# Azure DevOps Install ## Creating the Azure App 1. **Sign in to Azure Portal:** * Go to [Azure Portal](https://portal.azure.com/). * Sign in with your Azure account credentials. 2. **Register a New Application:** * In the Azure Portal, select **App registrations**. * Click on the **+ New registration** button at the top of the App registrations page. 3. **Enter Application Details:** * **Name:** Enter a name for your application ("Nullify"). * **Supported Account Types:** Choose the option for who can use the application: * Accounts in this organizational directory only (single tenant) 4. **Register the Application:** * Click **Register** to create the application. This action will register the application with Azure and generate a unique Application (client) ID and Directory (tenant) ID. * Record the `client_id` and `tenant_id`. 5. **Create Client Secret:** * In the left-hand menu of your app's registration page, select **Certificates & secrets**. * Under **Client secrets**, click on **New client secret**. * Provide a description for the secret (e.g., "Nullify App") and select an expiration period (e.g., 6 months, 12 months, 24 months). * Click **Add**. * After creating the client secret, it will be displayed only once. Make sure to copy and securely store this value immediately. This is your `client_secret`. Make sure you copied the secret value and not the secret id. 6. **Configure API Permissions:** * Go to **API Permissions** in the left menu. * Click **+ Add a permission** and select **APIs my organization uses**. * Search for and select **Azure DevOps**. * Choose the following permissions: * `vso.code_manage`: Allows managing code in Azure Repos. * `vso.serviceendpoint_manage`: Allows creating webhooks. * `vso.profile`: View users' basic profile. * Click **Add permissions** to apply these permissions to your application. * Select the **Microsoft Graph** API and choose "Delegated Permissions". * Add the following permissions: * `email` * `openid` * `profile` * `User.Read` * Click **Add permissions** to apply these permissions to your application. * Grant admin consent for Default Directory 7. **Authentication** * In the left menu, click on **Authentication**. * Under Platform configurations click \`\`+ Add a platform\` and choose **Web** application. * Under Web Redirect URIs, add the following: `https://your-company.auth.ap-southeast-2.amazoncognito.com/oauth2/idpresponse` (we will provide you with this). 8. **Provide Credentials to Nullify** Please provide Nullify with the following credentials to complete your installation: * **Client ID** * **Client Secret** * **Tenant ID** ## Add the Nullify App to your DevOps Organization 1. **Add Nullify as a User:** * Go to your Azure DevOps organization. * Navigate to **Organization settings**. * Select **Users** from the left-hand menu. * Click on **Add users**. * In the search box, type "Nullify" and select the Nullify service principal. * Set the **Access Level** to **Basic**. * Note: If you encounter an error saying "can't be added at this time," keep trying as it may be a temporary glitch. ## Configure Webhooks for Azure DevOps The Nullify Dashboard can create all the necessary webhooks needed. You can do this across the whole organization or at the repository level. You can also create the webhooks manually. ### Automatic webhook creation 1. **Give Nullify permissions to create webhooks** Add the Nullify Service Principal User as an Administrator to your Azure DevOps organization. (This can be temporary until after the webhooks are created.) * Go to the **Project Settings** of the project you want to create webhooks for. * Navigate to **Permissions**. * Add the Nullify service principal to the **Project Collection Administrators** group. 2. **Create webhooks via the Nullify dashboard** * Log in to your Nullify dashboard () * Option 1: Creating webhooks across the organization. * Go to the **Configure** tab and under the Info menu, click on **Initialize Azure Webhooks**. * Option 2: Creating webhooks per repo * Go to the **Configure** tab and under the **Repositories** menu, you will see a list of repositories with the column **Is Initialized?** * This column indicates whether webhooks have been configured for that repository. * Click on the **Initialize** button to create webhooks. 3. You may now remove administrator privilages for Nullify from the DevOps organization. ### Manual webhook creation 1. **Create a Service Hook Subscription:** * Go to your Azure DevOps organization. * Navigate to the project where you want to configure the webhook. * Select **Project Settings** from the bottom left corner. * Under **General**, select **Service hooks**. * Click on **+ Create subscription**. 2. **Select the Service:** * In the list of services, select **Web Hooks**. * Click **Next**. 3. **Configure the Trigger:** * Choose the following events that will trigger the webhook: Code Pushed, Pull request commented on, Pull Request created, Pull Request updated, Repository created. Azure only allows one event to be selected at a time so you will need to do do steps 1-4 for each event type. * Click **Next**. 4. **Configure the Action:** * Enter the **URL** of the webhook endpoint provided by Nullify. * The URL is of the form `https://api..nullify.ai/core/azure/webhook` * Basic authentication username is `nullify`. * Basic authentication password is the webhook shared secret provided to you by Nullify. * Click **Finish** to create the webhook subscription.