Skip to main content

How to set up Azure Repos

Updated this week

Setup takes about 10 minutes.

Introduction

Use the Azure Repos connector when you want Foundational to access source code in Azure Repos.

To make the connection, you need to:

  • Configure a Personal Access Token (PAT)

  • Configure network access

  • Connect Foundational to Azure Repos

  • Configure webhooks (via one of two methods)

Prerequisites

Ensure you have:

  • Access to Azure Repos

  • Permissions to create a Personal Access Token (PAT)

  • Permissions to create webhooks in the Azure DevOps projects you want to integrate

  • Added Foundational IP addresses to the allowlist, see the article Allowing IP access to Foundational. This is required if your organization restricts access to Azure Repos APIs.

Access permissions

Access to Azure Repos allows Foundational to determine data lineage and analyze pending and historical pull requests.

Foundational requires access so it can:

  • Read source code

  • Analyze pull requests and commits

  • Track changes that affect data lineage

Configure network access

Add Foundational IP addresses to the allowlist if your organization restricts access to Azure Repos APIs.

Configure a Personal Access Token (PAT)

Consider creating a dedicated Azure user for Foundational. The owner of the PAT appears as the author of all Foundational pull request comments.

  1. Create a Personal Access Token (PAT) in your Azure account (see the Microsoft Azure article Create a PAT).

  2. Select the appropriate organization.

  3. Set the expiration period. We recommend one year.

  4. Select the following scopes:

    • Code: Read & Write

    • Code: Status

    • Project and Team: Read

    • Pull Request Threads: Read & Write

    • User Profiles: Read

    • Identity: Read

  5. Set a reminder to rotate the PAT after 11 months.

Connect Foundational to Azure Repos

  1. In Foundational, open the Connectors & Integrations page.

  2. In Source Control, select the Azure Repos card and click Connect.

  3. Click Add Access Key.

  4. The initial setup screen opens. Click Start Setup.

  5. The Set Up New Connection screen appears.


    Enter the details:

    • Organization Name: As it appears in the Azure Repos UI.

    • Personal Access Token: The PAT you created earlier.

    • Webhook Password: Choose a strong password and store it securely. You’ll need it to configure the webhooks.

  6. Click Next.

  7. The final setup screen opens. To complete the connection, click Save.

Configure webhooks

Webhooks notify Foundational about events such as new pull requests and new commits.

Configure webhooks for each Azure DevOps project you want to integrate.
Choose one of the following options.

Option 1: Scripted webhook configuration (recommended)

Use this option to automate webhook creation.

  1. Ensure the executing user belongs to the Project Collection Administrators group.

  2. Download the script:

    curl -u :{{PERSONAL_ACCESS_TOKEN}} \
      --request POST \
      -H "Content-Type: application/json" \
      --data '{
        "publisherId": "tfs",
        "eventType": "{{EVENT_TYPE}}",
        "resourceVersion": "1.0",
        "consumerId": "webHooks",
        "consumerActionId": "httpRequest",
        "publisherInputs": {
          "projectId": "{{PROJECT_UUID}}"
        },
        "consumerInputs": {
          "url": "https://hooks.foundational.io/api/v1/azure_repos_webhook?id_={{ORG_NAME}}",
          "basicAuthUsername": "foundational-webhook",
          "basicAuthPassword": "{{WEBHOOK_PASSWORD}}",
          "resourceDetailsToSend": "all"
        }
      }' \
      "https://dev.azure.com/{{ORG_NAME}}/_apis/hooks/subscriptions?api-version=7.1"

  3. Before you run the script, replace all values inside {{ }}. before running the script.

    • EVENT_TYPE: The current event type (one of the five listed in step #4 below)

    • PROJECT_UUID: Use the REST API to get the project UUID. See the Microsoft Azure article Azure DevOps Services REST API

    • WEBHOOK_PASSWORD: The password used in the previous section.

    • ORG_NAME: The name of the organization as it appears in the Azure Repos UI.

  4. Run the script once for each of the following event types (e.g., git.repo.created, etc.)

    • git.repo.created

    • git.push

    • git.pullrequest.created

    • git.pullrequest.updated

    • git.pullrequest.merged

Option 2: Manual webhook configuration

For this option, follow the steps in the Microsoft Azure article Webhooks.

Create five webhooks for each Azure DevOps project you want to integrate with Foundational.

  1. Create one webhook for each of the following triggers:

    • Code pushed

    • Pull request created

    • Pull request updated

    • Pull request merge attempted

    • Repository created

  2. Configure each webhook using the values in the table below.

Setting

Value

Note

URL

https://hooks.foundational.io/api/v1/azure_repos_webhook?id_=ORG_NAME

Replace ORG_NAME with the organization name as shown in Azure Repos.

Basic authentication username

foundational-webhook

Fixed value.

Basic authentication password

Webhook Password

Use the Webhook Password entered when configuring the Azure Repos connector in Foundational.

That’s it. Foundational is now connected to Azure repos.

Related Articles
How to Set up Looker
How to set up GitLab
How to set up Bitbucket
How to Set up Hex
How to set up Talend ETL
Did this answer your question?