Strictly count deployment approvals
What does this MR do and why?
See Strictly count deployment approvals by rule (#444256 - closed)
Before this work, the deployment approval system was only counting a total sum of approvals, instead of making sure each rule is satisfied.
For example, if there are 2 rules that each require 1 approval, before this change the deployment would be considered approved if it had 2 approvals for just one of those rules.
This change makes it so that each rule must be satisfied, so in the case above, if a deployment has 2 approvals for 1 rule it will still be pending approval until both rules are satisfied
From commit message:
We already have the functionality we need to make these checks built
into the `Deployments::ApprovalSummary` model and it is already being
used in the file. This commit makes use of it and update the specs
accordingly.
The test was updated first to verify that the behavior was indeed wrong
before correcting it in the source file.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
Note: this is easier if you already have a project set up with groups/protected env. If you have that just use that and skip some of this set up. The main thing to check is that approval counts behave correctly on the new branch
Verifying existing behavior
on branch: master
- create a project with minimal ci config to run pipelines
.gitlab-ci.yml
deploy:
stage: deploy
environment:
name: production
script:
- echo "deploy to production"
- protect the environment in Settings CI/CD
- Add rules to require approvals from at least 2 groups
- Save changes
- Run a new pipeline
- Approve the total number of required time, but not the for all groups. (for example approve twice for group A and zero times for group B).
- See that deployment is no longer pending approval
- Click deploy and see that it is allowed
Verifying new behavior
on branch: hustewart-strict-count
- in the same project, run a new pipeline
- Approve the total number of required time, but not the for all groups. (for example approve twice for group A and zero times for group B).
- At this point, it should still be pending approval and deployment not allowed.
- Now, sign in as someone who can approve for the remaining group
- Approve the deployment
- See that it's ready to be deployed
- Deploy and see the job succeeds
Numbered steps to set up and validate the change are strongly suggested.