The organisation I work for is using TeamCity Enterprise 7.1.3 (build 24266).
We have the following build types:
Builds - builds the code, runs unit tests, adds to NuGet where appropriate, creates artifacts where appropriate
Acceptance tests - run acceptance tests on development or integration environments
Deployments - deploys using the artifacts previously created
What I want to achieve
- I want to have a build chain taking me through deployment to various environments in turn (dev, integration, test at present, adding production later)
- I want to use the same artifact when deploying to each environment
- I want developers to be able to deploy to development and integration but not test and production
- I want developers to be able to administer all projects except deployment to test and production
What I have done so far
- Created the deploy to test project as a separate project
- Created build chains for deployment which currently go build > deploy dev > acceptance test dev > deploy integration > acceptance test integration > deploy test (but with deploy test missing its properties so it won't work)
- Removed sysadmin permission from developers and granted project admin on all projects except deploy to test
- Created a new agent pool and assigned it to the deploy to test project (and removing the default pool) - planning to add agents to it later with permissions on the test environment
What I can't work out
- Whenever a new project is created (several every week) the permissions need to be added to the developer roles. This is extra work I'd rather avoid. Could I be handling permissions better. Something along the lines of "GRANT ALL", "DENY deploy to test", which I can't find how to do in TeamCity
- How can I stop developers adding the deploy to test agent pool with the elevated permissions to their projects? Should I even be using agent pools for this?
It seems to me that a separate instance of TeamCity won't work with regard to artifact sharing and using build chains. However, using the same instance of TeamCity is proving problematic with regards to permissions.