Description
Permits a pipeline in Azure DevOps to Run.
Input Schema
| Property | Type | Description | Required |
|---|---|---|---|
| host | string | - | |
| token | string | - | |
| project | string | - | |
| apiVersion | string | - | |
| authorized | boolean | - | |
| pipelineId | string | - | |
| resourceId | string | - | |
| organization | string | - | |
| resourceType | string | - |
Output Schema
No output schema defined for this action.
Usage Examples
Permit a pipeline to use an Azure service connection
Grants a pipeline permission to use a service connection. Use this right after fetch:template when your pipeline needs to deploy to Azure using a specific endpoint.
steps:
- id: fetch
action: fetch:template
input:
url: ./skeleton
targetPath: ./workspace
values:
name: ${{ parameters.name }}
owner: ${{ user.entityRef }}
- id: permit-service-connection
action: azure:pipeline:permit
input:
host: https://dev.azure.com
organization: contoso
project: web-infra
apiVersion: 7.1-preview.1
authorized: true
pipelineId: ${{ parameters.pipelineId }}
resourceType: endpoint
resourceId: ${{ parameters.serviceConnectionId }}
token: ${{ secrets.azureDevOpsToken }}Revoke a pipeline’s access to a variable group
Removes a pipeline’s permission to use a variable group. Use this when tightening permissions after initial setup.
steps:
- id: fetch
action: fetch:template
input:
url: ./template
targetPath: ./app
values:
appId: ${{ parameters.appId }}
- id: revoke-variable-group
action: azure:pipeline:permit
input:
organization: fabrikam
project: payments
authorized: false
pipelineId: "${{ parameters.pipelineId }}"
resourceType: variablegroup
resourceId: "${{ parameters.variableGroupId }}"
apiVersion: 7.1-preview.1
token: ${{ secrets.azureDevOpsToken }}Permit a pipeline to use a repository resource across projects
Authorizes a pipeline to access a repository resource from another project. Use this when your pipeline checks out an external Azure Repos repository.
steps:
- id: fetch
action: fetch:template
input:
url: ./scaffold
targetPath: ./service
values:
serviceName: ${{ parameters.serviceName }}
- id: permit-repository-resource
action: azure:pipeline:permit
input:
host: https://dev.azure.com
organization: contoso
project: data-platform
authorized: true
pipelineId: "${{ parameters.pipelineId }}"
resourceType: repository
resourceId: "${{ parameters.externalRepoId }}" # repository GUID
apiVersion: 7.1-preview.1
token: ${{ secrets.azureDevOpsToken }}Permit a pipeline to deploy to an environment
Gives a pipeline permission to target a specific environment. Use this when enabling CD stages that deploy to a protected environment.
steps:
- id: fetch
action: fetch:template
input:
url: ./templates/deployment
targetPath: ./deployment
values:
env: prod-west
- id: permit-environment
action: azure:pipeline:permit
input:
organization: contoso
project: web-apps
authorized: true
pipelineId: "${{ parameters.pipelineId }}"
resourceType: environment
resourceId: "${{ parameters.environmentId }}" # environment ID
apiVersion: 7.1-preview.1
token: ${{ secrets.azureDevOpsToken }}Permit a pipeline to use a specific agent queue
Allows a pipeline to use a particular build queue. Use this when restricting pipelines to approved agent pools.
steps:
- id: fetch
action: fetch:template
input:
url: ./templates/build
targetPath: ./build
values:
runtime: node18
- id: permit-agent-queue
action: azure:pipeline:permit
input:
host: https://dev.azure.com
organization: fabrikam
project: mobile
authorized: true
pipelineId: "${{ parameters.pipelineId }}"
resourceType: queue
resourceId: "${{ parameters.queueId }}" # queue ID
apiVersion: 7.1-preview.1
token: ${{ secrets.azureDevOpsToken }}