Conditionally require a manual approval workflow step?


Use case:

We’re using CircleCI for continuous deployment. When we’re deploying infrastructural changes to prod, we’d like to be able to require a manual approval step so that the change can be reviewed during rollout. We’re interested in using workflows to conditionally require the manual approval step, rather than require it on every build. (If no infrastructure is changed and we’re just doing a code deploy, we don’t want the manual approval step.)

Is there a way to conditionalize the approval workflow step? The only way I could find is possibly via filters, but that doesn’t help us beyond git branch or tag.


Using YAML alias map

This is kind of a hack but with YAML alias map you reuse your steps and make two separate workflow paths with different filters: One with approval and another one without.

Here is a full example:

version: 2.0

# Run job (defined in a YAML alias map, see
run-core: &run-core
      - image: circleci/node:8
      - checkout
      - restore_cache: { key: 'xxxxx' }
      - run: npm install
      - save_cache: { key: 'xxxxx', paths: ['xxxx'] }
      - run: npm run build
      - run: npm run validate
      - deploy: ./scripts/

# Jobs (duplicate the same job, but with different names)
    <<: *run-core
    <<: *run-core

# This will allow manual approval and context
# See
  version: 2
      # Without approval (for all branches except staging)
      - run:
          context: org-global
            branches: { ignore: 'staging' } # All branches except staging
            tags: { ignore: '/.*/' }        # Ignore all tags
      # With approval (only for tags and staging branch)
      - run-with-approval:
          context: org-global
            tags: { only: '/.*/' }          # All branches and all tags
          requires: ['approve']             # But requires approval (which is filtering)
      - approve:
          type: approval
            branches: { only: 'staging' }   # Ignore all branches except staging
            tags: { only: '/.*/' }          # All tags

I hope this will helps

PS: I’ve also made a Stackoverflow QA here:


This topic was automatically closed 41 days after the last reply. New replies are no longer allowed.