Using the Power Platform Build Tools w/Azure DevOps CLI – Create a pull request


Azure Pipeline | Export Solution to new branch and create pull request
Azure Pipeline | Create Pull Request

My last post demonstrated using the Power Platform Build Tools in an Azure Pipeline which downloaded a solution, extracted the files and committed them to a Git repository. While this is a great demonstration of what is possible, wouldn’t it be nice if the Azure Pipeline did what a developer might typically do?

Instead of committing directly to main, a developer might perform the following:

  • Create a feature branch from develop
  • Commit code changes to that branch
  • Push branch with all changes to remote
  • Create a pull request to review pending changes with their peers (we might have to deploy the solution to validate the PR)
  • Commit more code changes and push (based on feedback)

The YAML is very similar to what I had posted previously, I mean creating branches with Git on the command line is straight forward – GitHub Actions for Microsoft Power Platform (Preview) actually supports it out of the box with a Branch Solution action. However, it would be really cool if we could create a pull request in Azure DevOps for our new branch instead of having the click the button in the Web UI. Automation Everywhere!

Enter the Azure CLI, with the azure-devops extension.

Azure DevOps CLI

I am using the windows-latest image with this Azure Pipeline, this image already has the Azure Command Line Interface (CLI) and azure-devops extension installed so we do not have to run the following command as part of our pipeline. If you already have the Azure CLI installed, you can add the extension using the following command line.

az extension add -n azure-devops

DevOps Login

We do however have to login to Azure DevOps with the CLI, this is easy since with the YAML build the SYSTEM_ACCESSTOKEN is always exposed as a secret variable, we don’t need to set “Allow scripts to access OAuth Token” like we used to in the classic release definitions.

We need to add the following step in our pipeline to login to Azure DevOps using the Azure CLI. It also serves another important purpose of creating the environment variable AZURE_DEVOPS_EXT_PAT. Note, the CLI works with both Azure DevOps Server 2020 and Azure DevOps Services

- pwsh: $env:AZURE_DEVOPS_EXT_PAT | az devops login
  displayName: 'Login Azure DevOps Extension'
  env:
    AZURE_DEVOPS_EXT_PAT: $(System.AccessToken)

Without that environment variable you may encounter the following error when trying to run any of the azure-devops extensions in subsequent tasks.

TF400813: The user ” is not authorized to access this resource.

Default Configuration

We also need to configure our default configuration for our organization and project, I have put the following command in its own step for this example but you could combine it in a single task.

The values we require for this are already available in variables, so we can just reference them as part of our command line.

- pwsh: az devops configure --defaults organization=$env:System_TeamFoundationCollectionUri project=$env:System_TeamProject --use-git-aliases true
  displayName: 'Set default Azure DevOps organization and project'

Create Pull Request using the CLI

Now on to the fun part, creating our pull request based on our newly created Git Branch. The default output format of these commands is JSON, if you are using this on the command line you may want to specify table as it is more readable but in this particular case JSON is fine.

The first thing I want to do is verify I don’t already have a pull request for this branch. We might just be updating the code in the branch for an already existing Pull Request. I split the command over multiple lines for readability but it should be just a single line.

$pullRequest = az repos pr list 
--repository $env:Build_Repository_Name 
--source-branch 
users/$env:Build_RequestedForEmail/$env:Feature_Branch_Name | 
ConvertFrom-Json

I’m using the ConvertFrom-JSON utility to convert the JSON response from the list command to a PowerShell object which we can check whether it is $null or not.

if ($pullRequest -eq $null)
{
az repos pr create --source-branch refs/heads/users/$env:Build_RequestedForEmail/$env:Feature_Branch_Name 
--target-branch refs/heads/develop 
--repository $env:Build_Repository_Name 
--title $env:Feature_Branch_Name 
--draft true 
--reviewers $env:Pull_Request_Reviewers
}

This way if a pull request already exists in Azure DevOps for this branch, we just push the new code changes to our remote and finish, if we need a pull request we create one. I’ve added a variable for reviewer(s) so a notification is generated by Azure DevOps when the pull request is created and optional reviewer assigned.

Permissions Required

We must grant the Build Service more than read permissions (which it already has). The required permissions are:

  • Contribute
  • Contribute to pull requests
  • Create branch

You can grant that permission across the board to all of your repositories or for a particular repository. In the example below I have granted it to all of my Git repositories but that may not work for you.

You can find the Manage repositories link in the Git repository dropdown.

Azure DevOps Repos
Manage Repositories | Permissions

If you want to see the YAML for the Azure Pipeline you can head over to this public project hosted in Azure DevOps. I have some other YAML pipeline samples in that public repository also.

Thanks for reading and if you’ve any questions please leave a comment below.

About Wes MacDonald

Wes MacDonald is a DevOps Consultant for LIKE 10 INC., a DevOps Consulting firm providing premium support, guidance and services for Azure, Office 365 and Azure DevOps.

No comments yet... Be the first to leave a reply!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: