Approval jobs in CI pipelines for EE

Problem to solve

We want to consolidate all off our pipelines into Gitlab-EE On-Prem, and in the process remove the old CD systems.

Further details

Currently only a specific number of users are allowed to deploy applications to production. In Gitlab, you can currenly not restrict who can run a step in the pipeline.

King Chung Huang already created a request in the Gitlab-CE issues list, but this is usually a highly wanted feature in many Companies, so I am creating this issue to help get the ball rolling.

Manual jobs can be used as a crude form of approval. For example, let's say there is a production job that deploys an app to production (like in Auto DevOps). An approval stage can be inserted before production containing a number of manual jobs that have to be run (indicating approval), before an app is deployed to production. However, the manual jobs can be run by anyone with permissions to run CI jobs.

Proposal

The same as Issue 44041 -> Approval jobs in CI pipelines

A who parameter could be added to CI jobs that indicates the usernames or roles that can run a manual job, like how only/except specify which refs a job applies to.

approval:
  stage: approvals
  who:
    - kinghuang
    - some_group
    - masters
  script:
    - true
  when: manual
  allow_failure: false

What does success look like, and how can we measure that?

Only when specific users ( Operations/Production approved personel ) can run one or more steps in a Pipeline

Links / references

Approval jobs in CI pipelines