Site admins can sync Git repositories hosted on Azure DevOps with Sourcegraph so that users can search and navigate the repositories.
To connect Azure DevOps to Sourcegraph, create a personal access token from your user settings page by following the below steps:
- Navigate to the
Personal Access Tokenspage from the user settings.
- Click on
New Token.
- Under the
Organizationmenu, selectAll accessible organizationsto allow access to all organizations. This is required to be able to perform connection checks from the code host page and to sync repositories from multiple organizations. Alternatively, site admins may also create a unique user that has access to only the selective organizations that they would like to sync with Sourcegraph. However the token being created must have access toAll accessible organizationsas shown below.
-
Select the following scopes:
- Code (Read)
- Project and Team
- User Profile
Next, configure the code host connection by following the next steps:
-
Go to Site admin > Manage code hosts > Add repositories.
-
Select Azure DevOps.
-
Provide a configuration for the Azure DevOps code host connection. Here is an example configuration:
{ "url": "https://dev.azure.com/", "username": "<admin username>", "token": "<admin token>", "projects": ["org1/project1"], "orgs": ["org2"] } -
Select Add repositories.
Currently, all repositories belonging to the configured organizations/projects will be synced.
In addition, you may exclude one or more repositories by setting the exclude field in the code host connection.
Sourcegraph clones repositories from Azure DevOps via HTTP(S), using the username and token required fields you provide in the configuration.
Azure DevOps connections support the following configuration options, which are specified in the JSON editor in the site admin "Manage code hosts" area.
Please consult this page in order to configure webhooks.
User-level permissions syncing is supported for Azure DevOps code host connections. Here is the list of prerequisites:
-
Configure Azure DevOps as an OAuth provider by consulting this page
-
Next verify that users can now sign up / login to your Sourcegraph instance with your Azure DevOps OAuth provider
-
Set the following in your Azure DevOps code host connection:
{ // ... "enforcePermissions": true } -
For each Azure DevOps organization that is part of the
orgsorprojectslist in the code host configuration, enable Third-party application access via OAuth from Organization settings > Security > Policies
NOTE: We do not support preemptive permissions syncing at this point. Once a user signs up / logins to Sourcegraph with their Azure DevOps account, Sourcegraph uses the authenticated
access_tokento calculate permissions by listing the organizations and projects that the user has access to. As a result, immediately after signing up user level permissions may not be 100% up to date. Users are advised to wait for an initial permissions sync to complete, whose status they may check from thePermissionstab under their account settings page. Alternatively they may also trigger a permissions sync for their account from the same page.
Since permissions are already enforced by setting enforcePermission in the code host configuration, even though user permissions may not have synced completely, users will not have access to any repositories that they cannot access on Azure DevOps. As the user permissions sync progresses and eventually completes, they will be able to access the complete set of repositories on Sourcegraph that they can already access on Azure DevOps.
When Sourcegraph hits a rate limit imposed by Azure DevOps, Sourcegraph waits the appropriate amount of time specified by the code host before retrying the request. You can read more about how Azure DevOps imposes rate limits here.