Confirmation for manual CI actions
Description
I have a few jobs in my deployment pipeline that I would classify as destructive (i.e. delete the stack). While these are manual actions that I have to click to run, I'm still a little bit worried about accidentally triggering them. At the moment, if I accidentally trigger them, I have to go into the job and cancel it before it gets to the dangerous part.
Proposal
I would like an optional confirmation step for manual actions. Perhaps something like:
delete_job:
stage: post-deployment
script:
- make delete
when: manual
manual_confirmation: Are you sure you want to delete $CI_ENVIRONMENT_SLUG?
When I click the delete job play button, a confirmation modal or popover or something is displayed, asking me to confirm my choice.
Technical Implementation Guide
We would have to update the following locations:
- Pipeline table in
Build -> Pipelines
This applies to both the manual actions and the mini pipeline dropdown.
- Pipeline tab in the Merge Request page
- Pipeline tab in the Create Merge Request page
- Commit page
- Pipeline details page
There's also the "Jobs" tab on the Pipeline page, and the "Play all manual" button on the pipeline view.
There are a bunch of places where a manual job can be played from, FE need to do a search for anywhere that triggers a "play manual" or "play all manual" type of request.
Future iterations
If we allow custom messages, as a first iteration, we should allow only text messages without HTML. If the demand is high enough, we might get requests to permit labels or other HTML-based content in the alert message.
Concerns
Security-wise, we should escape everything the user provides; allowing custom messages from a user can be a potential attack vector, resulting in HTML injection attacks.