Conditionally require a manual approval workflow step?


#1

Use case:

We’re using CircleCI for continuous deployment. When we’re deploying infrastructural changes to prod, we’d like to be able to require a manual approval step so that the change can be reviewed during rollout. We’re interested in using workflows to conditionally require the manual approval step, rather than require it on every build. (If no infrastructure is changed and we’re just doing a code deploy, we don’t want the manual approval step.)

Is there a way to conditionalize the approval workflow step? The only way I could find is possibly via filters, but that doesn’t help us beyond git branch or tag.


#2

Using YAML alias map

This is kind of a hack but with YAML alias map you reuse your steps and make two separate workflow paths with different filters: One with approval and another one without.

Here is a full example:

version: 2.0

# Run job (defined in a YAML alias map, see http://yaml.org/type/merge.html)
run-core: &run-core
    docker:
      - image: circleci/node:8
    steps:
      - checkout
      - restore_cache: { key: 'xxxxx' }
      - run: npm install
      - save_cache: { key: 'xxxxx', paths: ['xxxx'] }
      - run: npm run build
      - run: npm run validate
      - deploy: ./scripts/deploy.sh

# Jobs (duplicate the same job, but with different names)
jobs:
  run:
    <<: *run-core
  run-with-approval:
    <<: *run-core

# This will allow manual approval and context
# See https://circleci.com/docs/2.0/workflows/#git-tag-job-execution
workflows:
  version: 2
  run:
    jobs:
      # Without approval (for all branches except staging)
      - run:
          context: org-global
          filters:
            branches: { ignore: 'staging' } # All branches except staging
            tags: { ignore: '/.*/' }        # Ignore all tags
      # With approval (only for tags and staging branch)
      - run-with-approval:
          context: org-global
          filters:
            tags: { only: '/.*/' }          # All branches and all tags
          requires: ['approve']             # But requires approval (which is filtering)
      - approve:
          type: approval
          filters:
            branches: { only: 'staging' }   # Ignore all branches except staging
            tags: { only: '/.*/' }          # All tags

I hope this will helps

PS: I’ve also made a Stackoverflow QA here: https://stackoverflow.com/q/47074716/1480391


#3

This topic was automatically closed 41 days after the last reply. New replies are no longer allowed.