Skip to content

Instantly share code, notes, and snippets.

Last active June 5, 2024 10:35
Show Gist options
  • Save Myrddraal/f5a84cf3242e3b3804fa727005ed2786 to your computer and use it in GitHub Desktop.
Save Myrddraal/f5a84cf3242e3b3804fa727005ed2786 to your computer and use it in GitHub Desktop.
Skip infrastructure deployments if there are no changes to deploy (Azure Pipelines)

Skip infrastructure deployments if there are no changes to deploy (Azure Pipelines)

⚠️ Update 2024: For anyone looking at this gist in 2024, we have moved on from using the Pipelines API to instead using tags. Each time we successfully deploy to an environment, we tag the commit with the environment name. When testing for changes, we then compare the current commit being deployed to the tagged commit for the same environment. This has proven to be a bit more robust than using the changes API. The principles are the same though. Let me know in a comment if it's not obvious how to adapt the script.

One devops strategy is to keep infrastructure state and code in a single repository, and deploy them together. It ensures your infrastructure is always in the correct state to match the version of your code.

The downside is that infrastructure deployments are slow, and generally don't change as frequently as code.

This gist shows how to skip an infrastructure deployment task if there are no changes in a particular sub-path of the repository.

It takes advantage of the pipelines API, which can provide a list of all commits since the last successful pipeline execution. This ensures that it works even when multiple commits are pushed at once, or when the build with the infrastructure change failed. The pipelines API does the hard work of working out which commits need checking.

Example of skipped infra deployment

- repository: self
type: git
ref: main
- stage: Build
vmImage: ubuntu-latest
- job: BuildJob
displayName: Build Job
- checkout: self
clean: true
- task: PowerShell@2
filePath: "azure-pipelines/Test-ChangesMadeInPath.ps1"
arguments: >-
-authorisation "Bearer $(system.accesstoken)"
-pathFilter "azure-pipelines/deployment"
-buildId $(Build.BuildId)
-collectionUri $(System.CollectionUri)
-project $(System.TeamProject)
name: DetermineChangesMadeInDeploymentFolder
SYSTEM_ACCESSTOKEN: $(system.accesstoken)
- task: DotNetCoreCLI@2
displayName: Build project
projects: "**/*.csproj"
arguments: --output publish_output --configuration Release
- task: PublishBuildArtifacts@1
displayName: "Publish Artifact: drop"
- stage: Deploy
vmImage: ubuntu-latest
condition: and(succeeded(), eq(variables['build.sourceBranch'], 'refs/heads/main'))
- deployment: DeployInfrastructure
condition: eq(stageDependencies.Build.BuildJob.outputs['DetermineChangesMadeInDeploymentFolder.filesUpdated'], 'True')
displayName: Deploy infrastructure
environment: "prod"
- template: deployment/YAML/deploy-infrastructure.yml
environment: $(Environment.Name)
- deployment: DeployCode
displayName: Deploy code
dependsOn: DeployInfrastructure
condition: in(dependencies.DeployInfrastructure.result, 'Succeeded', 'Skipped')
environment: "prod"
- template: deployment/YAML/deploy-code.yml
environment: $(Environment.Name)
param (
$changesUrl = "$collectionUri/$project/_apis/build/builds/$buildId/changes?api-version=6.0"
$changesResponse = Invoke-RestMethod -Uri $changesUrl -Headers @{Authorization = $authorisation } -Method Get
$commits = @($changesResponse.value | ForEach-Object { $ })
Write-Host "##vso[task.setvariable variable=filesUpdated;isOutput=true]False"
Write-Host "Checking $($commits.Length) commits for changes matching path $pathFilter"
for ($j = 0; $j -lt $commits.Length; $j++) {
Write-Host "Checking commit: $($commits[$j]) with its parent"
$files = $(git diff "$($commits[$j])~" $commits[$j] --name-only)
Write-Host $files
if ($files -like "*$pathFilter/*") {
Write-Host "Found file matching path filter in commit $($commits[$j])"
Write-Host "##vso[task.setvariable variable=filesUpdated;isOutput=true]True"
Copy link

Thanks for the gist. It's working great.
In case if anyone's facing fatal: ambiguous argument '<commit_hash>~': unknown revision or path not in the working tree., add below in the checkout step of the pipeline (reference -

- checkout: self
  clean: true
  fetchDepth: 0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment