Deployment Approvals API
What does this MR do and why?
Introduce an API endpoint to approve/reject a blocked deployment. Part of the Deployment Approvals MVC.
This API is indirectly behind the deployment_approvals feature flag. Although the flag is not checked here, we only block deployments if this feature is enabled. See https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/app/services/ee/ci/process_build_service.rb#L14.
Related to #343864 (closed)
How to set up and validate locally
- Enable the
deployment_approvalsfeature flag.
Feature.enable(:deployment_approvals)- Set up a project to deploy to an environment. Example job from
.gitlab-ci.yml:
production:
stage: deploy
script:
- echo done
environment:
name: production-
Protect the environment being deployed to. See https://docs.gitlab.com/ee/ci/environments/protected_environments.html#protecting-environments.
-
Add some required approvals to the protected environment that was just created:
ProtectedEnvironment.last.update(required_approval_count: 1)-
Start a pipeline. The
productionjob should be in ablockedstate. -
Use the Deployment Approvals API to approve the deployment as a different user that has permission to deploy. See the documentation changes in this MR for details on endpoint and parameters.
-
Verify that the
productionjob has started.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.