Overview of PolicyVault
PolicyVault.io is a cloud-based service that enhances the Azure DevOps experience by providing additional ways of managing and enforcing policies.
The service is currently in preview and is free to use.
What does PolicyVault do?
PolicyVault provides the following capabilities:
Pull Request Policies
- Work Item is in Query - This policy allows you to enforce that a pull request must contain work items that match a specified query. This is useful for ensuring that pull requests are associated with work items that are in a specific state, or have a specific field set. There are few very common usage examples:
- Ensure that a pull request is associated with a work item of the specific type.
- Ensure that a pull request is associated with a work item that is in the "In Progress" state.
- Ensure that a pull request is associated with a work item that has an "Assigned To" field set.
- Ensure that a pull request is associated with a work item that has an "Effort" field set.
- Work Item is not in Query - This policy allows you to enforce that a pull request must not contain work items that match a specified query. This is useful for ensuring that pull requests are not associated with work items that are in a specific state, or have a specific field set. There are few very common usage examples:
- Ensure that a pull request is not associated with a work item that is in the "New" state.
- Ensure that a pull request is not associated with a work item that has no parent, or has a parent of a specific type.
How does PolicyVault work?
PolicyVault is a cloud-based service that is integrated with Azure DevOps. It is designed to be used in conjunction with the Azure DevOps Status Check Branch policies feature.
When a pull request is created or updated, PolicyVault is notified and evaluates the pull request against the policies that have been configured. If the pull request does not meet the requirements of the policy, the corresponding quality check is marked as failed.
Use Use PolicyVault application at https://app.policyvault.io/ to fully configure integration with your Azure DevOps organization. It will install the PolicyVault Azure Devops extension, grant necessary permissions to the PolicyVault application and configure Service Hooks for your projects.
Add Pull Request Status Checks
To configure branch policies in your Azure DevOps project, follow the steps below:
- Prepare work item queries in your Azure DevOps project. You can use existing queries or create new ones. Queries can be created in the
Queries
section of your project. Story queries in the Shared Queries
folder that is accessible to all users.
- Navigate to Git repository branch policies.
- Scroll down to the
Status Checks
section and click +
sign on the right.
- Select
Enter genre/name separately
checkbox.
- Put policy identifier in the
Genre
field. See list of supported identifiers below.
- Put work item query name or id in the
Name
field. Use full name including the folder path relative to the project.
- Optionally, expand
Advanced
section and put meaningful name in the Default display name
field. That name will be displayed in the pull request status checks.
Note: You can add multiple policies to the same branch. Each policy will be evaluated separately and will be displayed as a separate status check in the pull request. You can also configure cross-repository policies for your project in https://dev.azure.com/{organization}/{project}/_settings/repositories?_a=policies
Supported policy identifiers
Table below lists supported policy identifiers and their descriptions.
Genre identifier |
Description |
PolicyVault.WorkItemQuery.NotInQuery |
Ensure that a pull request is not associated with work items that match a specified query. |
PolicyVault.WorkItemQuery.InQuery |
Ensure that a pull request is associated with work items that match a specified query. |