Skip to content

Strictly count deployment approvals

Hunter Stewart requested to merge hustewart-strict-count into master

What does this MR do and why?

See Strictly count deployment approvals by rule (#444256 - closed)

Before this work, the deployment approval system was only counting a total sum of approvals, instead of making sure each rule is satisfied.

For example, if there are 2 rules that each require 1 approval, before this change the deployment would be considered approved if it had 2 approvals for just one of those rules.

This change makes it so that each rule must be satisfied, so in the case above, if a deployment has 2 approvals for 1 rule it will still be pending approval until both rules are satisfied

From commit message:

    We already have the functionality we need to make these checks built
    into the `Deployments::ApprovalSummary` model and it is already  being
    used in the file. This commit makes use of it and update the specs
    accordingly.

    The test was updated first to verify that the behavior was indeed wrong
    before correcting it in the source file.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

Note: this is easier if you already have a project set up with groups/protected env. If you have that just use that and skip some of this set up. The main thing to check is that approval counts behave correctly on the new branch

Verifying existing behavior

on branch: master

  • create a project with minimal ci config to run pipelines

.gitlab-ci.yml

deploy:
  stage: deploy
  environment:
    name: production
  script:
    - echo "deploy to production"
  • protect the environment in Settings CI/CD
  • Add rules to require approvals from at least 2 groups Screenshot_2024-05-24_at_4.00.41_PM
  • Save changes
  • Run a new pipeline
  • Approve the total number of required time, but not the for all groups. (for example approve twice for group A and zero times for group B).
  • See that deployment is no longer pending approval Screenshot_2024-05-24_at_4.04.38_PM
  • Click deploy and see that it is allowed

Verifying new behavior

on branch: hustewart-strict-count

  • in the same project, run a new pipeline
  • Approve the total number of required time, but not the for all groups. (for example approve twice for group A and zero times for group B).
  • At this point, it should still be pending approval and deployment not allowed. Screenshot_2024-05-24_at_4.11.04_PM
  • Now, sign in as someone who can approve for the remaining group
  • Approve the deployment Screenshot_2024-05-24_at_4.13.48_PM
  • See that it's ready to be deployed Screenshot_2024-05-24_at_4.14.34_PM
  • Deploy and see the job succeeds Screenshot_2024-05-24_at_4.15.56_PM

Numbered steps to set up and validate the change are strongly suggested.

Edited by Hunter Stewart

Merge request reports