Azure DevOps
kind: azuredevops
Description
The Azure DevOps SCM plugin is used to manage git repositories hosted on Azure DevOps. Depending on the stage, it can be used for different purposes:
condition
When used in a condition, the SCM block fetches files or metadata from the specified Azure DevOps repository.
target
When used in a target, the SCM block pushes changes to that repository.
By default, the Azure DevOps SCM uses a working branch workflow: it creates a temporary branch, commits the changes, and opens a pull request targeting the branch defined in the configuration.
Parameters
| Name | Type | Description | Required |
|---|---|---|---|
| branch | string | “branch” defines the git branch to work on. | |
| commitmessage | object | “commitMessage” is used to generate the final commit message. | |
| body | string | body defines the commit body of the commit message as defined by the conventional commit specification. More information on -> https://www.conventionalcommits.org/en/ default: none | |
| deprecatedtitle | string | DeprecatedTitle is deprecated and will be ignored. The commit title is now always generated from the target name or description. | |
| footers | string | footers defines the footer of the commit message as defined by the conventional commit specification. More information on -> https://www.conventionalcommits.org/en/ default: none | |
| hidecredit | boolean | hideCredit defines if updatecli credits should be displayed inside commit message body please consider sponsoring the Updatecli project if you want to disable credits. -> https://github.com/updatecli/updatecli default: false | |
| scope | string | scope defines the scope of the commit message as defined by the conventional commit specification. More information on -> https://www.conventionalcommits.org/en/ default: none | |
| squash | boolean | squash defines if the commit should be squashed default: false important: if squash is set to true, then it’s highly recommended to set the commit body to a meaningful value as all other commit information will be lost during the squash operation. if body is not set, then the commit title/message will be generated based on the most recent commit message of the squashed commits. The commit title is always generated from the target name or description. | |
| title | string | Title is the parsed commit message title (not configurable via YAML). The title is automatically generated from the target name or description. | |
| type | string | type defines the type of commit message such as “chore”, “fix”, “feat”, etc. as defined by the conventional commit specification. More information on -> https://www.conventionalcommits.org/en/ default:
| |
| depth | integer | Depth defines the depth used when cloning the git repository. | |
| directory | string | “directory” defines the local path where the git repository is cloned. | |
| string | “email” defines the email used to commit changes. | ||
| force | boolean | “force” is used during the git push phase to run git push --force. | |
| gpg | object | “gpg” specifies the GPG key and passphrased used for commit signing. | |
| passphrase | string | passphrase defines the gpg passphrase used to sign the commit message | |
| signingkey | string | signingKey defines the gpg key used to sign the commit message | |
| organization | string | Organization defines the Azure DevOps organization URL to interact with. | |
| project | string | “project” defines the Azure DevOps project containing the repository. | |
| repository | string | “repository” defines the Azure DevOps repository name. | |
| submodules | boolean | “submodules” defines if Updatecli should checkout submodules. | |
| token | string | “token” specifies the personal access token used to authenticate with Azure DevOps. | |
| url | string | “url” defines the Azure DevOps organization URL to interact with. | |
| user | string | “user” specifies the user associated with new git commit messages created by Updatecli. | |
| username | string | “username” defines the username used for git authentication. | |
| workingbranch | boolean | “workingBranch” defines if Updatecli should use a temporary branch to work on. | |
| workingbranchprefix | string | WorkingBranchPrefix defines the prefix used to create a working branch. | |
| workingbranchseparator | string | WorkingBranchSeparator defines the separator used to create a working branch. |
Authentication
Updatecli supports Personal Access Token (PAT) authentication for interacting with Azure DevOps. You can authenticate using environment variables or directly in your manifest.
1. Personal Access Token via Environment Variables
Set the following environment variables to enable PAT authentication:
UPDATECLI_AZURE_DEVOPS_TOKEN: Your Azure DevOps Personal Access TokenUPDATECLI_AZURE_DEVOPS_USERNAME: Your Azure DevOps username
Example:
export UPDATECLI_AZURE_DEVOPS_TOKEN="your-pat-token"
export UPDATECLI_AZURE_DEVOPS_USERNAME="your-username"Note | When these variables are set, Updatecli will use them for all Azure DevOps operations. |
2. Personal Access Token via Manifest
You can specify your Personal Access Token directly in your Updatecli manifest under the spec.token and spec.username fields:
scms:
default:
kind: azuredevops
spec:
organization: myorg
project: myproject
repository: myrepo
token: "{{ requiredEnv `UPDATECLI_AZURE_DEVOPS_TOKEN` }}"
username: "{{ requiredEnv `UPDATECLI_AZURE_DEVOPS_USERNAME` }}"Warning | For security reasons, it is recommended to use environment variables or secret management tools (like SOPS) instead of hardcoding tokens in your manifest. |
Precedence and Fallback
Updatecli will use the first valid authentication method it finds, in the following order:
Personal Access Token via environment variables
Personal Access Token via manifest
If no valid authentication is found, Updatecli will fail with an error.
Further Reading
Tip: For best security and maintainability, prefer using environment variables for authentication, and avoid hardcoding secrets in your manifests.
CommitMessage
Updatecli uses conventional commits as describe on www.conventionnalcommits.org.
The goal is to add human and machine readable meaning to commit messages
By default, Updatecli generates a commit message using the default type "chore" and split long title message into the body like:
Author: olblak <updatecli@updatecli.io>
Date: Tue May 4 15:41:44 2021 +0200
chore: Update key "dependencies[0].version" from file "charts/jenkins/r...
... equirements.yaml"
Made with ❤️️ by updatecliExample
This pipeline automatically updates the Golang version in an Azure DevOps repository. Updatecli retrieves the latest matching Golang version and opens a pull request that updates the build workflow file accordingly. It creates the pull request on a temporary working branch, following the Azure DevOps workflow.
# updatecli.yaml
name: Update a file and open an Azure DevOps Pull Request
scms:
default:
kind: azuredevops
spec:
organization: myorg
project: myproject
repository: myrepo
branch: main
token: '{{ requiredEnv "UPDATECLI_AZURE_DEVOPS_TOKEN" }}'
username: '{{ requiredEnv "UPDATECLI_AZURE_DEVOPS_USERNAME" }}'
user: updatecli
email: updatecli@example.com
sources:
golang:
name: Get the latest Golang version
kind: golang
spec:
versionfilter:
kind: semver
pattern: "1.24.x"
targets:
golang-version:
name: 'deps(golang): Bump Golang version to {{ source "golang" }}'
kind: yaml
scmid: default
spec:
file: .github/workflows/*.yaml
key: '$.jobs.build.steps[?(@.uses =~ /^actions\/setup-go/)].with.go-version'
searchpattern: true
actions:
default:
kind: azuredevops/pullrequest
scmid: default
spec:
title: 'deps(golang): Bump Golang version'