Last updated

Add an Azure DevOps repo

If your project files are stored in a remote repository on Azure DevOps Services, you can connect that repository, so you can access, edit, and publish those files in Reunite.

To connect an Azure DevOps repository, you must first create a new Personal Access Token for your Azure organization, then enter the connection details in Reunite.

Create a new access token in Azure DevOps

Permissions

Before creating Personal Access Token (PAT) for your user, make sure that they have a correct access right to the desired Azure projects. Redocly recommends putting your user in the Project Administrators security group for your Azure DevOps project, since this security group has all the needed permissions by default.

(For example, only the Project Administrators security group has the View subscriptions and the Edit subscriptions permissions enabled by default. Redocly needs these permissions to be able to setup service hooks (webhooks) for the Azure project.)

Screenshot with Azure user security group for project

Alternatively, you can put your user in the Project Contributors security group and add the View subscriptions and the Edit subscriptions permissions manually. See Manage permissions with command line tool or Security REST API in Microsoft Azure DevOps documentation for detailed instructions.

PAT scopes

Before you enter the connection details in Redocly, you need to create and copy a new PAT for your account in Azure DevOps. Redocly uses this access token to establish a connection to your repository.

See Create a PAT in Microsoft Azure DevOps documentation for detailed instructions.

You must select an Organization for this PAT. Do not select All accessible organizations.

Also, the PAT you use must have API scopes defined. You can choose the Full access option, or select Custom defined and enable the following specific scopes:

  • Code: Read, write, & manage and Status

The following screenshot from Azure DevOps shows the required custom defined scopes:

Screenshot with Azure scopes

Reunite requires:

  • Code -> Read (vso.code) scope for all read operations in Reunite (list of repositories, branches, files, file contents, diffs, list of PRs, etc.).
  • Code -> Write (vso.code_write) scope for all write operations in Reunite (create/update Pull Requests, remove branches, synchronize remote content).
  • Code -> Manage (vso.code_manage) scope for creating new code repositories from Reunite app.
  • Code -> Status (vso.code_status) scope for setting commit and PR statuses (Lint status, Build status, Link checker status, Visual review).

See Scopes in Microsoft Azure DevOps documentation for detailed information about scopes permissions.

Detailed list of all resources that Reunite uses from Azure API and their required scopes:
ResourceScopesDescription
Repositories - Listvso.codeTo get repositories list
Repositories - Get Repositoryvso.codeTo get repository metadata
Stats - Listvso.codeTo get branch list
Refs - Update Refsvso.codeTo delete branches
Items - Listvso.codeTo get folders list and PR templates list
Items - Getvso.codeTo get PR template content
Commits - Getvso.codeTo get commit details
Merge Bases - Listvso.codeTo find the merge bases of two commits
Diffs - Getvso.codeTo get diff between commits
Statuses - Listvso.code, vso.code_statusTo get existing commit statuses
Statuses - Createvso.code_write, vso.code_statusTo set commit statuses (for deployments and scorecards)
Pull Requests - Get Pull Requestsvso.codeTo get pull requests list
Pull Requests - Get Pull Requestvso.codeTo get details about a specific pull request
Pull Requests - Createvso.codeTo create a new pull request
Pull Requests - Updatevso.codeTo manage existing pull requests (merge, close, reopen, etc.)
Pull Request Statuses - Createvso.code_write, vso.code_statusTo set pull request statuses
Policy Configurations - Getvso.codeTo get configurations for merge strategies
Subscriptions - Listvso.codeTo get a list of existing project subscriptions (webhooks)
Subscriptions - Createvso.codeTo create a new project subscription (webhook)

Enter the connection details in Reunite

  1. From your project, select Settings > Git hosting > Azure DevOps.

  2. Enter a Credential name that identifies this Azure DevOps connection. For example, "PAT for my ACME organization".

  3. Enter the Access token you saved from the Create a new access token in Azure DevOps step.

  4. Enter the Organization name of the Azure DevOps Services Organization and select Next.

  5. Select your Organization > Repository > Branch.

  6. (Optional) Select the Monorepo folder, if your project files are part of a monorepo, and you want to include only a specific folder from the repository.

    Monorepo folder

    If you select to only include a specific folder from a monorepo:

    • Only files listed in file tree are cloned, no other files are included
    • Project builds are started only when branch contains changes to connected folder
    • Remote content is allowed to add to connected folder only
  7. Select Next > Connect.

    Warning

    This step deletes the files currently in the Redocly project and replaces them with the files in Azure DevOps Services.

Resources