Add approval settings "Prevent approval by MR merge triggerer" for Protect Environment

Release notes

Teams can now configure deploy approval such that the executor of the deployment can approve that deployment. This is useful in emergency situations or for teams where executors are allowed to deploy to special environments like production on their own.

Problem to solve

Currently if a user merges an MR and it deploys to a protected environment, it is not allowed for this user to approve this deployment.

But in some development team, MR is merged by engineering leader or other trusted role, so it is safe and convenient for them to approve the related deployments.

image

Proposal

We suggest to add an approval setting "Prevent approval by MR merge triggerer" under Project Settings > CI/CD > Protected environments. This is very similar to the Merge request approvals option "Prevent approval by author"

UX Proposal

New Checkbox:

Under the protected environments section in the CI/CD settings, we introduce a new checkbox:

Checkbox and Content
Screen_Shot_2022-12-06_at_8.55.06_AM
  • Title: Approval Settings
  • Body Copy: Set how approval rules are applied to deployments in protected environments. Learn more (docs tbd).
  • Checkbox: Allow pipeline triggerer to approve deployment.
  • Checkbox Help: The pipeline will automatically approve when the triggerer is allowed to approve.

New Error:

When users approve their own deployment with this setting turned off, we provide an error letting them know how to adjust the setting:

Error
Screen_Shot_2022-12-06_at_8.56.59_AM
Edited by Chris Balane