feat: add require_approval flag to reusable release workflows#75
Closed
crowecawcaw wants to merge 1 commit intoaws-deadline:mainlinefrom
Closed
feat: add require_approval flag to reusable release workflows#75crowecawcaw wants to merge 1 commit intoaws-deadline:mainlinefrom
crowecawcaw wants to merge 1 commit intoaws-deadline:mainlinefrom
Conversation
Add a `require_approval` boolean input (default: true) to all reusable workflows that use `environment: release` purely for gating and secrets access. When false, the workflow uses a `release-no-approval-required` environment that has the same secrets but no required reviewers. This allows consuming repos to skip manual approval clicks for steps that don't need them, while keeping a single approval gate for manual testing. Workflows that use the environment name semantically (integration_test, e2e_test, build_installers) are not changed, since the environment name is used for AWS role selection and CodeBuild project names. Affected workflows: - reusable_bump.yml - reusable_tag_release.yml - reusable_prerelease.yml - reusable_release.yml - reusable_publish.yml - reusable_publish_python.yml - reusable_publish_v2.yml - reusable_release_installers.yml - reusable_build_and_stage_installers.yml Prerequisites: A `release-no-approval-required` environment must be created in each consuming repo's GitHub settings with the same secrets as `release` but no required reviewers. Signed-off-by: Stephen Crowe <6042774+crowecawcaw@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What was the problem/requirement? (What/Why)
Releases require many approval steps that are not necesasary (though a few still are).
What was the solution? (How)
Add a
require_approvalboolean input (default: true) to all reusable workflows that useenvironment: releasepurely for gating and secrets access. When false, the workflow uses arelease-no-approval-requiredenvironment that has the same secrets but no required reviewers.This allows consuming repos to skip manual approval clicks for steps that don't need them, while keeping a single approval gate for manual testing.
Workflows that use the environment name semantically (integration_test, e2e_test, build_installers) are not changed, since the environment name is used for AWS role selection and CodeBuild project names.
Affected workflows:
Prerequisites: A
release-no-approval-requiredenvironment must be created in each consuming repo's GitHub settings with the same secrets asreleasebut no required reviewers.What is the impact of this change?
Enables us to remove some manual button clicking.
How was this change tested?
Not tested yet.
Was this change documented?
n/a
Is this a breaking change?
No. Workflows default to the current enviroments.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.