On Azure DevOps Server 2019, how can I merge the master branch into develop branch WITHOUT its policies being applied?

Question

On a NuGet library, I'm using the develop branch as the continuous integration branch. I've set policies on it so that no pull request can be approved without it being built. Furthermore, any successful merge will cause a CI build to run and eventually a prerelease NuGet package will be created and pushed within a private NuGet feed.

When I'm satisfied with the prerelease behavior, I create an additional PR to merge develop into master, which in turn causes a CD build to be started, that will lead to a production release of the NuGet package.

Here's the thing though: it may happen that I'll want to create a hotfix branch straight from master, make some changes and then make a new PR of that branch straight back to master. This will launch the usual CD pipelines and cause a new release in production (with an incremented patch number).

The thing is though that I'll want to merge master back into develop thereafter, which right now creates a new prerelease version (which is irrelevant at this point).

Do I have a way to tell Azure DevOps that in the special case of master being merged back into develop, branch policies should be skipped? Do I even have to make a PR from master to develop, when really all I want to do is merging a previously approved PR from hotfix to master!?

Any advice is welcome.

Answer 1

how can I merge the master branch into develop branch WITHOUT its policies being applied?

As we know, branch policies is used to protect the target branch. Once we have set up the branch policies on the target branch and enable it, any changes submitted to the target branch will trigger the branch policies.

So, there is no such out of box way to merge the master branch into develop branch WITHOUT its policies being applied. As workaround, we could set the option Bypass policies when completing pull requests to Allow, Branches->develop->Branch Security:

With this settings, this specify user could merge the master branch into develop branch WITHOUT its policies being applied.

Do I have a way to tell Azure DevOps that in the special case of master being merged back into develop, branch policies should be skipped?

Just like I answered above, we could not bypass the branch policies for the special case, because we could not defined the bypass rule for each special case. But we could provided the bypass rule for some specify users.

Do I even have to make a PR from master to develop, when really all I want to do is merging a previously approved PR from hotfix to master!?

The short answer is no.

Let me give a sketch:

On your case, when you have a hotfix branch based on the master branch. After we complete the development task on the hotfix branch, we will merge hotfix to the master branch. Before we complete the PR, we need to pass the branch policies we set on the master branch.

Then we need to marge back master branch into develop. You want to bypass the branch policies on the develop, because we have already PR the hotfix commit when we marge to the master branch, am I right?

If yes, this depends on whether the branch policies on the master and develop branches are the same (or higher) to determine whether you need to make a PR from master to develop.

As mentioned above, branch policies is used to protect the target branch. If branch policies on the master and develop branches are the same, we could bypass the branch policies on the develop branches. However, if branch policies on the master and develop branches are different, we still need make a PR from master to develop to protect the develop branch, even though we have already completed the merge of the hotfix to the master branch.

In summary, when we set master branch as the main branch and the master branch set the branch policies of the highest specification, we could merge master to develop branch without PR, when really all I want to do is merging a previously approved PR from hotfix to master!

Hope this helps.