Fire `deployment_started` event when a deployment is started to a protected environment
Release notes
From a compliance standpoint, you want to have an easy to query record of events related to your deployment process, like approvals and rejections of a proposed deployment or the start of the deployment action itself. Until now, GitLab did not provide designated audit events, and compliance managers had to use custom tooling or search for this data in the GitLab UI / APIs. GitLab now ships three new audit events
- the
deployment_started
event signals who, when started a deployment job - the
deployment_approved
event signals who, when approved a deployment - the
deployment_rejected
event signals who, when rejected a deployment
You can read more about all the continuous delivery related audit events in the related documentation.
Proposal
Extend the continuous delivery audit events with a deployment_started
event when a deployment is started to a protected environment
Implementation
a possible solution is to use the deployment state machine
But we'd need to adding something to the EE model Something like
psuedo code example
after_transition any => :running do |deployment, transition|
deployment.run_after_commit do
audit(my_new_audit_event) if deployment.to_protected_environment?
end
end
We'll want to check with database team member to make sure this method will be performant enough in this use case