将Azure YAML固定或锁定在GIT存储库中或管道中
我有两个Azure Git存储库,每个团队都只能查看并贡献自己的回购。
team1/repo1
- entry.yaml
team2/repo2
- 扩展。yaml
repo1 包含yaml文件,content
entry.yaml由team2拥有,在repo1 inter1
resources:
repositories:
- repository: repoSource
type: git
name: Project1/repo2
extends:
template: extends.yaml@repoSource
extend.yaml repo2中的yaml也属于team2。
有没有办法防止进入。YAML被Team1修改,虽然仍然在同一存储库上对其他文件进行贡献,但原因是防止未经授权的脚本通过可能的替换为extent extent.yaml的作业定义的可能替换。与生产服务连接。
当检测到更改或删除的扩展模板时,我还尝试找到使CICD作业无效的方法。
I have two Azure Git Repos, for two teams, each team can only view, and contribute their own repos.
Team1/Repo1
- Entry.yaml
Team2/Repo2
- Extends.yaml
The repo1 contains YAML file, and content
Entry.yaml owned by Team2, in Repo1
resources:
repositories:
- repository: repoSource
type: git
name: Project1/repo2
extends:
template: extends.yaml@repoSource
extends.yaml in Repo2 are also owned by Team2.
Is there a way to prevent Entry.yaml being modify by Team1, while still remain contributing change to other files on same repos, the reason is prevent unauthorize script run by possible replaces of the the job definition inside the extends.yaml to Entry.yaml with production service connection.
I am also try to find the way to invalidate the CICD job, when it detecting the extends template being change or removed.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您几乎没有选择(您可以将它们全部组合在一起)。
entry.yaml文件已更改时检查更改。请参阅自动包含代码审稿人结合在一起,您应该能够以协作的方式实现自己想要的东西。
You have few options (you can as well combined them all together).
Entry.yamlfile has changed. See Automatically include code reviewersCombining these, you should be able to achieve what you'd like in a collaborative way.