diff options
Diffstat (limited to 'doc/ci/environments')
| -rw-r--r-- | doc/ci/environments/deployment_approvals.md | 41 | ||||
| -rw-r--r-- | doc/ci/environments/img/environments_list_v14_3.png | bin | 14885 -> 0 bytes | |||
| -rw-r--r-- | doc/ci/environments/img/environments_list_v14_8.png | bin | 0 -> 43212 bytes | |||
| -rw-r--r-- | doc/ci/environments/index.md | 4 | ||||
| -rw-r--r-- | doc/ci/environments/protected_environments.md | 13 |
5 files changed, 37 insertions, 21 deletions
diff --git a/doc/ci/environments/deployment_approvals.md b/doc/ci/environments/deployment_approvals.md index e320118c191..45af78aa036 100644 --- a/doc/ci/environments/deployment_approvals.md +++ b/doc/ci/environments/deployment_approvals.md @@ -11,7 +11,7 @@ description: Require approvals prior to deploying to a Protected Environment > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/347342) in GitLab 14.8. WARNING: -This feature is in an alpha stage and subject to change without prior notice. +This feature is in a [Beta](../../policy/alpha-beta-support.md#beta-features) stage and subject to change without prior notice. It may be useful to require additional approvals before deploying to certain protected environments (for example, production). This pre-deployment approval requirement is useful to accommodate testing, security, or compliance processes that must happen before each deployment. @@ -79,30 +79,53 @@ Maintainer role. ## Approve or reject a deployment -NOTE: -This functionality is currently only available through the API. UI is planned for the near future. See [issue](https://gitlab.com/gitlab-org/gitlab/-/issues/342180/). +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/342180/) in GitLab 14.9 + +Using either the GitLab UI or the API, you can: + +- Approve a deployment to allow it to proceed. +- Reject a deployment to prevent it. + +### Approve or reject a deployment using the UI + +Prerequisites: + +- Permission to deploy to the protected environment. + +To approve or reject a deployment to a protected environment using the UI: + +1. On the top bar, select **Menu > Projects** and find your project. +1. On the left sidebar, select **Deployments > Environments**. +1. In the deployment's row, select **Approval options** (**{thumb-up}**). +1. Select **Approve** or **Reject**. + +### Approve or reject a deployment using the API + +Prerequisites: -A blocked deployment is enqueued as soon as it receives the required number of approvals. A single rejection causes the deployment to fail. The creator of a deployment cannot approve it, even if they have permission to deploy. +- Permission to deploy to the protected environment. -Using the [Deployments API](../../api/deployments.md#approve-or-reject-a-blocked-deployment), users who are allowed to deploy to the protected environment can approve or reject a blocked deployment. +To approve or reject a deployment to a protected environment using the API, pass the +required attributes. For more details, see +[Approve or reject a blocked deployment](../../api/deployments.md#approve-or-reject-a-blocked-deployment). Example: ```shell -curl --data "status=approved" \ +curl --data "status=approved&comment=Looks good to me" \ --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/1/deployments/1/approval" ``` -### How to see blocked deployments +## How to see blocked deployments -#### Using the UI +### Using the UI 1. On the top bar, select **Menu > Projects** and find your project. 1. On the left sidebar, select **Deployments > Environments**. 1. Select the environment being deployed to. 1. Look for the `blocked` label. -#### Using the API +### Using the API Use the [Deployments API](../../api/deployments.md) to see deployments. diff --git a/doc/ci/environments/img/environments_list_v14_3.png b/doc/ci/environments/img/environments_list_v14_3.png Binary files differdeleted file mode 100644 index 8fdb85338e7..00000000000 --- a/doc/ci/environments/img/environments_list_v14_3.png +++ /dev/null diff --git a/doc/ci/environments/img/environments_list_v14_8.png b/doc/ci/environments/img/environments_list_v14_8.png Binary files differnew file mode 100644 index 00000000000..df439fb96dc --- /dev/null +++ b/doc/ci/environments/img/environments_list_v14_8.png diff --git a/doc/ci/environments/index.md b/doc/ci/environments/index.md index 63bdd279927..c2612b6ff16 100644 --- a/doc/ci/environments/index.md +++ b/doc/ci/environments/index.md @@ -35,7 +35,7 @@ To view a list of environments and deployments: 1. On the left sidebar, select **Deployments > Environments**. The environments are displayed. -  +  1. To view a list of deployments for an environment, select the environment name, for example, `staging`. @@ -440,7 +440,7 @@ stop_review: when: manual ``` -Both jobs must have the same [`rules`](../yaml/index.md#only--except) +Both jobs must have the same [`rules`](../yaml/index.md#rules) or [`only/except`](../yaml/index.md#only--except) configuration. Otherwise, the `stop_review` job might not be included in all pipelines that include the `deploy_review` job, and you cannot trigger `action: stop` to stop the environment automatically. diff --git a/doc/ci/environments/protected_environments.md b/doc/ci/environments/protected_environments.md index c7d1653aace..adc215c7aa1 100644 --- a/doc/ci/environments/protected_environments.md +++ b/doc/ci/environments/protected_environments.md @@ -163,9 +163,8 @@ For more information, see [Deployment safety](deployment_safety.md). Typically, large enterprise organizations have an explicit permission boundary between [developers and operators](https://about.gitlab.com/topics/devops/). Developers build and test their code, and operators deploy and monitor the -application. With group-level protected environments, the permission of each -group is carefully configured in order to prevent unauthorized access and -maintain proper separation of duty. Group-level protected environments +application. With group-level protected environments, operators can +restrict access to critical environments from developers. Group-level protected environments extend the [project-level protected environments](#protecting-environments) to the group-level. @@ -194,12 +193,6 @@ and are protected at the same time. ### Configure group-level memberships -In an enterprise organization, with thousands of projects under a single group, -ensuring that all of the [project-level protected environments](#protecting-environments) -are properly configured is not a scalable solution. For example, a developer -might gain privileged access to a higher environment when they are given the Maintainer role -for a new project. Group-level protected environments can be a solution in this situation. - To maximize the effectiveness of group-level protected environments, [group-level memberships](../../user/group/index.md) must be correctly configured: @@ -237,7 +230,7 @@ Having this configuration in place: - If a user is about to run a deployment job in a project but disallowed to deploy to the environment, the deployment job fails with an error message. -### Protect a group-level environment +### Protect critical environments under a group To protect a group-level environment: |
