]> Azure DevOps Branch Protection and Project Wikis 🌐:aligrant.com

Azure DevOps Branch Protection and Project Wikis

Alastair Grant | Friday 7 July 2023

This is one of those things that I'm sure I'll come across again in the future, but won't remember how to fix it.

Azure DevOps' Project Wiki functionality is a great way of keeping version controlled documentation alongside a project, with an easy editor and without having to faff about with word documents and where to stuff them.  In its simplest form, it creates a hidden repository in your project to store changes in, given you the same version history you'd get when writing code.  Today though, after setting up a project a colleague encountered this error when trying to edit a page:

Pushes to this branch is not permitted.  Please continue with 'Edit in Repos' and use a pull request to update this branch.

Handy.  The cause of this is a global policy has been applied to repositories for the default branch (which is arbitrary and set on a per-repository basis).  The policy I had applied globally to the repositories in this project required changes to the default branch (usually master, or main) to be done with a Pull Request to ensure reviews take place; this is a useful control when dealing with source code to ensure whatever important steps have taken place before code can get out into a production environment.  It is though, less useful for updating wiki documentation.

Unfortunately, being a hidden repository, you cannot set explicit branch policies for the repository.  So what to do?

TL;DR: The workaround

Instead, you can apply a security exception.  To do this you go to the Wiki home page and edit the "Wiki security", accessed through the menu for the wiki.

Here you have the same permissions dialogue you'd find against a repository.  Find an appropriate group (Contributors makes sense, but you might want to allow other users too), and then grant "Bypass policies when pushing" flag for that group.

Assuming all users who you want to edit the Wiki are in this group, or in another group that itself is in this group, those permissions will be applied unless there is an explicit Deny that applies from a different applicable group.  These security settings only apply to the Wiki repository, and not the other repositories in the project, so is relatively safe to use.

Breaking from the voyeuristic norms of the Internet, any comments can be made in private by contacting me.