Automating TeamProject creation (Git included)

I get frequent request from my teams to create a new project, therefore I automated the task with a PowerShell script.

PowerShell Creation scripts

The script algorithm goes like this:

  1. Load the definition for the new project
  2. Validate the definition by
    • checking the user accounts
    • invoke the creation tool with the /validate option
  3. Creates the project using TFPT
  4. Creates an Organizational Unit in Active Directory where placing the groups
  5. Creates the AD groups and add the user account
  6. Creates corresponding TFS groups
  7. Checks that user account belongs to one of the three AD groups that control the TFS Access Level — best known as Licensing

I will spare you the code here as it is more than 100 lines long. If interested download the Zip file: New-TeamProject.ps1 is the workhorse that execute the above algorithm, NewTeamProjectRequest.ps1 contains the definition of the project to create and is included in the former.

The script can be run multiple times, it outputs annoying error messages for existing objects. A nice side-effect of this approach is keeping the history of projects by archiving the definition files.

Sync-TfsIdentity.ps1 is another script that starts immediately the TFS Job that synchronize TFS identities with Active Directory.

Why Active Directory groups?

The policy to control project access via Active Directory groups has two facets. On one side it is easier to synchronize permission on Reporting Services and SharePoint. On the other hand, any person in IT can administer Active Directory groups, given the permission on the TFS Organizational Unit; they need no specific knowledge of TFS.

Git in view

The PowerShell script was fine until my people started asking for Git in their new projects. I discovered that TFPT has no support for it. How dear, back to manual work? Looking at this StackOverflow question, the problem seems to have a solution. So, I take the bull by the horn, waded through TFS APIs and found the nice GitRepositoryService class and its CreateTeamProjectRepository method which seems to perfectly fir the bill, but what is that AccessControlEntries parameter?

var gitSvc = tpc.GetService<Microsoft.TeamFoundation.Git.Client.GitRepositoryService>();
gitSvc.CreateTeamProjectRepository(teamProject, ACEs);

Well, it is the list of permissions for the newly created Git Repository. TFS normally associates 7 groups, each one has a different set of permissions. It ends up that just building the list of ACEs requires more than 70 (boring) lines of code. I assembled a quick utility TfsGitAdmin that wraps this code and allows you to add the default Git repository to a Project with no version control, or add an additional Git repository.

Usage is simple:

TfsGitAdmin <TFS_url> <TeamCollectionName> <TeamProjectName> [<GitRepositoryName>]

When invoked with three arguments, is tries to add the default Git repository to a Project without version control; if you add the fourth parameter, it tries to add a Repository with the specified name, to a project with Git version control.

Projects with TFVC?

As expected, if you try to add a Git repository to project with classic TFS Version Control (TFVC), you receive this error

TF401024: A Git repository for the team project ‘TFVC Scrum’ could not be created because another source control system is enabled for that team project.

If you think, like me, that this is an important feature, go to UserVoice and vote for Mr.Hinsh’s proposal.

Finale

Ths source code, for both the script and the utility, can be downloaded from here.

I hope that the Team Foundation Power Tools will be extended to include this feature, but in the meantime you can use my little tools.