如何限制Azure DevOps存储库中的开发人员对build.yml文件的访问 [英] how to restrict the access on build.yml file from developers in Azure DevOps repository

问题描述

在Azure DevOps中，我们使用经典方式创建了构建和发布管道，现在我们计划将其转换为yaml文件.

In Azure DevOps we have created both build and release pipeline using classic way and now we are planning this to convert to yaml file.

但是在yaml方法中，似乎只能将代码放在存储库的根目录中，在该目录中，我们希望将构建yaml文件保存在单独的存储库中，开发人员无法访问.

But it seems in yaml method, the code can be put only on the root of the repo, where we want to keep the build yaml files in a separate repo, where the developers won't have access.

如何实现呢?

推荐答案

您可以使用

You can use templates, put in the main repo only the minimal yalm that refers to a template with all the steps, the template exits in another repo.

例如，您的主仓库 yaml :

resources:
  repositories:
    - repository: templates
      type: git
      name: Contoso/BuildTemplates

jobs:
- template: common.yml@templates  # Template reference

在回购中:Contoso/BuildTemplates将完整的 yaml :

In in the repo: Contoso/BuildTemplates put the full yaml:

# Repo: Contoso/BuildTemplates
# File: common.yml
parameters:
  vmImage: 'ubuntu 16.04'

jobs:
- job: Build
  pool:
    vmImage: ${{ parameters.vmImage }}
  steps:
  - script: npm install
  - script: npm test

限制对第二个存储库的访问(除非代理管道用户).

Restrict the access to the second repo (unless the agent pipeline user).

阅读这里有关资源的更多信息.

Read here more info about the resources.

这篇关于如何限制Azure DevOps存储库中的开发人员对build.yml文件的访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！