When setting up these YAML environments in Azure DevOps, a critical aspect is the usage of checks and approvals which serve to heighten control, decrease risk and provide an overall more robust and failsafe CI/CD pipeline.
Understanding YAML
Before diving into the intricacies of YAML checks and approvals, let’s have a brief refresher on the basics of YAML. YAML is a human-friendly data serialization standard often used to write configuration files for the deployment of applications and services in various environments. For instance, in Azure DevOps, the azure-pipelines.yml file is used to control your build and release pipelines.
Why Use Checks And Approvals For YAML environments?
In an Azure pipeline, deploying to different environments often demands varying approval workflows and checks even for artifacts produced from the same pipeline. For instance, deploying to a development environment usually does not require approvals. However, promoting to a production environment might need an exhaustive set of checks and approvals.
YAML Checks And Approvals In Azure Solutions Design
In Azure DevOps, YAML checks and approvals can be set up for each individual environment. Checks ensure that certain conditions are met and that checks are passed before the pipeline run is allowed to deploy to an environment. Approvals in contrast, are types of checks that pause the pipeline run until a user approves or rejects the deployment.
Here’s how we can set up checks and approvals for YAML environments in Azure DevOps:
Step 1: Define An Environment
First up, an environment needs to be defined in your pipeline which will represent the scope for deployment targets (like Kubernetes namespaces, Azure web apps, virtual machines etc.). Here’s how you can define an environment:
variables:
- name: vmImageName
value: 'ubuntu-latest'
stages:
- stage: deploy
jobs:
- deployment: Production
environment: 'production'
pool:
vmImage: $(vmImageName)
In the above example, an environment named ‘production’ is being declared.
Step 2: Setup Approvals
After the environment is defined, approvals can be configured to control deployments. Approvals cause the pipeline to pause before starting a deployment job.
environments:
- name: production
approvals:
- check:
type: Manual
approvers:
- user:
id: user1@contoso.com
timeout: 72
In the above example, a manual check in form of approval has been defined. The pipeline pauses before starting the deployment job until user1@contoso.com provides approval.
Step 3: Implement Checks
Checks are certain validations that have to be passed before the deployment can begin. Here is how checks are typically set up:
resources:
environments:
- environment: production
type: VmImage
checks:
- name: Check1
type: manualCheck
properties:
evaluationOptions:
timeout: 72
In the above example, a check named Check1 is defined for the production environment. This check is a manual one with a timeout of 72 hours.
Conclusion
In conclusion, checks and approvals in YAML environments facilitate more control and governance in an Azure DevOps pipeline. They ensure that deployments to critical environments pass necessary validations and receive requisite approvals, thereby reducing potential risks.
Practice Test
True or False: YAML can only be used to configure DevOps tasks but not to design and implement checks and approvals.
- True
- False
Answer: False
Explanation: YAML is widely used in DevOps for defining and configuring tasks including the design and implementation of checks and approvals.
What does YAML stand for?
- a) Yet Another Markup Language
- b) YAML Ain’t Markup Language
- c) Yet Another Machine Language
- d) Your Application Markup Language
Answer: b) YAML Ain’t Markup Language
Explanation: YAML stands for YAML Ain’t Markup Language. It’s a human friendly data serialization standard for all programming languages.
True or False: In YAML environment, each deployment job can have its own checks and approvals.
- True
- False
Answer: True
Explanation: Each deployment job in YAML can have its own specific checks and approvals. This allows for a very granular control of releases into different environments.
Who can approve the run for deployments in AZ-400 Microsoft DevOps Solution?
- a) Only the developer
- b) Only the project manager
- c) Any authorized personnel
- d) Only the client
Answer: c) Any authorized personnel
Explanation: Any person with appropriate permissions or who is part of the approval group can approve the run for deployments.
Is it mandatory to specify an environment in a YAML pipeline?
- True
- False
Answer: False
Explanation: It is not mandatory to specify an environment in a YAML pipeline. However, doing so provides additional functionalities such as history, tracking, and logs of all deployments in an environment.
