Open in app

Sign in

Write

Sign in

How to: Viewing which repositories have branch policies on Azure DevOps

Vinicius Moura
2 min readOct 27, 2020

Learn how you use Azure DevOps CLI to extract branch policies of each of the Azure DevOps repositories

Every time we create a repository on Azure DevOps, we can apply Branch Policies on these repositories. Over time and with a large number of repositories, it becomes increasingly difficult to verify that all these repositories have the same policies applied.

Thinking about it, I decided to create one script using Azure DevOps CLI that extracts this information about each repository on our organization and I exposed them on PowerBI. To do this, I used again PowerShell to automate this procedure (see original GitHub repository here):

In this script, I’ve used commands below:

  1. PowerShell script will receive the following parameters:
  • $PAT = Personal Access token to connect on Azure DevOps;
  • $Organization = Organization URL to list all branches and policies.

2. az devops project list = use this command to list all projects on the organization

$ProjectsResult = az devops project list --org $Organization | ConvertFrom-Json 
Foreach ($project in $ProjectsResult.value)
{
    Write-Host $project.id
}

3. az repos list = use this command to list all repositories from each project

$ReposResult = az repos list --org $Organization --project $project.id | ConvertFrom-Json
Foreach ($repo in $ReposResult)
{
    Write-Host $repo.id
}

4. az repos policy list = use this command to list all policies that are applied from each repository

$ReposPolicyResult = az repos policy list --branch $repo.defaultBranch --org $Organization --project $project.id --repository-id $repo.id | ConvertFrom-Json
Foreach ($repoPolicy in $ReposPolicyResult)
{
    Write-Host $repoPolicy.type.displayName
}

At the end of the script, I just created a JSON that contains all information about repositories and their respective policies. The example below show the same:

{
        "RepositoryId":  "[Repository ID]",
        "RepositoryDefaultBranchRequiredReviewers":  true,
        "RepositoryDefaultBranchCommentRequirements":  true,
        "TeamProjectName":  "[Team Project Name]",
        "TeamProjectId":  "[Team Project Id]",
        "RepositoryDefaultBranchWorkItemLinking":  true,
        "RepositoryURL":  "[Repo URL]",
        "RepositoryDefaultBranch":  "refs/heads/master",
        "RepositoryName":  "WorkItemDeployment",
        "RepositoryDefaultBranchBuild":  true,
        "RepositoryDefaultBranchMinimumNumberOfReviewers":  true
}

After that, I connected this JSON on PowerBI to show information about repositories and policies:

This report brings five different branch policies:

  • Require a minimum number of reviewers
  • Automatically include code reviewers
  • Check for comment resolution
  • Build validation
  • Check for linked work items

Using a stacked column chart, I can identify which repositories have (or not) each of the policies listed above. Viewing the problem in a single repository, I can apply the missing policies, thus establishing the same validations for my entire organization.

Azure Devops
Azure Repos
Branch Policies

--

--

Vinicius Moura

Written by Vinicius Moura

367 Followers

Tech Solution Architect Manager na Accenture

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams