Backend: Blocked manual jobs does not indicate blockage is due to protected environment
Release notes
Problem to solve
When a pipeline has a when:manual
job deploying to a protected environment, the job detail page shows the image below.
This job requires a manual action
This job requires manual intervention to start. Before starting this job, you can add variables below for last-minute configuration changes.
However the UI to actually run the job is not present. The UI also does not tell the user why they cannot run the job. On the pipeline page there is a play
button for for the manual job, but it does not do anything.
After checking, this is because of the feature in https://docs.gitlab.com/ee/ci/yaml/#protecting-manual-jobs -> https://docs.gitlab.com/ee/ci/jobs/job_control.html#protect-manual-jobs
Proposal
For backend, consider adding the permissions check response in the API and a reason for not being able to start the job: !69560 (comment 669055323)
UI should indicate why the manual job cannot run. Ex: link to docs or plainly stating it is because of xyz. Also UI should reflect the issue. Image above still says that there is supposed to be an area to add CI variables when there isn't.
- Update empty state to link to "More information about configuring Manual Jobs" and consider adding, "if you are a Premium user deploying to a protected environment consider Protecting a Manual Job"
- Remove language about variables
Testing
Unit Test
Have tests to cover for cases around authorized and unauthorized users.
Integration Test
As this has to do with permissioning, I'd err on the safe side and would recommend introducing a test specifically for the unauthorized user use case. With protected environments, we want to have the peace of mind that unauthorized users remain unable to trigger jobs.