The YAML environment refers to a collection of resources that can be targeted by deployments from a pipeline. True or false?
- True
- False
Answer: True
Explanation: An environment is indeed a collection of resources that a pipeline can deploy to.
A specific deployment sequence is required when using YAML pipelines. True or false?
- True
- False
Answer: False
Explanation: YAML pipelines do not enforce a specific deployment sequence. It depends on either the requirements or the configuration you set in checks and approvals.
Which of the following is not a benefit of using YAML environments?
- a) Audit trail of deployments for each environment
- b) Grouping of resources
- c) Rigorous control over the deployment flow
- d) Elimination of the need for testing
Answer: d) Elimination of the need for testing
Explanation: While YAML environments provide control, audit trails and resource grouping, they do not eliminate the need for rigorous testing to ensure quality before deployment.
Can checks and approvals be skipped in a YAML environment in the Azure DevOps?
- True
- False
Answer: True
Explanation: Checks and approvals are not mandatory and can be skipped in a YAML environment. However, they provide extra layers of validation and security to deployments.
True or False: YAML pipelines in Microsoft Azure DevOps allow you to define, execute, and version your CI/CD pipelines as code.
- True
- False
Answer: True
Explanation: YAML pipelines indeed allow you to define, execute, and version your CI/CD pipelines as code, providing you with various benefits like source control for your pipelines and pull request workflows for pipeline edits.
Interview Questions
What is the purpose of checks and approvals in YAML environments while implementing DevOps Solutions?
Checks and approvals offer a higher level of control over deployment pipelines. These controls protect the stability of specific environments and prevent unauthorized changes.
How can you ensure approvals take place before deployment within a YAML pipeline?
Approval checks can be set within the environment section of the YAML pipeline. This environment is associated with a group or person to approve any deployments to the specific environment.
What permissions does a user need to approve a deployment within a YAML environment?
The user needs to have ‘Environment – Approver’ permission for the specific environment.
How can you implement checks in YAML environments?
You can specify approvals before deployment as checks in the environment section of the YAML pipeline. This can include a pre-deployment approval or a health check probe.
What does a health check within a YAML environment do?
A health check validates the response from the target‘s specific endpoints. It ensures that an application is running and healthy based on the HTTP codes returned.
Is it possible to set multiple approvers for an environment in YAML?
Yes, you can add multiple approvers, and you have the option to choose whether all or any approver’s permission is needed for deployment.
Are there timeout limits for approvals in YAML environments?
Yes, this ensures that an approval request doesn’t hang indefinitely. The default time limit can be adjusted as per the project requirements.
How are approval notifications delivered to the approvers?
Approval notifications are delivered to the approvers via email, providing a direct link to the approval request.
What happens if an approval is not granted within the specified timeout in the YAML pipeline?
If an approval is not granted within the specified timeout period, the deployment will be cancelled, and the pipeline run will fail.
What is the role of Azure Policy Compliance checks in YAML environment?
Azure Policy Compliance checks validate whether the environment is compliant with Azure policies before the deployment stage. Policies can be defined as per organizational requirements to maintain compliance.
How to specify branch policies as checks in YAML environments?
Branch policies can be added via the ‘checks’ tab under the environment section in the pipeline. This ensures any updates to the branch are checked and approved before triggering the pipeline.
What is the benefit of using the ‘template’ keyword in YAML environment?
‘Template’ keyword is used to provide a common sequence of steps that can be reused multiple times within a pipeline. This helps to maintain code consistency and reduces redundancy.
How can we ensure that specific environments in YAML pipeline are not deleted by any user?
By applying environment restrictions, a user can be prevented from deleting a specific environment.
Is it possible to remove or bypass checks from a YAML pipeline?
Yes, you can remove or bypass checks from a YAML pipeline but this is generally not recommended as it can increase the risk of errors or non-compliant deployments.
Are there any restrictions on naming Conventions for an environment in a YAML pipeline?
Yes, an environment name must start with a letter, be between 2 to 128 characters in length, and may only consist of letters, digits or hyphens.
extutorials.com