Feature Request: Pushes to this branch are nor permitted.

[sumanbikram]

Im using AZL with terraform. while using command Deploy-Accelerator -inputs "c:\accelerator\config\inputs.yaml" -output "c:\accelerator\output" deployments stops saying Pushes to this branch are nor permitted.. I already checked the branch policies and repo policies and so far so good. Any suggestion?

[oZakari]

Hi @sumanbikram, when you look at the branch policies, do they currently exist? To clarify, the branch policies are all in-place correct?

Does you Azure DevOps organization have policies or scripts that would add the branch policies automatically to new repositories by chance? It sounds like the branch policies are getting applied prior to the PowerShell module applying them which would block the module from being able to push the files into your repository.

[sumanbikram]

Thanks for your valuable reply. I already checked the repository security policies, branch policies and push policies and looks like they are ok on a DevOps project level. Also, tried to disable branch policy in yaml but no luck. Yes this deployment has a YAML which creates Azure resources, DevOps repository, CICD pipeline and puts Branching policy.

[oZakari]

With the Accelerator, they would be enabled at the branch level within the specific repository itself. If you follow these steps, to get to the location of the settings and then make sure everything is disabled/off in terms of the branch policies, build validation, status checks, and automatically included reviewers as have any of these will require a pull request for the branch. It should looks similar to the screenshot below when you're finished:

[jaredfholgate]

This is a known issue when updating repository files with the Accelerator. There are two workarounds available for this:

1. Turn off branch protection as mentioned by Zach. It will be re-enabled during the update. See the note here: https://github.com/Azure/ALZ-PowerShell-Module/wiki/Frequently-Asked-Questions#questions-about-changing-variables
2. Do not deploy branch protection in the first place, by setting the create_branch_polices input file variable to false

We could look to improve this workflow in the future, but is a limitation of using Terraform for pushing file changes at the moment. Closing for now as there are multiple workarounds.

[jaredfholgate]

Re-opening this as we may be able to remove the enforce_admins or make it optional to make this work.