0

I am using build pipelines and release pipelines to manage AWS infrastructure.

The build pipeline runs tests on the code to ensure the code meets certain standards.

The release pipeline spins up a temporary environment and runs integration tests.

I want to configure the release pipeline so that if the integration tests fail, it marks the particular build it used as failed. So that if someone were to trigger the release pipeline again, it would use the most recent successful build, not the one it just used.

I've tried to achieve this by adding a tag to the build run at the build run state, either of "succeeded" if the build pipeline tests or "failed" if the build pipeline fails.

Then the release pipeline is configured to use the artifact from the latest build which is marked as "succeeded".

The intention was that if the integration tests in the release pipeline fail, there is a step which removes the "succeeded" tag from the that build run and replaces it with "failed".

However, I can't find a way of automatically changing those tags as part of the release pipeline. Is there a way? Am I approaching this from the wrong angle?

I have a build pipeline that tags the run as "succeeded" if tests are passed, and "failed" if tests do not pass.

If the build is successful, the release pipeline spins up some infrastructure, deploys the build, and then runs integration tests.

If those tests fail, I'd like the pipeline to remove the "succeeded" tag from the run that it took the artifact from, and to add a "failed" tag.

The only documentation I've found is here, but this looks like it's referring to a different type of tag.

Is there a way of doing it from the release pipeline?

Dicky Moore
  • 956
  • 3
  • 10
  • 32
  • 1
    Just to clarify, are you wanting to tag a build or update the tags of a build from a release? If so, you should be able to pass in the "Allow scripts to access OAuth token" from the agent job of the release and call the build API. Or are you wanting to update a release? – m00nbeam360.0 Sep 03 '19 at 17:59
  • Do you mean to build tag or to the build status? – Shayki Abramczyk Sep 04 '19 at 05:16
  • Thanks for your comments. I've rephrased the question to make my intentions clearer. The "Allow scripts to access OAuth token" is interesting and could prove to be very useful. – Dicky Moore Sep 04 '19 at 09:31

2 Answers2

1

You're close. If you want to update a build tag (or call the REST API in general) from a release pipeline, you will want to enable the "Allow scripts to access OAuth token" checkbox in the agent job. (https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&tabs=classic) This will pass in a security token that you can reference using $System.AccessToken.

Then, you'll want to delete the succeeded tag, and then add the failed tag using the REST API. Haven't tested this with build tags but since it's documented then it should work. You can also test this manually by using something like Postman and using a PAT.

Potentially something like (in PowerShell): 

$accessToken = $env:SYSTEM_ACCESSTOKEN

# Get the build ID for the artifact, note that you need the alias already

$buildId = $env:RELEASE_ARTIFACTS_{alias}_BUILDID

$deleteSucceededTagUri = "https://dev.azure.com/{organization}/{project}/_apis/build/builds/$($buildId)/tags/succeeded?api-version=5.1"

# Delete the succeeded tag
$response = Invoke-RestMethod -Method DELETE -Uri $deleteSucceededTagUri -Headers @{ Authorization = "Bearer $($accessToken)" }

$addFailedTagUri = "https://dev.azure.com/{organization}/{project}/_apis/build/builds/$($buildId)/tags/failed?api-version=5.1"

# Add the failed tag
$response = Invoke-RestMethod -Method PUT -Uri $addFailedTagUri -Headers @{ Authorization = "Bearer $($accessToken)" }

You can also write this in a different language but the theory should be the same.

Also link for release variables: https://learn.microsoft.com/en-us/azure/devops/pipelines/release/variables?view=azure-devops&tabs=batch

Dicky Moore
  • 956
  • 3
  • 10
  • 32
m00nbeam360.0
  • 1,342
  • 1
  • 13
  • 26
0

Remove tag from run in Azure Pipelines

According to the description about Tag, I assume the Tag you mentioned should not same with the one which mentioned in this doc, what you mentioned is like the pic shown below?

enter image description here

If this is the "tag" you mentioned and want a way to modify it, need to say sorry, these "tags" could not be changed directly with manual. It is the status of pipeline which depend on the current pipeline result status.

Use release pipeline as example:

The "tag" displayed depends on the parameter DeploymentStatus value of API result. And also, the logic of it is use API to get the deploymentstatus value of current release. And then, pass and combine this status value with CSS/JS files. This is what you saw from UI page.

So, the "tags" of pipeline could not be modified directly after the test executed independently. As workaround, you can execute a build to trigger the pipeline and control its result through the test result. See this ticket example: how to fail build when published Tests fail

Mengdi Liang
  • 17,577
  • 2
  • 28
  • 35
  • It would be useful to edit that "tag" but it's not the end of the world if it's not that one - at the moment these are extra tags that I'm applying to the build run. But what I want to do is be able to update those build run tags from the release pipeline. – Dicky Moore Sep 04 '19 at 09:33
  • You could not directly update them since they has been fixed depend on the build result. What you can do is read the test result trigger the build to fail by outputting an error/pass message in release. – Mengdi Liang Sep 04 '19 at 09:41
  • I think that's what I want to do - read the test result and set the build to fail by outputting a message in the release. How do I do that? – Dicky Moore Sep 04 '19 at 10:16
  • Does this sample in the link: https://stackoverflow.com/questions/44842693/tfs-2017-how-to-fail-build-when-published-tests-fail could help you? Feel free to let me know whether it can achieve what you want. – Mengdi Liang Sep 04 '19 at 10:19
  • The issue with that is that it will only mark the current build run or current release run as failed. What I'm looking to do is mark a build run as failed from a failing release run. – Dicky Moore Sep 04 '19 at 10:21
  • @DickyMoore You can use powershell and api to get the test result, use it trigger a build and control its result still with api – Mengdi Liang Sep 04 '19 at 16:21