TFS policy - prevent check-in when code is not custom guidelines compliant

Question

In our organization we use TFS 2018 and Visual Studio 2017 Enterprise.

As far as I got until now, there is a way "client-side", configuring from Visual Studio, selecting Team\Team Project Settings\Source Control\Check-in Policy\Code Analysis and I should the custom ruleset defined.

I need two things:

1. Set a custom guideline that is mix of both default Microsoft ones and other tools' guidelines, like Roslynator or StyleCop.

2. Create a custom policy server side in order to prevent check-in from Visual Studio (or whatever client we can think of) if code is not compliant to those guidelines.

For the first point, I'll make a clear simple example. There are the guidelines embedded in Visual Studio. But they are not complete and I would like to extend them, taking stuff here and there or defining new ones from scratch.

I want to use e.g.:

• CA1500: Variable names should not match field names (from default Visual Studio Managed Binary Analysis)
• RCS1145: Remove redundant 'as' operator (from Roslynator)
• RCS1204 Use EventArgs.Empty (from Roslynator)
• SA1302: InterfaceNamesMustBeginWithI (from StyleCop)
• SA1305: FieldNamesMustNotUseHungarianNotation (from StyleCop)

How can I do it? And can i do it without make me define it at project level (like incorporating stylecop file for every .csprj) but more at least at solution or Team Project level?

For the second point, I already defined the compulsory comment and compulsory work item attached. And I can even define new policies, it's true, but they can all be overridden client side.

Is it possible to prevent that?

Answer 1

The best solution for this is two part:

1. Educate your users to configure the right policies and editor settings. Creating custom project templates and distributing those can help (or deploying a custom build target onto the machine which enforces good defaults.. Having a good local policy will help people do the right thing and people who are supported to do the right thing will likely not try to get around that.

2. Setup a CI build for your projects. VSTS and TFS have a nice feature which will run a build whenever code is changed. You can even set it up as a Gated Checkin build which will check the sources before they're checked in. This check happens on the server and is much harder to by-pass. You can also configure the build to always override the code analysis settings, even if they're not configured in the project. My MsBuild Helper tasks will help you setup the right MsBuild properties to do that.

As to your more specific questions:

• You cannot setup Code Analysis Rules at the Team Project level without also configuring the ruleset for all Visual Studio Projects. Otherwise the checkin policy will cause the check-in to fail, but the developer will then still have to update all projects in the solution with the right ruleset.

• You cannot prevent people from by-passing the local check-in policy. The best you can do is to use Reporting Services and Alerts to detect the breach of policy and take corrective action.

Answer 2

1. You could add the Rule Set into TFS source control and then select it from Code Analysis Policy Editor. Check the screenshot below:

2. Check-in policy is already applied to a team project, not a single project.

3. To edit check-in policy, you must have the Edit project-level information permission. You could deny this permission for the users to prevent them from editing the check-in policy.