Commit 0e29601a authored by Russell Dickenson's avatar Russell Dickenson

Merge branch 'eread/edit-protecting-manual-jobs' into 'master'

Edit protecting manual jobs content

See merge request gitlab-org/gitlab!18615
parents dc545b45 39c9caaa
...@@ -1087,7 +1087,7 @@ Manual actions are considered to be write actions, so permissions for ...@@ -1087,7 +1087,7 @@ Manual actions are considered to be write actions, so permissions for
a user wants to trigger an action. In other words, in order to trigger a manual a user wants to trigger an action. In other words, in order to trigger a manual
action assigned to a branch that the pipeline is running for, the user needs to action assigned to a branch that the pipeline is running for, the user needs to
have the ability to merge to this branch. It is possible to use protected environments have the ability to merge to this branch. It is possible to use protected environments
to more strictly [protect manual deployments](#protecting-manual-jobs) from being to more strictly [protect manual deployments](#protecting-manual-jobs-premium) from being
run by unauthorized users. run by unauthorized users.
NOTE: **Note:** NOTE: **Note:**
...@@ -1095,36 +1095,38 @@ Using `when:manual` and `trigger` together results in the error `jobs:#{job-name ...@@ -1095,36 +1095,38 @@ Using `when:manual` and `trigger` together results in the error `jobs:#{job-name
should be on_success, on_failure or always`, because `when:manual` prevents triggers should be on_success, on_failure or always`, because `when:manual` prevents triggers
being used. being used.
##### Protecting manual jobs ##### Protecting manual jobs **(PREMIUM)**
It's possible to use [protected environments](../environments/protected_environments.md) It's possible to use [protected environments](../environments/protected_environments.md)
to define a precise list of users authorized to run a manual job. By allowing only to define a precise list of users authorized to run a manual job. By allowing only
users associated with a protected environment to trigger manual jobs, it is possible users associated with a protected environment to trigger manual jobs, it is possible
to implement some special use cases, such as: to implement some special use cases, such as:
- more precisely limiting who can deploy to an environment. - More precisely limiting who can deploy to an environment.
- enabling a pipeline to be blocked until an approved user "approves" it. - Enabling a pipeline to be blocked until an approved user "approves" it.
To do this, you must add an environment to the job. For example: To do this, you must:
```yaml 1. Add an `environment` to the job. For example:
deploy_prod:
stage: deploy ```yaml
script: deploy_prod:
- echo "Deploy to production server" stage: deploy
environment: script:
name: production - echo "Deploy to production server"
url: https://example.com environment:
when: manual name: production
only: url: https://example.com
- master when: manual
``` only:
- master
Then, in the [protected environments settings](../environments/protected_environments.md#protecting-environments), ```
select the environment (`production` in the example above) and add the users, roles or groups
that are authorized to trigger the manual job to the **Allowed to Deploy** list. Only those in 1. In the [protected environments settings](../environments/protected_environments.md#protecting-environments),
this list will be able to trigger this manual job, as well as GitLab admins who are always able select the environment (`production` in the example above) and add the users, roles or groups
to use protected environments. that are authorized to trigger the manual job to the **Allowed to Deploy** list. Only those in
this list will be able to trigger this manual job, as well as GitLab administrators
who are always able to use protected environments.
Additionally, if a manual job is defined as blocking by adding `allow_failure: false`, Additionally, if a manual job is defined as blocking by adding `allow_failure: false`,
the next stages of the pipeline will not run until the manual job is triggered. This the next stages of the pipeline will not run until the manual job is triggered. This
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment