-1

We're starting to define our deployment stages/jobs/tasks in Pipelines (as opposed to the classic "Releases") so we're able to store the whole process as YAML (Hurray source code control!). One thing I'm noticing as I review the logs, however, is a lack of anything in the logs which identifies which user clicked the environment approval or, in the case of a failed job, the retry.

We need to audit who is approving/conducting deployments. Am I supposed to look for this information somewhere other than the logs? Am I missing something obvious?

Update 1:

I'm providing this image of a pipeline which illustrates both the ability to retry failed jobs as well as have approvals before the deployment can proceed to subsequent environments. These are the actions I'm trying to audit. Screenshot of pipeline illustrating both CI and CD stages

Update 2: I've pulled the logs from the API and have not found any information in there to indicate who initiated the retry of the failed job, nor have I found information about who did the Environment's approval.

BigPigVT
  • 1,381
  • 3
  • 12
  • 20
  • Hi, in the build process of Pipelines (is considered as a Build to create an artifacts), there are only 3 states possible, Success, Warning and Error. You will not have any retry policies like in the Release (CI/CD). In need to rebuild – lupaulus May 27 '21 at 19:06
  • It is like the Github and Gitlab approach for Build system, the redeployment, approval, user actions with GUI are only available with Release/Deploy system like AzureDevOps (TFS) – lupaulus May 27 '21 at 19:09
  • @lupaulus I'm not following what you're saying. I've defined Approvals on the Environment which "pause" the deployment from going into that Environment until an approver clicks "Approve" under the "Review" form. I'm trying to identify who clicked that button. Additionally, it is possible for a job to fail and let a user click "Retry Failed Job" - I want to log who clicks that button as well. – BigPigVT May 27 '21 at 19:23
  • Yes but as Build Pipelines are dedicated to build artifacts, Release (who aren't configurable as YAML) is necessary to use system with approval and "pause". A Build pipeline can't be paused ! – lupaulus May 27 '21 at 19:30
  • I not know if Microsoft will one day make YAML based Release Pipelines. If they do it, it will be a great because YAML, can be saved outside of Azure, in case of problem on your Azure/TFS instance – lupaulus May 27 '21 at 19:38
  • @lupaulus I think you are mistaken. While it was true at one time that Pipelines were exclusively focused on build-only (CI) and Releases were focused on deployments (CD) that has started to change. For example, the documentation covers "Deployment Jobs" (https://learn.microsoft.com/en-us/azure/devops/pipelines/process/deployment-jobs?view=azure-devops) which gives us a way to manage the deployment of our code in YAML. I can post an image of our pipeline illustrating a build stage and subsequent deployment/testing stages if that would help. – BigPigVT May 27 '21 at 19:41
  • Okay, I see what you mean, with the deployment jobs in Azure, as far, I understand these jobs are for me preproduction environment, and they aren't configurable as Release Pipelines. Like I say, the Rest API *can* have the information from the approval/actions. – lupaulus May 27 '21 at 19:58

1 Answers1

1

You see who triggered the approval by clicking on "checks passed" then Approval. You'll see who did it in the right side pane. Check the images below.

enter image description here

enter image description here

Ibrahim Abdelkareem
  • 835
  • 5
  • 10
  • That's very helpful, thank you, @Ibrahim. I had clicked on the "checks passed" and seen that summary, but there was nothing on the Approval summary which looked like a link so I hadn't thought of clicking on it. – BigPigVT Jun 01 '21 at 15:35