Add approval settings "Prevent approval by MR merge triggerer" for Protect Environment
Release notes
Teams can now configure deploy approval such that the executor of the deployment can approve that deployment. This is useful in emergency situations or for teams where executors are allowed to deploy to special environments like production on their own.
Problem to solve
Currently if a user merges an MR and it deploys to a protected environment, it is not allowed for this user to approve this deployment.
But in some development team, MR is merged by engineering leader or other trusted role, so it is safe and convenient for them to approve the related deployments.
Proposal
We suggest to add an approval setting "Prevent approval by MR merge triggerer" under Project Settings > CI/CD > Protected environments. This is very similar to the Merge request approvals option "Prevent approval by author"
UX Proposal
New Checkbox:
Under the protected environments section in the CI/CD settings, we introduce a new checkbox:
Checkbox and Content |
---|
![]() |
- Title: Approval Settings
- Body Copy: Set how approval rules are applied to deployments in protected environments. Learn more (docs tbd).
- Checkbox: Allow pipeline triggerer to approve deployment.
- Checkbox Help: The pipeline will automatically approve when the triggerer is allowed to approve.
New Error:
When users approve their own deployment with this setting turned off, we provide an error letting them know how to adjust the setting:
Error |
---|
![]() |