Validate Azure Pipelines with pre-commit hook
One of the most downsides of storing your pipelines in a repository is that for most CI/CD platforms you need to commit the code to the repository in order to run it. This isn’t generally a massive issue but when you are trying new things or are unsure of the syntax, it can be really frustrating as the feedback cycle is rather longer than say running a linter locally.
If you are using Github Actions, you can use act but as far as I am aware there isn’t anything like this for Azure Pipelines, enter the Azure Pipelines REST API and preview.
This method can be used to validate the yaml by using the yamlOverride parameter and passing in the new yaml, if this is combined with the pre-commit git hook, we have a seamless ish experience that will catch syntax issues on the pipeline definitions and any templates the pipeline might use, which while obviously not as good as act it’s an improvement over the commit, push, run pipeline workflow.
The pre-commit hook, can be found in this gist
This hook works by firing a request at the pipeline preview endpoint of the Azure DEVOPS REST API and it relies on having an existing configuration file, which can be generated using the pre-commit-pipelines.ps1 script, see instructions.
The validation will stop when it finds an error, which I think is the most likely use case, namely modifying a single pipeline at the time, however if you modify two or more it will stop at the first failure, thus if you have say two issues, in two different pipelines it will only flag the first issue and then once you fix it, it will flag the second one.
Finally, note that if you’ve not set an environment variable as per step 3 below, the hook will not do anything.
Installation
Pre-Requisites
- WSL Installed
- Powershell Core Installed in WSL
- .githooks directory exists
These are the steps needed to configure it.
- Generate PAT in Azure Devops, see instructions here
- Ensure that you only allow Read Permission on the build scope.
- Create AZDO_PAT variable in your .bashrc file
Add this to the bottom of your .bashrc file
export AZDO_PAT=pat generated in step 1
- Limit Permissions for .bashrc,
chmod 600 ~/.bashrc
- Configure git to use .githooks path for hooks
git config core.hooksPath .githooks
-
Create pre-commit file with no extension in .githooks directory.
-
Run pre-commit-pipelines.ps1 to populate the config file
pre-commit-pipelines.ps1 -configFile "<path to .githooks>/pipelines.csv"
Note that pre-commit expects the config file to be located in .githooks and named pipelines.csv
Pipelines Configuration File
The pre-commit-pipelines.ps1 script can be used to create a configuration file that lists all the pipelines and files, note that because I’m too lazy it lists all pipelines in the Azure DevOps Organization, which might not be desirable, e.g. you might only want to list the ones in your own project.
Anyway, run the pre-commit-pipelines.ps1 script from the scripts directory, this will generate the new configuration file if you’ve set up a token as dicussed in the installation section
The old file will be stored as pipelines.csv.bak and you can add the following line to your .gitignore file to prevent it from being committed:
*.csv.bak