Dynamically apply deploy freezes to existing pipelines
Proposal
I was excited to use the Deploy Freezes feature with the rules
directive, unfortunately it didn't work as I expected. We typically use Gitlab pipelines to promote between environments with fairly lengthy bake-in/integration testing periods between promotions (I'd imagine a fairly common use case).
The crux of the problem is that if a change is merged to the default branch, then the pipeline is created prior to a deploy freeze period, when an engineer then comes to manually promote they still can because the pipeline jobs are only evaluated (from what I can tell) at the time a pipeline is created.
I'm guessing this is a fairly fundamental limitation given how variables typically work in Gitlab pipelines, but ideally in our use case the CI_DEPLOY_FREEZE
variable would be automated and we'd be able to dynamically change the rules
behavior during a deploy freeze period. Actions such as:
- Changing
when
fromauto
tomanual
to add in a manual step in this case to allow for exceptional circumstances for deployments outside of freeze periods. - Deciding to simply not show that stage/job at all by changing
when
tonever
.