Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

[Azure DevOps] Add an Approval Workflow for Your Pipelines

  • May 24, 2022
  • 5 min read
Cloud and Virtualization Architect. Florent is specializing in public, hybrid, and private cloud technologies. He is a Microsoft MVP in Cloud and Datacenter Management and an MCSE in Private Cloud.
Cloud and Virtualization Architect. Florent is specializing in public, hybrid, and private cloud technologies. He is a Microsoft MVP in Cloud and Datacenter Management and an MCSE in Private Cloud.


One of the great features of Azure DevOps is the possibility to automate deployment of Apps, Azure Resources, etc. via Azure Pipelines.

You can create your own script, your own pipeline, and give the possibility to a team, for example, to deploy resources, just with this Azure Pipelines, and without having any rights on the Azure Platform.

Some resources in Azure can cost a lot, like GPU VM for example.

So, in this case, something that you can do, is to put an approval workflow. When someone will deploy a resource, the approver will receive an email, and can approve/decline.

In my example, I created a simple script to deploy a resource group:

This CLI script will be called from the Azure Pipeline. Create the following yaml file, to create the pipeline later:

For the azureSubscription, choose the service connection that has rights on the Azure Subscription.For the name, in resources, you need to put the project followed by the name of the Git repo where the script is located.

And, the name of the script. When it is done, you should have something like this:

Azure Pipelines

In Pipelines > Environments create a new environment. On the 3 dots, click on Approvals and checks. Choose the name of one or more approvers. And options that you need:

Approvals and checks

In pipelines, import the YAML file created before:

Import the YAML file

Change the environment variable with the name of your environment that you created for the approval. Click on Run to test it. The approver will receive an email:

Click on Run

Click on Review Approval and on Review:

Review Approval

Approval

You can do what you want, and put a comment:

You can do what you want, and put a comment

The requester will receive an email, but without the comment. He needs to connect to the Azure DevOps portal to see the comment.

And, if I approve the request, the pipeline runs:

The pipeline runs

The pipeline finished without any error:

The pipeline finished without any error

The resource group has been created on Azure, with the SPN dedicated for that:

The resource group has been created on Azure

As you can see, it is very simple to keep running pipeline under control.

 

Hey! Found Florent’s article helpful? Looking to deploy a new, easy-to-manage, and cost-effective hyperconverged infrastructure?
Alex Bykovskyi
Alex Bykovskyi StarWind Virtual HCI Appliance Product Manager
Well, we can help you with this one! Building a new hyperconverged environment is a breeze with StarWind Virtual HCI Appliance (VHCA). It’s a complete hyperconverged infrastructure solution that combines hypervisor (vSphere, Hyper-V, Proxmox, or our custom version of KVM), software-defined storage (StarWind VSAN), and streamlined management tools. Interested in diving deeper into VHCA’s capabilities and features? Book your StarWind Virtual HCI Appliance demo today!