Use gates and approvals to control your deployment

Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019

By using a combination of manual deployment approvals, gates, and manual intervention in your release pipeline, you can quickly and easily configure your deployment to meet all the specific pre-deployment requirements for your workflow.

In this tutorial, you will learn about:

  • Pre-deployment gates
  • Manual intervention
  • Manual validation
  • Deployment logs

Prerequisites

Set up gates

You can use gates to ensure that the release pipeline meets specific criteria before deployment without requiring user intervention.

  1. Select Pipelines > Releases, and then select your release pipeline. Select Edit to open the pipeline editor.

    A screenshot showing the edit button for release pipelines.

  2. Select the pre-deployment icon for your stage, and then select the toggle button to enable Gates.

    A screenshot showing how to enable gates.

  3. Specify the delay time before the added gates are evaluated. This time is to allow gate functions to initialize and stabilize before returning results.

    A screenshot showing how to set the delay time for pre-deployment gates.

  4. Select Add, and then select Query Work Items.

    A screenshot showing how to add a Query work items task.

  5. Select an existing work item query from the dropdown menu. Depending on how many work items you expect the query to return, set your maximum and minimum thresholds.

    A screenshot showing how to configure the Query Work Items task.

  6. Select the Evaluation options section, and then specify the timeout and sampling interval. The minimum values you can specify are 6-minutes timeout and 5-minutes sampling interval.

    A screenshot showing how to configure the evaluation options for the query work items task.

  7. Select Save when you're done.

    A screenshot showing how to save a release pipeline.

Set up manual intervention

Depending on the scenario, sometimes you may need to add manual intervention to your release pipeline. You can do this by adding the Manual Intervention task to your pipeline.

  1. Select Pipelines > Releases. Select your release pipeline, and then select Tasks and choose your stage.

    A screenshot showing how to navigate to stage tasks in a release pipeline.

  2. Select the ellipses (...), and then select Add an agentless job.

    A screenshot showing how to add an agentless job.

  3. Drag and drop the agentless job to the top of your deployment process. Select the (+) sign, and then select Add the Manual Intervention task.

    A screenshot showing how to add the manual intervention task.

  4. Enter a Display name and the instructions that will be displayed when the task is triggered. You can also specify a list of users to be notified and a timeout action (reject or resume) if no intervention occurred within the timeout period.

    A screenshot showing how to configure the Manual Intervention task.

  5. Select Save when you're done.

Note

The Manual Intervention task can only be used in an agentless job.

Set up manual validation

You can use the Manual Validation task in your YAML pipeline to pause and wait for manual approval. Manual validation is especially useful in scenarios where you want to validate configuration settings or build packages before starting a computation-intensive job.

The waitForValidation job pauses the run and triggers a UI prompt to review and validate the task. The email addresses listed in notifyUsers receive a notification to approve or deny the pipeline run.

A screenshot showing the manual validation prompt.

pool: 
   vmImage: ubuntu-latest

jobs:
- job: waitForValidation
  displayName: Wait for external validation  
  pool: server    
  timeoutInMinutes: 4320 # job times out in 3 days
  steps:   
   - task: ManualValidation@0
     timeoutInMinutes: 1440 # task times out in 1 day
     inputs:
         notifyUsers: |
            someone@example.com
         instructions: 'Please validate the build configuration and resume'
         onTimeout: 'resume'

View deployment logs

Deployment logs are useful to debug deployment issues but you can also use them to audit your pipeline runs and verify approvals and how they were granted and by whom.

  1. Select Pipelines > Releases, and then select your release pipeline.

    A screenshot showing a list of release definitions.

  2. This view will show you a live status of each stage in your pipeline. The QA stage in this example is pending intervention. Select Resume.

    A screenshot showing the QA stage pending intervention.

  3. Enter your comment, and then select Resume.

    A screenshot showing how to respond to a pending manual intervention request.

  4. The QA stage deployment succeeded and the pre-deployment approvals are triggered for the Production stage.

    A screenshot showing pre-deployment approval triggered for the next stage.

  5. Select Approve, enter your comment and then select Approve to continue deployment.

    A screenshot showing how to respond to a pending approval request.

  6. The live status indicates that the gates are being processed for the Production stage before the release continues.

    A screenshot showing production processing gates.

  7. Return to your release pipeline, hover over your stage and then select Logs to view the deployment logs.

    A screenshot showing how access deployment logs.