge

Next steps

Note

These features will roll out over the next two to three weeks.

Head over to Azure DevOps and take a look.

Feedback

We would love to hear what you think about these features. Use the help menu to report a problem or provide a suggestion.

Make a suggestion

You can also get advice and your questions answered by the community on Stack Overflow.

Thanks,

Roopesh Nair