1

VSTS Branch policies seems like a god-send to protect master source code from accepting branch merges without the branch passing unit tests and/or visual inspection.

This enterprise understands how it can be applied to VSTS managed Git repositories only accessible to organisation members.

We're trying to move this organisation towards sharing its work via open sourcing more work (it would be a first for us).

We don't think VSTS has the capability to be opened up to the public (not sure we are ready to open our kanban to the public view for example..at least till we are a lot more mature in processes and able to be transparent as a group, without inadvertently sharing deployment keys by accident, etc.).

We think using GitHub for facing the public would be more appropriate (open to other suggestions).

But how can we work with a public Git repository, while protecting its master branch from errors using Branch Policies? Or would we be using two repositories (one inside VSTS, and one in GitHub, and users submit merges to GitHub, and we pull in the GitHub changes...but how do we make sure they are on brnaches too?).

I'm sorry if the question is as vague as it is...we just don't know yet have enough experience, and due to this organisation's risk profile, can't easily move forward to gain experience in the first place. Catch-22. Hence the vagueness.

PS: There might be other options available, but VSTS is a given: it's an enterprise strategic decision in regards to using an ALM rather than integrating multiple services. Even if it is missing a public facing element.

halfer
  • 19,824
  • 17
  • 99
  • 186
user9314395
  • 407
  • 1
  • 4
  • 13
  • Have you get the answer which helps you solve the problem? If yes, can you mark the answer by clicking √ symbol on the left of the answer. And it will also benefit other members who meet similar questions. – Marina Liu Jul 20 '18 at 08:35

2 Answers2

1

You can not apply VSTS git repo branch policy to GitHub repo directly.

And since VSTS git repo is private repo (not as github public repo), there has access restriction for the VSTS git repo.

If you want anyone can read/contribute to your git repo, you do should host your git repo in github. And if you also want to use VSTS features (branch policy, build and release etc), you can host your git repo both in github and VSTS, and sync between github repo and VSTS git repo automatically by two CI build definitions. Detail steps as below:

1. Sync changes from github repo to VSTS git repo

Create a CI build definition -> select your GitHub repo as the build source -> Empty process -> Triggers Tab -> Enable continuous integration -> include all branches with *.

enter image description here

enter image description here

Then add a PowerShell task with below script:

if ( $(git remote) -contains 'vsts' )
{
  git remote rm vsts
  echo 'remove remote vsts'
}

git remote add vsts https://Personal%20Access%20Token:{PAT}@{account}.visualstudio.com/{project}/_git/{repo}
$branch="$(Build.SourceBranch)".replace("refs/heads/","")
git checkout $branch
git push vsts $branch

Save the build definition.

If there has new branch (such as featureA) pushed to github repo with the PR to merge featureA into master branch, then the build will be triggered to create the corresponding featureA branch on VSTS.

2. Create related pull requests on VSTS

Create related PR on VSTS based on the the PR from github. As the example above, you should create a PR in VSTS to merge featureA into master branch.

3. Validate PR by PR validation

If you want to build the changes before merging the pull request, you can add validation policy on master branch as below, so that the validation build will be triggered immediately when PR created or updated.

enter image description here

4. Merge PR and sync changes from VSTS git repo to github repo

You need to create another build definition to sync changes from VSTS git repo to github repo automatically:

Create a CI build definition -> select the VSTS git repo as source -> Empty process -> Triggers Tab -> Enable continuous integration -> include all branches with *.

enter image description here

Then add a PowerShell task with below script and save the build definition:

if ( $(git remote) -contains 'github' )
{
  git remote rm github
  echo 'remove remote github'
}


git remote add github https://username:password@github.com/username/reponame
$branch="$(Build.SourceBranch)".replace("refs/heads/","")
git checkout $branch
git push github $branch

Now after merging changes in VSTS git repo (such as merging featureA into master branch), the build will be triggered automatically. And the merged commit on master branch will be sync to github repo.

BTW: if you only want to trigger VSTS builds when pull requests are created or updated for merging into master branch, you can use only host your git repo in github and enable pull request validation in VSTS build definition.

enter image description here

Community
  • 1
  • 1
Marina Liu
  • 36,876
  • 5
  • 61
  • 74
0

The short answer is, "no, you can't apply branch policies to GitHub", but it sounds like you already knew that. That leaves you with two options: Don't use GitHub, or set up synchronization.

First, the "don't use GitHub" option: VSTS supports public projects, although your work items will be visible. You might be able to control that by removing "Read" access from a security group, but I don't recall off the top of my head whether public projects have an "anonymous" user or not.

You also won't be able to accept contributions from external sources.

Second, the "synchronize between the two" option: Set up a build definition that runs on commit and pushes the branch over to GitHub and vice versa. It's pretty clearly explained elsewhere.

Daniel Mann
  • 57,011
  • 13
  • 100
  • 120