Home > Mobile >  Protect Tasks from modification in Azure Pipeline
Protect Tasks from modification in Azure Pipeline

Time:01-11

How can I ensure that a particular scan is run at the end of an Azure Pipeline? The user should not be able to delete/modify this task. I cannot use decorators because they inject jobs across all pipelines in the Azure Organization, or I will need to filter using project names, which is not possible. Is there some other way to make this mandatory?

CodePudding user response:

From your requirement, the pipeline decorators can directly meet your requirement.

Pipeline decorators also supports to filter using project name.

You can define the if expression in decorator YAML file to filter the projects.

Here is an example:

my-decorator.yml

steps:
- ${{ if in(variables['System.TeamProject'], '123', 'azure', 'ProjectC') }}:

  - task: CmdLine@2
    displayName: 'Run my script (injected from decorator)'
    inputs:
      script: 'echo "test"'

Result:

When the project name meets the filter, it will run the pipeline decorator task.

For example:

enter image description here

If no, it will not run the pipeline decorator task.

For example:

enter image description here

For more detailed info, you can refer to this doc: Use a decorator to inject steps into a pipeline

  • Related