Public/Api/ApprovalsAndChecks/CheckConfigurations/Add-AzDoPipelineBranchControl.ps1
|
function Add-AzDoPipelineBranchControl { <# .SYNOPSIS Creates a Build Validation policy on a branch .DESCRIPTION Creates a Build Validation policy on a branch .EXAMPLE $params = @{ CollectionUri = "https://dev.azure.com/contoso" ProjectName = "Project 1" ResourceType = "environment" ResourceName = "MyEnvironment" } Add-AzDoPipelineBranchControl @params Default usage .EXAMPLE $params = @{ CollectionUri = "https://dev.azure.com/contoso" ProjectName = "Project 1" ResourceType = "repository" ResourceName = "MyRepo" AllowedBranches = "refs/heads/main,refs/heads/develop" EnsureProtectionOfBranch = "true" } Add-AzDoPipelineBranchControl @params Add allowed branches and ensure branch protection .OUTPUTS [PSCustomObject]@{ CollectionUri = $CollectionUri ProjectName = $ProjectName CheckId = $_.id } .NOTES #> [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'High')] param ( # Collection Uri of the organization [Parameter(Mandatory, ValueFromPipelineByPropertyName)] [ValidateScript({ Validate-CollectionUri -CollectionUri $_ })] [string] $CollectionUri, # Project where the pipeline will be created. [Parameter(Mandatory, ValueFromPipelineByPropertyName)] [string] $ProjectName, # Name of the Build Validation policy. Default is the name of the Build Definition [Parameter()] [string] $PolicyName = "Branch Control", # The type of Azure DevOps resource to be protected by a build validation policy [Parameter(Mandatory)] [string] [ValidateSet("environment", "variablegroup", "repository")] $ResourceType, # Name of the resource to be protected by a build validation policy [Parameter(Mandatory)] [string[]] $ResourceName, # Allow deployment from branches for which protection status could not be obtained. [Parameter()] [string] $AllowUnknownStatusBranches = "false", # Setup a comma separated list of branches from which a pipeline must be run to access this resource [Parameter()] [string] $AllowedBranches = "refs/head/main", # Validate the branches being deployed are protected. [Parameter()] [string] [validateset("true", "false")] $EnsureProtectionOfBranch = "true", # Valid duration of the Build Validation policy. Default is 1440 minutes [Parameter()] [int] $Timeout = 1440 ) begin { Write-Verbose "Starting function: Add-AzDoPipelineBranchControl" } process { foreach ($name in $ResourceName) { switch ($ResourceType) { "environment" { $resourceId = (Get-AzDoEnvironment -CollectionUri $CollectionUri -ProjectName $ProjectName -EnvironmentName $name).EnvironmentId } "variablegroup" { $resourceId = (Get-AzDoVariableGroup -CollectionUri $CollectionUri -ProjectName $ProjectName -VariableGroupName $name).VariableGroupId } "repository" { $projectId = (Get-AzDoProject -CollectionUri $CollectionUri -ProjectName $ProjectName).projectId $repoId = (Get-AzDoRepo -CollectionUri $CollectionUri -ProjectName $ProjectName -RepoName $name).RepoId $resourceId = "$($projectId).$($repoId)" } } #TODO: Check if policy already exists $body = @{ type = @{ name = "Task Check" id = "fe1de3ee-a436-41b4-bb20-f6eb4cb879a7" } settings = @{ displayName = $PolicyName definitionRef = @{ id = "86b05a0c-73e6-4f7d-b3cf-e38f3b39a75b" name = "evaluatebranchProtection" version = "0.0.1" } inputs = @{ allowUnknownStatusBranches = $AllowUnknownStatusBranches allowedBranches = $AllowedBranches ensureProtectionOfBranch = $EnsureProtectionOfBranch } } timeout = $Timeout resource = @{ type = $ResourceType id = $resourceId } } $params = @{ uri = "$CollectionUri/$ProjectName/_apis/pipelines/checks/configurations" version = "7.2-preview.1" Method = "POST" body = $body } if ($PSCmdlet.ShouldProcess($ProjectName, "Create build-validation policy named: $($PSStyle.Bold)$PolicyName$($PSStyle.Reset)")) { Invoke-AzDoRestMethod @params | ForEach-Object { [PSCustomObject]@{ CollectionUri = $CollectionUri ProjectName = $ProjectName CheckId = $_.id } } } else { Write-Verbose "Calling Invoke-AzDoRestMethod with $($params| ConvertTo-Json -Depth 10)" } } } } |