Azure Repos & branch policies
Pull requests, protected main, hygiene.
Source control is where delivery begins. Azure Repos provides Git repositories with the collaboration and protection features — pull requests and branch policies — that make team development safe and reviewable.
Pull requests and branch policies
Azure Repos hosts Git repositories where developers collaborate through pull requests: a PR proposes merging a branch into a target (usually main), triggers review, and runs policy checks before the code can land. Branch policies on the protected main branch enforce quality gates — require a minimum number of reviewers, a passing CI build, linked work items, and resolved comments before merge, and block direct pushes. This is the core safety mechanism: no code reaches main without review and a green build, so the mainline stays healthy. The policies turn good intentions ("we review code") into enforced rules the tooling guarantees, which is essential as a team grows.
# On main, require before merge:# ✓ minimum 2 reviewers approve the pull request# ✓ CI build passes (build validation policy)# ✓ linked work items + resolved comments# ✗ no direct pushes to main — everything goes through a PR## Result: the mainline is always reviewed, built, and tested.# A change that breaks the build simply cannot be merged.
Version-control hygiene
Good practices keep the repository healthy and secure. Protect main with policies, keep pull requests small and frequent for easier review, and never commit secrets — a leaked credential in git history is compromised even after deletion, so use secret scanning and .gitignore, and store real secrets in Key Vault. Link commits and PRs to work items (Azure Boards) for traceability from requirement to code to deployment, valuable for audit and reporting. The branching model matters too: short-lived branches merged frequently keep integration painless, while long-lived feature branches cause difficult merges. These habits — protected mainline, reviewed changes, no secrets, small commits, traceability — are the foundation of collaborative, auditable delivery that the rest of the DevOps pipeline builds on.