Deployment Approvals API
What does this MR do and why?
Introduce an API endpoint to approve/reject a blocked deployment. Part of the Deployment Approvals MVC.
This API is indirectly behind the deployment_approvals
feature flag. Although the flag is not checked here, we only block deployments if this feature is enabled. See https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/app/services/ee/ci/process_build_service.rb#L14.
Related to #343864 (closed)
How to set up and validate locally
- Enable the
deployment_approvals
feature flag.
Feature.enable(:deployment_approvals)
- Set up a project to deploy to an environment. Example job from
.gitlab-ci.yml
:
production:
stage: deploy
script:
- echo done
environment:
name: production
-
Protect the environment being deployed to. See https://docs.gitlab.com/ee/ci/environments/protected_environments.html#protecting-environments.
-
Add some required approvals to the protected environment that was just created:
ProtectedEnvironment.last.update(required_approval_count: 1)
-
Start a pipeline. The
production
job should be in ablocked
state. -
Use the Deployment Approvals API to approve the deployment as a different user that has permission to deploy. See the documentation changes in this MR for details on endpoint and parameters.
-
Verify that the
production
job has started.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.