Probot for Azure Pipelines (probot-azure-pipelines)

A GitHub App for Azure Pipelines built with Probot.

If you have GitHub repositories that store your code, and Azure Pipelines build that perform continuous integration (CI) builds for validating pull requests, then this app enables project contributors to requeue pull requests builds just by typing /rebuild as a pull request comment.

This is useful if you have occasionally flaky tests or infrastructure, and it allows project contributors to requeue a build right from GitHub. This lets you provide access to requeue a build without necessarily providing people broader access to the build definition in Azure Pipelines.

Note that /rebuild is limited to project contributors on GitHub (people listed in the contributors group, or who are part of a team for this repository).

Installation

Since this application will need access to queue builds on your behalf in Azure Pipelines, you will need to set up your own instance of this application. There's no publicly available GitHub App instance that you can just install.

Create a GitHub App

You'll need to Create a new GitHub App for your installation. Most of the settings are straightforward, but there are three important considerations:

• Webhook URL: This is the URL of your deployed application. If you're deploying to Azure, for example, this will be my-azure-pipelines-build-app.azurewebsites.net.
• Webhook secret: Create a secret key of random data that will be used to authenticate to your application.
• Private key: Generate a new private key and save it to disk.

Make sure that this application is private since it will have access to your Azure Pipelines account, and the ability to queue builds on your behalf.

Create an Azure DevOps Personal Access Token

A Personal Access Token (PAT) allows you to provide this app the ability to queue builds on your behalf. In the Azure DevOps portal, select your settings in the upper right and select Security.

In the Personal Access Token section, click "Add" to create a new PAT. Give it a description that is memorable, like "probot-azure-pipelines".

In "Authorized Scopes", change the option to selected scopes, then select "Build (read and execute)". Limiting the scope of an access token is always good security posture.

Finally, save your new PAT in your password manager of choice. You'll need it again for deployment.

Deploying to Azure using Azure Pipelines

It's easy to deploy this to an Azure app service running node.js on Linux. (Make sure you're using node.js 8.9 or newer.)

1. Fork this repository on GitHub.

2. Set up a new Azure Pipelines build definition:

   1. Location: GitHub
   2. Repository: Select your fork of probot-azure-pipelines
   3. Template: Use the suggested Node.js-based build
   4. Run: Queue a build

3. Set up a new Azure Pipelines release definition:

   1. Create an Azure App Service Deployment
   2. Add an artifact: select the build artifact produced by your build pipeline
   3. Select your stage, and select the stage tasks. You'll be prompted to enter your Azure subscription and app service name. Change the App type to "Linux App" and select your app service name.

4. In the Azure portal, set up the configuration for your application. In application settings, set:

   • APP_ID: the ID of your GitHub App

   • WEBHOOK_SECRET: the secret key for your GitHub App

   • PRIVATE_KEY: the private key file you downloaded when creating your GitHub App.

     Note that the private key is in PEM format, so it spans multiple lines. This environment variable needs to be on a single line. Remove the line breaks and replace them with a backslash (\) followed by an n. Probot will find a literal \n and replace it with newlines. You can achieve this with Perl:

     perl -pe 's/\n/\\n/' < pemfile

   • AZURE_DEVOPS_URL: the URL of the Azure DevOps account that contains the builds that are queued for your GitHub repository.

   • AZURE_DEVOPS_PAT: your Personal Access Token

Deploy Manually

If you don't want to set up a Azure Pipelines build and release definition into Azure, you can also build and run this application manually.

To download and build the latest release of this application:

git clone --branch latest https://github.com/ethomson/probot-azure-pipelines
cd probot-azure-pipelines
npm build

Refer to the Probot Deployment Guide for setting up your deployment. This is a standard Probot app, but does require two custom environment variables:

• AZURE_DEVOPS_URL: the URL of the Azure DevOps account that contains the builds that are queued for your GitHub repository.
• AZURE_DEVOPS_PAT: your Personal Access Token

Install for Your Repositories

In the GitHub settings page for your account (or the organization that you created the GitHub App in), navigate to the GitHub App settings. Then just click install on the app. Authorize it for all your repositories, or each repository individually.

Now when you type /rebuild on a pull request, it should queue a rebuild.

License

Copyright (c) Edward Thomson. All rights reserved. Available under the MIT license.