Best practices

As the title says: I need a job with an approval that is only executed if a runtime variable has a specific value.
After reading the docs, it seems like this is not possible, as the approvals are strictly evaluated at compile time, so even if my condition returns false, the approval is still required to start the job, even if it doesn't do anything.

Is there any workaround?
I can't think of any, sadly.

Improve this question

1 Reply 1

jessehouwing

In YAML You should be able to use the ManualValidation task instead:

- task: ManualValidation@1
  inputs:
    notifyUsers: # string. Required. Notify users. 
    #approvers: # string. Approvers. 
    #allowApproversToApproveTheirOwnRuns: true # boolean. Allow approvers to approve their own run. Default: true.
    #instructions: # string. Instructions. 
    #onTimeout: 'reject' # 'reject' | 'resume'. On timeout. Default: reject.

This step can be made conditional. By adding this to the top of the job, or running it in a dependent job, you can ensure validation succeeds prior to running the rest of the job.

Be careful as it's relatively easy for someone with the right permissions to strip out the task.

For the older UI based releases there is a similar task called ManualIntervention@8, which can only be used in an agentless job.

These tasks don't change the approval of environments in any way, so you need to use either these tasks OR environment approvals.

Improve this answer

Your Reply

By clicking “Post Your Reply”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.