Share production environments across projects
Problem to solve
Production environments are special ones and sometimes we could have several environments that we use as a production. Currently, the growing GitLab roles leave the ability to edit environments and trigger a manual release to production vulnerable.
We want to be able to support environments at the group-level. This would address the nature by which environments were created in, at the project level for project members. The lack of context and ability to manage access when a environment is shared across multiple projects is disruptive to they way teams may work with each other in production.
The desire for views across shared environments was addressed in #24514 (closed), this will support the ability to manage environments at the group level.
Additional considerations for access to shared environments at the group level or how this plays with Protected Environment Functionality.
User experience goal
UX DoD (Definition of Done)
Click to see the UX DoD (Definition of Done) tasks
Entry Criteria for Design
- Problem has been validated
- Has UX effort accounted for in long term cycle, we know unknowns
Criteria for UX DoD
- UX label is added to the issue
User stories and acceptance criteria have been created
- Edge cases were considered
- Cross-team dependencies have been identified, if applicable
Prototype or mock for each user story have been created
- Empty states
- If changes involve copy, UI text label has been added
Pajamas: UI Component design have been identified
- Pajamas issue is created (new workflow)
- Marked as Ready for engineering evaluation per user story moved into needs weight &
Entry Criteria for Ready for Development
- Scope has been defined and reviewed with engineering
- User stories have been weighed and are less than 5 MRs
- Create new issues for follow up user stories
- UX review for MRs that include user experience changes - mandatory for frontend that has impact to UI/UX
Update SSOT in issues:
- Update prototypes of deliverables
- Add link to documentation
- Create new issues for follow up and open scope
- Visibility into environments across projects, to be shared by users within a group in different projects
- Administration of environments across projects
- Create context when a single environment is being used in different projects
Permissions and Security
Environments shared across projects, should allow those that can deploy within their project the same permissions at the group-level
- Another way to phrase this: when permissions are set at the group level for an environment, those should flow into the project
Access to protected environments should follow the same pattern/model
- Those who cannot deploy at the group should not be able to deploy in the project
- Those who cannot deploy at the project should not be able to deploy at the group
- All group members should be able to view the environments and environments dashboard for their projects
What does success look like, and how can we measure that?
- Less requests for access control changes for environments and releases
- Increase in usage of environments and visibility into environments that are shared
What is the type of buyer?
- Premium, Ultimate
- Might consider starter
Links / references
Target documentation link https://docs.gitlab.com/ee/ci/environments/#group-environments'